April 2009

Unlike with wiretaps, law enforcement agents are not required by federal statutes to obtain search warrants before employing pen registers or trap and trace devices. These devices record non-content information regarding telephone calls and Internet communications. (Of course, “non-content information” has quite a bit of content – who is talking to whom, how often, and for how long.)

The Electronic Privacy Information Center points out in a letter to Senate Judiciary Committee Chairman Patrick Leahy (D-VT) that the Department of Justice has consistently failed to report on the use of pen registers and trap and trace devices as required by law:

The Electronic Communications Privacy Act requires the Attorney General to “annually report to Congress on the number of pen register orders and orders for trap and trace devices applied for by law enforcement agencies of the Department of Justice.” However, between 1999 and 2003, the Department of Justice failed to comply with this requirement. Instead, 1999-2003 data was provided to Congress in a single “document dump,” which submitted five years of reports in November 2004. In addition, when the 1999-2003 reports were finally provided to Congress, the documents failed to include all of the information that the Pen Register Act requires to be shared with lawmakers. The documents do not detail the offenses for which the pen register and trap and trace orders were obtained, as required by 18 U.S.C. § 3126(2). Furthermore, the documents do not identify the district or branch office of the agencies that submitted the pen register requests, information required by 18 U.S.C. § 3126(8).

EPIC has found no evidence that the Department of Justice provided annual pen register reports to Congress for 2004, 2005, 2006, 2007, or 2008. “This failure would demonstrate ongoing, repeated breaches of the DOJ’s statutory obligations to inform the public and the Congress about the use of electronic surveillance authority,” they say.

It’s a good bet, when government powers are used without oversight, that they will be abused. Kudos to EPIC for pressing this issue. Senator Leahy’s Judiciary Committee should ensure that DoJ completes reporting on past years and that it reports regularly, in full, from here forward.

I’ve been blathering on about this week’s big Supreme Court decision in FCC v. Fox, [See Parts 1, 2, 3, 4, 5], so I thought I would just wrap this series of essays up with a collection of other articles and views on the decision in case readers are looking for alternative perspectives:

Mainstream Media Stories
* Associated Press
* Reuters
* New York Times (+ more analysis)
* Washington Post
* Wall Street Journal
* Legal Times
* TV Week
* Variety
* Kansas City Star
* USA Today
* Ars Technica

Conservative, Religious, & “Family” Groups
* Parents Television Council
* Common Sense Media
* Concerned Women for America
* Town Hall.com

Free Speech Advocates or Other Views
* The SCOTUS Blog
* Free Expression Policy Project (Marjorie Heins)
* Media Access Project (Andy Schwartzman)
* Center for Creative Voices in Media (Jonathan Rintels)
* First Amendment Center (David Hudson)
* Free State Foundation (Randy May)
* Michael Dorf
* Marc Randazza
* Reason’s Hit and Run
* Volokh Conspiracy (Eugene Volokh)
* TechDirt

I’ve been commenting on yesterday’s Supreme Court decision in FCC v. Fox, and criticizing the logic of the majority’s decision the case, which was driven solely by procedural / admin law considerations. [See Part 3.]  I also discussed Justice Thomas’s very interesting concurring opinion, which took a serious look at the constitutional issues in play here and signaled his willingness to potentially overturn Red Lion and Pacifica. [See Part 4.]  In this fifth installment, I will briefly outline some of the dissenting arguments.

Justice Stephen Breyer penned a lengthy dissent and was joined by Justices Stevens, Souter and Ginsburg.  Like the Scalia majority decision, the Breyer dissent also focused on the procedural / APA-related issues at stake in the case.  Breyer, however, was not buying the FCC’s assertion that it had adequately justified its significant expansion of indecency enforcement in recent years.  Whereas the majority deferred to the agency and found “no basis in the Act or this Court’s opinions for a requirement that all agency change be subjected to more searching review,” the four dissenting justices saw things quite differently.  Breyer noted that while the “law grants those in charge of independent administrative agencies broad authority to determine relevant policy,” it “does not permit them to make policy choices for purely political reasons nor to rest them primarily upon unexplained policy preferences.”  He goes on to appropriately note that:

Federal Communications Commissioners have fixed terms of office; they are not directly responsible to the voters; and they enjoy an independence expressly designed to insulate them, to a degree, from “‘the exercise of political oversight.’” [citations omitted] That insulation helps to secure important governmental objectives, such as the constitutionally related objective of maintaining broadcast regulation that does not bend too readily before the political winds. But that agency’s comparative freedom from ballot-box control makes it all the more important that courts review its decision making to assure compliance with applicable provisions of the law — including law requiring that major policy decisions be based upon articulable reasons.

Breyer goes on to restate much of what is already clear from the APA and all that surrounds it. “[A]n agency must act consistently. The agency must follow its own rules,” he notes.  Moreover:  Continue reading →

Just came across this informative blog article by David Ardia, a lawyer at the Harvard Berkman Center. He describes a recent ruling on Section 230 of the Communications Decency Act in a case that the New England Patriots filed against StubHub. The Pats bar fans from reselling their season tickets and want to hold online sites liable for the actions of ticket holders. The judge said that Section 230 did not give StubHub immunity. According to David:

In summary, StubHub profited as ticket prices increased; it didn’t require users to disclose what they paid for their tickets, thus making it harder to police its site; and it encouraged its best clients to buy low and sell high.  Isn’t this the way most online auction sites work?  Surely “knowing participation” isn’t coterminous with “materially contributing” to unlawful activity.

Using the factors described above is a troubling interpretation for Section 230, and has broad implications for online platforms and social networking sites – not just ticket exchanges. The court is sending a message that online sites should be the enforcer of private contracts to which they are not a party. This is an added obligation and potential liability that threatens the stated intent of Section 230, “to promote the continued development of the Internet and other interactive computer services and other interactive media.”

(Update: Bruce Schneier linked to this post (and Adam’s) from his blog post on the topic, and the Wall Street Journal issued a “correction and amplification” at the top of the story on its site.)

I share many of Adam’s concerns with Bruce Schneier’s WSJ piece. But there’s something else wrong with it. He’s got the facts wrong, right in the first paragraph:

Almost none of more than 27 million people who took the RealAge quiz realized that their personal health data was sold to drug companies, who in turned used that information for targeted e-mail marketing campaigns.

RealAge does not sell data to drug companies. RealAge collects health information about users and markets to its users at the request of its “partners.” But, again, it does not disclose health data to those partners, including drug companies.

RealAge.com has a sensible business model: cultivate an audience of users that are interested in health, and make money on the sellers trying to reach them, like drug companies. And y’know what would kill that business model? Giving data about users to the drug companies.

And in terms of privacy, that’s a difference in kind, not degree. The data is held close by RealAge.com. Given that, Schneier’s argument that there is deception deserving government intervention falls apart. RealAge.com says what it does and does what it says.

The line from RealAge’s privacy policy that Bruce quotes is deprived of context by what he doesn’t quote. Here’s what he quotes: “[W]e will share your personal data with third parties to fulfill the services that you have asked us to provide to you.” Scary . . . ish.

The rest of the story is the next line: “These third parties are required not to use your Personal Data other than to provide the services requested by RealAge.”

When I first read the privacy policy a few weeks ago – here’s what I wrote then – I assumed this language allowed them to use an email service provider to store and send emails. I was impressed that they say they specifically require service providers like this not to repurpose the data.

When I checked with the people at RealAge.com today, they confirmed that these lines in their privacy policy are for this kind of third-party service provider, not for drug companies.

So, with the sinister data-sharing-with-drug-companies meme kinda dropped out of the equation, what you have left is the question whether personal information should be used to direct health information toward interested people. Should people get information about remedies they might need from companies interested in selling them?

People are free to doubt drug advertisements because they’re advertisements, but given the prospective health benefits, more information is better than none, and I have a hard time saying health marketing is bad. It’s a lot easier to say it’s bad when you assume incorrectly what happens to personal data in the process.

Today, the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) announced the members of the new Online Safety and Technology Working Group (OSTWG).  I am honored to be among those chosen to participate in this new task force and I look forward to continuing the work started last year with the Harvard Berkman Center’s Internet Safety Technical Task Force (ISTTF), which I also served on.   I was very proud of the work done by the ISTTF and the impressive final report that Prof. John Palfrey crafted to reflect our findings.  I am eager to investigate these issues further and take a look at the latest research and technologies that can help us better understand how to protect our kids online while also protecting the free speech and privacy rights of Netizens.

The new NTIA working group, which was established under the “Protecting Children in the 21st Century Act,” will report to the Assistant Secretary of Commerce for Communications and Information on industry-implemented online child safety tools and efforts. Within a year of convening its first meeting, the group will submit a report of its findings and make recommendations on how to increase online safety measures.

Below the fold I have listed the complete roster of OSTWG task force members.  I very much looking forward to working with this outstanding group.  And I’m happy to report that my TLF blogging colleague Braden Cox will be joining me on this task force!

Continue reading →

FTC Chairman Jon Leibowitz warned yesterday that companies involved in Web advertising face their “last chance” to “voluntarily” adopt stricter policies governing the use and collection of consumer information, Reuters reports. This isn’t the first time the FTC has threatened the advertising industry with regulation, but it signals a sense of immediacy that may pressure industry leaders to change their practices in coming weeks.leibowitz

Leibowitz presumably wants to quell widespread concern that Internet companies like Google and AT&T have “excessive control” over consumer information. But what’s excessive about using information that individuals have voluntarily handed over for marketing purposes, subject to legally enforceable rules laid out from the get-go?

Users ultimately control their data, not firms. After all, only data that users transmit can be collected. When a user visits a website, their IP address may be recorded, and when a user submits a query to a search engine, the search term can be logged. This is how the Internet has always worked.

Not all consumers understand what information is gathered about them as they browse online. The best way to protect such users is not through regulation, but by educating — and, therefore, empowering — users. Volumes have been written on privacy and data security, and the ongoing TLF series “Privacy Solutions” offers a growing body of tips on how consumers can achieve the level of privacy that suits them.

Understandably, some people are uncomfortable with their queries being logged, and would prefer that websites simply not track any data. Some sites are willing to do just that — Cuil, a search engine launched in 2008, promises to never log IP addresses or even use cookies (as Jim has noted). Other anonymity solutions rely on secure virtual tunnels that can mask users’ actual IP addresses.

Still, no matter what the FTC does, transmitting data in plaintext over the Internet will never be truly “safe.” Robust end-to-end encryption is the only surefire method of ensuring information cannot be seen by anybody except the sender and the recipient. Even then, information is only as safe to the extent that the party at the other end of the line can be trusted.

Continue reading →

With today’s historic Supreme Court decision in FCC v. Fox, I have been commenting on the logic and implications of the decision. Part 3 dealt with the majority’s decision in the case, which was driven solely by procedural / admin law considerations.  This installment will discuss the very interesting concurring opinion penned by Justice Thomas, which is the only one that takes a serious look at the constitutional foundations of the FCC’s current regulatory regime.  While I was sad to see Justice Thomas join the majority’s decision upholding the FCC’s radical expansion of speech regulation in recent years, he joined that majority only on straightforward procedural grounds.   On the underlying constitutional issues at stake here, it is clear from his concurring statement that he is ready for the Court to hear a challenge to the previous court precedents and traditional regulatory doctrines that have long supported FCC speech and media controls.

“I write separately,” Justice Thomas says “to note the questionable viability of the two precedents that support the FCC’s assertion of constitutional authority to regulate the programming at issue in this case.”  Specifically, he addresses the two key cases upon which almost all FCC speech regulation rests: Red Lion Broadcasting Co. v. FCC, 395 U. S. 367 (1969) and FCC v. Pacifica Foundation, 438 U. S. 726 (1978). Thomas continues: “Red Lion and Pacifica were unconvincing when they were issued, and the passage of time has only increased doubt regarding their continued validity.”

BOOM!  With those words, Justice Thomas has dropped the hammer and taken what will hopefully be the first swing at toppling the house of cards that is modern FCC speech regulation.  Justice Thomas goes on to itemize the many problems with what I have referred to as “America’s Jurisprudential Twilight Zone” when it comes to how we apply the First Amendment to media platforms in this country.  He states:
Continue reading →

As I noted earlier, the U.S. Supreme Court today handed down a historical First Amendment decision in the case of Federal Communications Commission v. Fox Television Stations.  The Court ruled in the FCC’s favor by a 5-4 margin.  My initial general thoughts are here. In this piece, I’ll talk a bit more about the majority’s decision in the case.

The most important thing to realize about the Court’s 5-4 decision in FCC v. Fox is that the Court has intentionally dodged all the serious constitutional issues in play here and instead decided the case solely on procedural grounds. “We decline to address the constitutional questions at this time,” the majority says. (p. 26) Writing for the majority, Justice Scalia says:

There is… no basis in the Act or this Court’s opinions for a requirement that all agency change be subjected to more searching review. Although an agency must ordinarily display awareness that it is changing position… and may sometimes need to account for prior fact finding or certain reliance interests created by a prior policy, it need not demonstrate to a court’s satisfaction that the reasons for the new policy are better than the reasons for the old one. It suffices that the new policy is permissible under the statute, that there are good reasons for it, and that the agency believes it to be better, which the conscious change adequately indicates.

Of course, it’s not entirely unusual for the Court to decide important regulatory cases by sticking to administrative law / APA issues, but what’s different in this case is that we’re not talking about the regulation of widgets here. We are talking about the regulation of freedom of speech and expression. Shouldn’t the administrative law analysis change a bit when the issues at stake implicate profound constitutional imperatives? I think so, but the majority doesn’t address that.
Continue reading →

As I noted earlier, the Supreme Court just handed down a historical First Amendment decision in the case of Federal Communications Commission v. Fox Television Stations. Here are my initial general thoughts on the case that were just sent out in a PFF press release. Again, more commentary to follow later today as I continue to digest the decision.

While the Court decided this case on purely procedural grounds, its failure to address the constitutional issues at stake will leave the First Amendment freedoms of both media creators and consumers in this country uncertain until another case winds its way up to the court, which could take years. Practically speaking, as Justice Thomas noted, what’s the point of continuing to apply a censorship regime to one of the oldest mediums—broadcast TV and radio—when kids are flocking to unregulated mediums in large numbers? At this point, we’re doing little more than protecting adults from themselves and destroying over-the-air broadcasting in the process.

Until the Court clearly addresses the First Amendment protection of broadcasting in light of the Digital Revolution, we’ll just have to speculate as to how to reconcile the broadcast law of bygone era with the Court’s recent Internet jurisprudence—which has strongly supported the First Amendment. Although new media technologies and platforms are not covered currently by FCC content controls, the specter of regulation now haunts all media as platforms continue to converge and broadcast content gets repurposed on other platforms.

Finally, what makes the Court’s ruling even less sensible is that all parents have an extensive array of tools and strategies at their disposal to control media in their homes and in their lives of the children. That is especially the case for broadcast television programming, which is easier to control than ever before. The Court has held that user empowerment and private blocking solutions should shield the Internet from content regulation. Why shouldn’t the same principle apply to broadcasting?