Child Porn War Requires Data Retention, Lawmakers Say

Data retention processes and requirements are muddy and practices vary by company, executives from ISPs -- AOL, Comcast, Verizon, EarthLink, Google and Yahoo -- told the committee. Comcast recently extended its retention period to 180 days, Chief Privacy Officer Jerry Lewis said: “We will only retain IP address assignment and will retain no additional data unless compelled to do so by a valid legal process.” EarthLink keeps information in a live database for several months and keeps records in archives for 7 years, said Vp Dave Baker. EarthLink fields about 1,000 subpoenas a year from federal, state and local authorities, he said. AOL Chief Counsel John Ryan said his company preserves IP addresses for billions of online sessions. Keeping those records would cost nearly $44 million a year, according to a study AOL did jointly with DoJ.

The Web executives all said they have 3-pronged methods for fighting child porn. They include customer education, reporting obscene material for logging at the National Center for Missing & Exploited Children (NCMEC) and data retention. NCMEC needs subpoena power because it logs and investigates all allegations of online child porn, they said. But there’s no precedent for that, DeGette said: “Government agencies are the only groups with investigative powers… It’s creative thinking but I don’t think it will work.”

Google came in for harsh interrogation on search queries and sponsored links alleged to help users access child porn. In preparation for the haring, committee staff queried using the phrase “pre-teen+sex+video” on major search engine sites. On Google, that rubric resulted in “hardcore pornography, sex games, preteen porn and XXX movies,” Subcommittee Chmn. Whitfield (R-Ky.) said: “It’s the most disturbing thing on the Google site and the sponsored links mean that people are actually paying money to advertise these kinds of sites on Google.” A Yahoo search only turned up about 5 child porn sites and the results weren’t as sexually explicit as on Google, Whitfield said. Other sites found by Yahoo included preteen health care or advice from Dr. Phil and there were no sponsored links.

It isn’t Google’s policy to take ads for porn, Google Chief Privacy Officer Nicole Wong told committee members. She said the problematic results occurred because the word “pre-teen” was hyphenated and Google hadn’t blacklisted that specific term. “We are improving our blacklist and have quality engineers who are trained to look for an remove these types of results,” Wong said. Members also grilled Google on its business practices, including its response when DoJ asked for records on millions of queries so investigators could research filtering capabilities. Google and DoJ couldn’t come to terms on what records should be revealed, Wong said.

Members Worried About the Web

“We have a long way to go to make the Internet a safe place for our children,” Whitfield said, citing testimony at earlier hearings by Justin Berry, a teen molested by a man he met on the Internet, and Masha Allen, a girl whose adoptive father posted hundreds of explicit images of her online. Those stories “brought to life the horrors that can occur on the Internet to children,” Whitfield said, adding that the Web has created a “virtual Sears catalog” for pedophiles. “We must minimize the likelihood of children being exploited online,” he said.

Whitfield doesn’t expect Internet firms to be the police but they must be proactive about looking for illegal content on their networks and reporting it to the NCMEC -- and to law enforcement, he said. He wants industry and govt. to ally to “make it as difficult as possible” for online predators and pedophiles to trade images, set up illegal sites and prey on children. Ranking Member Stupak (D-Mich.) agreed. Internet anonymity has “brought out the worst in a small but growing number of Americans,” he said. Of child porn images on the Web, 80% involve children under 12, 40% depict kids 6 and younger and 20% involve toddlers, he said. NCMEC says 40% of those who view child porn have abused or will abuse their own kids, Stupak said, denouncing the notion that porn is a victimless crime.

The bad news is, children are at “substantial and growing risk,” but the good news is Internet overseers in the private sector and in govt. can deny child porn surfers “easy access to the images that provoke them” and “make it risky for them to groom young victims,” Stupak said. The Tues. witness lineup was a good start but “absent are the CEOs, who can make the voluntary commitments of the resources and cooperation necessary to clean up the Web,” he said.

Voluntary industry action in the U.K. has led to a substantial drop in child porn sites based there. But reports of U.S.-hosted child porn content are on the rise, accounting for about 42% of worldwide porn sites, he said. Since 2000, NCMEC’s cyber tip line has seen reports of images grow from 20,000 to over 390,000. American ISP and telecom firms should commit to “taking down every identified site in the United States and blocking the American predators from using U.S.-based network platforms to access child pornography from any identified site worldwide,” Stupak said. He authored an amendment to the House telecom bill, passed this month, that would require broadband carriers to keep child porn from traveling on their networks.

DeGette was equally irate, calling online child porn “out of control.” It’s time “everybody in our society” took the matter seriously and looked at ways to control the scourge, she said. Of her data retention proposal, she said any bill would be drafted so it guards consumers’ privacy. But “I don’t think people who are raping 2-year-old children on the Internet have any right to privacy,” she said. The U.S. needs to “make our laws work,” DeGette said.

DeGette doesn’t want ISPs to store complete records of users’ content, merely to log “certain identifying information that’s readily available,” she said. Those data can help law enforcement, she said. Some ISPs’ practice of retaining data for only a month is “in itself almost criminal” when others keep records for years, Rep. Burgess (R-Tex.) said.

ISPs Form Anti-Child Porn Coalition

In tandem with the hearing, 5 online giants announced a $1 million partnership with NCMEC for a campaign to fight child exploitation on the Internet. AOL, Yahoo, Microsoft, EarthLink and United Online will fund a technology coalition within NCMEC to deploy solutions that keep predators from using the Web to exploit children or traffic in child porn, they said. ISPs, under Administration pressure to agree on data retention policies, so far have said mandatory retention would be prohibitively costly.

The coalition will seek existing and new technologies to use in flagging and thwarting distribution of exploitative images of children. The companies will create a clearinghouse of such images and other data network operators can use to combat or block inappropriate material. They'll also research and develop tools for law enforcement to use to locate and identify distributors and consumers of child porn.

The companies will study tools predators use to exploit children and conceal their activity. Similar tools have been used to protect users from other Internet-related threats, such as spam, phishing and viruses, NCMEC Pres. Ernie Allen said: “Now they can also be applied to this fight against child pornographers.”

At a July 2006 conference, participating companies will draft a charter and evaluate a timeline for identification and deployment of technologies, officials said.

“It makes great sense for these 5 to band together for this program; they have the chat rooms and communities where much of the problem resides,” U.S. Internet Industry Assn. (USIIA) Pres. David McClure told us.