Full opinion text
MEMORANDUM DuBOIS, District Judge. TABLE OF CONTENTS I. INTRODUCTION.610 II. PROCEDURAL HISTORY.611 FINDINGS OF FACT III. r — I A. PARTIES. rH 1. Center for Democracy and Technology. r*H 2. American Civil Liberties Union of Pennsylvania 1 — I 3. PlantageNet, Inc.. 7 — I 4. Gerald J. Pappert. 7 — 1 INTERNET OVERVIEW. W 7 — 1 1. Technical Overview of the Internet and the World Wide Web 1 — I 2. Publishing to the World Wide Web. 7 — I 3. Domain Names and URLs. 7 — I 4. Browsing the Web . 7 — ( 5. Shared Domain Names. 7-H 6. IP Addresses and the Domain Name System . 7“H INTERNET CHILD PORNOGRAPHY ACT (“THE ACT”).... t — I 1. Implementation of the Act. 03 2. The First Complaint. 03 3. Informal Notices. 03 4. The Single Court Application . 03 PLAINTIFFS’ STANDING. o 03 ISP COMPLIANCE WITH COURT ORDERS OR INFORMAL NOTICES .. tel 03 1. Description of ISPs. 03 610 337 FEDERAL SUPPLEMENT, 2d SERIES 2. Methods of Implementation. a. DNS Filtering. b. IP Filtering. c. URL Filtering. 3. Comparison of Filtering Methods. a. Ease of Implementation and Cost. b. Relative Effectiveness. c. Overblocking. 4. Contacting the Host. 5. Specific Examples of ISP Compliance. 6. Blocking of Innocent Web Sites . a. Laura Blain. b. Evidence of Other Blocked Sites . 7. Notice and Review of Blocked Content. 8. Methods of Evasion. a. Anonymous Proxy Servers. b. The Ability of Child Pornographers to Evade Filters 9. Office of the Attorneg General Response to Overblocking. F. IMPACT OF THE ACT ON INTERSTATE COMMERCE ... IV. CONCLUSIONS OF LAW. A. STANDING. 1. CDT and ACLU. 2. PlantageNet. 3. Overbreadth. B. SUBSTANTIVE FIRST AMENDMENT ISSUES. 1. Burden on Speech. 2. Level ofScruting . C. PROCEDURAL FIRST AMENDMENT ISSUES. 1. Prior Restraint. 2. Child Pornographg vs. Obscenitg. 3. Informal Notices. D. INTERSTATE COMMERCE CLAUSE. 1. Pike Balancing Test. 2. Per Se Invaliditg. V. CONCLUSION. APPENDIX A, 18 Pa. Cons.Stat. §§ 7621-30, Internet Child Pornography Act APPENDIX B, 18 Pa. Cons.Stat. § 6312, Sexual Abuse of Children I. INTRODUCTION In February of 2002, Pennsylvania enacted the Internet Child Pornography Act, 18 Pa. Cons.Stat. §§ 7621-7630, (“the Act”). The Act requires an Internet Service Provider (“ISP”) to remove or disable access to child pornography items “residing on or accessible through its service” after notification by the Pennsylvania Attorney General. It is the first attempt by a state to impose criminal liability on an ISP which merely provides access to child pornography through its network and has 665 no direct relationship with the source of the content. See Jonathan Zittrain, Internet Points of Control, 44 B.C.L.Rev. 653, 654, 672-73 (2003). The plaintiffs are Center for Democracy and Technology (“CDT”), the American Civil Liberties Union of Pennsylvania (“ACLU”), and Plantagenet, Inc. CDT is a non-profit corporation incorporated for the purpose of educating the general public concerning public policy issues related to the Internet. The ACLU is a non-partisan organization of more than 13,000 members ÜlJi.iMWWtOCOOO^lO^WKCOOOOOOOOOOO MHHOCOOObOiDOOOCOCiOO CO CO CD CD CD CD dedicated to defending the principles of liberty and equality embodied in the Bill of Rights. Plantagenet, Inc., is an ISP that provides a variety of services related to the Internet. Defendant is Gerald J. Pap-pert, Attorney General of the Commonwealth of Pennsylvania. Plaintiffs argue that, due to the technical limitations of the methods used by ISPs to comply with the Act, the efforts of ISPs to disable access to child pornography in response to requests by the Attorney General have led to the blocking of more than one and a half million innocent web sites not targeted by the Attorney General. Plaintiffs filed suit claiming that this blocking of innocent content, or “overblocking,” violates the First Amendment to the Constitution. They also argue, inter alia, that the procedures provided in the Act for issuing an order to remove or disable access to child pornography are insufficient and allow for an unconstitutional prior restraint of speech. Moreover, they contend that the Informal Notice procedure developed by defendant in implementing the Act also operated as a prior restraint of speech. Finally, plaintiffs claim the Act places an impermissible burden on interstate commerce. Based on these allegations, plaintiffs ask the Court to declare the Act unconstitutional and provide related injunctive relief. Defendant responds by arguing that the suppression of protected speech is not required by the Act and is the result of action taken by ISPs. According to defendant, ISPs have options for disabling access that would not block content unrelated to child pornography. Defendant also contends that the statutory procedures included in the Act and the Informal Notice procedure adopted by defendant in implementing the Act provide sufficient protection for the removal of child pornography from circulation. Additionally, defendant claims that the Informal Notices did not result in the prior restraint of speech because this procedure was developed with ISP input to provide for an informal and noncoercive means of advising ISPs that child pornography was accessible through their service. Finally, defendant asserts that the Act does not violate the Commerce Clause because child pornography is not commerce. Based on the evidence presented by the parties at trial, the Court concludes that, with the current state of technology, the Act cannot be implemented without excessive blocking of innocent speech in violation of the First Amendment. In addition, the procedures provided by the Act are insufficient to justify, the prior restraint of material protected by the First Amendment and, given the current design of the Internet, the Act is unconstitutional under the dormant Commerce Clause because of its affect on interstate commerce. The elimination of child pornography is an important goal and those responsible for the creation or distribution of child pornography should be prosecuted to the full extent of the law. To that end, all of the ISPs involved in the case have given defendant their complete cooperation. Notwithstanding this effort, there is little evidence that the Act. has reduced the production of child pornography or the child sexual abuse associated with its creation. On the other hand, there is an abundance of evidence that implementation of the Act has resulted in massive suppression of speech protected by the First Amendment. For these reasons, and the other reasons set forth in the Memorandum, the Court is ineluctably led to conclude the Act is unconstitutional. II. PROCEDURAL HISTORY On September 9, 2003, plaintiffs filed a Complaint for Declaratory and Injunctive Relief and a Motion for a Temporary Restraining Order and Expedited Discovery. The Complaint alleged that the Informal Notices, which plaintiffs called “secret blocking orders,” and the Act violated the First Amendment of the United States Constitution by operating as a prior restraint, burdening a substantial amount of lawful speech, establishing a system of secret censorship, and failing to provide adequate procedural protections. Plaintiffs also alleged that the Act’s “significant harmful effect on interstate commerce” violated the Commerce Clause of the Constitution. The Complaint sought an injunction against the Informal Notice process and a declaration that the Act and the Notices issued under the Act were unconstitutional. The Motion asked the Court to enjoin defendant from issuing Informal Notices. By agreement of the parties, the Court entered an Order enjoining the further issuance of Informal Notices and placing limitations on the implementation of the Act by the Attorney General. Pis.’ FOF ¶ 5, Order of Sept. 9, 2003. Thereafter, plaintiffs filed a Motion for Declaratory Relief and for Preliminary and Permanent Injunctive Relief on December 12, 2003 that essentially sought the same relief as was sought in the Complaint. A hearing on this Motion commenced on January 6, 2004. Based on an agreement between the parties, the hearing on the Motion for Declaratory Relief and Preliminary Injunctive Relief was consolidated with a trial on the merits by Order dated March 1, 2004. Because of the schedule of the Court and the parties, the trial continued over twelve non-consecutive days before it concluded with oral argument on June 23, 2004. Following the trial, the parties submitted supplemental memoran-da and post-trial proposed findings of fact. III. FINDINGS OF FACT The Court’s Findings of Fact are made pursuant to Fed.R.Civ.P. 52(a). Where noted, the Findings of Fact are derived from stipulations of the parties. A general overview of the development, architecture, and content of the Internet can be found in Reno v. ACLU, 521 U.S. 844, 849-53, 117 S.Ct. 2329, 138 L.Ed.2d 874 (1997), and will be covered in this Memorandum only to the extent necessary to explain the evidence and the rulings of the Court. A. PARTIES 1.Center for Democracy and Technology 1. Center for Democracy and Technology (“CDT”) is a non-profit corporation incorporated under the laws of the District of Columbia, with its principal office in the District of Columbia, for the purposes of educating the general public concerning public policy issues related to the Internet, conducting legal and policy research concerning the Internet, and developing and advocating public policies to advance constitutional civil liberties and democratic values in connection with the development of the Internet. CDT sues on its own behalf. Jt. Stip. ¶ 1. 2. American Civil Liberties Union of Pennsylvania 2. Plaintiff American Civil Liberties Union of Pennsylvania (“ACLU”) is a nonpartisan organization of more than 13,000 members dedicated to defending the principles of liberty and equality embodied in the Bill of Rights. The ACLU is incorporated in Pennsylvania and has its principal place of business in Philadelphia. The ACLU sues on its behalf and on behalf of its members who use online communications. Jt. Stip. ¶ 2. 3. PlantageNet, Inc. 3.PlantageNet, Inc., a Pennsylvania corporation with its principal place of business in Doylestown, Pennsylvania, is an ISP. Def.’s Supp. Mem. at 8. It has a World Wide Web home page at http:// www.pil.net. Jt. Stip. ¶ 3. 4.PlantageNet provides its approximately 750 customers with access to the Internet through dial-up, ISDN lines, or dedicated T1 connections. It also hosts customer’s web sites on the World Wide Web. Pls.’ Finding of Fact (“FOF”) ¶¶ 18, 19, Tr. 1/7/04 (Smallacom.be) pp. 76-77, 81-83. 4. Gerald J. Pappert 5. The original Complaint named Michael Fisher, then the Attorney General of the Commonwealth of Pennsylvania, as the sole defendant. Upon Mr. Fisher’s resignation from that position on December 15, 2003, Gerald J. Pappert became Attorney General and was automatically substituted as the defendant in this action. Mr. Pappert, as Attorney General, has certain powers and responsibilities under the Act that are challenged in this action. Also, as Attorney General, Mr. Pappert heads the Office of Attorney General (“OAG”), and, in his official capacity, is ultimately responsible for the actions of that agency regarding the Informal Notices of Child Pornography challenged by plaintiffs. Jt. Stip. ¶ 4. B. INTERNET OVERVIEW 1. Technical Overview of the Internet and the World Wide Web 6. The Internet is a global “network of networks” that allows Internet users to send and receive a huge diversity of content and communications. The “World Wide Web” is a common method that Internet users can use to make content available to other Internet users. Jt. Stip. ¶ 6. 7. In the United States, most people access the Internet through ISPs. Home Internet users generally contract on a monthly or annual basis with an ISP and will access that ISP’s network over a dial-up telephone line, or a higher-speed connection such as a cable or digital subscriber line (“DSL”). A typical ISP’s network is in turn connected, directly or indirectly (through a larger ISP), to the network of an Internet backbone provider (a very large ISP with high-speed transcontinental or global data lines), and through the backbone to other backbones, ISPs, and networks that, collectively, comprise the global Internet. Jt. Stip. ¶ 7. 8. Businesses in the United States commonly contract with an ISP to provide Internet access to their employees or to connect their internal computer network to the ISP’s network, which is in turn connected to the global Internet. Some businesses connect to their ISP’s networks (and the Internet) over dedicated high-speed connections, while other businesses access the Internet over dial-up telephone lines, cable circuits, or DSL circuits. Jt. Stip. ¶ 8. 9. A communication over the Internet will commonly travel up the “tree” or hierarchy of networks of one or more backbone providers and then back down to its destination. A hypothetical communication (from an employee of a corporation) might originate on the user’s computer, travel through the corporation’s network, then through a regional ISP’s network, then to a backbone provider, then to another backbone provider, then back down to a regional ISP, then, in some cases, through the network of a smaller ISP, and then to the corporate network of the destination, and finally to the computer of the intended recipient of the communication. Pls.’ FOF ¶ 34; Tr. 1/6/04 (Marcus) pp. 66-67; Pls.’ Ex. 2 (Marcus Expert Presentation) at 1. 10. The Act is the first attempt by a state to impose liability on an ISP that does not directly contract with the originator of a communication. Thus, Pennsylvania is the first state to impose liability on, for example, the backbone providers or regional ISPs that route the communication in the hypothetical example in Finding of Fact 9. 11. Some communications on the Internet are divided into small “packets” that are separately sent over the Internet and reassembled on the receiving end. Pls.’ FOF ¶ 36; Tr. 1/6/04 (Marcus) pp. 68-69; Tr. 2/26/04 (Marcus) pp. 33-34. Separate packets that make up a given communication on the Internet are not required to travel over the same path from the sender to the recipient of the communication but can be routed over different paths within an ISP’s network, or in the middle of the Internet, based on a variety of factors such as congestion on the network. Pls.’ FOF ¶ 38; Tr. 1/6/04 (Marcus) pp. 70-71. 2. Publishing to the World Wide Web 12. Individuals, businesses, governments, and other institutions that want to make content broadly available over the Internet (hereafter “web publishers”) can do so by creating a web site on the World Wide Web. Jt. Stip. ¶ 9. 13. To make a web site available on the World Wide Web, a web publisher must place the content or web pages onto a computer running specialized web server software. This computer, known as a Web Server, transmits the requested web pages in response to requests sent by users on the Internet. Jt. Stip. ¶ 10. 