Privacy, Security & Government Surveillance

IoT paperThe Mercatus Center at George Mason University has just released my latest working paper, “The Internet of Things and Wearable Technology: Addressing Privacy and Security Concerns without Derailing Innovation.” The “Internet of Things” (IoT) generally refers to “smart” devices that are connected to both the Internet and other devices. Wearable technologies are IoT devices that are worn somewhere on the body and which gather data about us for various purposes. These technologies promise to usher in the next wave of Internet-enabled services and data-driven innovation. Basically, the Internet will be “baked in” to almost everything that consumers own and come into contact with.

Some critics are worried about the privacy and security implications of the Internet of Things and wearable technology, however, and are proposing regulation to address these concerns. In my new 93-page article, I explain why preemptive, top-down regulation would derail the many life-enriching innovations that could come from these new IoT technologies. Building on a recent book of mine, I argue that “permissionless innovation,” which allows new technology to flourish and develop in a relatively unabated fashion, is the superior approach to the Internet of Things.

As I note in the paper and my earlier book, if we spend all our time living in fear of the worst-case scenarios — and basing public policies on them — then best-case scenarios can never come about. As the old saying goes: nothing ventured, nothing gained. Precautionary principle-based regulation paralyzes progress and must be avoided.  We instead need to find constructive, “bottom-up” solutions to the privacy and security risks accompanying these new IoT technologies instead of top-down controls that would limit the development of life-enriching IoT innovations. Continue reading →

Last week, it was my pleasure to speak at a Cato Institute event on “The End of Transit and the Beginning of the New Mobility: Policy Implications of Self-Driving Cars.” I followed Cato Institute Senior Fellow Randal O’Toole and Marc Scribner, a Research Fellow at the Competitive Enterprise Institute. They provided a broad and quite excellent overview of all the major issues at play in the debate over driverless cars. I highly recommend you read the excellent papers that Randal and Marc have published on these issues.

My role on the panel was to do a deeper dive into the privacy and security implications of not just the autonomous vehicles of our future, but also the intelligent vehicle technologies of the present. I discussed these issues in greater detail in my recent Mercatus Center working paper, “Removing Roadblocks to Intelligent Vehicles and Driverless Cars,” which was co-authored with Ryan Hagemann. (That article will appear in a forthcoming edition of the Wake Forest Journal of Law & Policy.)  I’ve embedded the video of the event down below (my remarks begin at the 38:15 mark) as well as my speaking notes. Again, please consult the longer paper for details.


Continue reading →

Driverless CarI’m pleased to announce that the Mercatus Center at George Mason University has just released my latest working paper, “Removing Roadblocks to Intelligent Vehicles and Driverless Cars.” This paper, which was co-authored with Ryan Hagemann, has been accepted for publication in a forthcoming edition of the Wake Forest Journal of Law & Policy.

In the paper, Hagemann and I explore the growing market for both “connected car” technologies as well as autonomous (or “driverless”) vehicle technology. We argue that intelligent-vehicle technology will produce significant benefits. Most notably, these technologies could save many lives. In 2012, 33,561 people were killed and 2,362,000 injured in traffic crashes, largely as a result of human error. Reducing the number of accidents by allowing intelligent vehicle technology to flourish would constitute a major public policy success. As Philip E. Ross noted recently at IEEE Spectrum, thanks to these technologies, “eventually it will be positively hard to use a car to hurt yourself or others.” The sooner that day arrives, the better.

These technologies could also have positive environmental impacts in the form of improved fuel economy, reduced traffic congestion, and reduced parking needs. They might also open up new mobility options for those who are unable to drive, for whatever reason. Any way you cut it, these are exciting technologies that promise to substantially improve human welfare.

