Don’t take your eye off the ball, people. The FTC’s assessment of $2.9 million against ValueClick does not mean that CAN-SPAM is working. The Inbox at Privacilla.org has about 25,000 spam messages in it – because Rackspace’s hosted email product has such ineffectual anti-spam technology. Oh, and because CAN-SPAM, which was supposed to “can” spam – meaning “end it” – didn’t.

On Wednesday, April 10, a bill “to Affirm the Policy of the United States Regarding Internet Governance” was marked up in the U.S. House of Representatives. The bill is an attempt to put a formal policy statement into statute law. The effective part says simply:

It is the policy of the United States to promote a global Internet free from government control and to preserve and advance the successful multistakeholder model that governs the Internet.

Yet this attempt to formulate a clear principle and make it legally binding policy has become controversial. This has happened because the bill brings to a head the latent contradictions and elisions that characterize U.S. international Internet policy. In the process it has driven a wedge between what was once a unified front by U.S. Democrats and Republicans against incursions into Internet governance by intergovernmental organizations such as the ITU.

The problem, it seems, is that the Democratic side of the aisle can’t bring itself to say that it is against ‘government control’ per se. Indeed, the bill has forced people linked to the Obama administration to come out and openly admit that ‘government control’ of the internet is OK when we exercise it; it’s just those other countries and international organizations that we need to worry about.

Continue reading →

For CNET today, I have a long analysis and commentary on the “Stop Online Piracy Act,” introduced last week in the House. The bill is advertised as the House’s version of the Senate’s Protect-IP Act, which was voted out of Committee in May.

It’s very hard to find much positive to say about the House version. While there’s considerable evidence its drafters heard the criticisms of engineers, legal academics, entrepreneurs and venture capitalists, their response was unfortunate.

Engineers pointed out, for example, that court orders requiring individual ISPs to remove or redirect domain name requests was a futile and dangerous way to block access to “rogue” websites. Truly rogue sites can easily relocate to another domain, or simply have users access them with their IP address and bypass DNS altogether. Continue reading →

Every once and awhile it’s worth taking a step back and looking at the long view of how Internet policy developments have unfolded and consider where they might be heading next.  We’ve reached such a moment as it pertains to efforts to police the Internet for copyright piracy, objectionable online content, privacy violations, and cybersecurity.  We’re at an interesting crossroads in this regard since the prospects for successful cracking down on copyright piracy and pornography appear grim.  Seemingly every effort that has been tried has failed.  The Net is awash in online porn and pirated content.  I am not expressing a normative position on this, rather, I’m just stating what now seems to be commonly accepted fact.

In the meantime, the United States is in the process of creating new information control regimes and this time its access to personal information and cybersecurity that are the focus of regulatory efforts.  The goal of the privacy-related regulatory efforts is to help Netizens better protect their privacy in online environments and stop the “arms race” of escalating technological capabilities.  The goal of cybersecurity efforts is to make digital networks and systems more secure or, more profoundly as we see in the Wikileaks case, it is to bottle up state secrets.

These efforts are also likely to fail.  Simply stated, it’s a nightmare to bottle-up information once it’s out there.  Continue reading →

Two privacy bills are already up for consideration. And at yesterday’s Senate Commerce hearing on Consumer Online Privacy, we heard Senator Kerry announce that he will be working on new legislation to regulate online privacy.  While we wait to see what Kerry will offer, NetChoice has concerns over the bills we do know about:  Rep. Rush’s “Best Practices Act” and the Boucher/Stearns Discussion Draft. Our side-by-side comparison identifies four concerns:

  • Both proposals would regulate small websites that don’t even collect PII. Boucher-Stearns would regulate a tiny online startup that is adding just 100 users a week, even where its users provide only a made-up user name and password. As defined, “covered information” would overly restrict the flow of useful information and harm the development of ad-supported content and services. Continue reading →

Now is a critical time for online commerce as policymakers assess their approaches to privacy. And as NetChoice says in our comments filed today, now is the perfect time for the Department of Commerce to be more involved in privacy issues.

