May 12, 2003
By Fax and FedEx
Senator Pam Redfield, Co-Chair
5036 South 94th Avenue
Omaha, NE 68127
Representative Chris Ross, Co-Chair
404-A South Office
House Box 202020
Harrisburg, PA 17120-2020
Mr. Virgil Puskarich, Vice-Chair
Local Government Commission
Main Capitol Bldg.
Senate Box 203078
Harrisburg, PA 17120-3078
Re: Council of State Governments SSL Docket Item 17-24B-01
Dear Senator Redfield, Representative Ross, and Mr. Puskarich:
We are writing to express our constitutional and technical concerns about Docket Item 17-24B-01, being considered by the Council of State Government's Committee on Suggested State Legislation at its meeting on May 18, 2003. As you know, the proposed legislation relating to "Internet child pornography" is based on a controversial state law, Section 7330 of Title 18 of the Pennsylvania Code. [1]
As more fully discussed below, Section 7330 violates the First and Fourteenth Amendments of the U.S. Constitution, as well as the Commerce Clause. In addition, the law creates serious risks for the stability of the Internet. Finally, the law is singularly ineffective in addressing the root problem of child pornography. Because of the serious constitutional concerns raised by Section 7330, we are currently in the preliminary stages of a legal challenge to the constitutionality that law. In light of the constitutional concerns, technical problems, and its general lack of effectiveness, we strongly suggest that Section 7330 should not form the basis of any model law or suggested legislation.
The Center for Democracy and Technology (CDT) is a non-profit, public interest organization dedicated to promoting civil liberties and democratic values online. CDT was instrumental in organizing and leading one of two coordinated legal challenges to the Communications Decency Act of 1996, challenges that resulted in the landmark U.S. Supreme Court decision holding that communications over the Internet deserve the highest level of constitutional protection.
We first want to commend the SSL Committee of the Council of State Governments for its desire to take action against the problem of child pornography. We share the belief that child pornography has no place in a civilized society. Powerful laws are in place to combat child pornography, and the Center for Democracy & Technology endorses their full enforcement.
Pennsylvania Section 7330 and SSL Item 17-24B-01, however, are not a targeted, effective, or constitutional ways to combat child pornography. In late February, our office issued a 19-page Report focused on Section 7330. Entitled "The Pennsylvania ISP Liability Law: An Unconstitutional Prior Restraint and a Threat to the Stability of the Internet," the Report details the full array of constitutional and technical problems raised by Section 7330. We have enclosed a copy of our full Report, which is briefly summarized below.[2]
We group the constitutional and technical problems with SSL Item 17-24B-01 into four categories:
Briefly, these problems are:
Item 17-24B-01 would violate constitutional principles of due process under the Fourteenth Amendment for at least two reasons:
Item 17-24B-01 would violate the First Amendment, for at least three reasons:
This last point warrants more discussion, because it lies at the heart of the most serious constitutional problem posed by Item 17-24B-01. This requires a brief explanation of how sites on the Internet are accessed.
Every site on the World Wide Web has what is called a "Uniform Resource Locator," or "URL," such as www.cdt.org. But every URL can in turn be translated into a numeric "Internet Protocol" address, or "IP address." For example, the IP address of www.cdt.org is 206.112.85.61. If you were to surf the World Wide Web and type in www.cdt.org, your web browser would look the URL up in a database to determine the IP address. The browser would then send a request directly to that IP address, and CDT's web server would respond with the requested web page.
There are two critical facts to understand. First, the only effective way that an Internet Service Provider can block access to a specific web site is to block access to the IP address. If you order an ISP to block access to www.cdt.org, the ISP would carry out that order by blocking access to IP address 206.112.85.61. Thus, to avoid a risk of criminal liability under Item 17-24B-01, an ISP would have to block web sites by their IP address.
The second critical fact is that it is very common for multiple web sites -- web sites that are wholly unrelated to each other -- to share a single IP address. In other words, many web sites with many different URLs can all translate to the same numeric IP address. A study released in February by Ben Edelman of the Berkman Center for Internet and Society at Harvard Law School shows that more than two-thirds of all .COM, .NET, and .ORG web sites share their IP addresses with more than 50 other web sites. [5]
What this means is that if an ISP were to receive an order to block a web site under Item 17-24B-01, dozens or even hundreds of completely innocent web sites would also be blocked. To give an analogy, assume that one resident in an apartment building in California used the U.S. Postal Service to mail child pornography into Pennsylvania. What Item 17-24B-01 would effectively require is an order that the Postal Service should destroy all mail that has a return address of that apartment building, even mail sent by completely innocent residents of the building.
Two concrete, real world examples illustrate the problem. The web site of the State Museum of Pennsylvania (in Harrisburg), www.statemuseumpa.org, shares its IP address with literally thousands of other web sites, including a number of hard core sexually explicit web sites (e.g., www.bryx.com and www.thundershouse.com). The State Museum obviously has no control over the content on the sexual sites (or any of the thousands of other sites with the same shared IP address), but if any of those sites runs afoul of a law modeled on Item 17-24B-01 and an ISP is ordered to block the offending site, the State Museum site would also be blocked.
Similarly, IP address 206.168.98.228 is shared by 437 web sites, at least 10 of which have hard-core sexual content. Those sexual sites share their IP address with, for example, a Lutheran Church in Wisconsin, a day camp in New York, a Rotary Club in New Jersey, and a veterans organization in Florida. Yet if any one of the ten sexual sites crosses the line set in Item 17-24B-01, all of these hundreds and hundreds of perfectly innocent sites would be blocked.
These are not isolated examples -- the vast majority of web sites on the Internet share their IP address with other web sites. To comply with orders under Item 17-24B-01, ISPs would unavoidably block innocent web sites, and that blocking would be a plain violation of the First Amendment of the U.S. Constitution.
Laws based on Item 17-24B-01 would create a significant potential for harm to the stability of the Internet. Compliance with the proposed laws would carry serious technical risks for the ISPs' networks, and the Internet in general. Simply stated, the routers and routing tables that direct the flow of content on the Internet were not designed to handle the kind of IP address blocking that would be required under Item 17-24B-01. If the use of government mandated blocking orders becomes widespread, the stability of ISPs' routers and routing tables will be threatened, risking broad service failures across the Internet.
Item 17-24B-01 would do virtually nothing to protect children victimized in the making of child pornography, or to help to prosecute those responsible for making or distributing the material. Under the proposed approach, the child pornography and the victimization of innocent children would be allowed to continue. The proposed law would merely shield viewers from the objectionable material, while the abuse of children is allowed to go on elsewhere. Indeed, in the context of our on-going challenge to the Pennsylvania law, Section 7330, the Pennsylvania Attorney General has effectively acknowledged that web sites targeted under Section 7330 are continuing to operate and distribute child pornography. A far better use of resources would be for state law enforcement officials to work with the FBI and the United States Customs Service to pursue and prosecute the producers and distributors of child pornography.
* * *
CDT is currently in an initial stage of a legal challenge to Pennsylvania Section 7330. The Pennsylvania Attorney General has added an extra twist to the text of Section 7330, by issuing entirely secret blocking orders pursuant to the law. CDT has filed an administrative appeal challenging the secrecy (based on Pennsylvania's open records law), and the Attorney General's office is required to respond to that appeal by May 22, 2003. Following that date, and based in part on the response, our office will determine the appropriate timing of a federal legal challenge to the constitutionality of Section 7330.
Because of the very serious constitutional and technical problems raised by Item 17-24B-01, we urge the Committee on Suggested State Legislation to reject the proposal to include it in your next SSL handbook. At a minimum, we believe that your committee should defer consideration of the proposal until the conclusion of the legal challenge to Section 7330. We are confident that a court will conclude that 7330 is unconstitutional, and it would be unfortunate for such a controversial, flawed, and ultimately ineffective law to be suggested to states all around the country.
If your committee would be interested in discussing these issues further, we would be very happy to meet with you, and we could if desirable present oral testimony to the committee at its May 18th meeting or a subsequent meeting. We appreciate your attention to the issues raised in this letter and our report, and we would welcome an opportunity to further discuss the issues with you.
Sincerely,
John B. Morris, Jr.
Staff Counsel
Enclosure: "The Pennsylvania ISP Liability Law: An Unconstitutional Prior Restraint and a Threat to the Stability of the Internet" [pdf]
cc: Members of the Suggested State Legislation Committee (without enclosure)
Links will open in a new browser window. Links worked on May 27, 2003.
1. Beyond the issues raised in this letter and the attached report, a diverse range of commentators have been highly critical of the Pennsylvania law. See, e.g., "Killing The Messenger: Pennsylvania's New Child Pornography Statute Is Aimed At The Wrong Parties," Andrew G. McBride, Kathryn L. Comerford, Engage Magazine, Federalist Society, Vol. 3, October 2002, available at http://www.wrf.com/db30/cgi-bin/pubs/killing%20the%20messenger.pdf; Comments of Stanford Law Professor Lawrence Lessig, available at http://cyberlaw.stanford.edu/lessig/blog/archives/2003_04.shtml#001056.
2. Our Report it also available over the Internet at http://www.cdt.org/speech/pennwebblock//030200pennreport.pdf.
3. These problems are addressed in the attached Report, at pages 3-4 and 11-12.
4. These problems are addressed in the attached Report, at pages 6-10 and 12-14.
5. The report of Benjamin Edelman of the Berkman Center for Internet & Society at the Harvard Law School, entitled "Web Sites Sharing IP Addresses: Prevalence and Significance," is available at http://cyber.law.harvard.edu/people/edelman/ip-sharing/.
6. These problems are addressed in the attached Report, at pages 10 and 18-19.
7. These problems are addressed in the attached Report, at pages 15-17.