So a US Federal Judge says that MySpace is legally protected from any liability as a result of external criminal acts that have been committed by people misrepresenting themselves to other MySpace users. Judge Sam Sparks of the U.S. District Court for the Western district of Texas ruled that the 1996 Communications Decency Act excludes web providers and ‘information intermediaries’ from the action of their members when it comes to criminal acts involving content. This is, of course, intended to protect service providers from being put out of business by never ending lawsuits resulting from the actions of people over whom they have no real control. Without such legislation there is a very persuasive argument to be made that the Internet would not have reached the level of development it has today.

But many will argue equally strongly that the CDA is now ancient legislation in technology terms, and largely irrelevant to the Internet of today. Indeed, the dismissal of the negligence lawsuit in question which looked for damages of $30 million following an alleged assault of a 13 year old girl by a 19 year old man leaves us no nearer creating a safe online environment. Something, I am sure, that the family of the girl at the center of all this were hoping for. The suit essentially said that MySpace did not show a duty of care by allowing the girl to be able to register despite being under the age of 14, the minimum permitted age for MySpace membership, as well as allowing the alleged attacker to misrepresent himself as a much younger student himself in order to get close to his victim.

The judge remarked that the inconvenience of implementing a fully reliable age verification system would “stop MySpace’s business in its tracks.” Well deary me, what a shame. Given the resources behind MySpace, given the social networking space within which it works, given the popularity amongst youngsters of the service, given the unnatural attraction such a demographic provides to predatory pedophiles, given all of this I would have thought that MySpace would want to implement a reliable age verification system at any cost. Especially given the rather compelling evidence presented by the likes of Wired magazine which revealed just how easy it is for registered sex offenders to use MySpace for nefarious purposes.

So what is MySpace doing to safeguard the interests of its most vulnerable members? Well, according to an article posted at Reuters, MySpace has developed a database technology in conjunction with background verification check specialists Sentinel Tech Holdings Corp that combines US sex offender registry information. With the ability to cross-reference photographs, or textual descriptions, of predators against existing offenders using photo-matching tools, the crime fighting implications of such a national database are obvious. The database will keep track of 600,000 or more convicted offenders and is being donated to the National Center for Missing & Exploited Children who will use it to help law enforcement in investigations. NCMEC alerts are now also appearing on MySpace as an added safeguard.

Talking of which, MySpace has also been lobbying for a change in the law to require sex offenders to register email addresses so as to make it easier to block access to online services. Indeed, Senators John McCain and Charles Schumer have proposed the ‘Stop the Online Exploitation of Our Children Act’ which includes just that requirement along with another to force service providers to report online content related to child exploitation found on their networks. Unfortunately, this does not address (no pun intended) the issue of how you prevent offenders using free webmail service email addresses that can picked up and discarded on a whim, nor from using these behind an anonymous proxy service which are equally easy to use and abuse and would make tracking the miscreant even tougher.

Those of us with a combination of young children and a degree of knowledge as to how the Internet works at a technical level will appreciate the futility in such legislation, and know that the answer lays elsewhere: in education. Legislation will not prevent the predatory pedophile from striking online; it will not prevent the determined registered offender either. Quite apart from anything else, legislation targeting predatory pedophiles does nothing to protect children from all the other dangers that face them within the online environment. The only way to properly protect our kids in the 21st century world of social networking is for parents to take responsibility for their actions. And that means education, education, education. Look, this is nothing new. Before social networks were the Devil incarnate, it was chat rooms, IM, email, the web and the list goes on. The answer remains the same as it always has done, parental responsibility. This is not the same thing as parental control, so let’s not start the liberal ranting about the human rights of the child. I am not advocating Orwellian restrictions and monitoring, and actually believe such things do more harm than good in the parent/child relationship. However, that’s not to say we should not be talking to our kids, ensuring that they are not only aware of the dangers that they face but also aware of the rules that we as parents must set if they are to be able to have their online freedom.

It is OK to ask awkward questions about your kids friends, it is OK to ask awkward questions about online usage, it is OK to ask to see the personal profiles and pages of your kids, it is OK to have a family computer in a family room rather than allowing kids the privacy and danger of bedroom based browsing, it is OK to take an interest in your kids lives online and off, it is OK to set rules and enforce them. I don’t think it is OK to intercept and read your kids emails, IM or chat sessions.

But then again I don’t think it is OK for MySpace to opt out of the responsibility chain and do nothing to make its age verification technology watertight, just because Judge Sam Sparks says so either…

About the Author

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

Regarding email for kids, I disagree-as a parent, my kids know that email-just like the email at your work-is not private and neither is IM or any other on-line communication. In fact, judges have indicated that you have no expectation of privacy on a publicly connected computer. My kids know that there is tracking software installed and that I know every web site they visit. They know that at any time my wife or myself may ask them to turn over their password for their email accounts and we may view them. If they refuse-well that's where keylogging software comes in (of course refusal will also lead to computer restrictions). When they turn 18 they can have such privacy (well limited if still living at home) but until then, it is my network and my computer and my house and I love them too much to give them "privacy" with emails or IM only to have them taken advantage of or worse. Same with cell phones-we track received calls and other tracking. The funniest day was when my daughter found out that I don't recognize the US Constitution in my house!

But I do agree-it is the parents responsibility not the online companies but I also disagree in that it is user beware and would not support any legislation that would require companies to track or verify anyone. If a company wants to do it that is one thing. Remember: Freedom comes with responsibility. I feel for those parents and their daughter but she was able to create a myspace account and was apparently doing a lot that they did not know about. It is not Newscorp or myspace's fault.