14. Web publishers have two common options for making a web site available over a Web Server. First, a web publisher can own and operate a Web Server on the web publisher’s premises (including, possibly, the web publisher’s home). In that case, the web publisher would contract with an ISP for Internet access and would thereby connect the Web Server to the Internet. Jt. Stip. ¶ 11. 15. Second, a web publisher may contract with a web host (or web hosting company) to own and operate the necessary Web Server on the web host’s premises (or third party premises arranged by the web host). A web host will typically operate one or more Web Servers that can store web pages for customers and make those web pages generally available to users on the Internet. Many ISPs offer web hosting services, but many web hosts operate independently of ISPs. Jt. Stip. ¶ 12. 16. A web host offers a web publisher the ability to post a web page or a web site to the World Wide Web. There are a variety of forms of web hosting, including arrangements where a web hosting company: (1) provides a Web Server to service a single web site of a customer, (2) provides a Web Server the customer can use to run multiple web sites, or (3) provides space on a Web Server that services the web sites of many different customers. The third form of web hosting is commonly called virtual web hosting. Pls.’ FOF ¶¶ 84, 86; Tr. 1/7/04 (Clark) pp. 178-81. 17. To access web pages on a web site, an Internet user utilizes a client computer program called a web browser. Microsoft Explorer and Netscape are two common web browsers. A web browser sends a request to a Web Server, which responds by sending the requested web page, which upon receipt is formatted and displayed by the web browser. Pls.’ FOF ¶ 43; Tr. 1/6/04 (Marcus) p. 72-73. 3. Domain Names and URLs 18. Typically, but not always, when creating a web site, a web publisher obtains a domain name that can be used to designate and locate the web site. For example, defendant obtained the domain name “attorneygeneral.gov” for his web site. Jt. Stip. ¶ 13. 19. At a minimum, a domain name contains a top level domain name and a second level domain name. The following are some top level domains available in the United States: .com, .net, .org, .edu,. gov, .biz, .info. Most nations in the world also have country top level domains, such as us (United States), uk (United Kingdom), es (Spain), it (Italy), ru (Russian Federation). The second level domain appears to the left of the top level domain, separated by a dot. One acquires a domain name (top level and second level) by purchasing it from, and registering it with, a registrar designated for the relevant top level domain, or, alternatively, by purchasing it from someone who already owns the name and offers it for sale. The owner of a domain may create sub-domains that are identified to the left of the second level domain and separated from it by a dot, e.g., subdomain.attorneygeneral.gov. Tr. 1/29/04 (Stern) pp. 32 -33; 2/18/04 (Stern) pp. 58, 106-108; 3/1/04 (Stern) p. 106; Tr. 1/6/04 (Marcus) p. 76; Tr. 1/7/04 (Clark) pp. 137, 151, 154, 156; Tr. 3/1/04 (Blaze) p. 58. 20. Domain names are read right to left. The part of a domain name furthest to the right (or the top level domain) is the broadest part of the domain name. As the domain name is read to the left, the sub-domains identify specific Web Servers or web sites. For example, “upenn.edu” is a sub-domain of the .edu top level domain identifying the University of Pennsylvania’s Web Server, and “cis.upenn.edu” is in turn a sub-domain of upenn.edu used to identify a web site for the Department of Computer and Information Science at the University of Pennsylvania. Pls.’ FOF ¶ 45; Tr. 1/6/04 (Marcus) p.76. 21. A domain name can be coupled with additional information to create a Uniform Resource Locator (“URL”) which is a more complete way to designate certain content or other resources on the Internet. Jt. Stip. ¶ 14. 22. A URL is the commonly used textual designation of an Internet web site’s address. Thus, for example, the URL of defendant’s web site is http://www.attorneygeneral.gov. The http indicates that the Hypertext Transfer Protocol (which is the main protocol used to transmit World Wide Web pages) is to be used. The “www.attorneygeneral.gov” part of the URL is used to locate the specific Web Server(s) that contains (hosts) the content for the requested web site. Jt. Stip. ¶ 15. 23. A web page accessed by a URL like http://www.attorneygeneral.gov is commonly referred to as the home page of the web site. A URL can also contain a reference to a specific sub-page contained in a web site. The sub-page is designated in writing by slashes after the home page (such as http://www.attorney general.gov/press/pr.cfm). A single web site can contain thousands of different web pages. Jt. Stip. ¶ 16. 24. A URL on the World Wide Web only refers to a location where content can be found. A URL does not refer to any specific piece of static content — the content is permanent only until it is changed by the web site’s webmaster (often, but not always, the owner of the web site). The actual content to which a URL points can (and often does) easily change without the URL changing in any way. Pls.’ FOF ¶ 53; Tr. 1/6/04 (Marcus) p. 77; Tr. 1/6/04 (Blain) pp. 26-28. 4. Browsing the Web 25. For accessing content on the World Wide Web, the most common sequence is for a user to request content from a web site, and for the web site to return web pages to the user. This sequence is illustrated as follows, with the initial request shown by the arrows on the left, and the response shown by the arrows on the right: User l f User’s ISP 1 † Internet “Backbone” Provider(s) ■ i r Web Site’s ISP I t Web Site Jt. Stip. ¶ 22. 26. In the vast majority of cases, the user’s ISP is different from the web site’s ISP. Jt. Stip. ¶23. 27. To access a web page, a user can either type the URL of the web page into his web browser, or, if the user is already accessing a web page, click on a hyperlink that takes the user to a different web page. A hyperlink is commonly shown on a web page with underlining; for example, on a web listing of the University of Pennsylvania Department of Computer and Information Science faculty members, an individual professor’s name would be underlined and clicking on the name would take the user to the professor’s personal web page. Pls.’ FOF ¶ 57; Tr. 1/6/04 (Marcus) pp. 78-79. 5. Shared Domain Names 28. Within the United States alone, there are tens of millions of separate domain names used for web sites that are, for the most part, independent of each other. In the great majority of those- situations, a single web publisher controls the domain name and the entire web site and is responsible for all pages and sub-pages on a web site. Thus, www.example.com could be the fully qualified domain name for a single web site (with multiple pages) controlled, hypothetically, by the Example Corporation. This approach — of a single web site being coextensive with the domain name — is the most familiar approach to placing content on the web. Jt. Stip. ¶ 17. 