On February 7, 2007, Senator McCain introduced the Securing Adolescents From Exploitation-Online Act of 2007, or the SAFE Act of 2007.  S.519 would amend existing child pornography laws to expand the reporting requirements of electronic communication and remote computing service providers.  The SAFE Act would explicitly require service providers to include suspected child pornography images in any report to the National Center for Missing and Exploited Children (NCMEC) and provides immunity for doing so.  A companion bill has been introduced in the House, H.R. 876.

What does S.519 Provide?

If passed, the SAFE Act of 2007 would require service providers, when reporting violations to NCMEC's CyberTipline, to provide:

    (1) information on the Internet identity of a suspected sex offender, including the electronic mail address, website address, uniform resource locator, or other identifying information;

    (2) the time child pornography was uploaded or discovered;

    (3) geographic location information for the offender; and

    (4) images of such child pornography.

NCMEC, in turn, would be required to forward each report it receives to a designated law enforcement agency.

Further, service providers would be required to preserve images of child pornography for evidentiary purposes.

Both service providers and NCMEC would have immunity from civil claims or criminal charges for complying with the Act's requirements, absent certain intentional or reckless misconduct.

The Act would also authorize courts to order monitoring of a convicted sex offender's Internet use as a condition of supervised release; and would impose enhanced criminal penalties for use of the Internet to violate child pornography or sexual exploitation laws.

Why is a Safe Harbor/Immunity Necessary?

As we have previously commented, the criminal law has no exception for the good faith possession or transmission of child pornography, even to NCMEC or law enforcement.  See Disclosure of CPNI to NCMEC In Child Porn Cases.  Section 2252 of Title 18 expressly prohibits the knowing transportation of child pornography by mail or otherwise, without regard to any intent to sell or distribute it; and it likewise prohibits the knowing possession of such materials.

The affirmative defenses to a substantive violation are very limited:

(c) Affirmative Defense.— It shall be an affirmative defense to a charge of violating paragraph (4) of subsection (a) that the defendant—

(1) possessed less than three matters containing any visual depiction proscribed by that paragraph; and

(2) promptly and in good faith, and without retaining or allowing any person, other than a law enforcement agency, to access any visual depiction or copy thereof—

(A) took reasonable steps to destroy each such visual depiction; or

(B) reported the matter to a law enforcement agency and afforded that agency access to each such visual depiction.

Thus, many service providers that find any appreciable quantity of pornographic images of children disable user access to it immediately, destroy the images, and make the mandatory report to NCMEC of known subscriber information.  While some service providers do provide the images or preserve them pending receipt of a search warrant or other legal process, they take a risk that they will not be prosecuted in doing so. 

Law enforcement, justifiably, is frustrated by a procedure that essentially destroys evidence, but historically, the Department of Justice has resisted adding a good faith service provider defense to the statute, fearing that the broad definition of an electronic communications service provider or remote computing service would provide a safe haven or additional defenses to online predators. 

The SAFE Act of 2007 would substantially advance the protection of children and the gathering of evidence to facilitate prosecutions.  The service provider immunity provision is narrowly tailored to cover the acts of reporting and preserving evidence.  It excludes intentional, reckless or other misconduct so that any act undertaken with actual malice or reckless disregard to a substantial risk of causing injury without legal justification would be excluded.  This exception to the immunity provision will require service providers to adopt thoughtful procedures in the handling of child pornography, to train personnel, and closely monitor disclosures.

The Act imposes no duty to monitor facilities to discover child pornography and recognizes as well that ordinary business processes and site management and adminstration is not a violation of the law. 

Conclusion

The SAFE Act of 2007 has been referred to the Judiciary Committees in both the House and Senate.  Enactment of the safe harbor for service provider reporting of child pornography will greatly enhance the cooperation between service providers and law enforcement and reduce the loss of important evidence in the fight against online predators.  In the meantime, service providers should exercise great care upon discovery of child pornography.