Keeping politicians' hands off the Net & everything else related to technology
—all one paragraph of it—on the Cato@Liberty blog.
The upshot: Their promise not to have a national ID database is almost certainly wrong. Sold as a simple quick-fix, it would take decades and hundreds of billions of dollars to build, encountering untold complexities beyond what we already know.
Comments 
Posted in: Privacy, Security & Government Surveillance
Progress Snapshot 6.7, The Progress & Freedom Foundation (PDF)
This week marks a pivotal point in the history of the Internet. Monday was the 25th anniversary of the first .COM registration—and in some ways, the beginning of the commercial Internet. Yesterday, the Federal Communications Commission unveiled its long-awaited National Broadband Plan, which proposes ambitious subsidies to encourage broadband deployment. On the theory that unease about online privacy may discourage broadband adoption, the Plan also calls for increased regulation of how websites collect, and use, data from consumers.
The debate over how to regulate online data use has gone on for over a decade, leading to today’s final “Roundtable” in the “Exploring Privacy” series held by the Federal Trade Commission over the last three months. The stakes in this debate are high: Data is the lifeblood of online content and services, and consumers will ultimately bear the cost of restrictions on data use in the form of reduced advertising funding for, and innovation in, online content and services.
That’s why this week’s most important technology policy event may ultimately prove to be today’s Senate Commerce Committee hearing on Rep. Barney Frank’s “Wall Street Reform and Consumer Protection Act of 2009” (H.R. 4173), which narrowly passed the House in December without a single hearing and no real debate. Although the sprawling (273,579 word) bill is mostly famous for creating a Consumer Financial Protection Agency, it would also, in just 613 words, “put the FTC on steroids,” in the words of Jim Miller, FTC Chairman from 1981 to 1985. With vastly expanded powers, the FTC could impose sweeping new regulation touching virtually every sector of our economy.
The current FTC chairman, Jon Leibowitz, has made clear his determination to step up regulation of online data use, advertising, “blogola,” and child protection, just to name a few of the hot topics in Internet policy. While the FTC will no doubt continue to push for increased statutory authority, such as the online privacy bill reportedly being drafted by House Commerce Internet Subcommittee Chairman Rick Boucher (mandating opt-in for data collection), Chairman Leibowitz may be able to implement most of his radical Internet regulatory agenda using the new powers conferred on his agency in a bill (H.R, 4173) few realize has anything to do with Internet policy. Continue reading →
Comments Posted in: Advertising & Marketing, Intermediary Deputization & Section 230, Privacy, Security & Government Surveillance
I’m livetweeting today’s final FTC Privacy Roundtable (check out the #FTCPriv hashtag on Twitter). Check out the day’s agenda or watch the webcast here. Adam Thierer and I expressed our concerns about the rush to regulation at the First Roundtable back in December—see my written comments and Adam’s summary of his remarks. David Vladeck, Director of the Bureau of Consumer Protection offered the following summary of the Roundtable process at the kick-off this morning:
On the critical question of next steps, Vladeck claims the agency isn’t certain where it will go and plans to “sit back” and think about the detailed record before making public a set of detailed recommendations on which the public will be invited to provide input. I’d like to believe him and I hope the agency really does think long and hard about the evidence provided in this process as to the trade-offs inherent in increased regulation, the complexity of this space, and the need for a cautious approach when it comes to tinkering with the data flows that are the lifeblood, both technological and financial, of the Internet. But based on their recent public statements, I fear that Vladeck and FTC Chairman Jon Liebowitz have already made up their minds about the need for regulation, and that this process is really just paving the way for a report this summer that will call for sweeping new legislation—just as the FTC did back in its 2000 Report to Congress. Continue reading →
Comments Posted in: Advertising & Marketing, Privacy, Security & Government Surveillance
I’ve just read through the National Broadband Plan’s (NBP) section on online privacy (pp. 52-57). I share the FCC’s goal of increasing consumer control over their digital profiles, and applaud the FCC’s call for promoting the development of trusted identity providers and for increased education about identity theft. But I’m disappointed to see that the FCC is focused on regulatory solutions instead of less restrictive alternatives like consumer education, technological empowerment, increased enforcement of existing laws, or limiting government access to data collected by the private sector.
Given the nature of bureaucracies and the FCC’s sweeping assertions of its own authority in recent years, I suppose we shouldn’t be surprised that the FCC’s primary suggestion is that it should be given a key role in crafting privacy regulations for online services. But the FCC clearly lacks any statutory authority over the “computing cloud” and Congress has not asked the agency for suggestions on expanding its jurisdiction.