29. Web publishers can also publish on the World Wide Web without obtaining their own unique domain names for their web sites. For example, a web publisher can place content with a provider that offers to host web pages on the provider’s own web site (as a sub-page under the provider’s domain name). Thus, hypothetically, the Example Corporation could have a web site at the URL http://www.webhos-tingcompany.com/example. Some such providers offer their users discussion forums, chatrooms, and other services and are known more broadly as online communities. Jt. Stip. ¶ 18. 30. GeoCities is an example of an online community located in the United States. GeoCities hosts web pages of its users as sub-pages of its domain name. As an illustration, the Association of Black Women Lawyers of New Jersey, Inc., is part of the GeoCities online community, and its web pages are available at the URL http://www.geocities.com/abwlnj/ho-mepage.html. Jt. Stip. ¶ 19. 31. OAG staff members refer to “an entity or person that permits other persons to post their own sites or content as sub-pages under the single domain name of the host such as GeoCities.com, terra.es, or PhotoIsland.com” as a Web Hosting Service. Pls.’ Ex. 73 (Def.’s Ans. to Pls.’ Third Req. for Prod. of Docs. and Interrogs.) ¶ 12; Tr. 1/9/04 (Guzy Sr.) p. 72. 32. Outside of the United States, www.terra.es is a well-known Spanish-language online community providing web hosting services. Jt. Stip. ¶ 20. 33. Some web hosts allow users to create web sites using -individualized subdomains of the web hosts’ primary domain. Thus, hypothetically, the Example Corporation web site might be at the URL http://example.webhostingcompany.com, while another customer site might be at the URL http://aee hardware.webhos-tingcompany.com. Jt. Stip. ¶ 21. 34. Other than their existence as sub-pages or sub-domains on a providers’ domains, web sites hosted as sub-pages or sub-domains are usually independent of the provider and independent of each other. Tr. 1/29/04 (Stern) pp. 54-59; 2/18/04 (Stern) pp. 103, 104. 35. Many web hosting companies offer to host web sites at a very low cost and often theses hosts offer virtual hosting — they host sites on a single Web Server. Some such web hosting companies offer to host web sites at no charge in exchange for the right to place advertisements for their service on the customer’s web site. Pls.’ FOF ¶ 96, Tr. 1/6/04 (Blain) pp. 26-30 (describing creation of free and low-cost web sites for two community organizations); Tr. 1/7/04 (Smallacombe) pp. 81-83, 100-102. 6. IP Addresses and the Domain Name System 36. A URL such as http://www.attorneygeneral.gov or http://www.geo cities.com/abwlnj/homepage.html provides enough information for a user to access the desired web site. The user enters the URL in her web browser. However, the URL alone is not sufficient for the user’s computer to locate the web site. A user’s computer must first determine the numeric Internet Protocol Address or IP address of the desired web site. Every device, or computer, using the Internet must have a unique IP address. 37. When a user seeks to access a particular URL, the user’s computer initiates a look up through a series of global databases known as the domain name system (“DNS”) to determine the IP Address of the Web Server that can provide the desired web pages. Jt. Stip. ¶ 24, Tr. 1/29/04 (Stern) p. 36^10. To search for the requested URL’s IP address, the user’s web browser must query a domain name system server (“DNS server”) that has been assigned or selected within the user’s computer. That DNS server attempts to find the IP address of the fully qualified domain name specified in the URL entered by first looking in its own database of domain name/IP address combinations. If that DNS server cannot find the IP address in its own database, it queries other DNS servers until it receives the correct IP address. It then returns that address to the user’s computer. This process is referred to as resolving a hostname to its IP address. Jt. Stip. ¶ 25. 38. Typically, an ISP gives its customers the IP addresses of DNS servers controlled by the ISP. The addresses are entered in the customers’ computers during the Internet access set-up process, a process that is often automated. Some ISPs assign a new IP address identifying a different DNS server each time the user establishes a connection to the ISP. This is called dynamic assignment. Tr. 1/29/04 (Stern) p. 36; Tr. 1/7/04 (Marcus) pp. 5-7; Tr. 1/7/04 (Smallacombe) pp. 113-114; Tr. 1/27/04 (MacDonald) pp. 144-148. 39. Companies and other network operators can choose to operate their own DNS servers. Pls.’ FOF ¶ 65, Tr. 1/6/04 (Marcus) p. 84. Individuals can also chose not to use the DNS server assigned by their ISP and can either use a DNS server available on the Internet or operate their own DNS server. Tr. 1/6/04 (Marcus) pp. 83-84, 116. 40. The numeric IP address of the DNS server provides the user’s computer with the Internet address of the Web Server to which the user’s computer then sends a request for the particular URL entered in the user’s web browser. IP addresses (in the most common current form) are generally expressed as four sets of numbers separated by periods, e.g., 207.102.198.176. Jt. Stip. ¶ 26. 41. IP addresses are assigned by several registries covering various parts of the world. Tr. 1/29/04 (Stern) p. 37. The party to whom the registry assigns an IP address may subassign the address. The sub-assignment may, but need not, be recorded with the registrar. The sub-as-signee may further sub-assign the IP address. Tr. 1/27/04 (Krause) pp. 119-120; Tr. 1/28/04 (Clark) pp. 152-160; Tr. 1/12/04 (Guzy Jr.) pp. 36, 60-62, 181, 182. 42. Although a specific URL refers only to one specific web site, many different web sites (each with different domain names and URLs) are hosted on the same physical Web Server, and all the web sites on a server share the same IP Address. Jt. Stip. ¶ 27. 43. It is common for web hosting companies to offer virtual web hosting, discussed in Finding of Fact 16, under which many web sites are hosted on the same Web Server and thus share the same IP address. Pls’ FOF ¶ 72; Tr. 1/6/04 (Marcus) p. 94; Pls.’ FOF ¶ 73; Tr. 1/29/04 (Stern) p. 65; Dep. of G. Lipscomb (Comcast) at 115-16; Dep. of C. Silliman (WorldCom) at 103 (anecdotally from general industry information, it is believed that the majority of web sites share IP addresses with more than 50 sites). As an example of virtual web hosting, PlantageNet hosts about 160 to 170 of its web hosting customers — all with their own unique domain names — on a single Web Server with a single IP address. Tr. 1/7/04 (Smallacombe) pp. 82-83. As another example, discussed more fully below, Laura Blain’s web site shared its IP address with more than 15,000 other domains. Tr. 1/7/04 (Clark) pp. 141-42. 44. Research by plaintiffs’ expert Michael Clark empirically confirms the prevalence of shared IP addresses. In October-November 2003, Mr. Clark created a database of 29.5 million domain names and the IP addresses to which each domain named resolved. Using this database, which was received in evidence in CD-ROM form as Plaintiffs’ Exhibit 77, Mr. Clark analyzed the frequency with which IP addresses were shared among domain names. Pls’ FOF ¶¶76. Tr. 1/7/04 (Clark) pp. 134-35, 137-40, 151-60, 170-71. In Joint Stipulation 59, the parties agreed that, for a variety of reasons, it is difficult to state a precise percentage of domain names that share an IP address with other domain names. However, they agreed and stipulated that “at the time the data was collected (October 2003), at least fifty percent of domains shared an IP address with at least fifty other domains.” Pls.’ FOF ¶ 78; Jt. Stip. ¶ 59. Some domains do not share IP addresses with other domains but are the only domain located at a single IP address. As of October 2003, over 2.5 million domains had their own, unshared, IP addresses. Jt. Stip. ¶ 59. 45. When a request for a web site reaches a Web Server that supports multiple web sites, the Web Server reads the request, including the IP address and the URL, in order to determine which web site is being requested, and returns only the requested web page or other resource. Jt. Stip. ¶ 28. 46. When a request for a particular web page is sent by the user’s web browser to a Web Server, no ISP that carries the request must read the details of the request — an ISP routing the request is only required to read the destination IP address, and the ISP would effectively not be aware of the specific web site or URL requested. Pls.’ FOF ¶ 70; Tr. 1/6/04 (Marcus) pp. 92-93. 47. One cannot determine with any certainty — using technical means — whether a given web site shares its IP address with another web site. The most reliable method of determining whether a particular web site uses an IP address shared by other web sites is to contact the web hosting entity. Tr. 1/7/04 (Clark) pp.182-83. As Mark Krause, Senior Manager of Internet Infrastructure Security for World-Com/MCI, explained, it is “hard, or impossible for [an ISP] to determine what other content” might be behind a particular IP address. Pls.’ FOF ¶ 80; Tr. 1/27/04 (Krause) pp. 9, 98. C. INTERNET CHILD PORNOGRAPHY ACT (“THE ACT”) 48. On February 21, 2002, Pennsylvania enacted the Internet Child Pornography Act, codified at 18 Pa. Cons.Stat. § 7330 and effective in 60 days (April 22, 2002) (“the Act”). On December 16, 2002, the Act was recodified at 18 Pa. Cons.Stat. §§ 7621-7630, without change in substance. Jt. Stip. ¶ 29. 49. The Act permits defendant or a district attorney in Pennsylvania to seek a court order requiring an ISP to “remove or disable items residing on or accessible through” an ISP’s service upon a showing of probable cause that the item constitutes child pornography. The application for a court order must contain the Uniform Resource Locator providing access to the item. Pls.’ FOF ¶¶2, 145; 18 Pa. Cons. Stat. §§ 7626-7628. 50. Child pornography is defined as images that display a child under the age of 18 engaged in a “prohibited sexual act.” A prohibited sexual act is defined as “sexual intercourse ... masturbation, sadism, masochism, bestiality, fellatio, cunnilingus, lewd exhibition of the genitals or nudity if such nudity is depicted for the purpose of sexual stimulation or gratification of any person who might view such depiction.” Pls.’ FOF ¶ 141; 18 Pa. Cons.Stat. § 6312. 51. The court order may be obtained on an ex parte basis with no prior notice to the ISP or the web site owner and no post-hearing notice to the web site owner. Pls.’ FOF ¶ 142; 18 Pa. Cons.Stat. §§ 7626-7628. 52. Under the Act, a judge may issue an order directing that the challenged content be removed or disabled from the ISP’s service upon a showing that the items constitute probable cause evidence of child pornography. A judge does not make a final determination that the challenged content is child pornography. Pls.’ FOF ¶ 143; 18 Pa. Cons.Stat. § 7627. 53. Once a court order is issued, the Pennsylvania Attorney General notifies the ISP in question and provides the ISP with a copy of the court order. The ISP then has five days to block access to the specified content or face criminal liability, including fines of up to $30,000 and a prison term of up to seven years. Pls.’ FOF ¶ 144; 18 Pa. Cons.Stat. §§ 7624, 7628. 54. According to defendant, the purpose of the Act is: “To protect children from sexual exploitation and abuse. To serve this purpose by interfering with distribution of child pornography, particularly its distribution over the Internet.” Pls.’ Ex. 75 (Def.’s Resp. to Pls.’ Fourth Set of Interrogs.) ¶ 1. 55. Government law enforcement agencies have attempted to locate and criminally prosecute persons who produce or knowingly distribute child pornography. However, a state agency in the United States cannot easily prosecute producers and distributors of child pornography because they are rarely found in that particular state and often are not found in the United States. Tr. 1/9/04 (Burfete) p. 17-19. 1. Implementation of the Act 56. To implement the Act, the OAG formed a Child Sexual Exploitation Unit (“CSEU”) and assigned two agents and a supervisory agent to the unit. Starting in late April 2002, these agents investigated complaints by citizens regarding child pornography on the Internet and also searched the Internet for child pornography using ISPs to which the OAG subscribed. From time to time, the OAG changed the ISPs to which it subscribed. The agents worked from locations in Pennsylvania. Jt. Stip. ¶ 30. 57. Special Agent Dennis Guzy Sr. was the supervisory special agent in charge of the unit. The two other assigned agents— Agent Marnie and Agent Ceh — reported to him. Pls.’ FOF ¶178; Tr. 1/9/04 (Guzy Sr.) pp. 52, 116. The OAG assigned Deputy Attorney General John J. Burfete to be the legal advisor to the CSEU. Def.’s FOF ¶ 141, Tr. 1/8/04 (Burfete) pp. 105-06. Dennis Guzy, Jr., the Manager of Information Resources Development for the Information Technology and Law Section, was assigned as a liaison to the CSEU and provided technical assistance to the unit. Tr. 1/12/04 (Guzy Jr.) p. 10. 58. The OAG created an electronic citizen complaint form for reporting Internet sites displaying child pornography. The OAG posted the form on the OAG’s web site. Pis.’ Ex. 104 (Collection of Screen-shots), tab 4 (Screenshot of complaint form on OAG web site); Def.’s FOF ¶ 140. 59. The OAG subscribed to the following ISPs at various times since April 2002: AOL, Verizon, WorldCom, Microsoft Network, Earthlink, Comcast, and Epix. Jt. Stip. ¶ 31. 60. Soon after the Act was enacted in February 2002, ISPs contacted the OAG to express concern about the Act, its enforcement, and ISPs’ fundamental inability to block access to content located outside of their networks. Tr. 1/8/04 (Burfete) pp. 29-32, 39; Pls.’ Ex. 7 (3/15/04 e-mail from Burfete describing conversation with AOL); Pls.’ Ex. 9 (e-mail from Burfete attached to 3/20/02 e-mail from Guzy Sr. stating “The major complaint is that it is technologically impossible for an ISP to comply with a notice to deny access to a URL to Pennsylvania residents only on which child pornography has been accessed. The ISPs indicate they can deny access to their entire customer base nationwide.”) Specifically, the ISPs were concerned that “if the child pornography site is not on their equipment, is not on computers that they run, it becomes very difficult, if not impossible, for them to go in and simply remove the offending child pornography.” Pls.’ FOF ¶¶ 158, 159; Tr. 1/8/04 (Burfete) p. 39; see also Dep. of C. Bubb (Assistant General Counsel for AOL) at 23. 61. On April 4, 2002, representatives of the United States Internet Service Providers Association and several ISPs met with representatives of the OAG to discuss implementation of the Act. On April 15, 2002, representatives of several ISPs again conferred with representatives of the Attorney General, some in person, some by telephone conference call, regarding implementation of the Act. At these conferences, the participants discussed (1) informal implementation of the Act to avoid issuance of court orders to ISPs, and (2) technical methods of blocking or disabling access to sites accessible through, but not resident on, an ISP’s service. Jt. Stip. ¶ 32. 