Cato Institute holds forum on the unintended consequences of sex offender registry laws

Today the Cato Institute held a forum “You may be a sex offender if …”.  The purpose of the event was to show the unintended consequences of the draconian sex offender registration laws that started with the Jacob Wetterling Act in 1994, requiring convicted sex offenders to register with local law enforcement, and Megan’s Law, in 1996, which required states to publish the information.

The Cato handout pointed out very venial offenses can result in sex offender registration.  These could include urinating in public, visiting prostitutes (in some states), and especially cell phone sexting by teenagers – of images of themselves.

Walter Olson, senior Cato Fellow, moderated.  The link for the event is here and a complete video from Cato is present there.

The first speaker was Lenore Skenazy, publicly known as founder of “Free-Range Kids” and leading the anti-helicopter parenting movement. She began her narrative with a tale of a 12 year old boy put in juvenile prison for a touching incident with a sister at home.  He was compelled in treatment to confess to acts he hadn’t committed, and forced to register for years.

She also discussed the case of Zach Anderson, who at 17 had sex with a 14 year old girl who admitted she had lied about her age online.  Although his sentence was reduced, it will still severely limit his young adult life and employment (no Internet content).  The original judge believed that his Internet use had been gratuitous, and that he should have been responsible for knowing the real age of the girl.

Skenazy tried an experiment, handing out 3×5 cards to the audience (rather like English class in high school for a pop quiz) and asking yes or no, had you ever committed one of a long list of possible offenses that could result in mandatory registration.  The final count was 28 to 10, yes.

Dara Lind from Vox Media also spoke, emphasizing the public shaming part of the registry enforcement. Crime is controlled by punishment, deterrence, rehabilitation, and incapacitation, which is what the mandatory registration is supposed to accomplish. She made a comparison to the “rotten apples” banning of films associated with shamed actors or media executives in the recent sexual harassment scandals and the #MeToo movement.

But it’s apparent that the “incapacitation” is enforced by the community rather than by the state per se.

I asked a question from the audience about the possibility of being framed for illegal content, especially possessing child pornography, by attacks from others.  This could come through phishing, malware (similar to ransomware, and this has happened a few times), or possibly direct hacking of websites owned by a business or person. This could be a technique of a terrorist group or of a foreign enemy (compare to North Korea’s hack of Sony in 2014).  I mentioned that possession of child pornography has been mentioned as an “absolute liability offense”, at least in conjunction with a case in Arizona back in 2006.  Mr. Olson said that the idea of “mens rea” (“I didn’t mean too”) is better understood in the courts with respect to the Internet now than it was a decade ago, when Internet use might have been seen as more gratuitously motivated.  (Does that shift “rebuttable presumption” back to innocence?”) Skenazy said that the idea could be quite scary especially for the less educated users and mentioned a case where someone with autism was convicted of such possession when the person clearly did not understand the offense.

There was lunch upstairs afterward.  During the luncheon, a Washington Blade reporter mentioned that gay placement on sex offender registries had occurred when sodomy laws were on the books, until Lawrence v. Texas in 2003;  a few men had trouble getting their names removed when sodomy laws were ruled unconstitutional.  It was also mentioned that in Florida, police have the option of placing red signs on the residences of sex offenders, a literal scarlet letter.

The discussion noted that California had been the first state with mandatory sex offender registries, and that men of color are proportionally more likely to be on registries than white men or any females.

See the Pingback reference on the July 19, 2016 on my own personal brush with this issue back in 2005 when I was working as a substitute teacher.  Unlikely coincidences created the problem, but it seemed quite serious at the time.  There is a lot of detail there to look at.

(Posted: Thursday, February 8, 2018 at 9:30 PM EST)

Downstream liability concerns for allowing others to use your business or home WiFi connection, and how to mitigate

A rather obscure problem of liability exposure, both civil and possibly criminal, can occur to landlords, businesses, hotels, or homeowners (especially shared economy users) who allow others to use their WiFi hubs “free” as a way to attract business.

Literature on the problem so far, even from very responsible sources, seems a bit contradictory.  The legal landscape is evolving, and it’s clear the legal system has not been prepared to deal with this kind of problem, just as is the case with many other Internet issues.

Most hotels and other venues offering free WiFi take the guest to a strike page when she enters a browser; the guest has to enter a user-id, password, and agree to terms and conditions to continue.  This interception can normally be provided with router programming, with routers properly equipped.  The terms and conditions typically say that the user will not engage in any illegal behavior (especially illegal downloads, or possibly downloading child pornography or planning terror attacks).  The terms may include a legal agreement to indemnify the landlord for any litigation, which in practice has been very uncommon so far in the hotel business.  The router may be programmed to disallow peer-to-peer.

