Do Criminal Defendants Have Web Rights?

A Supreme Court ruling in June overruled the conviction of a sex offender for violating his probation after posting on Facebook. But that opens up a new legal minefield over limitations on internet access for anyone convicted of a crime, warns a Washington, DC attorney.

Court-imposed web restrictions applied to criminal defendants may be going the way of dial-up internet service.

In June, the Supreme Court issued a unanimous ruling in Packingham v. North Carolina that invalidated a state law banning registered sex offenders from accessing websites that could facilitate direct communications with minors.

While the majority opinion and concurrence seems grounded in—and specific to—sex offender restrictions, the evolving communications technology that operates in cyberspace today suggests that the ruling will have an impact on attempts to restrict web access for all criminal defendants in state or federal courts.

Lester Packingham pleaded guilty to having sex with a 13-year-old girl when he was 21. Eight years after his conviction, Lester bragged on Facebook about a happy day in traffic court, using the screen name of J.R. Gerrard, and exclaiming:

“Man God is Good! How about I got so much favor they dismissed the ticket before court even started? No fine, no court cost, no nothing spent…Praise be to GOD, WOW! Thanks JESUS!”

A police officer tracked down court records, obtained a search warrant, and correctly identified “J.R.” as an alias for Lester Packingham.

He was subsequently convicted of violating a North Carolina statute that prohibits convicted sex offenders from using social-networking websites, such as Facebook and Twitter. The unanimous Supreme Court opinion, written by Justice Anthony Kennedy, reversed the conviction on First Amendment free speech grounds.

According to Kennedy, the North Carolina statute was too broad, in that it effectively prevented sex offenders from accessing the “vast democratic forums of the Internet” that serve as principal sources of information on employment opportunities, current events, and opinions or ideas that have no connection to criminal plans or the potential victimization of children.

Justice Samuel Alito agreed, pointing out that the statute’s definition of social networking sites would in effect encompass even Amazon, the Washington Post, and WebMD—all of whom provide opportunities for visitors to connect with other users. In his concurrence, he noted that states were entitled to draft narrower, and constitutionally valid, restrictions because of their legitimate interest in thwarting recidivist sex offenders.

But it’s not at all clear that a state legislature can follow Justice Alito’s guidance and sufficiently narrow its sights on offender/child communication to the point where the law has its intended effect, while still passing constitutional muster.

There may undoubtedly be pedophiliac versions of Tinder or which could fit the definitions of sites where access can be restricted without harm to First Amendment protections. But today’s internet does not lend itself easily to such narrow definitions. Even mainstream sites like The Washington Post or Amazon could be considered portals that might be compromised by criminal behavior. Such sites encourage the kind of user engagement that, while they may not be fairly called a “chat room,” is close enough to a “bulletin board” to bring us right back into the perils of North Carolina’s now-invalidated law.

And what of the defendants facing internet restrictions for reasons other than molestation or child pornography violations?

There are numerous defendants who are bounced off the internet as a condition of probation or supervised release because the internet was an instrumentality for their crimes. For instance, internet-based fraud, identity theft, or using pro-terrorism websites to construct weapons or murderous plans, are all offenses that have led judges to impose some form of web restriction on defendants.

Web restrictions for these defendants are now also in play in a post-Packingham world.

The intention of the judges seeking to restrict web access in these cases is understandable. They want to remove potential tools of victimization from the hands of convicted criminals. But the Supreme Court’s recognition of the vast, evolving and multi-purpose nature of today’s internet has brought legitimate First Amendment considerations into almost every web-limiting decision.

We may soon see that the only web restrictions that are lawful and practically enforceable are ones stemming from the defendant volunteering to withdraw from the net—likely because of the perceived trade-off between more time in jail and the judge’s comfort level as to assurances that re-victimization by internet will not occur when the defendant is returned to the community.

In the meantime, Packingham may shape the battlefield when web-restricted defendants are alleged to have violated parole or probation by visiting websites. Judges facing considerably more ominous violations than Lester’s on-line celebration of beating a traffic ticket may find that website-messaging technology and powerful First Amendment concerns leave them with little recourse but to ban outright all attempts to restrict access.

To some, this may be an uncomfortably high price to pay for web freedom.

On a practical level, technology has largely out-paced the now-antiquated view that the Internet can be surgically sliced into “safe” websites and “unsafe” ones, and the unanimity of Packingham suggests that the Court did not struggle much with its rationale.

While the absence of web-restrictions would lead to the release of offenders to the community with an unavoidable dose of discomfort with their access to computers, it may also result in judges finding themselves increasingly satisfied with lengthy prison terms because of the lack of a satisfactory, less-restrictive condition of supervised release.

So, somewhat ironically, the next Lester Packingham may find himself spending more time in prison because of his inability to convince a judge that self-restraint on the computer can adequately replace judicially-imposed restraints.

Perhaps the safer bet here is on technology – that some program, some application, or some web-alternative pops up in the future and revitalizes the possibility of judges restricting web access without violating First Amendment rights.

James Trusty

James Trusty is a Member at Ifrah Law, PLLC, where he leads the White Collar Practice Group. He was formerly Chief of the Department of Justice Organized Crime & Gang Section, and has spent 27 years serving as either a local or federal prosecutor. He also teaches criminal Justice courses at University of Maryland (Shady Grove). He welcomes comments from readers.


How Private is Your Cellphone? The Next Fourth Amendment Challenge

A case before the Supreme Court next month could decide whether constitutional protections against warrantless searches prevent courts and law enforcement from using evidence discovered from cellphone records, says a former NYC prosecutor.

Most people know that very little they do on the web is private. The terabytes of data held online contain personal information accessible not only to friends, relatives and would-be employers, but to private businesses, which frequently collect user information in order to deliver better services to customers.

Can the government see it too?

In 1979, the Supreme Court ruled in Smith v. Maryland that Fourth Amendment protections against warrantless searches do not cover such “third party” access to online data. In what has since been developed as the “Third Party Doctrine,” the court ruled that an individual has no legitimate expectation of privacy for information voluntarily given to a third party—be it a person, bank, or phone carrier—information that is also then similarly available to government agencies.

But what are government agencies, such as law enforcement, constitutionally permitted to do with the data they collect?  A case before the Court next month may help answer the question.

Carpenter v. United States has the potential to affect application of the Fourth Amendment’s Third Party Doctrine in the digital age.

The case involves a string of robberies, allegedly organized by the defendant, Timothy Carpenter, which occurred over a two-year period. Police acquired cell site location information (CSLI) associated with the phone he used. Although no search warrant was ever obtained, a judge did sign a court order under the Stored Communications Act, a statute that requires reasonable suspicion, not probable cause.

The CSLI records revealed Carpenter’s location and movements over 127 days and showed that during the five-month period his phone was in communication with cell towers near the crime scenes.

Although there is a tendency to read Smith v. Maryland as a blanket rule, where anything given to or accessed by a third party has no Fourth Amendment interest, it doesn’t make sense to apply a doctrine created over 30 years ago to types of communications and data that were neither used at the time nor contemplated by the Court.

Deanna Paul

“Given how much [of] our data goes through third parties, if you take a strong reading of the Doctrine, it essentially wipes out Fourth Amendment protections for most modern communications,” Michael Price, Senior Counsel for the Liberty and National Security Program at New York University’s Brennan Center for Justice, told me.

“There is also nothing about location information in Smith. To rely on it, and say that location information should be accessible without a warrant, is reading the case far too broadly.”

Price’s point is an important one.

To analogize cases is to suggest they should be treated the same under the law and receive the same level of protection. Although the facts may specifically involve cell-site information, Carpenter is about more than just location privacy. Here, as is increasingly the case with Internet-of-Things-based prosecutions, a third-party server already had access to the sought after location data.

Carpenter presents the first chance for the Court to reconsider Fourth Amendment protections against warrantless searches and seizures of information generated and collected by the many modern technologies we use every day.

This is an opportunity at least one Supreme Court Justice has recognized.

In 2012, the Court resolved the issue of location privacy in United States v. Jones, holding that installation of a Global Positioning System (GPS) tracking device on a vehicle and using it to monitor the vehicle’s movements constitutes a search under the Fourth Amendment. In her concurrence, Justice Sonia Sotomayor wrote that the current approach to these cases is “ill-suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks”

She suggested it may need to be rethought in the future.

There are signs from recent cases, like Jones, that the Justices are aware of the importance of technology in contemporary life. They appear to recognize that technology is significantly different today than it was ten years ago, let alone when the Court was deciding cases like Smith.

Riley v. California was the first time the Supreme Court identified the central role that cellphones have in today’s society, holding that police need a warrant to search a smart phone belonging to a person who has been arrested.  Writing for the majority in 2014, Chief Justice John Roberts said that cell phones have “such a pervasive and insistent part of daily life that the proverbial visitor from Mars might conclude they were an important feature of human anatomy.”

The Riley Court went on to say that cellular phones have become essential to freedom of speech and First Amendment rights and, due to the volume and personal nature of the information that can be stored on a cellphone, the data should be presumptively protected by the First Amendment. The decision notes that a cell phone can double as a diary, camera, calendar, or newspaper, which makes the search of one fundamentally different from a physical search or even a search of business records.

“This is an important decision, in terms of First Amendment protections, showcasing the Supreme Court’s comfort with new technology and that it is cognizant of the impact of digital information,” said Andrew Ferguson of the David A. Clarke School of Law at the University of District Columbia, and a national expert on predictive policing and the Fourth Amendment,

See also: Digital Privacy Rights of Probationers

Similarly, earlier this year, the Court decided Packingham v. North Carolina, which addressed the prevalence and necessity of the internet and social media in a digitized society.

Riley embodies the idea that new technologies and the digital space are different, yet fails to view these devices for what they are rather than what they’re most similar to. A cell phone is not a diary, calendar or any of the technologies cited by by the Court, and to draw a series of slightly-off-the-mark analogies and suggesting they should be treated the same, is not a solution.

In reviewing Carpenter, there are only a few scenarios for the Court—each of which will have lasting implications.

The Court might opt to temporarily put tape over the problem, hiding behind the Third Party Doctrine and wait for the next case to make its way up.

Or it could limit the Doctrine’s application to CSLI and recognize that carrying a cellular phone does not, in and of itself, amount to consenting to location tracking.

“One of the difficulties the Court is confronted with is that the Doctrine, as it’s been created, doesn’t offer a nice neat answer,” said Ferguson. “The Court may have to rethink their traditional approach to the Fourth Amendment in order to address this new technological threat to privacy and security.

“The other difficulty is: If Carpenter is really about the future of the Third Party Doctrine, it is about far more than just cell site records—it is about the future of a data-driven third party mediated age.”

That is a huge question to answer. And, due to the far-reaching consequences any of the scenarios the Court may chose, the Court may also just decide to punt it to a future case.

There are few things we do online that aren’t connected, in some way, to a third party. As smartphone technology continues to advance, more and more aspects of our lives will be recorded and stored on third-party servers. Lower courts across the country are only just beginning to consider how the Internet of Things will affect our expectations of privacy.

Carpenter is an opportunity for the Supreme Court to reconceive how privacy and security values can be protected in an era of increasingly sophisticated surveillance technologies that allow us to remotely control the lights and heat in our homes or monitor intruders.

Let’s hope the Justices take it.

 Deanna Paul (@thedeannapaul) is a former New York City prosecutor and adjunct professor of trial advocacy at Fordham University School of Law. This fall she will begin attending Columbia University’s graduate school of journalism. Her nonfiction work has been published by The Marshall Project, Rolling Stone, and WIRED.


‘Keep Out’ Warnings Goad Skilled Cyberhackers into Trying Harder: Study

University of Maryland-College Park researchers set up over 200 “honeypot” computers to test whether online warnings deter cyberthieves. Quite the opposite, they found—in a study that may be a wakeup call to law enforcement.

Warnings aimed at discouraging cyberhackers have almost no effect on skilled cybercriminals, according to a University of Maryland-College Park study.

In a finding that is likely to prove discouraging to law enforcement, the study discovered that warning “banners” set to flash across screens to discourage illegal online activity actually prodded trespassers to increase their efforts to infiltrate computer networks.

Researchers set up a number of “honeypot” computer accounts at a large American university, which was not named, to lure and monitor hackers to test whether “situational deterring cues” discourage system trespassing —”one of the fastest growing, yet least understood, forms of cybercriminal activity,” according to the study, released Wednesday by Criminology & Public Policy, published by the American Society of Criminology.

The University of Maryland researchers set up a number of decoy computer accounts and during a six-month period in 2012 waited for the trespassers to arrive. And they certainly did.

The study authors—Alexander Testa, David Maimon, Bertrand Sobesto, and Michel Cukier reported 553 unique “system trespassing events” on the 221 target computers.

Once the hackers had broken into the honeypot computers their screens flashed with an online warning banner:

The actual or attempted unauthorized access, use, or modification of this system is strictly prohibited. Unauthorized users are subject to institutional disciplinary proceedings and/or criminal and civil penalties under state, federal, or other applicable domestic and foreign laws. The use of this system is monitored and recorded for administrative and security reasons. Anyone accessing this system expressly consents to such monitoring and is advised that if such monitoring reveals possible evidence of criminal activity, the Institution may provide the evidence of such activity to law enforcement officials.

The researchers then observed and recorded the hackers’ behavior: How they navigated the attacked computer system, or changed file permissions, even after they were exposed to no-trespass warnings.

Those who had broken through the barriers to access administrator accounts—the privileged accounts that provide widespread access and the ability to wreak the maximum damage, usually held by information technology staff—didn’t appear dissuaded by the warning.

In fact, according to the researchers, hackers “increased the proportion of system trespassing events in which the ‘change file permission’ command was recorded,” compared to a control group that did not see a warning.

In a finding that they said surprised them, “sanction threats in an attacked computer system escalated the manipulation of file permission.”

In other words, the warning only apparently goaded them to keep hacking.

Some 21 percent of the hackers ferreted out by the decoy computers appear to be relative amateurs who did not attempt to crack administrative accounts, and in this group, there were signs of users being intimidated or deterred by the online warnings.

The study authors concluded that the more skilled hackers possessed “high criminal self-efficacy” and were confident in their ability to escape detection. Another possibility is that the sight of the warning banner made them react “defiantly.”

When faced with a threat, “administrative trespassers may escalate their offending in response to a sanction threat perceived as illegitimate,” the study said.

The lesson for security services, say the authors, is that more stringent methods are needed to deter the kinds of cybercriminality that have resulted in the theft of thousands of individuals’ identities, credit card numbers and other private information from large corporate networks over the past several years.

While they did not rule out the use of online warnings as a deterrent, the authors recommended the development of more sophisticated strategies that employed “repeated visual and verbal cues that can be responsive to a diverse group of offenders and situations in cyberspace.”

The full study, entitled “Illegal Roaming and File Manipulation on Target Computers” is available online here.

This summary was prepared by TCR Deputy Editor (Digital) Nancy Bilyeau. Readers’ comments are welcome.


FBI Warns of ‘Virtual Kidnapping’ Phone Scams

In a growing menace, scammers try to extort money after phoning parents or other kin and falsely convincing them that a loved one is being held hostage. They sometimes research potential victims on social media.

Hundreds of people in Southern California have been targeted by criminals hoping to carry out a scheme that law enforcement officials have termed “virtual kidnapping for ransom,” reports the Los Angeles Times. The scammers try to extort money after phoning parents or other kin and falsely convincing them that a loved one is being held hostage. A network of criminals in the U.S. and Mexico have been making the calls since at least 2015, affecting thousands of people in several states, including California, according to Gene Kowel of the FBI in Los Angeles. Officials from the FBI, LAPD and other agencies held a press conference Tuesday to warn potential victims against succumbing to panic if they receive a similar call.

Investigators made their first arrest in connection with the scam last week. Yanette Rodriguez Acosta, 34, of Houston was indicted on charges of wire fraud and conspiracy to commit money laundering. She is charged as part of a ring that used Mexican telephone numbers to call targets in Los Angeles and Beverly Hills, claiming to hold the victims’ children as prisoners. The ring targeted at least 39 victims in California, Texas and Idaho. At least 250 calls were aimed at Los Angeles residents, costing victims roughly $114,000. Officials said some scammers research potential victims on social media.


As Trump Dithers, Cyber Warfare Rages Unchecked

The Trump administration’s refusal to publicly accuse Russia and others in a wave of politically motivated hacking attacks is creating a policy vacuum that security experts fear will encourage more cyber warfare. The White House “just wants ‘cyber’ to go away,” said one expert.

The Trump administration’s refusal to publicly accuse Russia and others in a wave of politically motivated hacking attacks is creating a policy vacuum that security experts fear will encourage more cyber warfare, reports Reuters. In the past three months, hackers broke into official websites in Qatar, helping to create a regional crisis; suspected North Korean-backed hackers closed down British hospitals with ransomware; and a cyber attack that researchers attribute to Russia deleted data on thousands of computers in the Ukraine. Yet neither the United States nor the 29-member NATO military alliance have publicly blamed national governments for those attacks.

President Trump has refused to accept conclusions of U.S. intelligence agencies that Russia interfered in the 2016 U.S. elections using cyber warfare methods to help win. “The White House is currently embroiled in a cyber crisis of existential proportion, and for the moment probably just wants ‘cyber’ to go away, at least as it relates to politics,” said Kenneth Geers, a security researcher with NATO. “This will have unfortunate side effects for international cyber security.” With no one calling out known perpetrators, more hacking attacks are inevitable, experts say.


Ransomware Attacks Spread to Businesses, Hospitals

Ukraine’s prime minister called yesterday’s cyberattack — which targeted government workstations, power companies, banks, state-run TV stations, airports and ATMs — “unprecedented” in scope. The so-called Petya attack reboots victims’ computers, encrypts their hard drive’s master file and renders their entire hard drive inoperable. The ransom request, $300 in bitcoin, “doesn’t seem consistent with state-sponsored attackers,” says one expert.

Get used to the kind of ransomware attack that crippled critical infrastructure and shut down major corporations yesterday. It was an escalation of the kind of cyber attack that’s becoming a regular occurrence worldwide with a reach that’s threatening key elements of national security, reports These kinds of attacks are affecting more people as they spill out of the cyber realm and affect hospitals, power grids, and multi-national corporations. At the same time, consumer anxiety about security is at an all-time high, according to the Unisys Security Index and EY’s Global Capital Confidence Barometer, which shows cybersecurity concerns are delaying business deals.

Ukraine’s prime minister, Volodymyr Groysman, called yesterday’s cyberattack — which targeted government workstations, power companies, banks, state-run TV stations, airports and ATMs — “unprecedented” in scope. The so-called Petya attack reboots victims’ computers, encrypts their hard drive’s master file and renders their entire hard drive inoperable. The ransom requested for access to an infected computer is $300 in bitcoin, and “doesn’t seem consistent with state-sponsored attackers,” said Bret Padres, a former intel official and CEO of The Crypsis Group. The attack came just over a month after the massive WannaCry ransomware attack, conducted by a North Korean hacking group, spread to 300,000 breaches across 150 countries. Padres says “Eastern European systems are more likely to be running unpatched and could be more vulnerable to this type of attack,” but the “bulk of the U.S. capability in cyber security is in its offensive operations. We are in a very vulnerable place when it comes to defenses.”


Ransomware Goes Viral, But FBI Is Left Out of the Loop

Security experts say ransomware attacks are an Internet scourge, but a new FBI reports suggests that the vast majority of its victims simply don’t bother reporting incidents of this growing financial cyber-menace.

Despite its expanding threat, ransomware infections are rarely reported to law enforcement agencies, according to the FBI’s latest Internet Crime Report. Bleeping Computer reports that the FBI’s Internet Crime Complaint Center (IC3) received just 2,673 complaints about ransomware attacks in 2016. Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. Victims who did report to the FBI said the attacks resulted in just $2.4 million in damages in 2016. But the numbers do not reflect what’s happening in the real world, where ransomware is one of today’s most prevalent cyber-threats, according to multiple reports from cyber-security companies.

Experts suggest that people and companies are paying ransoms, restoring files from backups, or reinstalling PCs without filing a complaint with authorities. Last year, the FBI reported that ransomware incidents had doubled from 2014 to 2015. In 2016, the number of ransomware complaints remained the same, despite cyber-security companies reporting an increase in activity. For example, an IBM report said email spam spreading ransomware spiked 6,000 percent in 2016, while a PhishMe report said spam delivering ransomware accounted for 37 percent of all email spam. A Carbon Black report said ransomware operators were on track to make nearly $850 million from ransom payments this year.


Smart Cookies: Girl Scouts to Train as Cyber Sleuths

In partnership with a California security firm, U.S. Girl Scouts will now be able to explore the fundamentals of cyber security skills. Officials say the move will help instill “a valuable 21st century skill set” in members of an organization best known for cookie sales.

Cookie sales may take a back seat to fighting identity theft and other computer crime now that Girl Scouts as young as 5 are to be offered the chance to earn their first-ever cyber security badges, reports Reuters. U.S. Girl Scouts who master the required skills can attach to their uniform’s sash the first of 18 cyber security badges that will be rolled out in September 2018, Girl Scouts of the USA said. The education program, which aims to reach as many as 1.8 million Girl Scouts in kindergarten through sixth grade, is being developed in a partnership between the Girl Scouts and Palo Alto Networks, a security company.

The goal is to prevent cyber attacks and restore trust in digital operations by training “tomorrow’s diverse and innovative team of problem solvers equipped to counter emerging cyber threats,” Mark McLaughlin, chief executive officer of Palo Alto Networks. The move to instill “a valuable 21st century skill set” in girls best known for cookie sales is also aimed at eliminating barriers to cyber security employment, such as gender and geography, said Sylvia Acevedo, the CEO of the Girl Scouts of the USA.


Can We End Terrorists’ ‘Free Pass’ on Social Media?

Preventing violent extremists from accessing the Internet is now critical to the fight against terrorism, argues a cyber security specialist. A recent Facebook announcement may point the way.

Historically, illicit actors have utilized media sources to gain supporters and new recruits, engage in psychological warfare, and spread propaganda. The perpetrators of the Rwanda genocide, for example, used the radio to vilify a target population, incite violence, and spread hate propaganda.

They, like other propagandists who exploit media platforms, wanted to polarize society by classifying the targets of their hatred as enemy “others.”

While the aims haven’t changed, the platforms have. And so must the measures used to combat them.

At the time of the Rwanda genocide, proposals to jam the radio signals of those spreading hate propaganda and inciting violence were dismissed as being too difficult and too costly to implement.

This inaction was devastating. Hate messages spread. Calls on the radio for the extermination of an entire ethnic group influenced listeners to viciously attack and kill. An estimated 70% of Rwanda’s Tutsi population—between 500,000 and one million people—were murdered during a 100-day period in 1004.

Today, terrorists use social media platforms to spread messages of hate. They use the Web to call supporters to take up arms, to kill or harm their purported enemies (a category very broadly defined), and to terrorize target populations.

Meanwhile, arguments against limiting terrorists’ access to such platforms are similar to those made during the Rwanda genocide. Once again, opponents say blocking terrorist sites is both too technically difficult and too costly.

The terrorist groups have taken advantage of the free pass they have effectively been given.

If there’s any doubt about how important social media is to their strategy, consider that the Islamic State in Iraq and Syria (ISIS) made death threats against Twitter employees who attempted to take down terrorists’ accounts.

Most social media companies acknowledge that terrorists and those who support and encourage terrorism have no place on their platforms. Yet terrorism-related content is proliferating, giving terrorists unfettered and unprecedented access to millions of users around the globe.

Let’s not forget that terrorism is a form of theater. Each act is designed to provoke emotions (that is, fear in the population) and a desired response (an over-reaction by the public, security professionals and government agencies in the form of discriminatory practices against a misidentified target population and/or expansive police and surveillance powers).

The over-reactions in turn are used in terrorists’ propaganda campaigns to legitimize their cause and actions.

But quashing the use of social media by violent extremist groups should not be considered an “over-reaction.” It has become essential to the fight against terrorism.

Social media platforms must proactively take down accounts that support, encourage, and promote terrorism. Currently, the majority of these platforms only react when threats or dangers are brought to their attention, and the reaction is usually selective. With a few exceptions, most of the major Web service companies place the onus of identifying content that violates their terms of service on the public.

That’s wrong.

Some private groups, such as Anonymous, have acted on their own. A case in point is their takedown of ISIS and ISIS supporter Twitter accounts following the 2015 terrorist attacks in France.

It is important to remember that social media platforms are private and not public platforms, which means that these private platforms can regulate conduct as they see fit. When users utilize them, they effectively agree to the terms of service that set appropriate rules of behavior online.

Such rules of behavior include barring certain types of conduct, such as nudity, abuse, and hate speech. More recently, the rules have explicitly included bans on the support, encouragement and promotion of terrorism.

So a new law or regulation isn’t really needed. Nor do we need an expansion of police powers to monitor and search social media content.

The platforms should merely live up to their terms of service, by enforcing them pro-actively. While many suggest the complexities of the web make this unfeasible, social media platforms already have developed programs to monitor illicit activities ranging from child pornography and bullying to the theft of copyrighted works.

Surely, such programs can be modified to block and take down terrorism-related content.

The tools for doing so are already there. Social media platforms can “shadow- ban” a user—that is, they can make the offending users’ posts invisible to all but the person who is posting. Why can’t this practice be utilized on terrorists and terrorist supporters?

Another program, which can hash and detect questionable images on both visible and deep web sites, can be easily modified to identify and block images of terrorists and terrorist propaganda.

Still another can copyright both images and videos to prevent them from being uploaded online. An example of this type of program is YouTube’s ContentID, which enables users to upload copyrighted videos to a database; the program then searches for the copyrighted content on YouTube.

Why can’t such technology be used to take down leading jihadist propagandist videos from YouTube, such as those of Anwar al-Awlaki, which many law enforcement specialists say has inspired recent terrorist actions in London?

As most people know, ISIS has posted videos on YouTube depicting violent acts such as beheadings and Mujatweets, which are brief videos that depict ISIS as a generous organization and positive presence in its territories.

Why can’t a program like ContentID be leveraged to remove these videos from YouTube—videos which clearly violate the site’s terms of service?

A limiting factor in taking a proactive approach to blocking and removing terrorism-related content is not difficulty, but cost. Social media platforms apparently don’t want to invest their time, or their human and financial resources to engage in this practice. In view of that, social media platforms should be provided with incentives to offset the costs that these organizations incur by engaging in these practices.

The reality is that there are solutions; they just take time and money.

Marie-Helen Maras

There’s no reason why the media mega-giants who dominate the Internet today can’t take a proactive approach to dealing with terrorists’ use of social media. In fact, Facebook recently announced that it would use artificial intelligence to remove terrorist content from its platform. This illustrates that social media platforms can do more.

They just need to be persuaded that it is in their interests, as well as ours, to do so.

Marie-Helen Maras is a former U.S. Navy law enforcement and security specialist and author of “Cybercriminology.” She is currently an associate professor at John Jay College of Criminal Justice. She welcomes comments from readers.


Hunting the Internet’s Sex Predators

The director of a recent Netflix documentary on child sex-traffickers has called for legislation restricting commercial sex sites. But an expert on human trafficking argues police need them to identify –and save—the victims.

Most Americans have heard about the pernicious crime of sex trafficking. There has been no shortage of coverage on the suspected red flags, undercover stings, arrests and victim rescues in the media.

However, politicians, law enforcement and anti-trafficking advocates often tout hollow victories for public accolade, while human trafficking crimes continue undeterred. In a previous column for The Crime Report, I noted that some of the common targets chosen by advocates reveal a short-sighted approach by those who want to end such trafficking.

More evidence of this misguided approach came last month with the release of Mary Mazzio’s documentary entitled “I Am Jane Doe” on Netflix. The documentary features videotaped interviews with three girls who were sex-trafficked as children and advertised by their pimps on—a classified advertisement website.

The girls, including one who was only 13, made headlines after they sued the website in civil court. Mazzio claims she wanted to record the girl’s experiences of exploitation to “spare a few children the horrors recounted in the film.”

The director admits that three years ago she had “no idea what child sex trafficking was,” but she has now become a forceful advocate for legislative change to Section 230 of the 1996 Communications Decency Act, which has thus far protected U.S.- based websites like Backpage from liability for third-party content. Recently, as part of her national publicity campaign for the film, her views appeared in the entertainment section of The Washington Post.

That might sound compelling to readers accustomed to browsing swiftly through reviews of the latest movies and celebrity sightings. But it is not only misleading; it’s potentially counterproductive and can be considered as exploiting the girls’ victimization.

Mazzio’s argument­ that third-party liability would result in the removal of commercial sex advertisements from the Internet and therefore reduce the incidence of sex-trafficking is not supported by research.

In fact, it could actually reduce the likelihood of victim identification.

The vilification of is reminiscent of the rhetoric directed against less than a decade ago. For example, Nic McKinley, Founder of DeliverFund­, was featured in Mazzio’s film, saying  “Backpage is the Wal-Mart of human trafficking.”  His comments were subsequently quoted in stories about the documentary published in The New York Times and Vogue, among others.

In fact, almost the exact same description was used by Andrea Powell, Director of the anti-trafficking group FAIR Fund in 2010 interview, in which she called Craigslist “the Wal-Mart of online sex trafficking.”

What these presumably well-meaning advocates miss is that the Internet modernized the commercial sex industry—not one particular website.

Both, and its spinoff,, were created as virtual commons for the exchange of information, but they also became platforms for individuals who posted classified advertisements for the commercial sex industry. Dismantling one platform only makes space for another.

After shuttered the adult section of its website, the advertisements just migrated to This displacement effect was also apparent when subsequently shuttered its “adult section,” which pushed the same ads to the dating section of the website.

Although is the classified website most inextricably linked to sex trafficking at the moment, there are numerous forums for commercial sex consumers to exchange information and peruse sex for sale. For example, online commercial sex reviewers claim to have purchased unprotected sex with suspected drug users on, while men brag about “stealthing” (removal of a condom mid-coitus) with commercial sex providers and raping unconscious women on

Some of the women advertised and discussed on these websites are likely victims of sex trafficking or sexual assault. However, these websites are almost completely absent from the media and operate under the radar of most law enforcement agencies.

The crusade against will result in nothing more than another displacement of commercial sex advertisements to offshore and/or referral based membership forums. For example, in response to the attempted criminalization of executives, the administrator of wrote, “Are you kidding? That’s great news for us, we are ready. New version coming out soon. Unlike them we aren’t tied to the USA.”

Following his post, he added a hyperlink to an offshore-based classified advertisement website, called

Kimberly Mehlman-Orozco

Documentaries like the one produced by Mary Mazzio may be useful for alerting Americans about a danger than can reach into their homes, but policy prescriptions that are neither well thought-out nor backed by sound research can make an already clandestine crime even more difficult to identify.

If anti-trafficking advocates truly want to reduce the incidence of sex trafficking, as well as increase rescues of victims and prosecution of offenders, they should instead lobby for more cooperation and exchange of information between U.S.-based websites like and law enforcement.

Kimberly Mehlman-Orozco holds a Ph.D. in Criminology, Law and Society from George Mason University, with an expertise in human trafficking. She currently serves as a human trafficking expert witness for criminal cases. Her book, “Hidden in Plain Sight: America’s Slaves of the New Millennium,” will be published by Praeger/ABC-Clio this year. She welcomes comments from readers.