Cybertelecom
Cybertelecom
Federal Internet Law & Policy
An Educational Project

Reporting Child Pornography

Dont be a FOOL; The Law is Not DIY
- 1st Amendment
- CDA
- Internet Freedom
- Children, Protection
- - COPA
- - CIPA
- - CPPA
- - Child Porn
- - Child Porn, Reporting
- - Protect Act
- - V Chip
- - Deceptive Content
- - Sex Offenders
- - Privacy
- Filters
- - Notification
- SPAM Labels
- Taxes
- Reports
- Obscenity
- Annoy
- ISP
- Good Samaritan Defense
- Notes

:: Home ::
:: Store ::
:: Feedback ::
:: Disclaimer ::
:: Sitemap ::

One of the most important charges of law enforcement is to protect our children from harm, to protect our youngest from those who would abuse and exploit them. Children may be only 25 percent of our population, but they are 100 percent of our future. - Attorney General John Ashcroft

One of the lessons of the 105th Congress is be careful what you ask for.  The Internet community argued that the Federal government has no business policing the Internet.  Congress agreed - and passed a number of new laws that forces ISPs themselves to police the Internet.  The first of these laws is the Child Protection and Sexual Predator Punishment Act of 1998 (the other law was the Digital Millennium Copyright Act). 

See GAO Report on Cybertipline, Pending

One of the provisions of this lengthy legislation is Sec. 113, Reporting of Child Pornography by Electronic Communication Service Providers.  This provision requires ISPs, when they become aware of potential child pornography, to report this information to the National Center for Missing and Exploited Children (NCMEC).  If they do not, they face fines.  Note that this does not require ISPs to go out and affirmatively monitor their systems for bad stuff.  It only states that when knowledge is acquired, then action must be taken. [42 U.S.C. § 13032(e)] [See ECPA] [US v Richardson (4th Cir)]

In return for becoming cybercops, ISPs are granted immunity from prosecution for any action taken in good faith to comply with this Act.  The Electronic Privacy and Information Center point out that this gives the falsely-accused little recourse for the actions of ISPs.

In the middle of the 2008 election season and implosion of the US economy, Congress passed VP-wannabe Sen. Biden's PROTECT Our Children Act with an amendment. The Amendment was Prez-wannabe Sen. McCain's SAFE Act which replaced Sec. 113 of the Child Protection and Sexual Predator Punishment Act, creating a new law in the criminal code, 18 USC § 2258A. Sen. McCain's amendment repealed old law. [Pub. Law 110-401 title V, Sec. 501(b)(1), Oct. 13, 2008, 122 Stat. 4251 (Section 227 of the Crime Control Act of 1990 (42 U.S.C. 13032) is repealed) ]

A side-by-side comparison of the repealed and the new law is below.

Reports can be made to

The Cyber Tip Line
National Center for Missing and Exploited Children
www.cybertipline.com
1-800-843-5678

The National Center for Missing and Exploited Children must then report this information to the designated law enforcement agency with jurisdiction over the protection of children. [28 CFR § 81.1] [See also USDOJ: How to Report Child Pornography]

The Electronic Privacy and Information Center points out what a tremendous change in the law this is.  Under the Electronic Communications Privacy Act, an ISP could not turn information over to law enforcement officials without a warrant.  However, this Act requires, without a warrant, ISPs to turn over whatever information they might acquire. Congress solved this problem by amending ECPA to permit disclosure pursaunt to 43 USC 13032. [18 U.S.C. § 2702(b)(6)]

See also Child Pornography Protection Act

National Center for Missing and Exploited Children (NCMEC)

Derived From: GAO Combating Child Pornography GAO-11-334, p. 9-10 (March 2011)

"NCMEC is a private, nonprofit organization that serves as the nation's resource center for child protection. NCMEC's mission is to assist in the location and recovery of missing children and to prevent the abduction, molestation, sexual exploitation, and victimization of children. NCMEC is congressionally authorized to carry out certain tasks with grant funding it receives through a cooperative agreement with OJJDP.20 According to NCMEC, for calendar year 2009, NCMEC received about 77 percent of its funding from federal sources, with the remainder coming from other revenue and support, such as corporate and private donations. From fiscal years 2008 through 2010, NCMEC operated the CyberTipline at a cost of about $7.6 million, an average of $2.5 million per year excluding support by computer programmers."

