In the two years since the REAL ID Act of 2005 was passed, there has been an upwelling of controversy and opposition to the Act among state officials; privacy, civil liberties and immigration advocates; and the general public. Members of Congress have been feeling pressure from their home states and individual constituents to do something about REAL ID. Senator Susan Collins (R-Maine) responded this morning by introducing an amendment (S. 563) to the 9/11 recommendations bill (S. 4) that would create a review committee and also extend the deadline for state implementation to two years after the Department of Homeland Security finalizes its proposed regulations (expected out tomorrow).

While Senator Collins’ amendment requires the review committee to provide Congress with suggested changes to the REAL ID Act itself, the bulk of the bill focuses on review of and changes to DHS’s proposed regulations. In fact, the amendment states that the committee must provide Congress with “a list of recommended amendments to the REAL ID Act of 2005 that would address any concerns that could not be resolved by regulation.” CDT believes that this approach is backward: the REAL ID Act itself poses so many privacy and civil liberties concerns that the statutory language should first be changed before any implementing regulations are considered.

CDT commends Senator Collins for wanting the DHS regulations to “include procedures and requirements to protect the Federal and State constitutional rights, civil liberties, and privacy rights of individuals.” However, this shifts responsibility for resolving the REAL ID controversy from Congress to a federal agency. The REAL ID Act itself is inherently flawed: for example, it mandates the creation of a nationwide electronic network for the sharing of personal information, and the retention of copies of highly sensitive documents (such as birth certificates, social security cards, passports, and utility bills); and it does not address the use of the new cards or the collection of personal information. The REAL ID Act also contains no mention of “privacy” anywhere in the statute. It is inappropriate to expect administrative regulations to make up for these statutory deficiencies.

What’s more, REAL ID is too controversial to be “fixed” by tacking an amendment onto a larger bill with little debate and no hearings (thus far). This is how the REAL ID Act was passed in the first place. The Act — which calls for the creation of a de facto national ID card — was pushed through Congress as an amendment to a must-pass funding bill for the war on terror and tsunami relief. It received no debate in the Senate and no hearings in either chamber. The Act thwarted a promising effort to convene multiple stakeholders — including privacy and civil liberties advocates — to create a comprehensive policy approach to address the problem of driver’s license and state ID card fraud while also protecting individual rights. CDT supports stand-alone legislation to amend the REAL ID Act, if not repeal it all together and start from scratch.

CDT this week signed onto a letter in support of Rep. Tom Allen’s (D-Maine) bill (H.R. 1117). CDT would also support a similar bill in the Senate, such as the one Senators Daniel Akaka (D-Hawaii) and John Sununu (R-N.H.) introduced in the 109th Congress (S. 4117). CDT also strongly encourages members of Congress to hold extensive hearings to get at the root of the driver’s license/state ID problem and come up with a thoughtful and comprehensive policy that will be effective while also protecting privacy and civil liberties.

Earlier today we filed comments with the Federal Trade Commission praising its recent settlement with Sony BMG Music Entertainment over the 2005 “rootkit” debacle.

As you may recall, in 2005, Sony BMG shipped a number of compact discs that included a new form of digital rights management (DRM) technology. When consumers attempted to play the discs on their computers, the DRM surreptitiously installed “rootkit” software. The DRM was designed to function in the background, where it was invisible to the average user. The DRM not only allowed Sony to monitor its customers’ activities — by opening the door to that surveillance, it also exposed affected computers to serious security threats.

As we point out in both our official comments and our press release, the settlement reaffirms core consumer rights in three key provisions:

• The first was that Sony BMG must clearly disclose the presence of DRM software and obtain affirmative consumer consent before installing the software. This requirement promotes the principle that consumers — not software distributors — should be in control of which applications are installed on their computers.
• Second, the FTC has required Sony BMG to obtain affirmative consumer consent prior to transmitting information about consumers, their computers, or their use of content back to Sony BMG servers. Importantly, the settlement says that these disclosures must be “unavoidable.” To us this would appear to mean that such disclosures should not be buried in end user license agreements (EULAS). This requirement reflects the fact that this kind of information transfer is a significant event from the consumer perspective, and that consumers deserve to be informed and given a choice about the collection and use of this information.
• Finally, the FTC has continued to promote the best practice of requiring software distributors to provide a reasonable and effective mechanism for consumers to uninstall their software.

