McCain Child Porn Bill Goes Easy on Data Retention
Sen. McCain (R-Ariz.) beat Rep. DeGette (D-Colo.) to introducing a data retention bill, although his approach is drastically more limited than hers. The Stop Online Exploitation of Our Children Act, which doesn’t have a bill number yet, would limit retention to data associated with child porn reports and expand the types of Internet companies required to report. The bill got an early thumbs-up from an Internet trade group. McCain also announced plans with Sen. Schumer (D-N.Y.) to introduce legislation requiring all sex offenders to give their “active” e-mail addresses to law enforcement.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
“Online service providers” must retain 180 days any data related to child porn that they report to the National Center for Missing & Exploited Children (NCMEC) under McCain’s bill. DeGette and DoJ, in contrast, have proposed mandatory data retention of all ISP customer records for 1-2 years.
Most of McCain’s bill deals with improving the reporting of child porn to NCMEC, requiring a far broader range of Internet companies to report. Now, “what types of companies fall into each category [providers of “electronic communication services” and “remote computing services"] is sometimes unclear,” McCain said in floor remarks. The bill would require Web hosting companies, domain name registrars, and social networking sites among others to report to NCMEC. It explicitly mentions that wireless carriers that provide Internet access are covered.
It would also standardize the information that companies would need to include, if available, in child porn reports, such as the suspect’s screen name, user ID, e-mail address and Web address. IP and physical addresses, date and time stamp and the Web companies’ contact information must be included as well. McCain cited testimony to Senate Commerce that pinned poor followup on child porn reports to incomplete customer information provided by submitters, which prevents NCMEC from locating the proper law enforcement jurisdiction.
The bill would move the reporting requirement from U.S.C. 42 (health & welfare) to U.S.C. 18 (the federal criminal code), but also remove liability from Internet companies whose actions were “taken to comply” with the bill -- said to be a worry for smaller ISPs that still aren’t reporting. “Knowing and willful” failure to report would carry a $150,000 maximum initial fine and $300,000 maximum fine for subsequent violations. “Negligent” failure would earn $50,000 and $100,000 maximum fines. Online service providers aren’t required to monitor Internet users under the bill. The attorney general can distribute more than $20 million in grants to Internet Crimes Against Children task forces under the bill. It requires the attorney general and U.S. Trade Representative to encourage foreign govts. to fight child porn with U.S. law enforcement.
“I guess there are no immediate snakebites” in the McCain bill, which takes a “much cleaner approach” than DeGette’s proposal, Dave McClure, U.S. Internet Industry Assn. pres., told us. “We might quibble over an issue or two” -- how can a company “negligently” fail to report, and who decides whether reporting Mon. what was found Fri. is “timely"? The bill doesn’t specify that law enforcement needs a warrant to collect information after 180 days, but “that’s a detail” the Assn. will raise with McCain’s office, which McClure said was “always open to input.” McCain’s bill won’t affect support for DeGette’s broad data retention proposal because the latter never had momentum, and it’s the end of Congress, McClure said.
McCain’s bill also requires sex offenders to register their “active” e-mail addresses, IM and chat room names and “any other online identifiers they use” with sex offender registries, he said. Failure to do so would earn an unspecified fine, 10 years’ prison or both. Social networking sites are singled out in the sex-offender section, required to “implement effective measures to remove any Web page” associated with a sex offender’s Web identifier.
In a later statement, McCain and Schumer said they would introduce a bill next Congress with the same e-mail registry provisions, specifically intended for Internet companies to cross-check new members against. They applauded MySpace’s statement this week that it would block convicted sex offenders from the website through a joint effort with Sentinel Tech Holding to search existing state and federal sex offender databases against MySpace profiles. A spokeswoman for McCain clarified that his bill introduced this week would be reintroduced next Congress, separate from the e-mail registry bill with Schumer.
MySpace ignored the child porn reporting requirement in McCain’s bill. But Chief Security Officer Hemanshu Nigam praised the e-mail registry provision, which MySpace advocated in Hill hearings this year, as “a landmark moment in the history of Internet safety.” Nigam said that websites can “choose” to block sex offenders through the proposed e- mail registry, which seemed to water down the firm language on social networking sites at the end of McCain’s bill.
Internet safety nonprofit Enough Is Enough called the MySpace effort and McCain’s bill “the one-two punch needed” to protect kids online from predators. “While there is no silver bullet to protect all children from sexual predators, this effort exemplifies the power of the technology industry to make a substantial and significant impact to protect our children,” Pres. Donna Hughes said in a statement.