Articles by Julian Sanchez

Julian Sanchez is a writer, journalist, and research fellow at the Cato Institute in Washington, D.C. He focuses primarily on issues at the busy intersection of technology, privacy, civil liberties, and new media—but also writes more broadly about political philosophy and social psychology. Before joining Cato, He served as the Washington Editor for Ars Technica, where he covered surveillance, intellectual property, and telecom policy. Prior to that, he was an assistant editor for Reason magazine, where he remains a contributing editor. His writing has appeared in The Los Angeles Times, The American Prospect, Reason, The Guardian, Techdirt, The American Spectator, and Hispanic, among others, and he blogs regularly for The Economist's Democracy in America. He studied philosophy and political science at New York University.

If I can amplify a bit on a post at the Cato blog earlier today, I want to clarify that I fully agree some of the ISP behaviors that net neutrality proponents have identified as demanding a regulatory response really are seriously problematic. My point of departure is that I’d rather see if there are narrower grounds for addressing the objectionable behaviors than making sweeping rules about network architecture. So in the case of Comcast’s throttling of BitTorrent, which is the big one that seems to confirm the fears of the neutralists, I think it’s significant that for a long while the company was—”lying about” assumes intent, so  I’ll charitably go with “misrepresenting”—their practices. And I don’t think you need any controversial premises about optimal network management to think that it’s impermissible for a company to charge a fee for a service, and then secretly cripple that service. So without even having to hit the more controversial “nondiscrimination” principle Julius Genachoswki proposed on Monday, you can point to this as a failure of the “transparency” principle, about which I think there’s a good deal more consensus. Now, there are bigger guns out there looking for dodgy filtering practices these days, so I’d expect the next attempt at this sort of thing to get caught more quickly, but by all means, enforce transparency about business practices too. Consumers have a right to get the service they’ve bought without having to be 1337 haxx0rz to discover how they’re being shortchanged. But before we get the feds involve in writing code for ISP routers, I’d like to see whether that proves sufficient to limit genuinely objectionable deviations from neutrality.

There’s a hoary rule of jurisprudence called the canon of constitutional avoidance. It means, very crudely, that judges don’t decide broad constitutional questions—they don’t go mucking with the basic architecture of the legal system—when they have some narrower grounds on which to rule. So if, for instance, there are two reasonable interpretations of a statute, one of which avoids a potential conflict with a constitutional rule, judges are supposed to prefer that interpretation. It’s not always possible, of course: Sometime judges have to tackle the big, broad questions. But it’s supposed to be something of a last resort. Lawyers and civil liberties advocates, of course, tend to get more animated by those broad principles, whether the First Amendment or end-to-end. But there’s often good reason to start small—to look to the specific fact patterns of problem cases and see whether there are narrower bases for resolution. It may turn out that in the kinds of cases that neutralists rightly warn could harm innovation, it’s not one big principle, but a diverse array of responses or fixes that will resolve the different issues. In a case like this one, perhaps a mix of mandated transparency, consumer demand, and user adaptation (e.g. encrypting traffic) will get you the same (or a better) result than an architectural mandate.

Continue reading →

My colleague Jim Harper and I have been having a friendly internal argument about Internet privacy regulation that strikes me as having potential implications for other contexts, so I thought I might as well pick it up here in case it’s of interest to anyone else. Unsurprisingly, neither of us are particularly sanguine about elaborate regulatory schemes—and I’m sympathetic to the general tenor of his recent post on the topic. But unlike Jim, as I recently wrote here, I can think of two rules that might be appropriate: A notice requirement that says third-party trackers must provide a link to an ordinary-language explanation of what information is being collected, and for what purpose, combined with a clear rule making those stated privacy policies enforceable in court. Jim regards this as paternalistic meddling with online markets; I regard it as establishing the conditions for the smooth functioning of a market. What do those differences come down to?

First, a question of expectations. Jim thinks it’s unreasonable for people to expect any privacy in information they “release” publicly—and when he’s talking about messages posted to public fora or Facebook pages, that’s certainly right. But it’s not always right, and as we navigate the Internet our computers can be coaxed into “releasing” information in ways that are far from transparent to the ordinary user. Consider this analogy. You go to the mall to buy some jeans; you’re out in public and clearly in plain view of many other people—most of whom, in this day and age, are probably carrying cameras built into their cell phones. You can hardly complain about being observed, and possibly caught on camera, as you make your way to the store. But what about when you make your way to the changing room at The Gap to try on those jeans? If the management has placed an unobtrusive camera behind a mirror to catch shoplifters, can the law require that the store post a sign informing you that you’re being taped in a location and context where—even though it’s someone else’s property—most people would expect privacy? Current U.S. law does, and really it’s just one special case of the law laying down default rules to stabilize expectations.  I think Jim sees the reasonable expectation in the online context as “everything is potentially monitored and archived all the time, unless you’ve explicitly been warned otherwise.” Empirically, this is not what most people expect—though they might begin to as a result of a notice requirement. Continue reading →

Thanks to Adam for the kind introduction; for folks to whom I’m unfamiliar, my Ars Technica archive has the bulk of my tech writing over the past year and change, though plenty of it is straight reporting now well past its expiration date.  It’s been suggested that for openers, I crosspost last week’s Cato @ Liberty thumbsucker on behavioral advertising regulation, which riffs on some of the commentary here, but in the interest of avoiding redundancy, I’ll just do the digest version and let the curious click through. Since they say the first day in lockup, you should pick a fight with the biggest mofo in the yard, I’ll excerpt the part where I disagree with Berin a bit:

First, while it’s certainly true that there are privacy advocates who seem incapable of grasping that not all rational people place an equally high premium on anonymity, it strikes me as unduly dismissive to suggest, as Berin Szoka does, that it’s inherently elitist or condescending to question whether most users are making informed choices about their privacy. If you’re a reasonably tech-savvy reader, you probably know something about conventional browser cookies, how they can be used by advertisers to create a trail of your travels across the Internet, and how you can limit this.  But how much do you know about Flash cookies? Did you know about the old CSS hack I can use to infer the contents of your browser history even without tracking cookies? And that’s without getting really tricksy. If you knew all those things, congratulations, you’re an enormous geek too — but normal people don’t.  And indeed, polls suggest that people generally hold a variety of false beliefs about common online commercial privacy practices.  Proof, you might say, that people just don’t care that much about privacy or they’d be attending more scrupulously to Web privacy policies — except this turns out to impose a significant economic cost in itself.

I still end up rejecting most of the proposed arguments for regulation, though a couple of the suggested rules (notice requirement, liquidated damages for intentional breach of stated privacy policy) struck me as more defensible, if not especially urgent.

That aside, I want to get down to the more important business of suggesting a TLF theme song: The Magnetic Fields’ sardonic “Technical (You’re So)” (whence the title of this post),  in which wordsmith/crooner Stephin Merritt delivers such lines as: “There are no papers on you /  The laws don’t cover what you do / You and your think-tank entourage / Are all counterculture demigods” and “You’re a Libertarian / The death of the left was you / You look like Herbert Von Karajan / You live underneath the zoo.”  Sure, they’re meant as mockery when Merritt sings them, but then, “queer” used to be a pejorative too. Reappropriation, baby.

Also, rhyming “Libertarian” with “Von Karajan” is the greatest act of poetry in music since Sting paired “He starts to shake and cough” with “the old man in / that book by Nabakov.” Fact.