62. At the April 2002 meetings, the ISP representatives stated that they wanted to avoid the statutory notices based on court orders, which required compliance in five business days and provided criminal sanctions for noncompliance. As a possible solution to that problem, an America On Line (“AOL”) attorney, Christopher Bubb, suggested a procedure under which the OAG would informally, without a court order, notify an ISP of child pornography items found residing on or accessible through its service, and the ISP would be given the opportunity to remove the items or disable access. The OAG staff, which had also been considering some kind of informal approach, agreed to implement such an informal procedure. Bubb Dep. pp. 19-21, 28-31, 33-34; Tr. 1/8/04 (Burfete) pp. 38-39, 114-116; Tr. 1/9/04 (Ryan) pp. 215, 228, 229; Tr. 1/9/04 (Guzy Sr.) pp. 116-119; Pls.’ Ex. 7 (Mar. 15, 2002 e-mail from Burfete discussing conversation with Bubb); Def.’s FOF ¶ 135. 63. At the April 2002 meetings, representatives of the OAG advanced the use of DNS filtering, URL filtering, and IP filtering as possible methods that ISPs could use to comply with a court order issued under the Act or any informal notice procedure utilized by the OAG. Jt. Stip. ¶ 33; Pls.’ FOF ¶ 165; Tr. 1/12/04 (Guzy Jr.) pp. 16-17. Mr. Guzy Jr. did not think “it was [the OAG’s] place to say whether one way or another is acceptable, other than that ... it was up to the ISPs to choose which method. But, certainly any of those three, I believe, would have been acceptable.” Tr. 1/12/04 (Guzy Jr.) pp. 74-75. 64. The OAG’s identification of possible methods of technical compliance was based solely on testing within the network of the Attorney General’s office and not on any testing in an ISP setting. Tr. 1/12/04 (Guzy Jr.) pp.11-12, 22, 26. ISPs raised concerns that the testing was limited in scope in that it was conducted only on the OAG’s Local Area Network (“LAN”) and did not accurately reflect the problems an ISP operating a national or regional network would encounter if it tried to implement any of the three filtering methods on a larger scale. Pis.’ FOF ¶ 166; Dep. of R. Hiester (Verizon) at 14; Dep. of C. Bubb (AOL) at 35. 65. At no time during the April 2002 meetings did the OAG suggest to the ISPs that they could comply with an informal notice procedure or court order by contacting the web host and having the web host remove the targeted content from its Web Server. The OAG only suggested technical means of compliance during those meetings. Pls.’ FOF ¶ 168. Tr. 1/9/04 (Burfete) p. 19; Tr. 1/12/04 (Guzy Jr.) p. 74. 2. The First Complaint 66. In response to the first child pornography complaint to the CSEU, on April 22, 2002, Special Agent Guzy contacted a child pornographer the OAG had identified in Ohio, Pavel Ushakov, and informed him that the OAG had identified child pornography on his web site. Mr. Ushakov was told by Agent Guzy that he could continue his Internet business if he removed the offending images from his web site. Pls.’ Ex. 20 (e-mail exchange between Guzy Sr. and Ushakov) at 3; Tr. 1/9/04 (Guzy Sr.) pp. 63-67. 67. The OAG decided to contact Mr. Ushakov directly because “it was a very unique case.” The web site he administered was “devoted towards nudism” and included pictures of nude adults and children. Agent Guzy was concerned that “if we followed the normal practice and contacted the ISP and asked them to deny access to the site, it would deny access to the entire site which included the adult male and female nudism pictures which were not in violation of Pennsylvania law.” Pls.’ FOF ¶ 135; Tr. 1/9/04 (Guzy Sr.) pp. 81-82. 68. The action of the OAG led Mr. Ushakov to remove the child pornography from the Internet. Tr. 1/8/04 (Burfete) p. 62. The OAG did not initiate criminal proceedings against Mr. Ushakov. Tr. 1/9/04 (Guzy Sr.) pp. 65-67; Tr. 1/8/04 (Burfete) p. 54. 69. With the exception of the Ushakov incident, the OAG did not routinely investigate persons or entities that created, posted or published the child pornography subject to Informal Notices that it issued. Defendant admitted that between March 1, 2003 and September 9, 2003 the OAG did not “use any investigative steps, methods or techniques prior .to the issuance of any Informal Notice ... to determine the identity, address, or location of the individuals or entity that created any alleged child pornography.” Pls.’ Ex. 73 (Def.’s Answers to Pls.’ Third Req. for Prod, of Docs, and Interrogs.) ¶¶ 1-3; Pls.’ FOF ¶ 541. 3. Informal Notices 70. Starting in late April 2002, when an agent or citizen complainant identified a suspected child pornography web site and Agent Guzy reviewed the site and concluded that it displayed child pornography, as defined by 18 Pa. Cons.Stat. § 6312, an agent sent a document titled “Informal Notice of Child Pornography” to the ISP through whose service the agent or the citizen complainant had accessed the site. Each Notice identified the URL (or URLs) of the site(s) to which the Notice was directed. Jt. Stip. ¶ 34; Pls.’ FOF ¶ 174; Tr. 1/9/04 (Guzy Sr.) pp. 68-69; Tr. 1/8/04 (Burfete) pp. 58-62. 71. The Informal Notices followed a standardized form, which changed somewhat over time. The first form, used from April 2002 until mid-July 2002, read as follows: This notice is provided to you under the provision of Section 7330 of the Pennsylvania Criminal Code, 18 PACs 7330, Internet Child Pornography. This notice is further provided to you to advise you that child pornography, as defined at Section 6312 of the Pennsylvania Crime Code, 18 PACs 6312, has been accessed through your service at uniform resource locator http://[redacted]. You must remove or disable access to those items identified as child pornography to your subscribers who subscribe to your service from an address located within the Commonwealth of Pennsylvania within five business days of receipt of this notice. You must ensure that: 1. Access to uniform resources locator http://[redacted] be denied to your subscribers to your services from an address located within the Commonwealth of Pennsylvania using Internet services provided by [ISP] and that the Attorney General or his designated agent is notified in writing (e-mail, fax) that you have complied with this Informal Notice within five business days of said compliance. 2. Accompanying this compliance notification should be a screen shot of the resource locator demonstrating that access has been disabled. Jt. Stip. ¶ 35. 72.From mid-July 2002 through the end of 2002, the Informal Notices omitted reference to Section 7330 of the Act, providing as follows: This notice is provided to you to advise you that child pornography, as defined at Section 6312 of the Pennsylvania Crimes Code, 18 Pa.C.S. § 6312, has been accessed though your service at uniform resource locator http://[redacted]. You must remove or disable access to those items identified as child pornography to your subscribers who subscribe to your service from an address located within the Commonwealth of Pennsylvania within five business days of receipt of this notice. You must ensure that: 1) Access to uniform resources locator http://[redacted] be denied to your subscribers who subscribe to your service from an address located within the Commonwealth of Pennsylvania using Internet service provided by [ISP]; 2) That the Attorney General or his designated agent is notified in writing (e-mail, fax) that you have complied with this Informal Notice within five business days of said compliance; 3) Accompanying your compliance notification to the Office of Attorney General must be a screen shot of the web page accessed by the uniform resource locator demonstrating that access has been disabled. Jt. Stip. ¶ 36. 