The FCC deserves credit for recognizing something I’ve stressed: the manifold benefits of online data collection and use, especially that targeted advertising can significantly increase funding for “free” ad-supported content and services:
These data are giving rise to something akin to a “digital identity,” which is a major source of potential innovation and opens up many possibilities for better customization of services and increased opportunities for monetization. The value of a targeted advertisement based on personal data can be several times higher than the value of an advertisement aimed at a broad audience. For example, the going rate for some targeted advertising products can be several times the rate for a generic one because consumers can be six times more likely to “click through” a targeted banner advertisement than a non-targeted one. This differential will likely increase as targeting becomes more refined and more capable of predicting preferences, intentions and behaviors.
Firms’ ability to collect, aggregate, analyze and monetize personal data has already spurred new business models, products and services, and many of these have benefited consumers. For example, many online content providers monetize their audience through targeted advertising. Whole new categories of Internet applications and services, including search, social networks, blogs and user-generated content sites, have emerged and continue to operate in part because of the potential value of targeted online advertising.
Unfortunately, the FCC doesn’t acknowledge that these benefits are a critical part of the trade-off inherent in increased regulation of how online service providers collect and use data. Continue reading →
Comments Posted in: Advertising & Marketing, Broadband & Neutrality Regulation, Privacy, Security & Government Surveillance
This will be a busy week for tech policy in Washington! First, tomorrow the FCC is expected to release the National Broadband Plan that it’s been working on since Congress passed the “Recovery Act” passed in January 2009, tasking the FCC with formulating “a detailed strategy for achieving affordability of such service and maximum utilization of broadband infrastructure and service by the public.” Under Chairman Julius Genachowski, the FCC has issued a flurry of inquiries about extending FCC regulation to various aspects of the Internet, as we’ve lamented. Perhaps most troubling is the agency’s open-ended inquiry about regulating the use and collection of data by the private sector on the grounds that concerns about online privacy might slow broadband adoption. For the reasons I laid out in my comments on that inquiry, I very much hope the FCC does not attempt to shoe-horn this regulatory agenda into the Broadband plan. Unfortunately, the just-released executive summary suggests (mid-way down column 1 on page 2) the FCC may take a hard line on this issue.
At the same time that the FCC will be launching its “Five Ten Year Plan” for our infrastructure tomorrow, Verisign will be celebrating the 25th anniversary of the first .COM registration with a Policy Impact Forum in the Reagan Center. The all-start cast includes President Clinton, former FCC Commissioner Reed Hunt, ICANN President Rod Beckstrom, All Things Digital editor Kara Swisher, U.S. CTO Aneesh Chopra, Huffington Post founder Arianna Huffington and… my personal favorite, comedian Mo Rocca! They’ll all come together to celebrate how the private sector—symbolized by .COM—has transformed the Internet from a defense research project to a vibrant marketplace of ideas, goods, services, ads and personal sharing. Talk about Internet optimism!
On Wednesday, the Federal Trade Commission will hold its third and final Exploring Privacy Roundtable. Adam Thierer spoke at the first Roundtable on privacy polls and surveys, something I’ve written a lot about. I talked about the benefits of online advertising, as summarized in my comments to the FTC. We remain concerned that, for all the talk about improving self-regulation, this process is going to lead to increased regulation of data use and collection without first looking to the kinds of “less restrictive” we’ve been emphasizing to address real, non-conjectural harms: user education, user empowerment, increased enforcement, technological innovation at all levels, and enhanced protection from the clearest harm of all, government snooping.
Also on Wednesday (at 3pm), the Senate Commerce Committee will hold a hearing (in SR-253) on “Financial Services and Products: The Role of the Federal Trade Commission in Protecting Consumers, Part 2.” What’s at stake in this hearing is far more than financial regulation, but how pending legislation already passed by the House—originally the Consumer Financial Protection Act (CFPA), which was reborn as the “Wall Street Reform and Consumer Protection Act of 2009″ (HR 4173)—would, if enacted, expand the FTC’s powers to regulate vast swathes of our economy. Continue reading →
Comments Posted in: Advertising & Marketing, Broadband & Neutrality Regulation, Inside the Beltway (Politics), Privacy, Security & Government Surveillance
Read my take at Cato@Liberty.