By using this settlement as a template for future cases the FTC will set an important precedent that will benefit all players in the DRM and software markets, from legitimate producers and distributors all the way down to individual users.

The terms of the settlement also dovetail nicely with our DRM Metrics. Released last year, the DRM metrics aim to give consumers and product reviewers objective criteria to consider when evaluating the DRM included in a given product. The metrics are aimed at fostering greater public understanding and discussion of DRM, on the assumption that marketplace pressures from an informed consumer base can help promote a market for digital media products that is diverse, competitive, and responsive to reasonable consumer expectations.

[editors note: This post from CDT Deputy Director Ari Schwartz originally appeared on the Open House Project blog.]

American taxpayers spend over $100 million a year to fund the Congressional Research Service (CRS), which generates detailed reports relevant to current political events for lawmakers. But while the reports are non-classified, and play a critical role in our political process, neither Congress nor the CRS makes them freely available to the public.

To fill that inexplicable void, private entities have begun selling CRS reports, providing lobbyists inside access at a price, while ordinary citizens (whose tax dollars fund the reports in the first place) are left out in the cold.

I hope that Speaker Pelosi will rectify this inequity and provide pubic access to all public CRS reports via the Web.

I can’t say it any better than Senators John McCain (R-Ariz.) and Senator Patrick Leahy (D-Vt.) who have co-sponsored a bill that would finally make the reports available to the public.

Said McCain: “It is not fair for the American people to have to pay a third party for out-of-date products for which they have already footed the bill.”

Adds Leahy: “CRS performs invaluable research and produces first-rate reports on hundreds of topics. American taxpayers have every right to have direct access to these wonderful resources.”

Indeed, CRS reports provide non-biased, non-partisan analysis of the myriad subjects they cover. They are well researched and generally provide a useful introduction and more detailed facts that would be a perfect resource for the curious citizen. What’s more, the reports are a major tool for lawmakers considering new legislation, and as such are of tremendous value to advocates, researchers and academics.

Not surprisingly, the reports are also phenomenally popular with the public when they are made available.

In 2005, my organization, the Center for Democracy & Technology launched the now wildly popular OpenCRS Web site. We collect CRS reports from a number of sources including collections from groups — such as the Federation of American Scientists and the National Council for Science and the Environment — and from individual citizens who obtain the copies of the reports from their elected representatives and then submit them to OpenCRS.

OpenCRS contains 11,491 CRS reports and averages over 5,000 reports downloaded per day for a total of more than 3 million report downloads in less than two years. We built OpenCRS after becoming outraged that companies were charging up to $50 per report, which (in its own warped way) is another measure of their popularity.

The creators of OpenCRS would gladly welcome the posting of all reports from an official source. This would allow us to stop spending effort on gathering and posting reports and focus instead on adding functionality for the public, and maybe even for Congress. And what’s more, as happy as we are with the success of OpenCRS it will never be an adequate substitute for an official government site providing no-cost, real-time access to all of the CRS reports as they are published.

Critics of providing direct access to CRS reports suggest that it will change the way that Members of Congress must operate. In the words of Former Chairman of the House Administration Committee Bob Ney (R-OH), the biggest critic of posting CRS reports in the past:

“Let’s say that I’m working on an issue and I’m trying to look for some research that helps me to get my point across and, all of a sudden, the Congressional Research Service sends me over something and I read it and I say, ‘Oh, no, that’s not going to help.’ Let someone else do the research. Why give your opposition free research?”

The Toledo Blade responded to Ney’s concern very aptly in its 2003 editorial:

“We would answer that question by simply pointing out to Mr. Ney that he doesn’t own the information produced at taxpayer expense, the American public does. And anyone - everyone - has a right to see it.”

