By Adam Thierer & Berin Szoka
Last Friday, Common Sense Media (CSM) held an event (video) at the National Press Club featuring the chairmen of the Federal Communications Commission (FCC) and the Federal Trade Commission (FTC). The regulatory activist group released a new poll on children and privacy (Exec Summary & Full Survey). Unfortunately, like almost every other privacy-related poll, theirs is more geared towards fueling a privacy panic than on exploring the real-world trade-offs between legislating “greater privacy” (a hopelessly abstract concept in most conversations) and losing the consumer benefits of data sharing: innovation in online services and the quality and quantity of services and content supported by data-driven advertising.
What better way to drum up Congressional support for paternalistic privacy legislation (restrictions on online data use) than by asserting that this is what the electorate already wants? The poll asks whether “Congress should update laws that relate to online privacy and security for children and teens.” Three-fifths (61% of parents, 62% of adults) said yes. But earlier in the survey, only 16% knew that the Children Online Privacy Protection Act of 1998 already prohibits “online companies… from collecting or using personal information from children under the age of thirteen without a parent’s permission.” (53% weren’t sure.) If parents don’t know what Congress has already done, how meaningful is it for them to say they think Congress needs to do more? (There’s a reason we don’t have direct democracy.)
Indeed, how useful are such polls, anyway? Ultimately, what such polls really tell us is that, if you ask parents—or adults in general—whether they’re concerned about protecting kids, of course most will say yes, because nobody wants to think of themselves as the kind of person who doesn’t care about kids.
This bias becomes even more problematic when the choice at issue involves such stark trade-offs—especially when we’re talking about throwing a wrench (restrictions on data use and collection) in the economic engine that has again and again provided funding for media and services that users just won’t pay for. As we’ve noted here before, privacy polls and surveys reveal only what the public will tell pollsters in response to the particular questions asked. On privacy, those questions are almost invariably designed to solicit responses suggesting an urgent need for more laws and government action. Even the fairest of these surveys is no substitute for real-world experiments in which people make real choices, in real time, often with real money, and face many real trade-offs.
What this debate comes down to is the unarticulated trade-off between the benefits of receiving tailored (relevant!) ads and the costs of that tailoring. Yet, too often, policymakers and even the public seem oblivious to that trade-off. There’s too much “assume-a-platform” thinking going on out there: CSM and their ilk imagine all these free online sites and services we and our children enjoy today just fall like manna from heaven—and will keep working no matter how they’re hamstrung. Worse yet, discussions about “harms” take place at such a level of abstraction as to be almost meaningless.
For example, during Friday’s press conference announcing the poll results, Common Sense Media founder and CEO Jim Steyer pushed hard for aggressive Internet regulation to “protect privacy”—yet for all his adamance, he couldn’t identify a single clear harm demanding further government intervention. (He barely mentioned existing regulation, like the FTC’s enforcement of corporate promises or the Fair Credit Reporting Act, which restricts the use of personal data for credit decisions, where a real harm could occur to users.)
Steyer actually asserted—repeatedly—that regulation will not burden online operators, and blithely suggested that, in essence, if dot-com entrepreneurs are smart enough to build all these cool sites and services, they can also figure out how to craft or live with new rules for how the Internet economy should work. Ah, yes… everything will be just fine and dandy once the regulatory wrecking ball comes and requires every online site that currently uses advertising—powered by data collection—to completely change the way they do business and find new business models that involve getting someone other than advertisers to pay for all that free stuff. More on that Beltwayland fantasy in a minute!
First, however, CSM deserves some credit for at least asking respondents two survey questions that gets to the heart of our concern about trade-offs. Specifically, survey question #14 asked, “Some social networks and search engines that offer online services for free say they can only do so by selling advertising tailored to user habits and interests. Do you believe this is true?” Of course, that statement is obviously true: There’s no such thing as a free lunch. Something has to pay for all theses services; that something is advertising and marketing techniques that are powered by data aggregation about users’ apparent interests. Regardless, CSM left the question open-ended, either becuase they don’t buy that notion or they wanted to suggest to respondents that it’s actually an open question (as if site operators are just lying about having to pay their bills somehow!) Responses split almost perfectly:
Importantly, however, in the next question, CSM asked: “Would you prefer to pay for services currently provided for free on search engines and social networking sites in lieu of having information about you sold to advertisers?” Nearly half (45%) of all adults and, surprisingly, an even higher (51%) proportion of parents, said they would not prefer to pay for services but instead continue to allow data collection / advertising to fund online content and services.
Interestingly, CSM never mentions these important findings in their press release or online summary of the poll. Instead, they play up survey results suggesting that plenty of people, especially parents, have general concerns about privacy. Well, of course they do! That’s like asking if you have general concerns about the flu or (if you live in Florida) hurricanes. But, again, there has to be some context and some acknowledgment of the fact that the world is full of trade-offs and that regulation has consequences. Regrettably, but perhaps unsurprisingly, CSM downplays the questions in their survey that speak to this. It’s one of the rare instances of trade-offs even being mentioned in a privacy poll, probably because those who generally conduct privacy polls had political motivations: They want federal privacy regulation and, therefore, they selectively ask only leading questions about generic privacy concerns that are always going to produce lop-sided results.
We applaud CSM for breaking with that unfortunate tradition—the polling equivalent of “stuffing the ballot box”—and at least asking people if they understand there’s a trade-off here and whether they’d be willing to pick up the full freight of what the online services and content they consume actually cost. Of course, once CSM heard that, when faced with that stark choice, the majority of people would not want to pay, the organization decided to essentially bury that result and instead highlight the other “Do you love your mother?” sort of questions that produce predictable results precisely because they are consequence-free. (Perhaps they only included these questions because they know we’ve been so relentless in our criticism of previous polls for failing to ask any questions even approximating trade-offs?)
What’s even more concerning about the way CSM chose to play these poll result is the shameless scare tactics Jim Steyer used during the press conference. At one point, he compared these privacy concerns to “tainted meat” and unregulated meatpackers! You know, because people are dying left and right from “consuming” unregulated web content. This analogy is nothing less than insulting to web entrepreneurs, those who use them, and the policymakers Steyer is grandstanding for.
The fantasy-land mentality continued when Steyer said CSM wants someone in the Internet industry to develop some sort of “eraser button” to wipe out portions of our online pasts. “We can’t tell you how to do that,” Steyer said, but the onus is on industry to do it—and he expects them to get on it immediately. Right… perhaps the Internet’s Director of Operations can issue all companies and consumers one of those Staples “EASY” buttons for their desks, except this one would just say “ERASE” and magically clean up our online pasts! Again, this is consequence-free thinking at work and it is dangerous—especially to smaller website operators who just can’t absorb endless regulatory mandates without suffering profound consequences.
Speaking of scare tactics, it’s quite revealing that CSM chose to phrase Question #2 as follows: “Of the following, which do you feel is the main reason you are concerned about children revealing personal information online?” And then they listed a few possible responses with the first being “sexual predators.” Nothing like fanning the flames of moral panic by asking about child predation! CSM has certainly studied the literature closely enough to know how completely out of proportion this concern has been blown. Read the final report of the Harvard Berkman Center “Enhancing Child Safety” blue ribbon task force to get the definitive word on that.
But it’s equally interesting that, despite all the hand-wringing at Friday’s press conference about targeted marketing, only 4% of respondents to this poll felt product marketing was the primary concern relating to collection of information about children online. Nonetheless, CSM is still demanding more regulation in the name of protecting kids from some amorphous corporate bogeyman. Complicating matters is the fact that, during the press conference, Jim Steyer said that for CSM, a “kid” is anyone under 18. This was consistent with comments that CSM submitted to the FTC in July as part of the agency’s review of the Children’s Online Privacy Protection Act (COPPA), CSM advocated not just expanded educational efforts, which we applaud, but also expanding COPPA’s age scope to cover all kids under 18 as well as opt-in mandates for the collection and use of any “personal information” or “behavioral marketing.”
Incidentally, during Friday’s press conference, a sharp audience member asked how, exactly, government or websites would go about differentiating kids from adults for purposes of expanded “kids’ privacy” regulation. Good question!—and one that Steyer promptly ignored. He went silent at that point, perhaps recognizing that CSM was wading into the unconstitutional waters of COPA-like age verification mandates for the Internet without the slightest clue of the real-world implementation of their proposals. FTC Chairman Jon Leibowitz jumped in to suggest that it could be done because marketers already know how to track kids and have sophisticated techniques to figure out who is who and what age they are. But that’s simply not true.
The reality, as we have noted here before many times [see 1, 2, 3, 4, 5, 6, 7] is that there is no easy way to verify the ages of kids online becuase they lack the sort of credentialing records (driver’s licenses, credit cards, tax records, home mortgages, work or military records, etc) that adults possess. Thus, if you say you want to verify kids’ ages online, what you are really saying is that you want to verify adults online. Again, this gets us right back into the thorny COPA world which has already been litigated to the hilt and found unconstitutional many times over because of the free speech and privacy issues it raises to create the equivalent of an online “show-us-your-papers” regulatory regime.
We object to other CSM proposals, including their call for new laws and regulations that deny any ability to serve up targeted ads and opt-in mandates for geo-location and changes of personal information, and their call for “independent privacy ratings,” which seems to echo their old call for “universal ratings” for all media content. But we haven’t seen all the details on those, so we’ll have to address them later.
What is clear, though, is that Common Sense Media is back on the regulatory warpath, again advocating comprehensive regulation of the Internet in the name of “protecting the children.” We can certainly join hands with CSM in their call for more education on all these issues, and we can also live with the FTC holding companies to the promises or claims they make when it comes to the personal information they collect and what they do with it. But what Common Sense Media is asking here is for the Internet to be re-engineered through a sweeping regulatory regime that could decimate the “free” and open Internet as we know it. That’s what this battle is all about.
Additional Reading
- Joint CDT-PFF-EFF Comments on FTC’s COPPA Review & the Dangers of COPPA Expansion
- “Privacy Polls v. Real-World Trade-Offs” – by Berin Szoka
- “Comments at FTC Workshop Panel on Privacy Polls & Surveys” – by Adam Thierer
- “Troubling COPPA Filing by Common Sense Media” – by Adam Thierer
- “COPPA 2.0: The New Battle over Privacy, Age Verification, Online Safety & Free Speech” – by Berin Szoka & Adam Thierer
- “Privacy Trade-Offs: How Further Regulation Could Diminish Consumer Choice, Raise Prices, Quash Digital Innovation & Curtail Free Speech” – by Berin Szoka, (Comments to the Federal Trade Commission at the Privacy Roundtables, Nov. 10, 2009)
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.