SEX AND THE SINGLE SYSADMIN:
The risks of carrying graphic sexual materials.
Internet World March/April 1994 issue
By Mike Godwin
It’s the kind of nightmare that will cause any sysadmin to bolt upright in bed, shaking, gripping the sheets with white- knuckled fingers.
In this nightmare scenario, the facts are simple: you hear a knock at the door, you answer to discover grim-faced law-enforcement agents holding a search warrant, and you are forced to stand by helplessly while they seize your system to search it for obscene or child-pornographic images.
In some versions of the nightmare, you may not even have known your hard disk contained such images; in others, your lack of knowledge may prove to be no defense in a criminal prosecution for possession of child pornography.
A wave of concern about porn In recent months, the Legal Services Department here at EFF (the Electronic Frontier Foundation) has faced a wave of concern in the United States about the legal issues raised by online obscenity and child pornography. Most recently, a nationwide federal investigation into the importing of child-pornographic computer files led first to several well-publicized searches and seizures of computers and bulletin-board systems (BBSs) and later to a number of indictments of computer users on charges relating to possession or distribution of this material. One result has been that a large number of BBS operators and network site administrators have contacted EFF with questions and concerns about their potential liability under obscenity and child-pornography laws.
Why so much concern? Partly, it’s that, thanks to the availability of cheap image scanners, fast modems, and capacious hard disks, a large number of this country’s BBSs and network sites carry GIF (Graphic Interchange Format) files or other kinds of graphic images with sexual content. These images can range from centerfold-type nudes to “hard-core” pornography. (For the sake of simplicity, I will refer to all graphic-image files as GIFs, although there are a number of other formats commonly available.)
Just as the growth of the consumer VCR market was linked to a growth in the market for adult videos, the increasing availability of certain kinds of consumer computer technology has led to a rapid increase in GIF-file traffic. System operators who might never consider opening an adult book or video store have either allowed or encouraged sexually oriented images to be exchanged on their systems. To understand this difference in attitudes one has to understand how online conferencing systems are generally run–as forums for their users to talk to each other, and to trade computer programs and files with each other.
How porn gets online
Although these problems pervade the world of the Internet, the easiest case to understand is the microcomputer-based BBS. The operator of a BBS typically dedicates a computer and one or more phone lines at her home or business for the use of a “virtual community” of users. Each user calls up the BBS and leaves public messages (or, in many cases, GIFs) that can be read by all other users or private mail (which may include GIFs) that can be read by a particular user or both. BBSs become forums–digital public houses, salons, and Hyde Park corners–for their users, and users with
similar interests can associate with one another without being hindered by the accidents of geography. By some estimates, there are currently in excess of 40,000 BBSs throughout North America, randing from low-end free-access BBSs with only one or two phone lines to BBSs run by companies, government agencies, user groups, and other organizations.
A step up from the BBS in complexity is the conferencing system or information service. These systems differ in capacity from BBSs: they have the capability of serving dozens, or hundreds, of users at the same time.
But they’re like BBSs in that uploaded files can be found at a fixed geographic location. A further step up are entities like Fidonet and Usenet, which, because they’re highly distributed, decentralized conferencing systems, add complications to the legal issues raised by the computerization of sexual images.
Internet nodes and the systems that connect to them, for example, may carry such images unwittingly, either through uuencoded mail or through uninspected Usenet newsgroups. The store-and-forward nature of message distribution on these systems means that such traffic may exist on a system at some point in time even though it did not originate there, and even though it won’t ultimately end up there. What’s more, even if a sysadmin refuses to carry the distributed forums most likely to carry graphic images, she may discover that sexually graphic images have been distributed through a newsgroup that’s not obviously sexually oriented.
Depending on the type of system he or she runs, a system operator may not know (and may not be able to know) much about the system’s GIF-file traffic, especially if his or her system allows GIFs to be traded in private mail. Other operators may devote all or part of their systems to adult-oriented content, including image files.
Regardless of how their systems are run, though, operators often create risks for themselves under the mistaken assumption that a) since this kind of material is commonplace, it must be legal, and b) even if it’s illegal, they can’t be prosecuted for something they don’t know about. EFF’s Legal Services Department has been working actively to educate system operators about the risks of making these assumptions.
What counts as “obscene”?
First of all, we’ve explained that the fact that graphic sexual material is common on BBSs doesn’t mean that it’s not legally obscene and illegal in their jurisdiction.
As Judge Richard Posner comments in the October 18, 1993, issue of THE NEW REPUBLIC, “Most “hard-core” pornography–approximately, the photographic depiction of actual sex acts or of an erect penis–is illegal.” even though it is also widely available. (Let me emphasize the word
“approximately”–Posner knows that there are countless exceptions to this general rule.) That is, distribution of most of this material is prohibited under state or federal anti-obscenity law because it probably would meet the Supreme Court’s test for defining obscenity.
But what precisely is the Court’s definition of obscenity? In Miller v. California (1973), the Court stated that material is “obscene” (and therefore not protected by the First Amendment) if 1) the average person, applying contemporary community standards, would find the materials, taken
as a whole, arouse immoral lustful desire (or, in the Court’s language, appeal to the “prurient interest”), 2) the materials depict or describe, in a patently offensive way, sexual conduct specifically prohibited by applicable state law, and 3) the work, taken as a whole, lacks serious literary, artistic, political or scientific value.
This is a fairly complex test, but most laymen remember only the “community standards” part of it, which is why some system operators are under the mistaken impression that if the material is common and available, “community standards” and the law must allow it.
In layman’s terms, a jury (or a judge in a nonjury case) would ask itself something like these four questions:
1) Is it designed to be sexually arousing?
2) Is it arousing in a way that one’s local community would consider unhealthy or immoral?
3) Does it depict acts whose depictions are specifically prohibited by state law?
4) Does the work, when taken as a whole, lack significant literary, artistic, scientific, or social value?
If the answer to all four questions is “yes,” the material will be judged obscene, and it will be Constitutional to prosecute someone for distributing it. (It should be noted in passing that pictures of the “hardness” of Playboy and Penthouse photography have never been found to be obscene–their appearance in digital form on Usenet sites may create copyright problems, but they won’t create obscenity problems.)
The perils of online obscenity
In theory, most “hardcore” pornography qualifies as “obscenity” under the Supreme Court’s test. Yet theoretically obscene material is commonly available in many urban areas–this signifies, perhaps, that the relevant laws, when they do exist, are underenforced. At EFF, however, we have been telling system operators that there is no *legal* basis for their assuming that the laws will remain underenforced when it comes to online forums.
For one thing, most of this country’s law-enforcement organizations have only recently become aware of the extent that such material is traded and distributed online–now that they’re aware of it, they’re aware of the potential for prosecution. In a recent case, an Oklahoma system operator
was charged under state law for distribution of obscene materials, based on a CD-ROM of sexual images that he’d purchased through a mainstream BBS trade magazine. He was startled to find out that something he’d purchased through normal commercial channels had the potential of leading to serious criminal liability.
Still another issue, closely related to obscenity law, is whether an online system creates a risk that children will have access to adult materials. States in general have a special interest in the welfare of children, and they may choose to prohibit the exposure of children to adult materials, even when such materials are not legally obscene. (Such materials are often termed “indecent”–that is, they violate some standard of “decency,” but nevertheless are Constitutionally protected. If this category seems vague, that’s because it is.) In Ginsberg v. State of New York (1968), the Supreme Court held a state statute of this sort to be Constitutional.
Although there is no general standard of care for system operators who want to prevent children from having such access, it seems clear that, for a system in a state with such a statute, an operator must make a serious effort to bar minors from access to online adult materials. (A common measure–soliciting a photocopy of a driver’s license–is inadequate in my opinion. There’s no reason to think a child would be unable to send in a photocopy of a parent’s driver’s license.)
It’s worth noting that, in addition to the risk, there are also some protections for system operators who are concerned about obscene materials. For example, the system operator who merely possesses, but does not distribute, obscene materials cannot Constitutionally be prosecuted–in the 1969 case Stanley v. Georgia, the Supreme Court held the right to possess such materials in one’s own home is Constitutionally protected. Thus, even if you had obscene materials on the Internet node you run out of your house, you’re on safe ground so long as they’re not accessible by outsiders who log into your system.
And, in the 1959 case Smith v. California, the Court held that criminal obscenity statutes, like the great majority of all criminal laws, must require the government to prove “scienter” (essentially, “guilty knowledge” on the defendant’s part) before that defendant can be found guilty. So, if the government can’t prove beyond a reasonable doubt that a system operator knew or should have known about the obscene material on the system, the operator cannot be held liable for an obscenity crime.
In short, you can’t constitutionally be convicted merely for possessing obscene material, or for distributing obscene material you didn’t know about.
Child pornography–visual images that use children
When the issue is child pornography, however, the rules change. Here’s one of the federal child-porn statutes: 18 USC 2252: Certain activities relating to material involving the sexual exploitation of minors.