Making CRS reports directly available to the public would help provide transparency and accountability to the House’s daily business and would bring an end to a system that unfairly rewards those that have connections or the right resources to get special access to reports that are the rightful property of all taxpayers.

When it comes to children’s online safety, the policy debate is often framed by those who demonize the Internet and advocate for greater federal regulation, which often does little to actually protect children while also placing significant burdens on free expression. But a keynote panel entitled “Padora’s Box: Youth and the Internet” that I attended last week at the 2007 RSA Conference in San Francisco was a breath of fresh air because the participants largely emphasized education, including Internet “literacy,” as well as the use of technological tools to protect children and track the bad guys.

The panelists included Dr. Sharon Cooper, a pediatrician who treats victims of child abuse and who is also an instructor at the National Center for Missing & Exploited Children (NCMEC) where she focuses on Internet crimes against children; Drew Oosterbaan, who prosecutes child exploitation and obscenity cases for the Justice Department; Kevin Poulsen, a senior editor at Wired News; and Chris Kelly, the Chief Privacy Officer for Facebook, a popular social networking site.

Mr. Oosterbaan of DOJ made the sobering point that the Internet’s unique ability to allow people to quickly and cheaply communicate has allowed pedophiles to create an online community that reinforces their reprehensible tendencies; whereas would-be child predators in the past were much more insular and perhaps less likely to act out. He also stated that the Internet has encouraged the creating and sharing of photos and videos among pedophiles, and children whose abuse has been recorded are especially ashamed and are more likely to deny what happened. Thus an argument can be made that the Internet has exacerbated child sexual abuse. Yet this does not mean that the solution is to hamper the Internet’s ability to be an amazing resource for education, communication, entertainment and commerce – for children and adults alike.

Although he made the above statements, Mr. Oosterbaan was also quick to point out that children are at the greatest risk of being sexually abused by people they already know and people they interact with offline. Thus child predation is not suddenly a problem unique to the Internet. General education is important here, and education is something that CDT constantly stresses. Whether on- or offline, children must be encouraged not to talk to strangers, and also to question the authority of those they know; not to be afraid to remove themselves from an inappropriate, uncomfortable or awkward situation; and not to be afraid to report an inappropriate conversation or incident. In fact, a 2006 study found that, compared to a similar study conducted nearly six years earlier, there was a decline in the proportion of youth Internet users (ages 10 to 17) who communicated online with people they did not know in person – a finding that might be attributed to children being better educated and more savvy when it comes to their online activities.

Children must also be educated about sex and encouraged to make positive decisions for themselves. The same 2006 study found that 13% of children who use the Internet have received unwanted sexual solicitations online. But 90% of children who were solicited were ages 13 to 17; and 43% of the solicitors were under age 18, while 30% were between ages 18 and 25. These statistics suggest that teenage/young adult curiosity about sex is as much at play as is adult pedophilia. Mr. Kelly of Facebook stressed that schools should be key players in educating children about how to be safe online so that they can enjoy the benefits of the Internet without putting themselves at risk.

It is also critical that parents and caregivers be educated and engaged. The panel emphasized the prevention of child sexual abuse as well as the detection of signs after it has occurred. Dr. Cooper of NCMEC stated that parents should be highly involved in their children’s lives and not be afraid of invading their children’s privacy. With teens and pre-teens seeking greater independence from their parents, Dr. Cooper stated that parents should tell their children that the intention is to protect and not control them. When is comes to the Internet and social networking sites in particular, Dr. Cooper encouraged parents to ask their children to share the contents of their online profiles and to discuss the implications or risks of posting certain information. As for dealing with abuse after-the-fact, Mr. Oosterbaan stated that high school counselors are often “clueless” and that both parents and school officials must be involved enough to know when something is amiss with their children, as abused kids often remain silent.