73.Beginning in 2003, the OAG changed the form of the Informal Notice of Child Pornography by substituting the word “should” for the word “must” at the beginning of the second and third paragraphs and by adding a sentence at the end of the Notice that referenced the Act. The Notice, as amended, read as follows: This notice is provided to you to advise you that child pornography, as defined at Section 6312 of the Pennsylvania Crimes Code, 18 Pa.C.S. § 6312, has been accessed though your service at uniform resource locator http://[redact-ed]. You should remove or disable access to those items identified as child pornography to your subscribers who subscribe to your service from an address located within the Commonwealth of Pennsylvania within five business days of receipt of this Notice. You should ensure that: 1) Access to uniform resources locator http://[redact-ed]. be denied to your subscribers who subscribe to your service from an address located within the Commonwealth of Pennsylvania using Internet service provided by [ISP]; 2) That the Attorney General or his designated agent is notified in writing (either U.S. Mail, e-mail, or facsimile) that you have complied with this Informal Notice within five business days of said compliance; 3) Accompanying your compliance notification to the Office of Attorney General must be a screen shot of the web page accessed by the Uniform Resource Locator demonstrating that access has been denied. Failure to comply with this Informal Notice will result in this Office proceeding under Subchapter C of Chapter 76 of the Pennsylvania Crimes Codes, 18 Pa. C.S. 7621 et seq, relating to Internet Child Pornography, to seek a Court Order directing you to deny access to said Internet site. Jt. Stip. ¶ 37. 74. Reference to the Act was added to the third version of the Notice after having been removed from the second version because the OAG wanted ISPs to know that, if they failed to comply with an Informal Notice, the OAG could seek a court order under Chapter 76 of the Crimes Code. Pls.’ FOF ¶ 185; Tr. 1/8/04 (Burfete) p. 122. 75. The OAG reported each site identified in an Informal Notice to the National Center for Missing And Exploited Children, which acts as a clearinghouse for federal agencies that investigate and prosecute persons who publish and distribute child pornography. Tr. 1/9/04 (Burfete) pp. 16-17; Tr. 1/9/04 (Guzy Sr.) p. 183; Def.’s FOF ¶ 153. 76. Throughout the administration of the informal process, the OAG staff gave the ISPs additional time beyond that stated in the Notices for compliance. Tr. 1/9/04 (Guzy Sr.) p. 137; Tr. 1/8/04 (Guzy Sr.) p. 124. For example, the OAG gave Microsoft a month to comply with Notices sent in June 2002. Tr. 1/9/04 (Guzy Sr.) p. 137; Tr. 1/8/04 (Burfete) pp. 45-47, 124-125. In January 2003, the OAG gave AOL and Verizon additional time to comply with a larger than usual number of notices. Tr. 1/9/04 (Guzy Sr.) p. 138; Tr. 1/8/04 (Burfete) pp. 125-126. Agent Guzy told Com-cast representatives that the OAG would work with Comcast regarding the time for compliance: Comcast was given additional time to comply .throughout the period notices were sent to Comcast, primarily March to September 2003. Lipscomb Dep. pp. 35-36, 42-43; Tr. 1/9/04 (Guzy Sr.) pp. 137-138. 77. The OAG continued sending Informal Notices of Child Pornography to ISPs until September 9, 2003, when the Court entered the agreed upon injunction. The agents sent approximately 250 Informal Notices to ISPs in 2002 and 220 in 2003. Jt. Stip. ¶ 38. These notices covered approximately 376 distinct URLs. Pis.’ FOF ¶ 196; Jt. Ex. 9 (Agreed List of Informal Notices) Tabs B, D; Jt. Stip. ¶ 60. 78. The ISPs -generally responded to the Informal Notjces by stating, in writing, that they had complied. Jt. Stip. ¶ 39. 79. Excluding notices sent directly to certain Web Hosting Services as referenced in Finding of Fact 208, the vast majority, if not all, of the Informal Notices sent to ISPs related to content that the ISP did not itself host. Jt. Stip. ¶ 40. 80. The Informal Notices were issued in lieu of court orders. No court orders were issued regarding the web sites identified in the Informal Notices. Jt. Stip. ¶ 41. 81. In no instance did the OAG agents inform the owner of targeted web site(s) that her site was being targeted, either before or . after an Informal Notice was sent to an ISP. Pls.’ Ex. 73 (Def.’s Answers to Pis.’ Third Req. for Produc. of Docs, and Interrogs.) ¶¶ 1-3. 82. No court reviewed or approved any Informal Notices or reviewed any of the content addressed- in the Notices prior to the issuance of the Notices. Jt. Stip. ¶ 42. 83. AOL viewed Informal Notices as orders with which it must comply and believed it would be prosecuted if it failed to comply. Dep. of C. Bubb at 100-03. 3. The Single Court Application 84. On July 25, 2002, in response to several Informal Notices sent by the OAG, WorldCom, an ISP, wrote a letter to the OAG, stating that it is “absolutely opposed to child pornography,' and [it] regularly work[s] with law enforcement in various jurisdictions” to facilitate prosecution of child pornographers. However, World-Com claimed that it was “not technically-feasible” for it to block access to a site on the Internet based on the, URL of that site. WorldCom stated that it would “promptly comply with any court order (or other applicable legal process) relating to your fight against child pornography.” Jt. Stip. ¶ 44; Jt. Ex. 2 (July 25, 2002 letter from Craig Silliman). 85. An attorney for WorldCom, Craig Silliman, in conversations with the OAG, expressed “concerns” about the “technical feasibility” of compliance with the Informal Notices received by WorldCom. He also told the OAG “our concern was that although they were citing to the law, that the notice was in fact not sent pursuant to the law. And that it was very important to us that we follow the proper legal process ... we felt most comfortable acting under that process because the statute did lay out a process.” Dep. of C. Silliman (WorldCom) at 58-64. 86. From the July 25, 2002 letter and other communications with WorldCom, the OAG determined that WorldCom intended to comply with any court order by blocking access to IP. addresses. Specifically, Mr. Silliman asked that the OAG obtain court orders that identified IP addresses rather than URLs, so that any blocking of content not targeted by the OAG would be done by court order. Pls.’ FOF ¶ 217; Dep. of C. Silliman (WorldCom) at 69-71; Jt. Ex. 2 (July 25, 2002 letter from Craig Silliman). 87. In September 2002, the Attorney General filed an Application for an Order Requiring an Internet Service Provider [WorldCom] to Remove or Disable Access to Child Pornography in the Court of Common Pleas of Montgomery County. Jt. Ex. 3 (Application). On September 17, 2002, the Montgomery County Court entered an “Order Requiring an Internet Service Provider to Remove or Disable Access to Child Pornography” ex parte. Jt. Ex. 4 (Court Order), Jt. Stip. ¶ 45. The Court directed WorldCom to deny access to five URLs listed in the Order. Jt. Ex. 4 ¶¶ 2,3. The sites were not identified by IP Address as requested by WorldCom. 