Last year Pennsylvania passed a bill to crack down on child pornography online. The cause was uncontroversial, but the law's approach—requiring Internet Service Providers to block Web sites based on their Internet Protocol addresses—drew immediate criticism from the technology community. "Child pornography is abhorrent," says Alan Davidson, associate director of the Center for Democracy and Technology (CDT). "But this approach, because of the architecture of the Internet, inevitably blocks innocent Web sites as well as targeted Web sites. It's like prohibiting mail delivery to an entire apartment building just because one tenant is suspected of wrongdoing."
A study by Benjamin Edelman, a student at Harvard Law School, buttresses the point. "More than 87% of active domain names are found to share their IP addresses (i.e. their web servers) with one or more additional domains, and more than two third of active domain names share their addresses with fifty or more additional domains," he reported in a March 2003 paper for Harvard's Berkman Center. "With so many sites sharing IP addresses," he continues, approaches like Pennsylvania's "are bound to produce 'overblocking'—accidental and often unanticipated denial of access to web sites that abide by the stated filtering rules."
There's a difference, alas, between demonstrating this in theory and demonstrating it in Pennsylvania's particular context. Earlier this year the CDT requested a list of the blocked sites, so it could see how many non-porn pages had been swept up in the virtual dragnet. The state attorney general, Mike Fisher, refused to release the information, arguing that disclosing the sites' addresses would itself amount to distribution of child pornography. "We will not aid and abet child pornographers by publicizing their illegal Web sites," Fisher's spokesman told the Associated Press.
The CDT still hopes to convince Fisher to release the information. If it fails to persuade him, though, it may challenge the state's position in court.