Technology is also an important tool. Parents, schools and libraries can install software that blocks access to certain content or certain websites. Some parents also use keystroke loggers to monitor their children’s online activities. Mr. Kelly explained that Facebook’s staff voluntarily monitors rejected “friend requests” to determine if inappropriate solicitation is going on. Mr. Poulsen of Wired News agreed that some kind of routine monitoring of social networking sites would be beneficial. He stated that if an older man has an online profile that is suspicious – for example, he has lots of kids as “friends” or is even sending sexual messages to children – then that might warrant further investigation. In fact, Mr. Poulsen found a convicted sex offender’s profile on MySpace with the tag line “Love Knows No Age.” Mr. Oosterbaan stated that image search technology would make finding online child pornography easier and more efficient. And Dr. Cooper pondered whether it might someday be possible to retrieve or block live “webcam” broadcasts between adults and children; but she noted that child sexual abuse is to some extent moving beyond the Internet to cell phone cameras, for example. Mr. Kelly likened the use of such technologies as putting “lights in parks.”

Thus education and technology can go a long way to protect kids on- and offline, and to thwart those who would do them harm.

Following a familiar pattern over the past few years, Members of Congress are rushing to introduce bills they claim will protect children online – yet all too often, the bills in fact would not protect kids and would violate the U.S. Constitution. Unfortunately, ineffectiveness and unconstitutionality are not obstacles for proposals that Members can tout in press releases and in campaigns. Although protecting kids is a critical goal (I have two elementary school age kids myself), and although I am sure that all Representatives and Senators genuinely share that goal, all too often the rhetoric far outweighs the reality of what federal law can accomplish and what the First Amendment permits.

CDT has just released an analysis of all (we think) bills introduced in Congress so far this year aimed at protecting kids online. Among the most problematic proposals are returns of “mandatory labeling” requirements (terming a broad range of content to be “sexually explicit”) and the “Deleting Online Predators Act” (“DOPA”) (limiting kids’ access to social networking). Both of these proposals were pushed last year, but both garnered strong opposition from CDT and others, and thankfully neither made it through both houses of Congress.

Another highly problematic proposal that is being discussed in some circles – including on Capitol Hill – is a proposal that ISPs should be required to block access to a blacklist of alleged child pornography sites that the government assembles. The State of Pennsylvania enacted such a law in 2003, but the requirement had enormous harmful collateral consequences, and ultimately was held to be unconstitutional in a lawsuit initiated and won by CDT. In that case (in federal court in Philadelphia), we proved that in an effort to comply with Pennsylvania orders to block access to about 350 child pornography websites, the ISPs subject to the blocking orders ended up blocking access to more than 1.5 million wholly unrelated and innocent web sites. The judge declared that the law violated the First Amendment, and enjoined its enforcement. Moreover, this type of proposal would allow the federal government to block websites with no judicial oversight or review whatsoever.

Not all of the news from Congress is bad. One bill – H.R. 1008 – proposes a streamlining of federal efforts to protect kids online, as well as grants to educate kids about how to conduct themselves online (and what types of sites or people to avoid). This is the exact approach advocated by two “blue-ribbon” panels, as detailed more fully in CDT’s new analysis.

On the ugly front is one legislative proposal that is not discussed in our analysis. In S. 519 and H.R. 876, one section of the bill suggests that molesting a child after having contacted the child over the Internet is somehow more heinous than molesting a child after meeting the child on a playground. The bills propose to make the Internet an “aggravating factor,” leading to longer prison terms for some crimes. Although this proposal would probably be constitutional, it inappropriately demonizes the Internet, which in fact is an amazing and valuable resource for young people today.

One heartening (although non-scientific) sign is the overwhelming reaction on a Washington Post blog to a decision a few days ago by a judge who ruled that MySpace was not liable when a 13-year old lied to get on MySpace, and then was assaulted by a 19-year old she met there. A posting on the Washington Post’s technology blog asked an open ended question: “what do you think about the decision?” The overwhelming response was that the judge was correct, and the parents should take responsibility for supervising their child. This hints at a possible public appreciation of the fact that online sites like MySpace cannot as a practical matter police the interactions of their users, and that parents must step in to decide what is or is not appropriate for their kids.