88. Before obtaining the court order, the OAG retained a physician to review the alleged child pornography to ensure that the individuals depicted were minors. The OAG did not consult a physician before issuing any Informal Notices. The purpose of consulting with the physician with respect to the WorldCom order was to “make certain ... that the materials that we saw were indeed child pornography.” Tr. 1/9/04 (Burfete) pp. 35-38, 43. 89. On September 17, 2002, the OAG sent WorldCom, by e-mail and overnight mail, a covering letter signed by Mr. Bur-fete, a Notice of the Application and Order, a copy of the Order, and a copy of the Application. Jt. Stip. ¶ 46. 90. The cover letter stated: “If you determine that one or more of the URL’s is indeed the address of a web hosting service, it may be possible to comply with the Court order and notice by contacting the web hosting service and advising it that a site it is hosting has been found by a Pennsylvania Court to contain child pornography. In the past, web hosting services upon such contact have removed the offending web site. If the hosting service does remove the offending web site, and the site is thereby no longer accessible through WorldCom to Pennsylvania residents, you will have complied with the Court Order and Notice.” Jt. Ex. 5 (Sep. 17, 2002 letter from Burfete to Silliman). 91. On September 18, 2002, the OAG issued a press release. Jt. Stip. ¶ 47. The press release stated, “In the vast majority of cases, the ISPs have agreed to disable access to the child pornography site to all of their Pennsylvania customers [in response to an ‘informal notification’ from the OAG],... [The OAG] notified World-Com that an agent had discovered child pornography at several Internet sites accessible through World Com. Fisher’s agents requested that access to the sites be disabled. However, WorldCom informed the Attorney General’s Office that it would not deny access to the child pornography sites.” Jt. Ex. 7 (press release). 92. WorldCom informed the OAG that it had complied with the order by letter dated September 23, 2002. Jt. Ex. 8 (Sep. 23, 2002 letter from Silliman to Burfete); Jt. Stip. ¶ 48. WorldCom explained that, for three of the five URLs it identified the hosting ISP through publicly available information, called the appropriate contact listed on the ISPs’ web sites, and followed up by sending an email. Those three sites were removed by the web host. Jt. Ex. 8. With regard to the other two sites identified in the court order, WorldCom ultimately instituted a block on the IP addresses associated with the URLs because it was unable to verify that the targeted content had been removed by the host. Id. One of the three web sites contacted by WorldCom was Terra.es, a large Spanish online community. Dep. of C. Silliman (WorldCom) at 82-83. 93. WorldCom also instituted a process to track the IP addresses of the sites it blocked in response to the court order so that it could change the block if the IP addresses of the targeted URLs were changed. The IP addresses of the sites that WorldCom was ordered to block changed only at two basic time periods (including a number of rapid changes over a weekend). Pls.’ FOF ¶ 225; Dep. of C. Silliman (WorldCom) at 97-99. 94. Other than the one application covering sites accessible through WorldCom, the OAG did not file any applications for court orders under the Act. Jt. Stip. ¶ 49. 95. No Pennsylvania district attorney has filed any court application under the Act. Jt. Stip. ¶ 50. D. PLAINTIFFS’STANDING 96. CDT obtains its Internet access from WorldCom. Pls.’ FOF ¶ 11. Tr. 1/27/04 (Clark) at 183. 97. Members of ACLU obtain Internet access from, inter alia, Epix, AOL, and Verizon. A number of these members utilize the Google.com search engine to retrieve information maintained on various web sites, and they are not familiar with the content or the name of these web sites before this information is retrieved by the search. Such members seek access to “the broadest reaches of the Internet.” Pls.’ FOF ¶ 13; Pls.’ Ex. 76 (Verifications of Janet Goldwater, Clark Moeller and Gene Bishop). 98. Janet Goldwater, a member and former board member of ACLU, seeks access to specific web sites that are currently being blocked by her ISP, AOL, as a result of Informal Notices 1086 and 2966. Specifically, Ms. Goldwater attempted to access the following three blocked web sites: (1)http://isladeescultur as.tupor-tal.com/page2.html; (2) http://cazurro.tu portal.com/webs/index.html; and (3) http://www.movieposter forsale.us/af-iliado8.htm. Pls.’ FOF ¶ 14, Tr. 1/28/04 (Goldwater) pp.112-18, Pls.’ Ex. 5 (Third Report and Testimony of Michael B. Clark) ¶ 6 (providing IP addresses of the sites Ms. Goldwater sought to access); Jt. Ex. 9 (Agreed Lists of Informal Notices), Tab A, Lines 44 & 92 (listing those same IP addresses as blocked by AOL in response to Informal Notices 1086 and 2966). The Attorney General has acknowledged that these sites do not contain child pornography. Pls.’ Ex. 74 (Def.’s Resp. To Pls.’ First Set of Reqs. For Admissions) ¶ 1. 99. PlantageNet outsources the Internet access services that it provides to most of its customers. It contracts with a wholesale Internet service provider' — Cor-etel, located in Maryland — to provide the dial-in modems and dedicated connections through which PlantageNet’s customers physically access the Internet. The fact that PlantageNet’s customers actually connect to the Internet through another ISP is not made known to the customers who would, in most cases, never know that another ISP is involved. Most, if not all, of PlantageNet’s customers would conclude that PlantageNet is the only ISP involved in providing their service. Tr. 1/7/04 (Smallacombe) pp. 77-78,107. 100. The OAG would have sent PlantageNet an Informal Notice or sought a court order if it learned that child pornography was accessible through PlantageNet’s service. Mr. Burfete and Special Agent Guzy stated that they viewed Plan-tageNet as an ISP and PlantageNet was subject to court orders under the Act notwithstanding the fact that it outsourced its Internet access operations. Pls.’ FOF ¶¶ 24, 26; Tr. 1/8/04 (J. Burfete) pp. 47-50, Tr. 1/9/04 (Guzy Sr.) pp.124-25. 101. In mid-2002, Microsoft, another ISP that outsources Internet access, asserted that it should not have been the target of Informal Notices because it did not own or operate its own network. In response, John Burfete reported that if an ISP that outsourced, such as Microsoft, was unable to get its third party service providers to comply with a blocking order, the OAG would initiate legal proceedings against the ISP. Pls.’ FOF ¶ 25, Pls.’ Ex. 13 (July 9, 2002 e-mail from Burfete to Ryan), Tr. 1/8/04 (Burfete) pp. 45-47. E. ISP COMPLIANCE WITH COURT ORDERS OR INFORMAL NOTICES 1. Description of ISPs 102. AOL is an ISP located in Virginia. AOL provides, inter alia, dial-up, digital subscriber line (“DSL”), and broadband Internet access to its customers. The physical network used to provide access for dial-up and broadband customers is generally not owned or managed by AOL. Dep. of B. Patterson at 8-9, 23. AOL attorney Christopher Bubb, an assistant general counsel in AOL’s legal department, testified on behalf of AOL. Dep. of C. Bubb at 10. Brooke Patterson, an employee in AOL’s network operations department, also te