Pennsylvania Refuses to Disclose Banned Website List

koehn writes "In an interesting turn of events, the Attorney General of Pennsylvania has ordered all PA ISPs to block sites that have child porn. If that's not bad enough, they won't tell you which sites those are because - so the excuse goes - that could be construed as 'disseminating pornography.' So much for public review, huh?" See the previous story.

Bad for Who?

[Ken@WearableTech]

the Attorney General of Pennsylvania has ordered all PA ISPs to block sites that have child porn. If that's not bad enough...

Waa... Hunh... I had to read this a few times to realize it's not supposed be a joke.

Bad enough for who?

Re:Bad for Who?

[nick+this]

Several things that bother me about it:

1. It's a slippery slope. Once the goverment decides that its job is to censor web sites, where does it stop? All pornography? Terrorist sites? Legitimate news sites from "terrorist countries"? Legitimate news sites period? Bad precedent, in my opinion.

2. This is a job that should be done at the end-user location. Want to surf safely? Don't surf on machines that don't have content filtering programs on them. Want your child to surf safely? Don't let him/her surf on machines that don't have content filtering programs on them.

3. Lastly, what are we protecting people from? It's an evil world, and evil stuff exists out there. We can't ignore it. And hiding it doesn't make it go away. I'm not sure what this fundamentally accomplishes.

Re:Bad for Who?

[Thomas+M+Hughes]

I think you misunderstand the purpose of blocking access to child pornography. There are two reasons why child pornography is considered absolutely horrific by people:

1) They think its gross that someone gets aroused looking at a child.

2) Making child pornography requires a child to be put into a sexual situation, before they are of the age to know that such a thing could possibly be wrong.

Now, legally and constitutionally, the government cannot play thought police. You're allowed to think of gross things all day, as long as you don't hurt anyone with them. So, if someone sits around jacking off to thoughts of children, its gross, but you can't stop it.

However, if you start taking pictures of it, and forcing real children into that position, you are hurting someone (the child in question). Because of that, the production of child pornography CAN be deemed completely illegal, outlawed, and censored. Its a matter of stopping children from being sexually abused.

But, simply stopping people from producing this pornography is not enough for most people. They fundamentally feel that anyone who would look at this stuff, even if they haven't produced it, is a sicko who deserves to be punished. Furthermore, they argue that by allowing existing child pornography to be obtained, even though it causes no further harm to the child, it encourages the phedophile to think about his problem even more, and ultimately, will result in more sexual child abuse. The link between viewing porn and increased chances of sexual abuse is not very well proven. Some studies say maybe. Some studies say no.

Thus, the rationale isn't to stop people from things they shouldn't be looking at. Its two fold. First, they want to stop children from being used in this abusive manner for the photo shoots. Killing the market, kills the abuse. Second, they argue that viewing child pornography makes you more likely to commit sexual child abuse, and on those grounds they try to block it, for the good of the children.

As a side note, the Supreme Court heard a case about the possibility of virtual child pornography, where you have a computer generated child being sexually depicted, without ever having a real child involved. I forget how the court ultimately ruled, but I believe they found the law to be overbroad, and struck it down.

Maybe they don't *have* a list?

[dspeyer]

I realize this is a hideously Orwellian (Heelerian?) Catch-22, but it could be pure incompitance. When the ruling first appeared, many here questioned how such a law might be enforced when surely any ISP discovering child porn should report it to police so the server can be taken down.

It seems likely to me that they simply don't have a list, and they want to make it the ISP's problems. The best law enforcement agencies in the country can't stop kiddy-porn rings, so let's see if overworked sysadmins can! If it fails, at least we'll be able to pass the blame...

I think ISPs should simply declare that, to the best of their knowledge, there is no kiddy porn on the web, and only block things if they get complaints (then report the complainant as having viewed kiddy-porn.)

why not shut em down?

[jest3r]

If all of these sites actually contain child porn why not focus all efforts on getting them shut down completely .. having a few ISP's block these websites accomplishes nothing ..

Re:why not shut em down?

[sheddd]

Kiddie porn is bad

Define kiddie porn, please; beauty pageants for preteens give me a much ickier feeling than watching a 17 year old screw a guy. Who should be the judge of what's indecent? Or illegal?

CDT Calls Penn Blocking Law Unconstitutional

The CDT report - entitled "The Pennsylvania ISP Liability Law: An Unconstitutional Prior Restraint and a Threat to the Stability of the Internet" - analyzes a 2002 Pennsylvania law that forces ISPs to block access to any web site deemed "child pornography" without notice to the site's publisher and without any opportunity to challenge the determination. ISPs are required to block the sites even if they do not host the content and have no relationship whatsoever with the publishers of the content. The Pennsylvania Attorney General has since gone even further, bypassing the law's inadequate court procedures to simply demand by letter that sites be blocked.

CDT.org

More News

Unconscionable law

[mattr]

First, I am totally against child porn, totally. However Pennsylvania's action is completely hideous and could create more problems than it solves. Consider:

• Blocking sites make it impossible for Pennsylvania enforcement officers to find child porn traders in their own state, pushing them farther underground!
• Misuse of secret web censorship lists is well documented. It is possible to disclose information about where these sites are without making an open advertisement. Their argument is illogical.
• Their action may be unconsitutional and certainly may be moot should a Freedom Of Information Act request be made by someone with the list published anywhere on the net
• It is not possible for people to use the net to identify Pennsylvania's definition of child porn should the medium itself be censored.
• There is no information about whether they are making efforts to identify whether underage models are actually being used.
• I am thinking about the comics sold in every convenience store in Japan that have drawings which could be construed as child porn, and use of the term "Lolita" for young-looking models. I don't want to see these myself, however what happens to people who have gotten used to this kind of titillation and when the virtual source of imagery dries up will they not be led to look for actual child porn and exploitative venues in the real world?
• Likewise would this cover sites which distribute dirty stories? There must be at least one nasty child porn fantasy in there. An easy way to ban these sites, just have some fundamentalist submit a bunch of illegal stories and sue them?
• Many fibers undoubtedly run through Pennsylvania, are they going to be censoring all packets at all switches? This is a neat way to start killing the Internet, let's drop every spamming country off the net.. not.
• There is no information (I presume) about how to find out if your site is banned in Pennsylvania, say what if a hacker started serving child porn from your 0wned box, and there is no information about how to reinstate an IP address.
• Since the point is in fact removing dangerous and illegal information from the net, in particular the underlying reason should be to protect children from dangerous exploitation, it is in society's best interest to openly maintain a database of sites accused of child pornography, which states and municipalities may use to implement censorship should they so choose.
• This database would set a huge precedent and it is scary to me, but it would at least remove the idea of secret blocking lists and enable accused sites to fight back. It is possible that many people may not even know their provider is hosting these things, and they can also bring pressure on the hosting companies to police themselves.
• Unless a site has been wrongly accused of hosting child pornography, or is in fact a honeypot being used for a big sting operation by the government, it is really very unlikely that publically available sites are going to be hosting this stuff, at least in the U.S. (Of course there could indeed be a list of overseas sites which have not been taken down due to different local ordinances). Therefore, it is VERY likely that Pennsylvania's secret list is not only UNLAWFUL but also FALSE in that they do not in fact have a list of child pornography websites to ban. The real threat of secret lists of unlawfully censored information sources is anathema to our society. Either something is illegal in a given territory, or it is not. They can't get away with promoting vague notions of propriety with scare tactics and secrecy. It is not even likely that they will succeed at reducing the flow of child pornography in their state.
• Pennsylvania's action is also a restraint on interstate commerce in that a secret list will enable law enforcement to search any digital medium including hd,cd,dvd, cable, and wireless networks, for potentially incriminating evidence without explaining exactly what is illegal. In particular it seems likely that web caches operated by universities and companies may unwittingly hold such information, and this action opens the doors to a broad range of abuses including but not limited to corruption of interstate telecommunications.
• It's also a dumb idea. 'Nuff said.

I just thought of something (OT)

[be-fan]

The public seems to have something of a love-hate relationship with child porn. On one hand, child porn in the classical sense is bad. On the other hand, child porn in the form of Britney and Christina is just fine? I remember reading an article on Britney before the music industry pimped her out. Cute kid. I just say LeAnn Rimes the other day on a Blender cover, topless. Even country music has gotten into it. Sigh... Maybe just another reason to hate the RIAA?

This is bad for everyone.

[twitter]

The AG hands out an unverifiable list to "major" ISPs and expects them blocked. How are non "mojor" ISPs supposed to know? They can't and that will be used against them. How do the "major" ISPs know that the site they block is not simply something that embarases the AG? They can't either. Why? Because looking at kiddie porn is a Federal Offense and you go to jail for having it stored on your computer's cahche directory. So you block the content, sight unseen because the State tells you to. That's real censorship and a clear violation of the first amendment protection of free press.

Even if the program were honest and verifiable, it would still be a bad idea. This essentially closes off sites that alow user posts, such as Slashdot. All you have to do to kill Slashdot in Pensylvania now is persistenlty place kiddie porn links into your posts. But it is not honest and it is not verifiable so the state could just block Slashdot as it pleases. If people noticed and complained that they can't find Slashdot anymore, the State can claim it was an honest mistake. The damage would have been done as the people would have been kept from knowledge in a timely manner. Other sites that few no about can be blocked with impunity.

In Other News...

[Sunlighter]

It's going to be interesting when they try to prosecute somebody.

Prosecutor: This guy looked at child porn.

Defendant: It isn't child porn!

Judge: OK, let's show the jury this alleged porn.

Prosecutor: No, we can't do that! It's illegal for the jurors to look at child porn!

Judge: Well, then let me look at it.

Prosecutor: But, Your Honor, it's illegal for you to look at child porn, too!

Judge: Well, dammit, what if it's not porn?

Prosecutor: Well, then you could look at it. But you realize that if you deem it porn, we can charge you with having viewed it.

Judge: Well, then, I don't want to risk it. Ladies and gentlemen of the jury, you're just going to have to take his word for it.

[Jury deliberates.]

Jury: Not guilty due to lack of evidence.

How the hell are ISPs supposed to be able ....

[Skapare]

How the hell are ISPs supposed to be able to implement and deploy this blocking according to the official list if they are not given a copy of the list? And doesn't that law at least claim it applies to any ISP, even out of state, as long as it serves customers in Pennsylvania ... at least for the Pennsylvania customers? I'd like to know if the list consists of IP addresses, domain names, or complete URLs (or some mix of these).

If the list has IP addresses only, then it would be theoretically possible to deploy this in a router access list. But many routers don't scale well with large lists because of sequential implementation. And what if the web site in question changes IP address periodically? Does the IP address list get updated equally as often?

If the list has domain names, perhaps those can be remapped to IP addresses regularly, and put in the access list.

In either case, using IP addresses has "collateral damage" effects on other web sites sharing the same server, and maybe even other services if not deployed to specific ports (e.g. other connections like SMTP won't work). I'm sure that Mike Fisher, who is so full of himself that he tries to make people think he is the only attorney general around by registering attorneygeneral.com and attorneygeneral.gov, won't care (using the same theory spam fighters use that if the ISP hosts bad customers, then everyone should suffer until the ISP stops hosting them or goes out of business).

Or perhaps the list consists of URLs, including path names to specific site areas or user pages. The problem is most routers can't deal with that at all. You need a web proxy. That means ISPs now have to pay out more money to run web proxies, with all their associated problems, such as DNS lookup failures for users accessing web sites in different DNS realms (e.g. DNS name spaces NOT rooted at the normal ICANN root servers) or with add-on TLDs (e.g. pseudo-realms that take normal TLDs and combine with special TLDs like ... uh ... the ".xxx" and ".sex" TLDs). And what about accessing HTTPS sites via the proxy? The certificates won't match up unless the browser is configured to "trust" the proxy (e.g. accept the proxy's certificate for that half the end-to-end path, or just connect to the proxy unencrypted and ask for an HTTPS URL). If the ISPs don't filter on HTTPS, then the porn sites that are intended to be blocked can just make HTTPS work. OTOH, if the ISPs force proxying HTTPS, that becomes a major privacy violation.

So one way or the other, porn sites can evade the blocking. If blocked by IP address, they just move around ... maybe as often as every 5 minutes with very dynamic DNS or other very highly distributed methods. And if blocked by URL, they can use HTTPS to bypass proxies or force the ISPs to invade secure web privacy. And if blocked by domain name in the DNS server (using local authoritative zones) users can get around that by not using the ISP DNS servers, running their own DNS servers, or the porn site can register more domain names (they're cheap for porn operators).

And with tens of thousands of open proxies around the world (check today's load of spam for more addresses), there's going to be plenty of ways for perverts to get their fix once they learn these methods. Is the PA AG going to track all the open proxies out there, too?

But in either of these cases, there isn't much the ISP can do without the list. And I didn't see anything in the text of the law that says the list has to be held in strict confidence by the ISP (as if that would apply to an out of state ISP anyway).

Possession

[Merk]

Or maybe the music industry is selling what people want but are ashamed to admit they want. Heck, it wouldn't be the first time.

I think people over-react to child porn. Just look at the replies in this topic. Everybody seems to have to put "I don't like kiddie-porn but..." in every message. It's almost like "I'm not a communist but..." Does anybody really think that someone who doesn't include that disclaimer goes out and rapes kids?

Exploitation of anybody, including children is bad. No question. I fully support going after anybody who makes, sells or buys child porn, but I'm not 100% sold on going after people who possess it. If it is simply found "in their possession", which could possibly even mean that it showed up in their browser cache. Should you be in trouble because you mistype a URL and get one of the many porn typo sites?

Maybe intentionally seeking out child porn online should be illegal, but the penalty should reflect the crime. Someone who doesn't buy, sell, or make kiddie porn hasn't hurt any kids. Now the the argument is of course that viewing child porn leads to other crimes against kids. But isn't that the kind of thing that Slashdotters hate when it comes to other things? Just because someone loves playing violent video games and perhaps even makes a level that reflects their school or office doesn't necessarily mean they're going to go shooting up their school or office. Perhaps the punishment for seeking out child porn should be giving up all their privacy in case they can't control their urges.

This isn't intended to be flamebait. I'm sure there's many a libertarian who would agree with me that any action that doesn't actually hurt somebody else shouldn't be illegal. If you're going to moderate it down because you don't like what I'm saying, consider posting a reply instead. And it's not offtopic, the topic is child-porn and law, isn't it?

Re:Possession

[shepd]

You're right, and here's why:

By using a definition that says anything representing any sort of sexual act of anyone "underage" we get into situations that make this illegal (yes, I'm in Canada, and I'm technically going to break the old version of our laws):

It is reccomended that anyone under the age of 18 use a condom during sex to prevent the possibility of conceiving a child. A condom is worn by simply removing it from its wrapper and then rolling it down one's penis.

Because I mentioned sex, and a sexual act between minors I have broken the law. Does anyone else here think that's silly? Insane, perhaps?

Don't believe me? Click here.

That's why child porn laws should be used to protect children from abusers, and not from information such as the above which they have a right to know. But an incensed public just doesn't seem to understand the difference, unfortunately, and only listens to police who clamour for such broad-scope laws that let *them* decide who gets raided and who doesn't, rather than you.

Remember, you can tell someone's true support for free speech by seeing if they're willing to support those they detest who harm no-one. And I detest pedophiles, but if they aren't abusing children, it's hard for me to find a reason they need to go to jail for. Really hard. Mental hospital, sure, but jail...

I think this site puts it better than I ever could have.

For those wondering what goes through the mind of a pedophile, read this. I'm surprised I even found it.