The FTC Broadband Connectivity Competition Policy workshop finished up on Wednesday, and the Commission should be congratulated for holding an informative event that on the whole stuck closely to the issues.

CDT staff counsel David Sohn had the opportunity to participate on the last panel of the day. Although in such a position it can be difficult to say anything that has not been said already at the workshop, David opened by emphasizing that the Internet has brought us not only economic benefits, but societal benefits as well, including extraordinary opportunities for free speech and democratic participation. Economics were much more the focus of the workshop, but it is important to always keep in mind all of the reasons why we value the Internet to such a great extent. David and the other panelists got into many other details about broadband access and Internet neutrality – the transcript and webcast are available at the FTC Web site under “What Framework Best Promotes Competition and Consumer Welfare/Academic and Policy Panel.”

Many workshop participants cited recent papers and reports to support the claims they were making. We jotted down most of the ones that were mentioned – Chuck Goldfarb’s recent CRS Report on broadband access, the Joe Farrell/Phil Weiser paper on anti-trust and regulation of the Internet, the FCC’s most recent broadband report, and Tim Wu’s new wireless paper – and added them to CDT’s Net Neutrality Reading Room.

Yesterday was the first day of the FTC’s Broadband Connectivity Competition Policy public workshop, which is examining the competition and consumer protection issues involved with broadband Internet access, including Internet neutrality issues. There were two themes that came out of the first day that CDT was glad to observe: a desire to dig deeper into the intricacies of the issues being discussed, and a move to generate new thinking and original solutions beyond what has already been offered.

FTC Chairman Deborah Platt Majoras began the day by describing her desire to bring the information gleaned from dozens of in-depth private meetings on Internet connectivity issues into the public debate. Many other workshop participants also expressed the need to go beyond sound bites and drill down on the issues. Broadband Internet connectivity involves many complex technical, business, and legal arrangements. From the standpoint of an agency like the FTC which is contemplating its appropriate role in this area, it is of utmost importance that all of these complexities be fully understood. CDT has been working in this vein and is pleased to see that so many others feel the need to leave the rhetoric behind and gain a deeper understanding of the issues.

FTC Commissioner Jon Leibowitz kicked off the afternoon portion of the workshop by discussing his search for a “third way” solution to the Internet neutrality issue. Many of the day’s participants echoed this idea, discussing the need for balance in any policy that is adopted. Participants across the fields of economics, engineering, and consumer advocacy all expressed displeasure with extreme solutions. They are looking for original ideas that stakeholders on all sides will find workable, as is CDT. We were glad to hear this feeling expressed so many times, and we look forward to continuing to work together to develop solutions that everyone can agree on.

Videos and transcripts from all of the workshop’s panels and speakers are available here.

The copyright panel at the State of the Net Conference here in D.C. earlier this week was notable for a surprising degree of consensus. The panel, entitled “User-Generated Content — Can Copyright Tolerate Mixing & Mashing?” seemed to find basic agreement that:

• Mash-ups and sampling can play a legitimate and indeed valuable role in the creation of parodies and other new and transformative creative works.
• The current rights regimes for commercial content are too complex, with too many rights holders, for it to be feasible for would-be mashers and samplers to license all commercial content they use. So even if it is preferable in theory to require users to pay some type of licensing fees to the content owners (a point that panelists did not necessarily agree on), transaction costs may make such licensing impractical.
• On a more general level, the current copyright statute is too complex for a world where digital technologies have empowered widespread public participation in activities (creating, sharing, manipulating, and distributing creative content) governed by copyright.
• Congress should pass orphan works legislation.

Of course, the apparent consensus may owe a lot to the make up of the panel: Jim DeLong of PFF, Pam Samuelson of UC Berkeley, Steven Starr of Revver.com, and Rob Pegoraro of the Washington Post as moderator. Nobody directly representing the interests of the commercial content community — the folks whose content gets “mixed and mashed.” It would have been interesting to see if, where, and how vehemently any such representative would have dissented.