(a)Any person who—
1 – knowingly transports or ships in interstate or foreign commerce by any means including by computer or mails, any visual depiction, if—
(A) the producing of such visual depiction involves the use of a minor engaging in sexually explicit conduct; and
(B) such visual depiction is of such conduct; or
2 – knowingly receives, or distributes, any visual depiction that has been transported or shipped in interstate or foreign commerce by any means including by computer or mailed or knowingly reproduces any visual depiction for distribution in interstate or foreign commerce by any means including by computer or through the mails if–
(A) the producing of such visual depiction involves the use of a minor engaging in sexually explicit conduct; and
(B) such visual depiction is of such conduct;
shall be punished as provided in subsection (b) of this section.
(b)Any individual who violates this section shall be fined not more than $100,000, or imprisoned not more than 10 years, or both, but, if such individual has a prior conviction under this section, such individual shall be fined not more than $200,000, or imprisoned not less than five years nor more than 15 years, or both. Any organization which violates this section shall be fined not more than $250,000.
(N.B. For the purposes of federal law, “minor” means “under age 18″—it does not refer to the age of consent in a particular state.)
This statute illustrates some of the differences between the world of obscenity law and that of child-pornography law. For one thing, the statute does not address the issue of whether the material in question is “obscene.” There’s no issue of community standards or of “serious” artistic value. For all practical purposes, the law of child pornography is wholly separate from the law of obscenity.
Here’s the reason for the separation: “obscenity” laws are aimed at forbidden expression–they assume that some things are socially harmful by virtue of being expressed or depicted. Child-porn laws, in contrast, are not aimed at *expression* at all–instead, they’re designed to promote the protection of children by trying to destroy a market for materials the production of which requires the sexual use of children.
This rationale for the child-pornography laws has a number of legal consequences. First of all, under the federal statute, material that depicts child sex , but in which a child has not been used, does not qualify as child pornography. Such material would include all textual depictions of such activity, from Nabokov’s novel LOLITA to the rankest, most offensive newsgroups on Usenet, all of which are protected by the First Amendment (assuming that, in addition to not being child pornography, they’re also not obscene).
Secondly, the federal child-porn statute is limited to visual depictions (this is not true for all state statutes), but does not apply to *all* visual depictions: computer-generated or -altered material that *appears* to be child pornography, but which did not in fact involve the sexual use of a real child, would not be punishable under the federal statute cited above. This makes sense in light of the policy–if real children aren’t being sexually abused, the conduct these statutes are trying to prevent has not occurred. Although prosecutors have had little trouble up to now in proving at trial that actual children have been used to create the child-porn GIF images at issue, we can anticipate that, as computer-graphics tools grow increasingly powerful, a defendant will someday argue that a particular image was created by computer rather than scanned from a child-porn photograph.
Third, since the laws are aimed at destroying the market for child pornography, and since the state has a very powerful interest in the safety of children, even the mere possession of child porn can be punished. (Compare: mere possession of obscene materials is Constitutionally protected.)
The fourth consequence of the child-protection policy that underlies child-porn statutes is that the federal law, as interpreted by most federal courts, does not require that the defendant be proved to have known that a “model” is a minor. In most jurisdictions, a defendant can be convicted for possession of child porn even if he can prove that he believed the model was an adult. If you can prove that you did not even know you possessed the image at all, you should be safe. If your knowledge falls somewhere in between — you knew you had the image, but did not know what it depicted, or that it was sexual in its content — the law is less clear. (In other words, it’s not yet clear whether it is a defense for a system administrator to claim he didn’t even know he possessed the image, either because it had been uploaded by a user without his knowledge, or because it had appeared in “pass-through” mail or through a Usenet newsfeed.)
In sum, then, the child-porn statutes create additional problems for the system administrator who wants to avoid criminal liability and minimize the risk of a disruptive search and seizure.
What you can do
The first thing to do is not to overreact at this discussion of the risks.
It would amount to a serious “chilling effect” on freedom of expression if a sysadmin–in order to eliminate the risk of prosecution for distribution of obscenity, or for possession or distribution of child-pornography–decided to eliminate all newsgroups with sexual content. The textual content of such newsgroups is constitutionally protected, as is much of the GIF content.
What’s worse is that the tactic wouldn’t eliminate the risks–it’s always possible for someone to post illegal material to an innocuous newsgroup,like sci.astro or rec.arts.books, so that it would get to your system anyway. Similarly, an illegal image might be uuencoded and included in e-mail, which, if you’re a system covered by the Electronic Communications Privacy Act, you’re not allowed to read.
