(no subject)

Rohit Khare (khare@pest.w3.org)
Wed, 17 Apr 96 17:49:43 -0400

The CDA Challenge, Update #6
By Declan McCullagh / declan@well.com / Redistribute freely

In this update: BYU/CMU's Dan Olsen's net-censorship boondoggle
ACLU's 4/9 motion to suppress obscene images -- DENIED
The new "I am a child" Internet protocol
Who cares about kids: Who are the adults?
Olsen as an expert witness -- on what?

April 11, 1996

PITTSBURGH, PA -- The U.S. Department of Justice wants to split the
worldwide Internet into "adult" and "minor" sections.

That's their plan, assuming they can find someone to testify that this
audacious boondoggle is even remotely feasible under current
technology. If the DoJ gets this testimony in the record, then their
attorneys will argue that the Communications Decency Act is
constitutional and should be upheld.

Well, they found their man. The Justice Department stoolie who's
testifying tomorrow is none other than Dan R. Olsen, Jr., the incoming
director of the Human Computer Interaction Institute at Carnegie
Mellon University, now the head of the computer science department at
Brigham Young University.

Olsen concocted this scheme that he calls L18, for "Less than 18."
Under it, every net-user must label every USENET post, email message,
FTP site file, web page, chat room, IRC channel -- any collection of
public bits spewed on the Net -- if the content is "inappropriate for

If you think you're clever 'cuz you labeled some "indecent" materials
as suitable for kids, guess again, pal. Try that trick and the Feds'll
throw your ass in jail for two years and send you a bill for $250,000.
(Owners of anonymous remailers might be for in some surprise visits
from the Feds if their systems are used to post "indecent" stuff
that's labeled L18.)

The censorhappy geeks at Brigham Young University put together a demo
to prove that this scheme works. First Olsen stuck L18 tags on half
his web pages. Then they set up a "Netscape proxy server" so it denied
access to pages with L18 tags unless the user was verified as an
adult. The experiment was a success -- and a hit with the DoJ!

By now cybersavvy readers are wondering: "But how will a server know
how old a user is?"

The DoJ has a couple ideas that they're going to throw at the
three-judge panel in Philadelphia tomorrow. The government's idea
seems to be that if the judges accept even one of them, they'll uphold
the CDA. The DoJ's proposals are:

1. Servers with "indecent material" will register users as adults or
2. Every ISP will tag accounts as adults or minors.
3. A custom router will only allow users to access "indecent" sites
if an adult types in the password first.

Olsen's Grand Design for the Net incorporates Proposal #1. He's
pushing the idea that web servers or proxy servers with "indecent"
material will give out "adult verification passwords" before you can
access their web page. This means:

* A lengthy pre-registration process before you can access the site.
* The server has to keep a database with the identities of all the
adult users, complete with the credit card numbers that presumably
will be used for verification.
* If you want to access hundreds of web sites with "indecent"
material, you've got to get hundreds of different passwords.

If you run a web site with material that a Federal prosecutor anywhere
in the U.S. may find "indecent" or "patently offensive," under Olsen's
plan you have to verify that your users are adults.

Somehow, I don't expect overseas sites will go for this. What, doesn't
the DoJ realize that we're not just talking about the U.S. here?


It's not about cybercensorship. It's about cybersex.

At least that's what the DoJ wants everyone to believe. Justice
Department attorneys have been flooding the court with printouts of
hundreds of pages of dirty pictures, a lot of them pretty damn
raunchy. Some of them might even be "obscene" -- that is, they fall
into a legal class of images that flunk a three-part test that
includes only images without "serious literary, artistic, social,
political, or scientific value."

Pretty hardcore stuff. GIFs like coeds fraternizing with german
shepherds -- with the help of 25' of rubber tubing and a Tibetan yak.

On April 9, the ACLU/EFF plaintiffs filed a motion to close the
floodgates on the DoJ's deluge of porn, asking that the government be
barred from introducing exhibits "unless they believe in good faith
the material could not be prosecuted under existing obscenity or child
pornography laws."

The idea behind this motion was to educate the court and remind them
that the CDA outlaws "indecency," not "obscenity." EFF attorney Mike
Godwin explains the difference in his forthcoming book _Cyber Rights_:

The term "indecency," although never defined by Congress or the
courts, is a far broader concept than "obscenity" (examples of
"indecency" include George Carlin's famous "Seven Dirty Words"
monologues, at least some portions of Howard Stern's radio
broadcasts, and, according to one court, the text of Allen
Ginsberg's "Howl").

Not one of our plaintiffs has "obscene" or even titillating pictures
on our web sites, but all of us are subject to a $250,000 fine and two
years in prison if a minor stumbles across our URL.