Of course, as with any new disruptive technology, connected cars and driverless vehicles raise a variety of economic, social, and ethical concerns. Hagemann and I address some of the early policy concerns about these technologies (safety, security, privacy, liability, etc.) and we outline a variety of “bottom-up” solutions to ensure that innovation continues to flourish in this space. Importantly, we also argue that policymakers should keep in mind that individuals have gradually adapted to similar disruptions in the past and, therefore, patience and humility are needed when considering policy for intelligent-vehicle systems. Continue reading →

On Thursday, it was my great pleasure to present a draft of my forthcoming paper, “The Internet of Things & Wearable Technology: Addressing Privacy & Security Concerns without Derailing Innovation,” at a conference that took place at the Federal Communications Commission on “Regulating the Evolving Broadband Ecosystem.” The 3-day event was co-sponsored by the American Enterprise Institute and the University of Nebraska College of Law.

The 65-page working paper I presented is still going through final peer review and copyediting, but I posted a very rough first draft on SSRN for conference participants. I expect the paper to be released as a Mercatus Center working paper in October and then I hope to find a home for it in a law review. I will post the final version once it is released. [UPDATE:The final version of this working paper was released on November 19, 2014.]

In the meantime, however, I thought I would post the 46 slides I presented at the conference, which offer an overview of the nature of the Internet of Things and wearable technology, the potential economic opportunities that exist in this space, and the various privacy and security challenges that could hold this technological revolution back. I also outlined some constructive solutions to those concerns. I plan to be very active on these issues in coming months.

Continue reading →

Yesterday, June 25, 2014, the U.S. Supreme Court issued two important opinions that advance free markets and free people in Riley v. California and ABC v. AereoI’ll soon have more to say about the latter case, Aereo, in which my organization filed a amicus brief along with the International Center for Law and Economics. But for now, I’d like to praise the Court for reaching the right result in a duo of cases involving police warrantlessly searching cell phones incident to lawful arrests.

Back in 2011, when I wrote in a feature story in Ars Technica—which I discussed on these pages—police in many jurisdictions were free to search the cell phones of individuals incident to their arrest. If you were arrested for a minor traffic violation, for instance, the unencrypted contents of your cell phone were often fair game for searches by police officers.

Now, however, thanks to the Supreme Court, police may not search an arrestee’s cell phone incident to her or his arrest—without specific evidence giving rise to an exigency that justifies such a search. Given the broad scope of offenses for which police may arrest someone, this holding has important implications for individual liberty, especially in jurisdictions where police often exercise their search powers broadly.

 

My latest law review article is entitled, “Privacy Law’s Precautionary Principle Problem,” and it appears in Vol. 66, No. 2 of the Maine Law Review. You can download the article on my Mercatus Center page, on the Maine Law Review website, or via SSRN. Here’s the abstract for the article:

Privacy law today faces two interrelated problems. The first is an information control problem. Like so many other fields of modern cyberlaw—intellectual property, online safety, cybersecurity, etc.—privacy law is being challenged by intractable Information Age realities. Specifically, it is easier than ever before for information to circulate freely and harder than ever to bottle it up once it is released.

This has not slowed efforts to fashion new rules aimed at bottling up those information flows. If anything, the pace of privacy-related regulatory proposals has been steadily increasing in recent years even as these information control challenges multiply.

This has led to privacy law’s second major problem: the precautionary principle problem. The precautionary principle generally holds that new innovations should be curbed or even forbidden until they are proven safe. Fashioning privacy rules based on precautionary principle reasoning necessitates prophylactic regulation that makes new forms of digital innovation guilty until proven innocent.

This puts privacy law on a collision course with the general freedom to innovate that has thus far powered the Internet revolution, and privacy law threatens to limit innovations consumers have come to expect or even raise prices for services consumers currently receive free of charge. As a result, even if new regulations are pursued or imposed, there will likely be formidable push-back not just from affected industries but also from their consumers.

In light of both these information control and precautionary principle problems, new approaches to privacy protection are necessary. Continue reading →

I recently did a presentation for Capitol Hill staffers about emerging technology policy issues (driverless cars, the “Internet of Things,” wearable tech, private drones, “biohacking,” etc) and the various policy issues they would give rise to (privacy, safety, security, economic disruptions, etc.). The talk is derived from my new little book on “Permissionless Innovation,” but in coming months I will be releasing big papers on each of the topics discussed here.