You should begin with the knowledge that nothing you can do as a sysadmin will eliminate altogether the risks of prosecution or of a disruptive search and seizure. But a few sensible measures can reduce the risks of a search or an arrest, and at the same time preserve the freedom of expression of your users and of those users who transmit material through your system.
* If you plan to carry graphic sexual material, look up your state’s obscenity laws. A lawyer or librarian can help you find the relevant state statutes. Find out what, specifically, your state tries to prohibit. (If the state statute seems inconsistent with what I’ve written here, consider seeking legal advice–it may be that the statute predates the Supreme Court’s decisions on obscenity and child pornography but has not yet been challenged.) You may also want to consult local adult bookstores—they often have clear, practical information about avoiding obscenity prosecutions.
* If you’re running an online forum local to your system, and that forum has an upload/download area, prescreen graphic images before making them publicly available for downloads. While “calendar” and “foldout” images are Constitutionally protected, you may want to consider deleting “hardcore” images that might be found “obscene” in your community. You also want to delete anything that looks like child pornography.
* If you’re running a Usenet node, and you are informed by users that an obscene or child-porn image has been posted to a newsgroup you carry, examine it and consider deleting it. If there’s any ambiguity, err on the conservative side–remember, if you guess wrong about the age of the model, you can be convicted anyway.
* Take pains on your system to limit childrens’ access to adult material, even if that material is not legally obscene (it may still be “indecent”). This includes textual material dealing with adult topics. Hint: asking for a photocopied driver’s license in the mail is probably not an adequate safeguard–too easy for industrious minors to circumvent. A good set of rules to follow is spelled out in an FCC regulation applicable to phone-sex providers–47 CFR 64.201. The easiest FCC suggestions for a for-pay BBS, online service, or Internet access provider is to require payment by credit card; the easiest for a nonpay system is have an application process that reasonably ascertains whether an applicant for access is an adult, and to have a procedure whereby one can instantly cut off that access when informed that a user is in fact a minor.
* Don’t delete discussions of sexual topics–they’re Constitutionally protected. And even though the Supreme Court has not limited the definition of “obscenity” to visual depictions, as a practical matter, there is little legal risk in carrying textual narratives (“stories”) on sexual themes.
* Don’t inspect individuals’ e-mail without their consent–unless they’re employees of your company, their mail is probably protected by the Electronic Communications Privacy Act.
* If you’re a university site, or if you’re simply interested in the law of freedom of speech, consult the Computers and Academic Freedom (CAF) archive, which is part of the EFF archive at ftp.eff.org. If you have gopher, the archive is browsable with the command “gopher -p academic/lawgopher.eff.org”; if you are limited to e-mail access, send e-mail to firstname.lastname@example.org, and include the line send acad-freedom/law <filename> where <filename> is a list of the files that you want (start with README, a detailed description of the items in the directory). The CAF archive has a number of instructional materials that deal with obscenity and child-pornography law.
These measures won’t guarantee that you’ll never have legal troubles–nothing can guarantee that. (And if you have particular legal worries, you should consult a lawyer in your jurisdiction.) But they can reduce the risks you face as a system administrator and as a carrier and distributor of information. At the same time, they’ll minimize the extent to which you interfere with your users’ freedom to communicate–which is, after all, one of the chief reasons they’re online in the first place.
Mike Godwin (email@example.com) is online counsel for the Electronic Frontier Foundation, where he advises users of electronic networks about their legal rights and responsibilities, and instructs criminal lawyers, law-enforcement personnel, and others about computer civil-liberties issues.
For info on EFF mailing lists, newsgroups & archives, mail firstname.lastname@example.org. To browse EFF’s archives, use FTP, gopher, or WAIS to connect to ftp.eff.org, gopher.eff.org, or wais.eff.org respectively. Look in /pub/EFF. To get basic EFF info send a message to email@example.com. Send detailed queries to firstname.lastname@example.org. For membership information, mail email@example.com.
Possibly Related Posts:
- Per rispettare il GDPR servono più incidenti, non sanzioni
- Salute e difesa. Così la Cina si vaccina (per non finire come l’Impero romano)
- Scienza, tecnocontrollo e public-policy nell’era COVID-19
- Scienza, public policy e tecnocontrollo nell’era COVID-19
- Covid-19. Dalla Gran Bretagna un’altra “prova tecnica” di guerra dell’informazione?