What? We’re calling for more government involvement in a politically charged issue? Yes, and here’s why it’s an appropriate response to the Commerce Dept’s Notice of Inquiry.

Data flows today are much more complex than they were even a decade ago.  Simple one-way transfers between one country and another have been replaced by multinational corporations that transfer data across multiple jurisdictions on a daily basis.

Because of this, privacy-related laws and regulation can have a broad impact on the growth of online commerce, not just here in the U.S. but across the globe. And as a voice for commerce, the Department of Commerce should promote pro-commerce policies over there (EU, Asia, elsewhere) and over here (in the U.S.).

Here’s what we say in our comments:

  • The Commerce Department should act as an international ambassador for innovative American online companies.  The Department can play an important role as a government-to-government advocate for flexible international rules to promote continued innovation and economic growth.  And as a government agency speaking to other government agencies, the Commerce Department can bring credibility and leverage that cannot be matched by corporate interests alone.
  • Domestically, the Commerce Department should work with the FTC to step-up state and federal enforcement against unfair or deceptive information practices. Aggressive enforcement will help foster a better climate for innovation than would expanded regulation. Continue reading →

For the past month, online companies have considered the privacy legislation discussion draft from Rep. Boucher and Stearns. The legislation is a broad attempt to set privacy defaults for the collection, use and sharing of information on the Internet.

Last Friday, NetChoice submitted comments to Rep. Boucher and Stearns.

While there are some aspects of the bill to like (eg. no private right of action), we’re worried that the bill does too much, too soon, to set opt-in or opt-out defaults. We explored in a previous post why flexibility in setting user defaults is important for continued social network innovation.

Fortunately, open and thoughtful consideration of this matter can continue without undue pressures to find a quick fix for privacy. Because while there have been state legislative proposals on privacy, there is not now a patchwork of state laws creating unworkable compliance challenges for interstate e-commerce. In other words, we can take our time and get this right.

Our comments discuss how the draft bill would interfere with four commonplace scenarios for collecting and using information. Here’s one of ‘em:

1. The Operational Purpose exemption in this draft legislation is too narrow, in that it does not permit use of covered information for marketing or advertising to existing customers.

Case 1: A consumer buys a new washer and dryer and writes her email address on a product registration card. That’s an Operational Purpose, so no consent is required to collect the info.

But if the retailer later wants to send an email offering an extended service contract, he has to first obtain consent to send the email, since that’s a use of covered information for marketing purposes.

Continue reading →

Here are a few fake tech news headlines I wish I’d seen today:

  • Foreign Affairs: Google, Taiwan Announce “Merger of Equals” to Counter China
  • SFGate: Facebook Gives in to Privacy Demands; All Information Now Inaccessible by Default
  • CongressDaily: Congress to Vote by Twitter, Hashtag Landgrab Begins for Clever Bill Acronym Titles
  • Broadband Breakfast: FCC Nationalizes Broadband Providers, Free Press Says “Important First Step”
  • Worker’s Daily: Obama to Create Department of Journalism, Promises End to “Media Meddling” in Politics
  • Federal Times: FCC Asserts Ancillary Jurisdiction over 2010 Census, Claims Measuring Population First Step in Measuring Broadband Use (Adam Marcus)
  • SearchEngineWatch: Yahoo!’s “e.g.” Browser Latest “i.e.” Competitor, Privacy Advocates Demand Yodeling Opt-In (YaHOOOOOOOOOOO!)
  • Privacy Times: Google Critics Scott Cleland, Jeff Chester Form Bi-Partisan “Elgoog Institute” to Expose Google Evil
  • London Times: Microsoft Pulls Windows Operating System from Europe to Protest “Great Wall of Brussels” Antitrust Protectionism
  • CircleID: ICANN-DY Wall Calendar with Hotties of Internet Governance, CEO Beckstrom to Reprise Scott Brown Centerfold
  • MediaPost: FTC Bans Blogging, Wikipedia as “Unfair” & “Deceptive”
  • The Hill: Court Rules Bush Wiretapping Illegal; Obama Administration Vows Not to Reveal Own Illegal Wiretaps
  • E-Commerce Today: Amazon.com Relocates Facilities to Amazon River to Avoid U.S. State Sales Taxes, Too Late for Carnaval
  • Communications Daily: Hugo Chavez Rumored Replacement for Retiring FCC Commissioner, Promises Not to Regulate Internet
  • Washington Post: Obama Makes Good on Campaign Transparency Promises, Installs 24/7 Webcams Throughout White House Continue reading →