There is some controversy in the literature as to whether Section 230 of the 1996 Telecommunications Act would hold hotels and businesses harmless.  But my understanding that Section 230 has more to do with a content service provider (like a discussion forum host or a blogging service provide) being held harmless for content posted by users, usually for claims of libel or privacy invasion.  A similarly spirited provision in the Digital Millennium Copyright Act of 1998, called Safe Harbor, would protect service providers for copyright infringement by users.  Even so, some providers, like Google with its YouTube platform, have instituted some automated tools to flag some kinds of infringing content before posting, probably to protect their long-term business model viability. Whether Section 230 would protect a WiFi host sounds less certain, to me at least.  A similar question might be posed for web hosting companies, although it sounds as though generally they are protected.  Web hosting companies, however, all say that they are required to report child pornography should they happen to find it, in their AUP’s. You can make a case for saying that a telecommunications company is like a phone company, an utility, so a hotel or business is just extending a public utility. (That idea also mediates the network neutrality debate, which is likely to become more uncertain under a president Trump.)

Here’s a typical reference on this problem for hotels and businesses.

A more uncertain environment would exist for the sharing economy, especially home sharing services like Airbnb.  Most travelers probably carry their own laptops or tablets and hotspots (since most modern smart phones can work as hotspots) so they may not need to offer it, unless wireless reception is weak in their homes.  Nevertheless, some homeowners have asked about this.  These sorts of problems may even be more problematic for families, where parents are not savvy enough to understand the legal problems their teen kids can cause, or they could occur in private homes where roommates share telecommunications accounts, or where a landlord-homeowner takes in a boarder, or possibly even a live-in caregiver for an elderly relative.  The problem may also occur when hosting asylum seekers (which is likely to occur in private homes or apartments), and less often with refugees (who more often are housed in their own separate apartment units).

It’s also worth noting that even individual homeowners have had problems when their routers aren’t properly secured, and others are able to pick up the signal (which for some routers can carry a few hundred feet) and abuse it.  In a few cases (at least in Florida and New York State) homeowners were arrested for possession of child pornography and computers seized, and it took some time for homeowners to clear themselves by showing that an outside source had hijacked the connection.

Comcast, among other providers, is terminating some accounts with repeated complaints of illegal downloads through a home router.  In some countries, it is possible for a homeowner to lose the right to any Internet connection forever if this happens several times, even If others caused the problem.

Here are a couple of good articles on the problem at How-to-Geek and Huffington, talking about the Copyright Alerts System.  Some of this mechanism came out of the defeated Stop Online Piracy Act (SOPA), whose well-deserved death was engineering in part by Aaron Swartz, “The Internet’s Own Boy”, who tragically committed suicide in early 2013 after enormous legal threats from the Obama DOJ himself.

Along these lines, it’s well to understand that automated law enforcement and litigation scanning tools to look for violations are becoming more common on the Internet.  It is now possible to scan cloud backups for digital watermarks of known child pornography images, and it may become more common in the future to look for some kinds of copyright infringement or legal downloads this way (although content owners are good enough detecting the downloading themselves when it is done through P2P).

Generally, the best advice seems to be to have a router with guest-router options, and to set up the guest account to block P2P and also to set up OpenDNS.  An Airbnb community forum has a useful entry here.  Curiously, Airbnb itself provides a much more cursory advisory here, including ideas like locking the router in a closet (pun).

I have a relatively new router and modem combo from Comcast myself.  I don’t see any directions as to how to do this in what came with it.  I will have to call them soon and check into this.  But here is a typical forum source on guest accounts on Xfinity routers.  One reverse concern, if hosting an asylum seeker, could be that the guest needs to use TOR to communicate secretly with others in his or her home country.

It’s important to note that this kind of problem has come some way in the past fifteen years or so.  It used to be that families often had only one “family computer” and the main concerns could be illegal content that could be found on a hard drive.  Now, the concern migrates to abuse of the WiFi itself, since guests are likely to have their own laptops or tablets and storage devices.  There has also been some evolution on the concept of the nature of liability.  Up until about 2007 or so, it was common to read that child pornography possession was a “strict liability offense”, which holds the computer owner responsible regardless of a hacker or other user put it there (or if malware did).  In more recent years, police and prosecutors have indeed sounded willing to look at the usual “mens rea” standard.  One of my legacy blogs has a trace of the history of this notion here; note the posts on Feb. 3 and Feb. 25 2007 about a particularly horrible case in Arizona.  Still, in the worst situations, an “innocent” landlord could find himself banned from Internet accounts himself.  The legal climate still has to parse this idea of downstream liability (which Section 230 and Safe Harbor accomplish to some extent, but evoking considerable public criticism about the common good), with a position on how much affirmative action it wants those who benefit from technology to remain proactive to protect those who do not.

(Posted: Monday, January 9, 2017 at 10:45 PM EST)

Update: Tuesday, Jan 24, 2017, about 5 PM EST

Check out this Computerworld article (Michael Horowitz, “Just say No” [like Nancy Reagan] June 27, 2015) on how your “private hotspot” Xfinitywifi works.  There’s more stuff below in the comments I posted .  To me, the legal situation looks ambiguous (I’ve sent a question about this to Electronic Frontier Foundation; see pdf link in comment Jan. 24).  If you leave your router enabled, someone could sign onto it (it looks if they have your Xfinity account password, or other password if you changed it).  Comcast seems to think this is “usually” OK because any abuse can be separated to the culprit.