"In support of its mission and consistent with the Missing Children's Assistance Act, NCMEC maintains a 24-hour, toll-free telephone tipline for leads from individuals reporting the sexual exploitation of children and information on the possession, manufacture, or distribution of child pornography. NCMEC also coordinates public and private programs to locate missing children; offers technical assistance, training, and consultation to law enforcement agencies; and has developed specialized training programs and materials for law enforcement personnel." 

"NCMEC also maintains the CyberTipline to receive tips on child pornography from ESPs, which are required under the Act to report to NCMEC any instances when they become aware of apparent child pornography on their networks, as well as from the general public.21 ESPs that have registered with NCMEC can provide reports to the CyberTipline through a secure reporting form.22 NCMEC reported that as of December 31, 2010, 738 ESPs had registered out of an estimated 5,000 ESPs. According to NCMEC officials, it is difficult to identify the total number of ESPs or those that have not registered with NCMEC because there is no single source or list of the universe of ESPs. Based on our discussions with ESPs, they vary by types of services provided, ranging from access points to the Internet, search engines, and classified advertisements, to social networking sites. They may offer paid and free services, and have thousands or millions of customers. NCMEC reported that from January 1, 2008, through December 31, 2010, 194 registered ESPs made about 248,000 reports to the CyberTipline."

Side By Side Comparison

It's not immediately apparent what is the new McCain SAFE Act Provisions bring to the table, so to elucidate, here is a side-by-side, comparing the new legislation to the old statute (it's a bit of a hack job but the language parallels pretty well. Old language is on the left in Green. New language is on the right; new and different language is highlighted in red)

  42 USC 13032 Repealed New 18 USC 2258A (Sen. McCain's SAFE Act)
Definitions

(a) Definitions In this section-

(1) the term "electronic communication service" has the meaning given the term in section 2510 of title 18 ; and

(2) the term "remote computing service" has the meaning given the term in section 2711 of title 18 .

Who has the Duty (b) Requirements (1) Duty to report.- Whoever, while engaged in providing an electronic communication service or a remote computing service to the public, through a facility or means of interstate or foreign commerce,

(a) Duty To Report- (1) IN GENERAL- Whoever, while engaged in providing an electronic communication service or a remote computing service to the public through a facility or means of interstate or foreign commerce,

What triggers the Duty

obtains knowledge of facts or circumstances

from which a violation of section 2251 , 2251A , 2252 , 2252A , 2252B , or 2260 of title 18 , involving child pornography (as defined in section 2256 of that title), or a violation of section 1466A of that title, is apparent,

shall, as soon as reasonably possible, . . . . .

obtains actual knowledge of any facts or circumstances

described in paragraph (2)

shall, as soon as reasonably possible--

. . . . .

`(2) FACTS OR CIRCUMSTANCES- The facts or circumstances described in this paragraph are any facts or circumstances from which there is an apparent violation of--

`(A) section 2251, 2251A, 2252, 2252A, 2252B, or 2260 that involves child pornography; or

`(B) section 1466A.

Monitoring (e) Monitoring not required Nothing in this section may be construed to require a provider of electronic communication services or remote computing services to engage in the monitoring of any user, subscriber, or customer of that provider, or the content of any communication of any such person.

`(f) Protection of Privacy- Nothing in this section shall be construed to require an electronic communication service provider or a remote computing service provider to--

`(1) monitor any user, subscriber, or customer of that provider;

`(2) monitor the content of any communication of any person described in paragraph (1); or

`(3) affirmatively seek facts or circumstances described in sections (a) and (b).

Duty make a report of such facts or circumstances

`(A) provide. . .

`(B) make a report of such facts or circumstances

To Whom to the Cyber Tip Line at the National Center for Missing and Exploited Children,

to the CyberTipline of the National Center for Missing and Exploited Childre, or any successor to the CyberTipline operated by such center,

to the CyberTipline, or any successor to the CyberTipline operated by such center.

What must be reported (d) Limitation of information or material required in report A report under subsection (b)(1) of this section may include additional information or material developed by an electronic communication service or remote computing service, except that the Federal Government may not require the production of such information or material in that report.

the mailing address, telephone number, facsimile number, electronic mail address of, and individual point of contact for, such electronic communication service provider or remote computing service provider; and

. . .