The Federal Trade Commission (FTC) today announced the release of an 18-page Request for Public Comment (embedded below) on its implementation of the Children’s Online Privacy Protection Act or 1998 (COPPA), which governs online sharing by, and collection of information from, children under age 13. The FTC had previously announced that it would accelerate the review, which had been planned for 2015, particularly because of concerns about the mobile marketplace, as noted in the FTC’s report on that topic released in February.

COPPA has undoubtedly succeeded in its primary goal of enhancing parental involvement in their child’s online activities in order to protect the privacy and safety of children online.  Yet these benefits have come at a price, as COPPA’s considerable compliance costs (estimated at $45/child, which can be crushing in the era of “free”) have likely reduced the digital media choices available for children.  So I’m glad to see the Commission recognize these trade-offs by asking about the costs and benefits of COPPA and any proposed changes right off the bat (Questions 1-5). Such trade-offs are an inevitable part of life and policymakers can’t simply ignore them, even when it’s “for the children.”

The Potential for COPPA Expansion

I look forward to seeing comments on the important questions raised by the Commission about precisely how best to implement the framework enacted by Congress.  But I do worry that the Commission has explicitly invited proposals for legislative changes to the statute itself. In particular:

6. Do the definitions set forth in Part 312.2 of the Rule accomplish COPPA’s goal of protecting children’s online privacy and safety? …

28. Does the commenter propose any modifications to the Rule that may conflict with the statutory provisions of the COPPA Act? For any such proposed modification, does the commenter propose seeking legislative changes to the Act?

Note that question #6 does not include the critical limitation “consistent with the Act’s requirements,” which appears no less than 17 times in subsequent questions about specific aspects of the current rules. Whatever the FTC intended, this will omission, combined with question #28, will be taken as an open invitation by many to propose not just changes in how the COPPA rules are implemented, but wholesale revisions to the COPPA statute itself. Continue reading →

That’s basically what FTC Chairman Jon Leibowitz told the Association of National Advertisers when he spoke to their “Advertising Law & Public Policy” conference last Thursday. As I noted last week, there’s intense pressure in Congress to pass a financial regulatory overhaul and, unfortunately, the version passed by the House in December—Rep. Barney Frank’s “Wall Street Reform and Consumer Protection Act of 2009” (H.R. 4173)—would also grant the Federal Trade Commission vast new powers for all its regulations, not just those relating to the non-bank financial institutions it currently regulates. In particular, HR 4173 would:

  • Make it far easier (and not just faster) for the FTC to issue all kinds of new regulations on its own, without a specific Congressional mandate to do so and instead of relying on case-by-case enforcement to punish “unfair” or “deceptive” acts and practices;
  • Reduce public input into those regulations;
  • Impose heavy civil penalties on companies before notifying them that a practice might be “unfair” or “deceptive”;
  • Prosecute those who merely provided “substantial assistance” to someone engaged in “unfair” or “deceptive” acts or practices; and
  • Sue on its own authority, instead of through DOJ (as now).

I summarized my concerns about this bill in this short interview with PFF’s new communications director, Mike Wendy, last week:
[display_podcast]

Leibowitz has lobbied hard to have his agency put on steroids (as former FTC Chairman Jim Miller put it), asking for all these things, as well as more funding, at the first Senate hearing on Hr 4173 back in February. (Conveniently, he was the only witness!) He repeated his calls for these powers on Thursday but tried to allay fears about how they’d be used. Continue reading →