Online Safety and Technology Working Group Report Delivered

The Online Safety and Technology Working Group, formed one year ago as an outcome of the  “Protecting Children in the 21st Century” Act. This groups mission was to review industry efforts and provide recommendations that would increase child safety online through education, labeling and family safety technologies.

This group has now released their 148 page report: Youth Safety on a living internet which represents a solid amount of work by highly respected individuals in their fields – which makes it all the more frustrating that there isn’t at least one recommendation that we haven’t heard before. The report is an excellent study of where we’ve been, and even where we are. In the reports own words, “Any report about both the Internet and children is necessarily a freeze frame of a rapidly moving landscape”.  But what’s missing is an innovative vision that sculpts a safer future. Reiterating the same recommendations is likely to produce the same result.

Here are summary excerpts of the reports findings:


In the late ‘90s, experts advised parents to keep the family Internet connected computer in a high-traffic part of the house, but now parents must account for Internet access points built into many digital devices, including cell phones.

Research has told us that many of the early significant concerns regarding children and their use of the Internet, such as predation, exist but not nearly in the prevalence once believed. Other risks, such as cyberbullying, are actually much more common than thought – starting as early as 2nd grade for some children. Meanwhile, “new” issues such as “sexting” garner a great deal of media attention, though recent studies suggest it is not quite as common as initially believed.

Given all the above and the finding of the preceding task force (the ISTTF) that not all youth are equally at risk, it now seems clear that “one size fits all” is not a good strategy. Instead, a strong argument can be made for applying the Primary/Secondary/Tertiary model used in clinical settings and risk-prevention programs to Internet safety. This “levels of prevention” method would represent a tailored and scalable approach and factor in the high correlation between offline and online risk. The approach would also work in concert with non-fear-based, social-norms education, which promotes and establishes a baseline norm of good behavior online.

Research also shows that civil, respectful behavior online is less conducive to risk, and digital media literacy concerning behavior as well as consumption enables children to assess and avoid risk, which is why this subcommittee urges the government to promote nationwide education in digital citizenship and media literacy as the cornerstone of Internet safety.

Industry, NGOs, schools, and government all have established educational strategies; however effectiveness has not been adequately measured. At the federal level, while significant progress has been made with projects such as OnGuardOnline and NetCetera, more inter-agency coordination, public awareness-raising, and public-/private-sector cooperation are needed for national uptake in schools and local communities.


  1. Keep up with the youth-risk and social-media research, and create a web-based clearinghouse that makes this research accessible to all involved with online safety education at local, state, and federal levels.
  2. Coordinate Federal Government educational efforts.
  3. Provide targeted online-safety messaging and treatment.
  4. Avoid scare tactics and promote the social-norms approach to risk prevention.
  5. Promote digital citizenship in pre-K-12 education as a national priority.
  6. Promote instruction in digital media literacy and computer security in pre-K-12 education nationwide.
  7. Create a Digital Literacy Corps for schools and communities nationwide.
  8. Make evaluation a component of all federal and federally funded online safety education programs (evaluation involving risk-prevention expertise).
  9. Establish industry best practices.
  10. Encourage full, safe use of digital media in schools’ regular instruction and professional development in their use as a high priority for educators nationwide.
  11. Respect young people’s expertise and get them involved in risk-prevention education.


There is no quick fix or “silver bullet” solution to child safety concerns, especially given the rapid pace of change in the digital world. A diverse array of protective tools are currently available today to families, caretakers, and schools to help encourage better online content and communications. They are most effective as part of a “layered” approach to child online safety. The best of these technologies work in tandem with educational strategies, parental involvement, and other approaches to guide and mentor children, supplementing but not supplanting the educational and mentoring roles.

These products and services need to be designed with the needs of families in mind, being easy to use, accessible, flexible, and comprehensible for the typical parent. Industry should assist by continuing to formulate and refine best practices and self-regulatory systems to empower users with more information and tools so that they can make appropriate decisions for themselves and their families, including product settings that are defaulted in a thoughtful way.

Government should avoid rigid, top-down technological mandates and instead enhance funding and encourage collaborative, multi-faceted, and multi-stakeholder initiatives and approaches to enhance online safety via innovation and cooperation.


  1. Engage in ongoing awareness-building efforts.
  2. Promote greater transparency for parents as to what sort of content and information will be accessible and recorded with a given product when their children are online.
  3. Bake parental empowerment technologies and options possible into product development whenever possible.
  4. Develop a common set of terms, agreed upon by the industry, across similar technologies.
  5. Promote community reporting and policing on sites that host user-generated content.


Though mandated to study 42 U.S.C. § 13032, that section was repealed almost immediately after the mandate, and, accordingly, this subcommittee endeavored to compare and contrast § 13032 with its de facto replacement, now codified in 18 U.S.C. §§ 2258A through 2258D via the PROTECT Our Children Act of 2008. Although § 13032 was a significant step forward in requiring service providers to report apparent child pornography when discovered, it lacked specificity in several key areas, including what additional information relating to the reported content would be valuable for law enforcement and whether any explicit criminal immunity would be granted to service providers who were implicitly tasked with transmitting potentially illegal images to the National Center for Missing and Exploited Children (NCMEC).

As service providers as well as NCMEC, law enforcement, and prosecutors gained experienced under § 13032, its shortcomings became even more apparent. Service providers were concerned with the legal implications of transmitting illegal material and, without statutory guidance, law enforcement was often not receiving enough useful information from providers to push investigations forward. Sections 2258A et seq. improved on the previous provision by explicitly detailing the types of information service providers could include in a report, granting NCMEC more operational flexibility to route reports received, increasing fines, limiting liability for service providers both criminally and civilly, and quite creatively requiring providers to treat NCMEC’s notification of receipt of a report as a request to preserve relevant subscriber information.

The Act appears to have had a near instant impact on the volume of reports received by NCMEC, which recorded an increase of 84% from 2008-2009 and, at the time of this report, were on pace for an increase of 78% from 2009-2010.


  1. Task the appropriate executive agency with the objective to conduct a survey using an empirically reliable method to assess industry efforts to promote online safety by means of the new reporting provisions of § 2258A.
  2. Encourage outreach by NCMEC, government agencies, advocacy groups, and service providers to promote increased awareness of the PROTECT Our Children Act through education, information sharing efforts, and the establishment of sound practices for reporting and data preservation.
  3. Encourage nascent or smaller service providers who may lack the necessary networking contacts or experience to seek out meetings with NCMEC and law enforcement concerning the reporting and preservation provisions of the Act.
  4. Continue to encourage collaboration and information sharing among providers to develop new technologies that disrupt the transfer of online child pornography and facilitate reporting to NCMEC.
  5. Consider tax credits or other financial incentives to assist service providers in bearing the development and implementation costs associated with securely retaining data outside the course of normal business.
  6. Consider incentives for service providers to establish wellness programs for the employees who face the task of reviewing disturbing images of child sexual abuse in order to maintain compliance with the mandatory reporting requirements.


Data retention is a very contentious subject from a policy angle, fraught with conflicting needs and concerns from the perspective of the three groups represented in this report: law enforcement, industry, and consumer privacy.

While law enforcement understands the need to carefully consider all sides of the issue, they postulate that mandatory data retention sufficient to facilitate the effective investigation of online crimes is ultimately workable and will allow law enforcement to solve more crimes involving the sexual exploitation of children.

From the industry perspective, while the cost of data storage has drastically fallen over the years, the true cost of retaining data comes in the form of having to protect ever increasing amounts of end users’ private data from smarter and smarter criminals lurking on the Internet. Further assessment of the data preservation features enacted in the PROTECT Our Children Act, industry suggests, should occur before considering mandatory data retention.

The consumer privacy perspective offers that in addition to issues regarding free speech, mandatory data retention would be overly broad in that it would cover legitimate users and bad actors alike, would be accessible by subpoena without judicial oversight in many situations, and would create a highly valuable database target for information thieves.

In the end, it is about striking a balance between law enforcement’s legitimate need to investigate and prosecute crimes against children facilitated by the Internet, end-users’ legitimate privacy expectations, and the burden of data storage costs to ISPs and OSPs and their subsequent ability to operate as a business.


  1. ISPs and OSPs should have regular meetings and engage ICAC task forces and federal law enforcement agencies to cross-train on emerging threats, resolve operational glitches, and develop a set of evolving practices and procedures.
  2. Privacy concerns regarding vast amounts of stored data must be addressed.
  3. If they are to occur, data retention debates should happen at the federal level, so as not to add further confusion concerning competing regulations among states.
  4. Congress should assess the results of the data preservation procedures enacted in the PROTECT Our Children Act before considering mandatory data retention.
  5. We encourage you to read the full subcommittee reports contained in this document to grasp fully not only the insight contained in them, but also the twenty-six (26) recommendations we have provided.



Comments are closed.

%d bloggers like this: