cr> Updates on CDA (836 lines)


(Note from moderator: because I got a lot of interested responses from
list members, I am posting the newsletter on the CDA for all to
see--and two other postings on the testimony of the government
witnesses as well.  By the way, Exon and the American Family
Association are putting pressure on the Clinton administration to
enforce the law.  Some information is available on the Inter@ctive
Week Web site at

                        The CDA Challenge, Update #6
         By Declan McCullagh / •••@••.••• / Redistribute freely

In this update: BYU/CMU's Dan Olsen's net-censorship boondoggle
                ACLU's 4/9 motion to suppress obscene images -- DENIED
                The new "I am a child" Internet protocol
                Who cares about kids: Who are the adults?
                Olsen as an expert witness -- on what?

April 11, 1996

PITTSBURGH, PA -- The U.S. Department of Justice wants to split the
worldwide Internet into "adult" and "minor" sections.

That's their plan, assuming they can find someone to testify that this
audacious boondoggle is even remotely feasible under current
technology. If the DoJ gets this testimony in the record, then their
attorneys will argue that the Communications Decency Act is
constitutional and should be upheld.

Well, they found their man. The Justice Department stoolie who's
testifying tomorrow is none other than Dan R. Olsen, Jr., the incoming
director of the Human Computer Interaction Institute at Carnegie
Mellon University, now the head of the computer science department at
Brigham Young University.

Olsen concocted this scheme that he calls L18, for "Less than 18."
Under it, every net-user must label every USENET post, email message,
FTP site file, web page, chat room, IRC channel -- any collection of
public bits spewed on the Net -- if the content is "inappropriate for

If you think you're clever 'cuz you labeled some "indecent" materials
as suitable for kids, guess again, pal. Try that trick and the Feds'll
throw your ass in jail for two years and send you a bill for $250,000.
(Owners of anonymous remailers might be for in some surprise visits
from the Feds if their systems are used to post "indecent" stuff
that's labeled L18.)

The censorhappy geeks at Brigham Young University put together a demo
to prove that this scheme works. First Olsen stuck L18 tags on half
his web pages. Then they set up a "Netscape proxy server" so it denied
access to pages with L18 tags unless the user was verified as an
adult. The experiment was a success -- and a hit with the DoJ!

By now cybersavvy readers are wondering: "But how will a server know
how old a user is?"

The DoJ has a couple ideas that they're going to throw at the
three-judge panel in Philadelphia tomorrow. The government's idea
seems to be that if the judges accept even one of them, they'll uphold
the CDA. The DoJ's proposals are:

  1. Servers with "indecent material" will register users as adults or
  2. Every ISP will tag accounts as adults or minors.
  3. A custom router will only allow users to access "indecent" sites
     if an adult types in the password first.

Olsen's Grand Design for the Net incorporates Proposal #1. He's
pushing the idea that web servers or proxy servers with "indecent"
material will give out "adult verification passwords" before you can
access their web page. This means:

  * A lengthy pre-registration process before you can access the site.
  * The server has to keep a database with the identities of all the
    adult users, complete with the credit card numbers that presumably
    will be used for verification.
  * If you want to access hundreds of web sites with "indecent"
    material, you've got to get hundreds of different passwords.

If you run a web site with material that a Federal prosecutor anywhere
in the U.S. may find "indecent" or "patently offensive," under Olsen's
plan you have to verify that your users are adults.

Somehow, I don't expect overseas sites will go for this. What, doesn't
the DoJ realize that we're not just talking about the U.S. here?


It's not about cybercensorship. It's about cybersex.

At least that's what the DoJ wants everyone to believe. Justice
Department attorneys have been flooding the court with printouts of
hundreds of pages of dirty pictures, a lot of them pretty damn
raunchy. Some of them might even be "obscene" -- that is, they fall
into a legal class of images that flunk a three-part test that
includes only images without "serious literary, artistic, social,
political, or scientific value."

Pretty hardcore stuff. GIFs like coeds fraternizing with german
shepherds -- with the help of 25' of rubber tubing and a Tibetan yak.

On April 9, the ACLU/EFF plaintiffs filed a motion to close the
floodgates on the DoJ's deluge of porn, asking that the government be
barred from introducing exhibits "unless they believe in good faith
the material could not be prosecuted under existing obscenity or child
pornography laws."

The idea behind this motion was to educate the court and remind them
that the CDA outlaws "indecency," not "obscenity." EFF attorney Mike
Godwin explains the difference in his forthcoming book _Cyber Rights_:

  The term "indecency," although never defined by Congress or the
  courts, is a far broader concept than "obscenity" (examples of
  "indecency" include George Carlin's famous "Seven Dirty Words"
  monologues, at least some portions of Howard Stern's radio
  broadcasts, and, according to one court, the text of Allen
  Ginsberg's "Howl").

Not one of our plaintiffs has "obscene" or even titillating pictures
on our web sites, but all of us are subject to a $250,000 fine and two
years in prison if a minor stumbles across our URL.

Yesterday the court denied our motion, saying that it understood that
we weren't challenging obscenity laws and that, unlike the situation
that might occur if there were a jury, the judges would not be
prejudiced by any pictures introduced.

The court ruled *they* were capable of understanding the difference,
so there was no need to separate the materials. They did admit that we
had raised an important issue, and the court understood the reason for
the motion.

I guess we have to trust them.


There's a second way to answer the question of: "How do you know who
the children are?"

Another option the DoJ appears to be pushing -- we'll know details
tomorrow -- is this idea of reprogramming every computer on the
worldwide Internet to run software that tags users as adults or
minors, so a server will know whether it can send out "indecent"

This shifts the burden of establishing age-identity from the content
provider to the business or school giving out the Internet account.

It also would allow any unscrupulous net.lurker to troll for "I am a
child" tags and follow them back to the originating site -- not
exactly the best way to protect the children!

I should have realized this DoJ strategy earlier. Last week when I was
arguing with Bruce Taylor, an architect of the CDA, we went 'round and
'round on the issue of children on the Net. He maintained that every
Internet user has to have an account somewhere, so the provider of
that account can tag the user as a minor or adult.

I asked Taylor how his proposal was possible with the TCP/IP protocol
-- the nerve system the carries all the data flowing through the Net.
He replied that technical problems can be solved by technical people,
and wasn't there a new protocol being developed, anyway?  Basically,
his position was: "Your side comes across to the court as saying that
it can be done but we won't do it. You're a bunch of geeks who want to
protect their porn and the court isn't going to buy it."

The "new protocol" being developed is IP Version 6, which the DoJ
zoomed in on in cross-examination of one of our witnesses, Scott
Bradner from the Internet Engineering Task Force:

   13    Q   Would it be fair to say, to summarize what you've just
   14        said, that the IP Next Generation group is working on a new
   15        generation of the IP Protocol itself?
   16    A   That is correct.
   17    Q   Does it have -- does the IP Next Generation group have
   18        recommendations regarding a specific architecture of the
   19        packet traffic on the Internet, including the format of the
   20        packet?

The DoJ is going to argue that IPv6 can include such an adult/minor
tag in each datagram. Chris Hansen, the head of the ACLU's legal team,

  Olsen is going to push this tagging idea that the government has,
  that you can imbed in your tag -- in your address -- an adult or
  minor tag. They're going to suggest that the market will come into
  existence that will make that tagging relevant.

It's more like the *judicial penalties* will evolve to make the
tagging not just relevant, but mandatory! On the cypherpunks list,
Bill Frantz, a computer consultant, outlines one problem:

  One of the migration paths suggested for IPV4 to IPV6 migration is
  to tunnel IPV4 packets within IPV6 packets. IPV4 packets do not
  provide for an adult/minor tag, so until the transition to IPV6 is
  fairly well along, this approach will be ineffective.

  If the people who are worried about minor's accessing smut want
  something this century, they should go with PICS.

A member of the IETF replies:

  Neither, for that matter, do IPv6 packets -- there is no provision
  for them. Furthermore, were anyone to create an end to end header of
  that sort, it would be eight bytes of wasted space in every packet
  in the net, especially since the implementation of such a tag is a
  technical impossibility as there is no way to force the originating
  system to tell the truth.

The "high-touch" argument against this is important as the high-tech
one. I just received the following mail from someone who would be
unable to continue his work if the DoJ's IPv6 scheme is implemented:

  We provide free anonymous access to the net to sexual abuse survivors.
  We don't even know who they are, nor do we care - a lot of them are
  hiding out from their perps, and to try and identify them would be a
  tremendous breach of trust, as they are depending on us for their
  anonymity, much as a reporter would protect their anonymous source.

  I also have been told by these folks themselves that some of them are
  under the age of 18 - hell, I've had a few that tell me that they are
  13 or 14 years old, and that they are still at home, still being raped
  by their perps. We provide an outlet for their frustrations, emptional
  support, a community for them, people to talk to, and support for them
  if they choose to report their abuse.  None of this would be possible
  if Taylor and friends had their way.

  Sure, we could trace each and every one of them back to their
  providers, and find out who they are, but I'm not going to do it, and
  I'm perfectly willing to go to jail to protect their identities. My
  integrity is worth a whole hell of a lot more than any government law.


The third way to answer the now-tiresome who-are-the-kiddies question
is to turn it on its head and ask: "Who are the adults?"

Hardware to answer that question already exists. The March 25 issue of
Interactive Week reports that Livingston Enterprises, Inc. has
colluded with Senator Exon's staff to design an "Exon box" -- a router
that lets ISPs cut off unrated or "indecent" or unrated sites. To get
around the block, an "adult" enters a secret password that tells the
router to open a session and let the packets flow.

Exon's staff is heralding this as an example of how easy it is to
comply with the CDA. The only problem is that, like many such
hamfisted censorship "solutions," it sucks, and it ain't going to
work. One of the original architects of the Internet, David P. Reed,

  I do work to protect my children from inappropriate material, but
  pressure from Senators to mandate technically flawed solutions, and
  opportunistic, poorly thought-through technologies from companies
  like Livingston are not helpful.


As I was writing this, I started wondering why Olsen got picked as the
DoJ's expert witness for tomorrow's hearing, especially when his
research is *not* in distributed computing environments and protocol
design. It's in human computer interaction and user interfaces.

One of Olsen's former students at Brigham Young University contacted
me last week, saying he had initially hoped that Olsen was "lending a
neutral opinion" on technical issues "but that hope proved false."

I asked if his former faculty member has "done any work relating to
distributed computing environments like the Internet?" His reply: "The
closest thing I'm aware of is a paper on interactive bookmarks."

Network engineering that ain't.

On April 7th I sent Olsen email, asking him: "What kind of research
have you done related to distributed computing environments like the

As of April 11, still no response -- even though he had replied to my
earlier messages almost immediately. (I wouldn't put it past the DoJ's
tame attack ferret, Jason Baron, to try and muzzle Olsen as well.)

Vanderbilt Professor Donna Hoffman writes about Olsen:

  A colleague at CMU told me that Dan Olsen is largely an administrator
  at BYU and will assume administrative duties at CMU as the temporary
  head of the HCII... I've seen his vita and talked to some colleagues
  in CS and related fields about his work and it doesn't seem that he
  has done much, if any, research related to the distributed computing
  environments like the Internet.

  His vita is difficult to parse because he has numerous items I can't
  identify - for example, are they book chapters, working papers,
  proceedings?  Where were they published?  And so on.

  He is the Editor of a new journal published by CACM which started a
  few months ago, related to human-computer interaction.  His main
  research interest seems to be in user interface issues, but he
  hasn't published much in scholarly journals so I would conclude that
  his work has had little impact on the field.

(I should point out here that a member of the HCII at CMU sent me mail
saying that conference proceedings are the main form of publication in
the field.)

Still, I wonder why the DoJ couldn't get a real net-expert to defend
the CDA and the network protocol schemes they're proposing?

Grey Flannel Suit (aka Air Force Special Agent Howard A.  Schmidt) is
going to take the stand tomorrow and do a live demonstration of how he
can find cybersleze on the Net. I can hardly wait!

Grey Flannel has been involved in a half-dozen porn prosecutions in
the past: two dealing with civilian porn sites and and four dealing
with military ones. From the deposition he gave in Washington, DC
earlier this week, the extent of his testimony seems to be: "I went
onto the Net and found dirty pictures."

The following clue as to Grey Flannel's history of porn-prosecutions
flowed into my mailbox the other day:

  It would be interesting to find out if Schmidt was involved in _US v.
  Maxwell_, 42 M.J. 568 (USAF Ct Crim App 1995), a military justice
  case concerning a USAF colonel who used AOL to communicate "indecent
  language" to another servicemember and to traffic in pornographic
  matter. USAFOSI was clearly involved in the investigation, but no
  agents are named in the opinion.

Flannel will be followed by our last witness, MIT's Albert Vezza, and
then Dan Olsen.

Stay tuned for more reports.


We're back in court on 4/12, possibly 4/15 as a last day of witness
testimony, 4/26 for rebuttal if necessary, and 6/3 for closing

Mentioned in this CDA update:

  Michael Froomkin: "The Internet as a Source of Regulatory Arbitrage"
  Wired: "How Anarchy Works -- Inside the Internet Engineering Task Force"
  Net-Guru David Reed's article: "CDA may pervert Internet architecture"
  Michael Froomkin's LONG article on anonymous remailers:
  Dan Olsen at BYU        <>
  BYU's censorship policy <>
  Internet Eng Task Force <>
  Rimm ethics critique    <>
  Int'l Net-Censorship    <>
  CMU net-censorship      <>
  University censorship   <>
  Grey Flannel Suit       <•••@••.•••>

This report and previous CDA Updates are available at:

To subscribe to the fight-censorship mailing list for future CDA
updates and related net.censorship discussions, send "subscribe" in
the body of a message addressed to:

Other relevant web sites:


                        The CDA Challenge, Update #7
     By Declan McCullagh / •••@••.••• / Courtesy of The Netly News
   From The Netly News at <>:

   We've become fans of Declan McCullagh's dispatches from Philadelphia
   where a three-judge panel is determining the fate of the so-called
   Communications Decency Act. McCullagh, as you probably know, is an
   activist with the EFF whose free-speech stance mirrors our own.
   We'd be happy to run an opposing viewpoint, but we don't know anyone
   who's actually pro-CDA. Still, if you are and would like to use this
   bully pulpit to pitch your ideas to an extremely hostile audience,
   drop us a line. In the meantime, here's a piece we asked McCullagh to
   do for us as the hearing winds down.

In this update: Ducks on the Net!
                More on BYU's Dan Olsen's censorhappy boondoggle
                Grey Flannel Suit wears Blue Pinstripe, surfs for porn

April 15, 1996

PHILADELPHIA -- Ducks were a hit at the most recent Communications
Decency Act hearing in Philadelphia's Federal court.

Yes, ducks.

Last Friday the Department of Justice's cybersleaze expert took the
stand to show how easily children can stumble across online porn --
but the three-judge panel limited his demonstration to G-rated GIFs
that he sucked down from (The judges