Comments Posted in: Privacy, Security & Government Surveillance
So reports the Wall Street Journal:
Lawmakers working to craft a new comprehensive immigration bill have settled on a way to prevent employers from hiring illegal immigrants: a national biometric identification card all American workers would eventually be required to obtain.
It’s the natural evolution of the policy called “internal enforcement” of immigration law, as I wrote in my Cato Institute paper, “Franz Kafka’s Solution to Illegal Immigration.”
Once in place, watch for this national ID to regulate access to financial services, housing, medical care and prescriptions—and, of course, serve as an internal passport.
Comments Posted in: Privacy, Security & Government Surveillance
A couple weeks ago the Google Books Settlement fairness hearing took place in New York City, where Judge Denny Chin heard dozens of oral arguments discussing the settlement’s implications for competition, copyright law, and privacy. The settlement raises a number of very challenging legal questions, and Judge Chin’s decision, expected to come down later this spring, is sure to be a page-turner no matter how he rules.
My work on the Google Books Settlement has focused on reader privacy concerns, which have been a major point of contention between Google and civil liberties groups like EFF, ACLU, and CDT. While I agree with these groups that existing legal protections for sensitive user information stored by cloud computing providers are inadequate, I do not believe that reader privacy should factor into the court’s decision on whether to approve or reject the settlement.
I elaborated on reader privacy in an amicus curiae brief I submitted to the court last September. I argued that because Google Books will likely earn a sizable portion of its revenues from advertising, placing strict limits on data collection (as EFF and others have advocated) would undercut Google’s incentive to scan books, ultimately hurting the very authors whom the settlement is supposed to benefit. While the settlement is not free from privacy risks, such concerns aren’t unique to Google Books nor are they any more serious than the risks surrounding popular Web services like Google search and Gmail. Comparing Google Book Search to brick-and-mortar libraries is inapt, and like all cloud computing providers, Google has a strong incentive to safeguard user data and use it only in ways that benefit users and advertisers.
Comments Posted in: Advertising & Marketing, Privacy, Security & Government Surveillance
Here’s a great conversation at Slate.com about Shane Harris’ new book The Watchers.
We’ll be having the author here at Cato on March 10th for a similar discussion of his book and the growth of the surveillance state.
Comments Posted in: Privacy, Security & Government Surveillance
Jim Harper and I have been having one of our periodic tussles over the Lower Merion school laptop spying case. Jim thinks the search in this case may pass Fouth Amendment muster; I disagree.
This is especially tricky because the facts are still very much unclear, but I’m going to follow Orin Kerr in assuming that the facts are roughly as follows. (I also, incidentally, follow Kerr in his conclusions: The statutory claims are mostly spurious; the Fourth Amendment claim is legitimate.) Harriton High School issues its students personal laptops, which are required for class, and normally are also taken home by the students. Student Blake Robbins, however, had apparently been issued a temporary “loaner” laptop while his normal one was in for repairs. According to school rules, this laptop was supposed to remain on campus because he had not paid an insurance fee for it, but he took it home with him anyway. Exactly what happened next is not entirely clear, but at some point someone at the school appears to have registered it as missing on the school’s asset management and security system. The system works as follows. Each laptop periodically checks in with the school server whenever it is online—it sends a “heartbeat”—registering its identity, the IP address from which it’s connected, and some basic system data. It also, among other things, checks whether it has been reported missing or stolen. If it has, depending on the settings specified, it activates a security protocol which causes it to check in more frequently and may also involve taking a series of still images with its built-in webcam and submitting them back to the server for review. One of those images, presumably because it showed something the school’s techs thought might be drugs, was subsequently passed along to a school administrator. Again, any of this could be wrong, but assume these facts for now.
Our baseline is that private homes enjoy the very highest level of Fourth Amendment protection, and that whenever government agents engage in non-consensual monitoring that reveals any information about activity in the interior of the home, that’s a violation of the right against unreasonable search.There are some forms of public search that may be deemed reasonable without a court order, such as the so-called Terry stop, but “searches and seizures inside a home without a warrant are presumptively unreasonable absent exigent circumstances” (Karo v. United States). Obviously, an ordinary search for stolen property cannot be “exigent.” Karo is actually helpful to linger on for a moment. There, a can of ether fitted with a covert tracking beeper had been sold to suspects who were involved in cocaine processing:
Comments Posted in: Privacy, Security & Government Surveillance
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.