Additional Reading:

Recent reports highlight that the telephone meta-data collection efforts of the National Security Agency are being undermined by the proliferation of flat-rate, unlimited voice calling plans.  The agency is collecting data for less than a third of domestic voice traffic, according to one estimate.

It’s been clear for the past couple months that officials want to fix this, and President Obama’s plan for leaving meta-data in the hands of telecom companies—for NSA to access with a court order—might provide a back door opportunity to expand collection to include all calling data.  There was a potential new twist last week, when Reuters seemed to imply that carriers could be forced to collect data for all voice traffic pursuant to a reinterpretation of the current rule.

While the Federal Communications Commission requires phone companies to retain for 18 months records on “toll” or long-distance calls, the rule’s application is vague (emphasis added) for subscribers of unlimited phone plans because they do not get billed for individual calls.

The current FCC rule (47 C.F.R. § 42.6) requires carriers to retain billing information for “toll telephone service,” but the FCC doesn’t define this familiar term.  There is a statutory definition, but you have to go to the Internal Revenue Code to find it.  According to 26 U.S.C. § 4252(b),

the term “toll telephone service” means—

(1) a telephonic quality communication for which

(A) there is a toll charge which varies in amount with the distance and elapsed transmission time of each individual communication… Continue reading →

Last December, it was my pleasure to take part in a great event, “The Disruptive Competition Policy Forum,” sponsored by Project DisCo (or The Disruptive Competition Project). It featured several excellent panels and keynotes and they’ve just posted the video of the panel I was on here and I have embedded it below. In my remarks, I discussed:

  • benefit-cost analysis in digital privacy debates (building on this law review article);
  • the contrast between Europe and America’s approach to data & privacy issues (referencing this testimony of mine);
  • the problem of “technopanics” in information policy debates (building on this law review article);
  • the difficulty of information control efforts in various tech policy debates (which I wrote about in this law review article and these two blog posts: 1, 2);
  • the possibility of less-restrictive approaches to privacy & security concerns (which I have written about here as well in those other law review articles);
  • the rise of the Internet of Things and the unique challenges it creates (see this and this as well as my new book); and,
  • the possibility of a splintering of the Internet or the rise of “federated Internets.”

The panel was expertly moderated by Ross Schulman, Public Policy & Regulatory Counsel for CCIA, and also included remarks from John Boswell, SVP & Chief Legal Officer at SAS, and Josh Galper, Chief Policy Officer and General Counsel of Personal, Inc. (By the way, you should check out some of the cool things Personal is doing in this space to help consumers. Very innovative stuff.) The video lasts one hour. Here it is:

book cover (small)I am pleased to announce the release of my latest book, “Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom.” It’s a short manifesto (just under 100 pages) that condenses — and attempts to make more accessible — arguments that I have developed in various law review articles, working papers, and blog posts over the past few years. I have two goals with this book.

First, I attempt to show how the central fault line in almost all modern technology policy debates revolves around “the permission question,” which asks: Must the creators of new technologies seek the blessing of public officials before they develop and deploy their innovations? How that question is answered depends on the disposition one adopts toward new inventions. Two conflicting attitudes are evident.

One disposition is known as the “precautionary principle.” Generally speaking, it refers to the belief that new innovations should be curtailed or disallowed until their developers can prove that they will not cause any harms to individuals, groups, specific entities, cultural norms, or various existing laws, norms, or traditions.

The other vision can be labeled “permissionless innovation.” It refers to the notion that experimentation with new technologies and business models should generally be permitted by default. Unless a compelling case can be made that a new invention will bring serious harm to society, innovation should be allowed to continue unabated and problems, if they develop at all, can be addressed later.

I argue that we are witnessing a grand clash of visions between these two mindsets today in almost all major technology policy discussions today. Continue reading →