Shielded Speech: Exploring the First Amendment in Anonymous Online Discourse
In a time when state legislatures and the U.S. Congress are considering a myriad of bills requiring the verification or authentication of online users, including for children, it is important to remember that anonymous speech is a fundamental component of Americans’ right to free speech. Though the means in which speech is exchanged has evolved since the Supreme Court decisions came down for cases involving anonymous association, like Bates v. Little Rock, or anonymity of individuals engaged in personal political activity, like Talley v. California, the cornerstone of those rulings still reigns true in today’s online environment. Since the inception of the internet age, court rulings have consistently upheld users’ rights to anonymous speech. Cases like Dendrite International, Inc. v. Doe and Cahill v. Doe underscore this stance, as courts have recognized robust First Amendment presumptions in favor of those who purvey anonymous speech. In the words of the U.S. Supreme Court in McIntyre v. Ohio Elections Commission, “Anonymity is a shield from the tyranny of the majority.” In the context of these precedents, it is important to consider how recent legislative efforts could upend our understanding of free speech protections in the online space, particularly the right to remain anonymous, especially as many such proposals have been signed into law.
Why Verifying a User’s Identity Flies in the Face of First Amendment Protections and Presents Serious Privacy Concerns
Legislation akin to California’s SB 1228 has emerged nationwide in recent months. Though the goal behind the proposals, reducing the prevalence of bots, is one that most internet users could support, the proposed means to this remedy present severe feasibility and privacy concerns. Under SB 1228, large online platforms would be required to “seek to verify” any “highly influential user.” This can include users who speak on topics that could be considered controversial and choose to use a pseudonym to protect themselves. Examples of the use of a pseudonym long predate the internet, including the Federalist Papers or NAACP v. Alabama — which is still noted as one of the most forceful articulations ever of a right to anonymous expression by the U.S. Supreme Court. Essentially, just because a user happens to garner more attention from other users, they would be under greater scrutiny by online platforms to track their driver’s license number, geolocation, and other sensitive personal information. This chills the concept of anonymous online speech.
Many lingering questions persist regarding government mandated user verification. For example, what if the “highly influential user” is a dissident of communist rule in Russia or China who otherwise participates on a platform under a pseudonym? This could potentially put that user at risk if they continue to speak on the platform but cannot remain anonymous. This appears to be the very type of speech that the First Amendment right to remain anonymous seeks to protect as a “shield from the tyranny of the majority.” In this case, it is important for the user to remain simultaneously “highly influential” and anonymous at the risk of otherwise facing political retribution or impairing their ability to speak freely about important political and societal issues.
These concerns are magnified by the fact that any platform that seeks to verify those personal details would likely store the information to prove compliance for any enforcement action. Collecting and storing such data could also be a data breach or security concern that could chill this type of speech as a user could feel at risk of being a target for doxxing, swatting, harassment, or other forms of retaliation.
A recent example of a form of an identity verification data breach happened in New South Wales (NSW), Australia. In NSW, licensed clubs are legally obligated to verify a patron’s identity and age while securely collecting and storing such data in compliance with Australian federal privacy laws. Many clubs contract with a third-party service like Outabox, an Australian IT provider used by dozens of hospitality venues including Australian hospitality company Merivale. However, the Australian government agency, ID Support NSW, confirmed that one million NSW and Australian Capital Territory residents could be implicated by a data breach. Police have arrested a suspect in Sydney as they investigate the major breach that is believed to be either blackmail or corporate sabotage after the breached data was then published. This is just one more recent example of a sensitive data breach that harmed millions of consumers in one country. When applying these types of data collection requirements across a wider region like the United States or European Union, for example, this creates a honeypot of sensitive information for bad actors to exploit.
As digital service providers strive to enhance the privacy and security of consumer data, mandating user verification hinders these efforts by necessitating companies to gather and disclose sensitive data to unfamiliar entities.
Children’s Social Media Age Verification Requirements
Bills have passed in several states, including Utah, Arkansas, Georgia, and Tennessee that would require age verification for all users on a covered platform in order to determine who is aged above and below 16-18 years old. If a user is below the age requirement, they would also have to obtain parental consent in order to create an account. While these efforts are well intended, the actual implementation at scale not only poses feasibility concerns but also undermines the rights to anonymity and freedom of speech, particularly for young individuals.
In an ideal online environment, it would be easy to separate children from adults on the internet to protect younger users from mature adult content. However, in practice, it is quite difficult to accomplish this, not just because of First Amendment protections applicable to adults and teens, but also because of the serious privacy concerns. There are serious privacy and security concerns associated with collecting and storing data about a user’s geolocation and other sensitive personal identifying information. For example, some acceptable ways to obtain verification include a driver’s license, social security number, or credit card. This is highly sensitive information that users do not want to give and digital services do not want to store. Many of these laws, including in Arkansas, are currently facing legal challenges, with some being enjoined and blocked from implementation. As other cases remain unresolved, their eventual rulings will provide lawmakers with a clearer understanding of the legal status of such regulations and their ability to withstand constitutional scrutiny.
Forward Gaze: Foreseeing Future Challenges to Online Anonymity
This year, the U.S. Supreme Court has presided over numerous cases concerning internet regulation and online speech. These cases are likely to persist as lawmakers continue to pass new regulations concerning online content and privacy. However, prior rulings from SCOTUS concerning identity verification may serve as a gauge for the outcome of future judicial reviews. For example, the U.S. Congress enacted the Child Online Protection Act (COPA) in 1998. COPA delineated the dissemination of material deemed “harmful to minors” on the internet for commercial purposes as a punishable offense. However, it also afforded website operators and content providers the opportunity to mount a defense against prosecution under the Act. This defense could be established by demonstrating that access to harmful content for minors was constrained through various means, including the requirement of a credit card, debit account, an “adult access code” or “adult personal identification number,” a “digital certificate verifying age,” or any other practical measures feasible with current technology. After a decade of legal battles, the U.S. Supreme Court in 2009 dealt a decisive blow to the law by declining to hear the U.S. Government’s final appeal, thereby affirming lower court rulings that deemed the law unconstitutional.
The courts determined that the age verification mandate lacked the necessary precision to fulfill the government’s objective of shielding children from explicit material. Moreover, they concluded that it would stifle speech safeguarded by the First Amendment. After 15 years of legal precedent, lawmakers, especially at the state level, are encountering a familiar dilemma regarding identity verification. It remains to be seen whether the legal precedent established over more than a decade ago will prevail.