Yesterday the court denied our motion, saying that it understood that
we weren't challenging obscenity laws and that, unlike the situation
that might occur if there were a jury, the judges would not be
prejudiced by any pictures introduced.

The court ruled *they* were capable of understanding the difference,
so there was no need to separate the materials. They did admit that we
had raised an important issue, and the court understood the reason for
the motion.

I guess we have to trust them.


There's a second way to answer the question of: "How do you know who
the children are?"

Another option the DoJ appears to be pushing -- we'll know details
tomorrow -- is this idea of reprogramming every computer on the
worldwide Internet to run software that tags users as adults or
minors, so a server will know whether it can send out "indecent"

This shifts the burden of establishing age-identity from the content
provider to the business or school giving out the Internet account.

It also would allow any unscrupulous net.lurker to troll for "I am a
child" tags and follow them back to the originating site -- not
exactly the best way to protect the children!

I should have realized this DoJ strategy earlier. Last week when I was
arguing with Bruce Taylor, an architect of the CDA, we went 'round and
'round on the issue of children on the Net. He maintained that every
Internet user has to have an account somewhere, so the provider of
that account can tag the user as a minor or adult.

I asked Taylor how his proposal was possible with the TCP/IP protocol
-- the nerve system the carries all the data flowing through the Net.
He replied that technical problems can be solved by technical people,
and wasn't there a new protocol being developed, anyway? Basically,
his position was: "Your side comes across to the court as saying that
it can be done but we won't do it. You're a bunch of geeks who want to
protect their porn and the court isn't going to buy it."

The "new protocol" being developed is IP Version 6, which the DoJ
zoomed in on in cross-examination of one of our witnesses, Scott
Bradner from the Internet Engineering Task Force:

13 Q Would it be fair to say, to summarize what you've just
14 said, that the IP Next Generation group is working on a new
15 generation of the IP Protocol itself?
16 A That is correct.
17 Q Does it have -- does the IP Next Generation group have
18 recommendations regarding a specific architecture of the
19 packet traffic on the Internet, including the format of the
20 packet?

The DoJ is going to argue that IPv6 can include such an adult/minor
tag in each datagram. Chris Hansen, the head of the ACLU's legal team,

Olsen is going to push this tagging idea that the government has,
that you can imbed in your tag -- in your address -- an adult or
minor tag. They're going to suggest that the market will come into
existence that will make that tagging relevant.

It's more like the *judicial penalties* will evolve to make the
tagging not just relevant, but mandatory! On the cypherpunks list,
Bill Frantz, a computer consultant, outlines one problem:

One of the migration paths suggested for IPV4 to IPV6 migration is
to tunnel IPV4 packets within IPV6 packets. IPV4 packets do not
provide for an adult/minor tag, so until the transition to IPV6 is
fairly well along, this approach will be ineffective.

If the people who are worried about minor's accessing smut want
something this century, they should go with PICS.

A member of the IETF replies:

Neither, for that matter, do IPv6 packets -- there is no provision
for them. Furthermore, were anyone to create an end to end header of
that sort, it would be eight bytes of wasted space in every packet
in the net, especially since the implementation of such a tag is a
technical impossibility as there is no way to force the originating
system to tell the truth.

The "high-touch" argument against this is important as the high-tech
one. I just received the following mail from someone who would be
unable to continue his work if the DoJ's IPv6 scheme is implemented:

We provide free anonymous access to the net to sexual abuse survivors.
We don't even know who they are, nor do we care - a lot of them are
hiding out from their perps, and to try and identify them would be a
tremendous breach of trust, as they are depending on us for their
anonymity, much as a reporter would protect their anonymous source.

I also have been told by these folks themselves that some of them are
under the age of 18 - hell, I've had a few that tell me that they are
13 or 14 years old, and that they are still at home, still being raped
by their perps. We provide an outlet for their frustrations, emptional
support, a community for them, people to talk to, and support for them
if they choose to report their abuse. None of this would be possible
if Taylor and friends had their way.

Sure, we could trace each and every one of them back to their
providers, and find out who they are, but I'm not going to do it, and
I'm perfectly willing to go to jail to protect their identities. My
integrity is worth a whole hell of a lot more than any government law.


The third way to answer the now-tiresome who-are-the-kiddies question
is to turn it on its head and ask: "Who are the adults?"

Hardware to answer that question already exists. The March 25 issue of
Interactive Week reports that Livingston Enterprises, Inc. has
colluded with Senator Exon's staff to design an "Exon box" -- a router
that lets ISPs cut off unrated or "indecent" or unrated sites. To get
around the block, an "adult" enters a secret password that tells the
router to open a session and let the packets flow.

