My website has the ability to upload images but I was wondering what if someone uploaded child porn to my website? What are my legal responsibilities when it comes to this?

I was tempted to answer "then you're fucked". But seriously, you may obviously get in considerable trouble.

Be sure to:
- make users agree to a ToS before they can upload
- have the ToS written in a way so they disallow illegal content (including but not limited to child porn)
- provide a "report abuse" button
- pedantically track users and their IP addresses (i.e. who uploaded what, when, from which IP addresses)
- immediately remove offending content if you spot it of if someone reports it

That way, you should be able to cut the rope around your neck if the worst happens. If you don't prepare for it, you'll be hanged.

Oh, and when I say "pendantically track", that doesn't mean apache's http log which is overwriten by logrotate next week. Absolutely do make copies of your logfiles and keep them safe.

Legal action or prosecution can sometimes take 1-3 years before you hear about it for the first time. Which means if you don't keep your logfiles for at least a couple of years, you may have a nasty surprise. This is not fair, but it's how things go.

Your detailled logfiles that allow you to track who uploaded what and when from which IP address are the only evidence you have, and they're the only thing that lets you offload the liability to someone else.

If you can't prove that you've acted with all necessary diligence and that this is just some "unlucky thing" which you could not prevent, your chances are not good.

I'm not a lawyer, but I wouldn't worry about it. You have access to the server so you can destroy evidence at your own will. Not much someone could do to stop you. Their case can be destroyed with a few simple commands and it becomes their word against yours. You win. :)

Not necessarily. Usually the evidence will be collected long before you get that chance. You'll be the last person to hear about it, and at that time, it doesn't matter if you delete something.

You're the one person who is tangible, since the domain name is registered under your name and the server is rented under your name (and possibly with your credit card). Plus, you are generally responsible for the content on your site. More in some countries, less in some others, but generally you are. Which means, if in doubt, you're violating the law (and may be liable for damages on top).
The only valid excuse is, in general, having consistenly and provably acted as diligently as possible.

The guy uploading child porn is not immediately tangible. Sure, he is breaking the law, but he is not tangible. You are.

Neither the police nor some random guy who tries to sue you for 5 million because he suffered severe emotional pain from looking at your site care to get to the real culprit. Nor do Sony/BMG if they think an image infringes their copyright.

They are perfectly happy with SOMEONE who is tangible, since this is the easiest route, and that someone will be you. If it comes to that, you had better present some data that shows that someone else did it.

IANAL but I know that for example in Germany the admin-c is not necessary the responsible person when it comes to legal actions. Enterprise websites are by law obligated to name a person that is responsible for the content. But for personal websites the admin-c is also the person that is responsible for the content as it is the only person who publishes content on that site.

But I don't know how the legal situation is in the states.

IANAL, but I believe the relevant US federal laws regarding child pornography are available at The National Center for Missing and Exploited Children website. From a strictly CYA perspective, it's probably a good idea to inform a law enforcement official that someone dumped that crap on your system.

Quote:

Original post by megamoscha IANAL but I know that for example in Germany the admin-c is not necessary the responsible person when it comes to legal actions.

Germany is a good example of how perverse it can get, though. Take the case where Heise was held responsible because someone made a racist comment in the Heise forums. Which, quite obviously, is not something they intended, nor something they could have prevented.

Quote:

Original post by SteveDeFacto My website has the ability to upload images but I was wondering what if someone uploaded child porn to my website? What are my legal responsibilities when it comes to this?

I'm not sure why this was posted to the Lounge, when there is Business and Law forum.


You are in the United States, and there is a legally required duty to report it.


The law for it is covered in the link provided above. If you know about child porn and fail to report it to the proper channels, the first time you fail to report it you can face a penalty of up to $150,000.



For a personal web site, I would immediately contact the CyberTip Line at the center for missing and exploited children and ask them what they want you to do. They are the initial point of contact required by law.



If I were to discover it on a professional site, I would immediately get it disabled but not removed. I also make sure to preserve all relevant logs and content.

At the same time, I would pick up the phone and call my business lawyer to ask for clarification on exactly which agencies to contact. I know there are both state and federal agencies that my business would need to report to, so I would let my lawyer do the work to ensure the legal side is properly addressed.

That's nasty! I would suggest familiarizing yourself with your local cyber laws, that stuff is toxic and if mishandled you could be liable in some way.. As others have suggested have a ironclad TOS contract to protect yourself too..

-ddn