`(b) Contents of Report- To the extent the information is within the custody or control of an electronic communication service provider or a remote computing service provider, the facts and circumstances included in each report under subsection (a)(1) may include the following information:

`(1) INFORMATION ABOUT THE INVOLVED INDIVIDUAL- Information relating to the identity of any individual who appears to have violated a Federal law described in subsection (a)(2), which may, to the extent reasonably practicable, include the electronic mail address, Internet Protocol address, uniform resource locator, or any other identifying information, including self-reported identifying information.

`(2) HISTORICAL REFERENCE- Information relating to when and how a customer or subscriber of an electronic communication service or a remote computing service uploaded, transmitted, or received apparent child pornography or when and how apparent child pornography was reported to, or discovered by the electronic communication service provider or remote computing service provider, including a date and time stamp and time zone.

`(3) GEOGRAPHIC LOCATION INFORMATION-

`(A) IN GENERAL- Information relating to the geographic location of the involved individual or website, which may include the Internet Protocol address or verified billing address, or, if not reasonably available, at least 1 form of geographic identifying information, including area code or zip code.

`(B) INCLUSION- The information described in subparagraph (A) may also include any geographic information provided to the electronic communication service or remote computing service by the customer or subscriber.

`(4) IMAGES OF APPARENT CHILD PORNOGRAPHY- Any image of apparent child pornography relating to the incident such report is regarding.

`(5) COMPLETE COMMUNICATION- The complete communication containing any image of apparent child pornography, including--

`(A) any data or information regarding the transmission of the communication; and

`(B) any images, data, or other digital files contained in, or attached to, the communication.

Disclosure to Law Enforcement

which shall forward that report to a law enforcement agency or agencies designated by the Attorney General. . . .

(3) In addition to forwarding such reports to those agencies designated in subsection (b)(2) of this section, the National Center for Missing and Exploited Children is authorized to forward any such report to an appropriate official of a state or subdivision of a state for the purpose of enforcing state criminal law.

. . . . .

(f) Conditions of disclosure of information contained within report

(1) In general No law enforcement agency that receives a report under subsection (b)(1) of this section shall disclose any information contained in that report, except that disclosure of such information may be made-

(A) to an attorney for the government for use in the performance of the official duties of the attorney;

(B) to such officers and employees of the law enforcement agency, as may be necessary in the performance of their investigative and recordkeeping functions;

(C) to such other government personnel (including personnel of a State or subdivision of a State) as are determined to be necessary by an attorney for the government to assist the attorney in the performance of the official duties of the attorney in enforcing Federal criminal law; or

(D) where the report discloses a violation of State criminal law, to an appropriate official of a State or subdivision of a State for the purpose of enforcing such State law.

(2) Definitions In this subsection, the terms "attorney for the government" and "State" have the meanings given those terms in Rule 54 of the Federal Rules of Criminal Procedure.

`(c) Forwarding of Report to Law Enforcement-

`(1) IN GENERAL- The National Center for Missing and Exploited Children shall forward each report made under subsection (a)(1) to any appropriate law enforcement agency designated by the Attorney General under subsection (d)(2).

`(2) STATE AND LOCAL LAW ENFORCEMENT- The National Center for Missing and Exploited Children may forward any report made under subsection (a)(1) to an appropriate law enforcement official of a State or political subdivision of a State for the purpose of enforcing State criminal law.

`(3) FOREIGN LAW ENFORCEMENT-

`(A) IN GENERAL- The National Center for Missing and Exploited Children may forward any report made under subsection (a)(1) to any appropriate foreign law enforcement agency designated by the Attorney General under subsection (d)(3), subject to the conditions established by the Attorney General under subsection (d)(3).

`(B) TRANSMITTAL TO DESIGNATED FEDERAL AGENCIES- If the National Center for Missing and Exploited Children forwards a report to a foreign law enforcement agency under subparagraph (A), the National Center for Missing and Exploited Children shall concurrently provide a copy of the report and the identity of the foreign law enforcement agency to--

`(i) the Attorney General; or

`(ii) the Federal law enforcement agency or agencies designated by the Attorney General under subsection (d)(2).

. . . . .

`(g) Conditions of Disclosure Information Contained Within Report-

`(1) IN GENERAL- Except as provided in paragraph (2), a law enforcement agency that receives a report under subsection (c) shall not disclose any information contained in that report.

