New Bill Demands ISPs Report Online Child Exploitation

The U.S. House of Representatives this week passed a new bill putting ISPs on notice they face big penalties for not reporting child pornography and other illegal exploitation of children online.

The Securing Adolescents From Exploitation Online (SAFE) Act carries a maximum fine of $150,000 for first-time offenders found guilty of “knowing and willful failure to make a report.” Repeat offenders can fines of up to $300,000.

The bill passed by a whopping 409-2 with Congressmen Ron Paul (R-Texas) and Paul Broun (R-Ga.) the only ones opposed.

Under the legislation, service providers are required to report the
illegal activity to the Washington D.C.-based National Center for Missing and Exploited Children (NCMEC) or to that organization’s CyberTipLine. The general public is also encouraged to report any instances of online child abuse or
exploitation to the CyberTipLine.

The bill (H.R. 3791) refers broadly to entities “engaged in providing an electronic communication service or a remote computing service to the public.) as being liable for not reporting illegal content.

This wide-ranging reference has raised concern about coffee shops and other local Wi-Fi providers being at risk for facilitating the display of illegal content they are generally not in a position to monitor.

But Larry Magid, a board member with the NCMEC, said those fears are unfounded.

“The point of these penalties is to provide a bigger stick to force compliance with existence laws,” Magid told InternetNews.com. “The major ISPs, to the best of my knowledge, have all been compliant in reporting illegal activity, but some of the smaller ones have not.”

Earlier this year privacy groups argued
against a predecessor to SAFE, the Internet Stopping Adults Facilitating the Exploitation of Today’s Youth Act of 2007 (SAFETY Act) because it required ISPs to retain specific customer data.

Under SAFETY, the U.S. Attorney General would have been required to issue ISP data retention requirements that privacy advocates feared could expand to include a user’s most frequently visited Web sites, instant messages and e-mail correspondence.

Meanwhile, language in the SAFE Act specifically states there is no requirement that “an electronic communication service provider or a remote computing service provider to monitor any user, subscriber, or customer of that provider.”

Magid said SAFE “isn’t about additional surveillance, but about
requirements that ISPs report illegal activities.”