remove an ad when a third party flagged a violation, then the ISP will be fined $10,000 for the
first violation, with the penalty increasing to $25,000 for each subsequent violation. If the ISP
fails to exercise E-Verify or an alternative mechanism and a human trafficking victim is identified
as the subject of an unverified ad, the ISP will also face a charge of criminal negligence.
2. Criminal Negligence
In addition to fines for failing to comply with the regulatory obligations outlined above,
an IPACT amendment could also include a provision that holds the ISP liable for criminal
negligence in the event that the ISP failed to comply with the regulatory verification
requirements, and an ad was then posted and was later determined to contain a trafficked victim.
The U.S. Supreme Court has upheld regulatory offenses that bear a charge of criminal
negligence. In Staples v. United States, the Court stated that these regulatory offenses “involve
statutes that regulate potentially harmful or injurious items”207 that “involved statutes that
provided for only light penalties such as fines or short jail sentences, not imprisonment in the
state penitentiary.”208 As applied to the online trafficking context, the criminal penalty for this
proposal is linked to the ISP’s failure to follow a regulatory procedure, rather than a finding that
the ISP had specific knowledge a child has been posted on its site for the purpose of trafficking.
Under a criminal negligence standard, the government need only prove that a reasonable person
would have been aware of the risk of harm.209 A number of federal statutes already operate under
a criminal negligence standard.210 Similar to these federal statutes, under IPACT, an ISP’s failure
to follow the required E-Verify or alternative procedure, if it results in a child trafficking incident
or other illegal activity such as prostitution, would allow the government to pursue a charge of
IPACT’s identification policies, however, would be narrowly tailored to serve the
government’s interest in ensuring that children are not using or being used on these websites.211
Also, while the information submitted is personal and important, under this proposal it would be
submitted to a secure website (for example, E-Verify is maintained by the Department of
Homeland Security).212 In addition, it is information that is routinely required for the purpose of
employment, so that nearly every person involved will have undergone the same procedure at
some point in order to obtain employment. The information submitted under IPACT will only be
seen by trained or authorized ISP employees, who cannot reveal such information to others under
penalty of law.213
207 CONG. RESEARCH SERV., MEMORANDUM - CRIMINAL NEGLIGENCE AND LIABILITY OF ONLINE SERVICE PROVIDERS FOR ACTS OF
THIRD PARTIES 3 (Nov. 14, 2012) (citing Staples v. United States, 511 U.S. 600, 607 (1994)).
208 Id. (citing Staples v. United States, 511 U.S. 600, 616 (1994)).
209 Id.; see e.g., United States. v. Dotterweich, 320 U.S. 277 (1943) (upholding a charge of criminal negligence under the Food and
Drug Act with no requirement of proof of knowledge of misbranded drugs); United States v. Balint, 258 U.S. 250 (1922) (upholding a
criminal negligence charge under the Federal Narcotic Act with no requirement of proof of knowledge of illegal substance).
210 “Officer Permitting Escape,” and “Gathering, transmitting, or losing defense information.” See 33 U.S.C.A. § 1319(c) (West 2013)
(providing violations for any person who negligently violates the Clean Water Act); 18 U.S.C.A. § 793(f) (West 2013) (providing
criminal liability for gross negligence in the gathering, transmitting, or losing of defense information).
211 See infra text accompanying notes 234-239 for discussion of narrow tailoring.
212 What Is E-Verify?, supra note 190.
213 See Our Commitment to Privacy, DEPARTMENT HOMELAND SECURITY, U.S. CITIZENSHIP & IMMIGR. SERVICES.,
http://www.uscis.gov/portal/site/uscis/ (follow “E-Verify” hyperlink; then follow “About the Program” hyperlink; then follow “Our
Commitment to Privacy” hyperlink) (last updated Aug. 9, 2010). Those who utilize E-Verify are held responsible for the information
to which they have access, and mishandling of such information can result in personal fines. Id. In addition, current employer users of
E-Verify “are required to abide by all security and privacy requirements as agreed to when they enroll in E-Verify.” Id. Employer
users can lose access to E-Verify if they misuse the system or attempt to avoid security measures. Id. The E-Verify Memorandum of
Understanding, which must be signed by participating employers, includes the following statements to safeguard employee