`(2) PERMITTED DISCLOSURES BY LAW ENFORCEMENT-

`(A) IN GENERAL- A law enforcement agency may disclose information in a report received under subsection (c)--

`(i) to an attorney for the government for use in the performance of the official duties of that attorney;

`(ii) to such officers and employees of that law enforcement agency, as may be necessary in the performance of their investigative and recordkeeping functions;

`(iii) to such other government personnel (including personnel of a State or subdivision of a State) as are determined to be necessary by an attorney for the government to assist the attorney in the performance of the official duties of the attorney in enforcing Federal criminal law;

`(iv) if the report discloses a violation of State criminal law, to an appropriate official of a State or subdivision of a State for the purpose of enforcing such State law;

`(v) to a defendant in a criminal case or the attorney for that defendant, subject to the terms and limitations under section 3509(m) or a similar State law, to the extent the information relates to a criminal charge pending against that defendant;

`(vi) subject to subparagraph (B), to an electronic communication service provider or remote computing provider if necessary to facilitate response to legal process issued in connection to a criminal investigation, prosecution, or post-conviction remedy relating to that report; and

`(vii) as ordered by a court upon a showing of good cause and pursuant to any protective orders or other conditions that the court may impose.

. . . . .

`(B) LIMITATIONS-

`(i) LIMITATIONS ON FURTHER DISCLOSURE- The electronic communication service provider or remote computing service provider shall be prohibited from disclosing the contents of a report provided under subparagraph (A)(vi) to any person, except as necessary to respond to the legal process.

`(ii) EFFECT- Nothing in subparagraph (A)(vi) authorizes a law enforcement agency to provide child pornography images to an electronic communications service provider or a remote computing service.

`(3) PERMITTED DISCLOSURES BY THE NATIONAL CENTER FOR MISSING AND EXPLOITED CHILDREN- The National Center for Missing and Exploited Children may disclose information received in a report under subsection (a) only--

`(A) to any Federal law enforcement agency designated by the Attorney General under subsection (d)(2);

`(B) to any State, local, or tribal law enforcement agency involved in the investigation of child pornography, child exploitation, kidnapping, or enticement crimes;

`(C) to any foreign law enforcement agency designated by the Attorney General under subsection (d)(3); and

`(D) to an electronic communication service provider or remote computing service provider as described in section 2258C.

Penalty for Failure to Report

(4) Failure to report.- A provider of electronic communication services or remote computing services described in paragraph (1) who knowingly and willfully fails to make a report under that paragraph shall be fined-

(A) in the case of an initial failure to make a report, not more than $50,000; and

(B) in the case of any second or subsequent failure to make a report, not more than $100,000.

`(e) Failure To Report- An electronic communication service provider or remote computing service provider that knowingly and willfully fails to make a report required under subsection (a)(1) shall be fined--

`(1) in the case of an initial knowing and willful failure to make a report, not more than $150,000; and

`(2) in the case of any second or subsequent knowing and willful failure to make a report, not more than $300,000.

Designation of Agent

(2) Designation of agencies.- Not later than 180 days after October 30, 1998, the Attorney General shall designate the law enforcement agency or agencies to which a report shall be forwarded under paragraph (1).

`(d) Attorney General Responsibilities-

`(1) IN GENERAL- The Attorney General shall enforce this section.

`(2) DESIGNATION OF FEDERAL AGENCIES- The Attorney General shall designate promptly the Federal law enforcement agency or agencies to which a report shall be forwarded under subsection (c)(1).

`(3) DESIGNATION OF FOREIGN AGENCIES- The Attorney General shall promptly--

`(A) in consultation with the Secretary of State, designate the foreign law enforcement agencies to which a report may be forwarded under subsection (c)(3);

`(B) establish the conditions under which such a report may be forwarded to such agencies; and

`(C) develop a process for foreign law enforcement agencies to request assistance from Federal law enforcement agencies in obtaining evidence related to a report referred under subsection (c)(3).

`(4) REPORTING DESIGNATED FOREIGN AGENCIES- The Attorney General shall maintain and make available to the Department of State, the National Center for Missing and Exploited Children, electronic communication service providers, remote computing service providers, the Committee on the Judiciary of the Senate, and the Committee on the Judiciary of the House of Representatives a list of the foreign law enforcement agencies designated under paragraph (3).

`(5) SENSE OF CONGRESS REGARDING DESIGNATION OF FOREIGN AGENCIES- It is the sense of Congress that--

`(A) combating the international manufacturing, possession, and trade in online child pornography requires cooperation with competent, qualified, and appropriately trained foreign law enforcement agencies; and

`(B) the Attorney General, in cooperation with the Secretary of State, should make a substantial effort to expand the list of foreign agencies designated under paragraph (3).

Notification to Internet Service  

`(6) NOTIFICATION TO PROVIDERS- If an electronic communication service provider or remote computing service provider notifies the National Center for Missing and Exploited Children that the electronic communication service provider or remote computing service provider is making a report under this section as the result of a request by a foreign law enforcement agency, the National Center for Missing and Exploited Children shall--

`(A) if the Center forwards the report to the requesting foreign law enforcement agency or another agency in the same country designated by the Attorney General under paragraph (3), notify the electronic communication service provider or remote computing service provider of--

`(i) the identity of the foreign law enforcement agency to which the report was forwarded; and

`(ii) the date on which the report was forwarded; or

`(B) notify the electronic communication service provider or remote computing service provider if the Center declines to forward the report because the Center, in consultation with the Attorney General, determines that no law enforcement agency in the foreign country has been designated by the Attorney General under paragraph (3).

Preservation of Records  

`(h) Preservation-

`(1) IN GENERAL- For the purposes of this section, the notification to an electronic communication service provider or a remote computing service provider by the CyberTipline of receipt of a report under subsection (a)(1) shall be treated as a request to preserve, as if such request was made pursuant to section 2703(f).

`(2) PRESERVATION OF REPORT- Pursuant to paragraph (1), an electronic communication service provider or a remote computing service shall preserve the contents of the report provided pursuant to subsection (b) for 90 days after such notification by the CyberTipline.

`(3) PRESERVATION OF COMMINGLED IMAGES- Pursuant to paragraph (1), an electronic communication service provider or a remote computing service shall preserve any images, data, or other digital files that are commingled or interspersed among the images of apparent child pornography within a particular communication or user-created folder or directory.

`(4) PROTECTION OF PRESERVED MATERIALS- An electronic communications service or remote computing service preserving materials under this section shall maintain the materials in a secure location and take appropriate steps to limit access by agents or employees of the service to the materials to that access necessary to comply with the requirements of this subsection.

`(5) AUTHORITIES AND DUTIES NOT AFFECTED- Nothing in this section shall be construed as replacing, amending, or otherwise interfering with the authorities and duties under section 2703.

Liability Limitation

(c) Civil liability No provider or user of an electronic communication service or a remote computing service to the public shall be held liable on account of any action taken in good faith to comply with or pursuant to this section.

`SEC. 2258B. LIMITED LIABILITY FOR ELECTRONIC COMMUNICATION SERVICE PROVIDERS, REMOTE COMPUTING SERVICE PROVIDERS, OR DOMAIN NAME REGISTRAR.

`(a) In General- Except as provided in subsection (b), a civil claim or criminal charge against an electronic communication service provider, a remote computing service provider, or domain name registrar, including any director, officer, employee, or agent of such electronic communication service provider, remote computing service provider, or domain name registrar arising from the performance of the reporting or preservation responsibilities of such electronic communication service provider, remote computing service provider, or domain name registrar under this section, section 2258A, or section 2258C may not be brought in any Federal or State court.

`(b) Intentional, Reckless, or Other Misconduct- Subsection (a) shall not apply to a claim if the electronic communication service provider, remote computing service provider, or domain name registrar, or a director, officer, employee, or agent of that electronic communication service provider, remote computing service provider, or domain name registrar--

`(1) engaged in intentional misconduct; or

`(2) acted, or failed to act--

`(A) with actual malice;

`(B) with reckless disregard to a substantial risk of causing physical injury without legal justification; or

`(C) for a purpose unrelated to the performance of any responsibility or function under this section, sections 2258A, 2258C, 2702, or 2703.

`(c) Minimizing Access- An electronic communication service provider, a remote computing service provider, and domain name registrar shall--

`(1) minimize the number of employees that are provided access to any image provided under section 2258A or 2258C; and

`(2) ensure that any such image is permanently destroyed, upon a request from a law enforcement agency to destroy the image.

Laws

Legislation

Caselaw

Papers

Links

News