Exon's staff is heralding this as an example of how easy it is to
comply with the CDA. The only problem is that, like many such
hamfisted censorship "solutions," it sucks, and it ain't going to
work. One of the original architects of the Internet, David P. Reed,

I do work to protect my children from inappropriate material, but
pressure from Senators to mandate technically flawed solutions, and
opportunistic, poorly thought-through technologies from companies
like Livingston are not helpful.


As I was writing this, I started wondering why Olsen got picked as the
DoJ's expert witness for tomorrow's hearing, especially when his
research is *not* in distributed computing environments and protocol
design. It's in human computer interaction and user interfaces.

One of Olsen's former students at Brigham Young University contacted
me last week, saying he had initially hoped that Olsen was "lending a
neutral opinion" on technical issues "but that hope proved false."

I asked if his former faculty member has "done any work relating to
distributed computing environments like the Internet?" His reply: "The
closest thing I'm aware of is a paper on interactive bookmarks."

Network engineering that ain't.

On April 7th I sent Olsen email, asking him: "What kind of research
have you done related to distributed computing environments like the

As of April 11, still no response -- even though he had replied to my
earlier messages almost immediately. (I wouldn't put it past the DoJ's
tame attack ferret, Jason Baron, to try and muzzle Olsen as well.)

Vanderbilt Professor Donna Hoffman writes about Olsen:

A colleague at CMU told me that Dan Olsen is largely an administrator
at BYU and will assume administrative duties at CMU as the temporary
head of the HCII... I've seen his vita and talked to some colleagues
in CS and related fields about his work and it doesn't seem that he
has done much, if any, research related to the distributed computing
environments like the Internet.

His vita is difficult to parse because he has numerous items I can't
identify - for example, are they book chapters, working papers,
proceedings? Where were they published? And so on.

He is the Editor of a new journal published by CACM which started a
few months ago, related to human-computer interaction. His main
research interest seems to be in user interface issues, but he
hasn't published much in scholarly journals so I would conclude that
his work has had little impact on the field.

(I should point out here that a member of the HCII at CMU sent me mail
saying that conference proceedings are the main form of publication in
the field.)

Still, I wonder why the DoJ couldn't get a real net-expert to defend
the CDA and the network protocol schemes they're proposing?

Grey Flannel Suit (aka Air Force Special Agent Howard A. Schmidt) is
going to take the stand tomorrow and do a live demonstration of how he
can find cybersleze on the Net. I can hardly wait!

Grey Flannel has been involved in a half-dozen porn prosecutions in
the past: two dealing with civilian porn sites and and four dealing
with military ones. From the deposition he gave in Washington, DC
earlier this week, the extent of his testimony seems to be: "I went
onto the Net and found dirty pictures."

The following clue as to Grey Flannel's history of porn-prosecutions
flowed into my mailbox the other day:

It would be interesting to find out if Schmidt was involved in _US v.
Maxwell_, 42 M.J. 568 (USAF Ct Crim App 1995), a military justice
case concerning a USAF colonel who used AOL to communicate "indecent
language" to another servicemember and to traffic in pornographic
matter. USAFOSI was clearly involved in the investigation, but no
agents are named in the opinion.

Flannel will be followed by our last witness, MIT's Albert Vezza, and
then Dan Olsen.

Stay tuned for more reports.


We're back in court on 4/12, possibly 4/15 as a last day of witness
testimony, 4/26 for rebuttal if necessary, and 6/3 for closing

Mentioned in this CDA update:

Michael Froomkin: "The Internet as a Source of Regulatory Arbitrage"
Wired: "How Anarchy Works -- Inside the Internet Engineering Task Force"
Net-Guru David Reed's article: "CDA may pervert Internet architecture"
Michael Froomkin's LONG article on anonymous remailers:
Dan Olsen at BYU <http://www.cs.byu.edu/info/drolsen.html>
BYU's censorship policy <http://advance.byu.edu/pc/releases/guidelines.html>
Internet Eng Task Force <http://www.ietf.org/>
Rimm ethics critique <http://www.cs.cmu.edu/~declan/rimm/>
Int'l Net-Censorship <http://www.cs.cmu.edu/~declan/zambia/>
CMU net-censorship <http://www.cs.cmu.edu/~kcf/censor>
University censorship <http://joc.mit.edu/>
Grey Flannel Suit <howardas@aol.com>

This report and previous CDA Updates are available at:

To subscribe to the fight-censorship mailing list for future CDA
updates and related net.censorship discussions, send "subscribe" in
the body of a message addressed to:

Other relevant web sites: