It was my honor today to be a panelist at a Hill event on “Apps, Ads, Kids & COPPA: Implications of the FTC’s Additional Proposed Revisions,” which was co-sponsored by the Family Online Safety Institute and the Association for Competitive Technology. It was a free-wheeling discussion, but I prepared some talking points for the event that I thought I would share here for anyone interested in my views about the Federal Trade Commission’s latest proposed revisions to the Children’s Online Privacy Protection Act (COPPA).
________
The Commission deserves credit for very wisely ignoring calls by some to extend the coverage of COPPA’s regulatory provisions from children under 13 all the way up to teens up to 18.
- that would have been a constitutional and technical enforcement nightmare. But the FTC realized that long ago and abandoned any thought of doing that. So that is a huge win since we won’t be revisiting the COPA age verification wars.
- That being said, each tweak or expansion of COPPA, the FTC opens the door a bit wider to a discussion of some sort age verification or age stratification scheme for the Internet.
- And we know from recent AG activity (recall old MySpace age verification battle) and Hill activity (i.e. Markey-Barton bill) that there remains an appetite for doing something more to age-segment Internet populations
Continue reading →
I liked the title of this new Cecilia Kang article in the Washington Post: “In Silicon Valley, Fast Firms and Slow Regulators.” Kang notes:
As federal regulators launch fresh investigations into Silicon Valley, their history of drawn-out cases has companies on edge. In taking on an industry that moves at lightening speed, federal officials risk actions that could appear to be too heavy-handed or embarrassingly outdated, some analysts and antitrust experts say.
For example, she cites ongoing regulatory oversight of Microsoft and MySpace, even though both companies have fallen from the earlier King of the Hill status in their respective fields. Kang notes that some “want the government to aggressively pursue abusive practices but question whether antitrust laws are too dated to rein in firms that are continually redefining themselves and using their dominance in one arena to press into others.”
Simply put, antitrust can’t keep up with an economy built on Moore’s Law, which refers to the rule of thumb that the processing power of computers doubles roughly every 18 months while prices remain fairly constant. This issue has been the topic of several of my Forbes columns over the past year, as well as several other essays I’ve written here and elsewhere. [See the list at bottom of this essay.] Moore’s Law has been a relentless regulator of markets and has helped keep the power of “tech titans” in check better than any Beltway regulator ever could. As I noted here before in my essay, “Antitrust & Innovation in the New Economy: The Problem with the Static Equilibrium Mindset“: Continue reading →
There was an important article about online age verification in The New York Times yesterday entitled, “Verifying Ages Online Is a Daunting Task, Even for Experts.” It’s definitely worth a read since it reiterates the simple truth that online age verification is enormously complicated and hugely contentious (especially legally). It’s also worth reading since this issue might be getting hot again as Facebook considers allowing kids under 13 on its site.
Just five years ago, age verification was a red-hot tech policy issue. The rise of MySpace and social networking in general had sent many state AGs, other lawmakers, and some child safety groups into full-blown moral panic mode. Some wanted to ban social networks in schools and libraries (recall that a 2006 House measure proposing just that actually received 410 votes, although the measure died in the Senate), but mandatory online age verification for social networking sites was also receiving a lot of support. This generated much academic and press inquiry into the sensibility and practicality of mandatory age verification as an online safety strategy. Personally, I was spending almost all my time covering the issue between late 2006 and mid-2007. The title of one of my papers on the topic reflected the frustration many shared about the issue: “Social Networking and Age Verification: Many Hard Questions; No Easy Solutions.”
Simply put, too many people were looking for an easy, silver-bullet solution to complicated problems regarding how kids get online and how to keep them safe once they get there. For a time, age verification became that silver bullet for those who felt that “we must do something” politically to address online safety concerns. Alas, mandatory age verification was no silver bullet. As I summarized in this 2009 white paper, “Five Online Safety Task Forces Agree: Education, Empowerment & Self-Regulation Are the Answer,” all previous research and task force reports looking into this issue have concluded that a diverse toolbox and a “layered approach” must be brought to bear on these problems. There are no simple fixes. Specifically, here’s what each of the major online child safety task forces that have been convened since 2000 had to say about the wisdom of mandatory age verification: Continue reading →
Andrew Orlowski of The Register (U.K.) recently posted a very interesting essay making the case for treating online copyright and privacy as essentially the same problem in need of the same solution: increased property rights. In his essay (“‘Don’t break the internet’: How an idiot’s slogan stole your privacy“), he argues that, “The absence of permissions on our personal data and the absence of permissions on digital copyright objects are two sides of the same coin. Economically and legally they’re an absence of property rights – and an insistence on preserving the internet as a childlike, utopian world, where nobody owns anything, or ever turns a request down. But as we’ve seen, you can build things like libraries with permissions too – and create new markets.” He argues that “no matter what law you pass, it won’t work unless there’s ownership attached to data, and you, as the individual, are the ultimate owner. From the basis of ownership, we can then agree what kind of rights are associated with the data – eg, the right to exclude people from it, the right to sell it or exchange it – and then build a permission-based world on top of that.”
And so, he concludes, we should set aside concerns about Internet regulation and information control and get down to the business of engineering solutions that would help us property-tize both intangible creations and intangible facts about ourselves to better shield our intellectual creations and our privacy in the information age. He builds on the thoughts of Mark Bide, a tech consultant:
For Bide, privacy and content markets are just a technical challenges that need to be addressed intelligently.”You can take two views,” he told me. “One is that every piece of information flowing around a network is a good thing, and we should know everything about everybody, and have no constraints on access to it all.” People who believe this, he added, tend to be inflexible – there is no half-way house. “The alternative view is that we can take the technology to make privacy and intellectual property work on the network. The function of copyright is to allow creators and people who invest in creation to define how it can be used. That’s the purpose of it. “So which way do we want to do it?” he asks. “Do we want to throw up our hands and do nothing? The workings of a civilised society need both privacy and creator’s rights.” But this a new way of thinking about things: it will be met with cognitive dissonance. Copyright activists who fight property rights on the internet and have never seen a copyright law they like, generally do like their privacy. They want to preserve it, and will support laws that do. But to succeed, they’ll need to argue for stronger property rights. They have yet to realise that their opponents in the copyright wars have been arguing for those too, for years. Both sides of the copyright “fight” actually need the same thing. This is odd, I said to Bide. How can he account for this irony? “Ah,” says Bide. “Privacy and copyright are two things nobody cares about unless it’s their own privacy, and their own copyright.”
These are important insights that get at a fundamental truth that all too many people ignore today: At root, most information control efforts are related and solutions for one problem can often be used to address others. But there’s another insight that Orlowski ignores: Whether we are discussing copyright, privacy, online speech and child safety, or cybersecurity, all these efforts to control the free flow of digitized bits over decentralized global networks will be increasingly complex, costly, and riddled with myriad unintended consequences. Importantly, that is true whether you seek to control information flows through top-down administrative regulation or by assigning and enforcing property rights in intellectual creations or private information.
Let me elaborate a bit (and I apologize for the rambling mess of rant that follows).
Yesterday on TechCrunch, Josh Constine posted an interesting essay about how some in the press were “Selling Digital Fear” on the privacy front. His specific target was The Wall Street Journal, which has been running an ongoing investigation of online privacy issues with a particular focus on online apps. Much of the reporting in their “What They Know” series has been valuable in that it has helped shine light on some data collection practices and privacy concerns that deserve more scrutiny. But as Constine notes, sometimes the articles in the WSJ series lack sufficient context, fail to discuss trade-offs, or do not identify any concrete harm or risk to users. In other words, some of it is just simple fear-mongering. Constine argues:
Reality has yet to stop media outlets from yelling about privacy, and because the WSJ writers were on assignment, they wrote the “Selling You On Facebook” hit piece despite thin findings. These kind of articles can make mainstream users so worried about the worst-case scenario of what could happen to their data, they don’t see the value they get in exchange for it. “Selling You On Facebook” does bring up the important topic of how apps can utilize personal data granted to them by their users, but it overstates the risks. Yes, the business models of Facebook and the apps on its platform depend on your personal information, but so do the services they provide. That means each user needs to decide what information to grant to who, and Facebook has spent years making the terms of this value exchange as clear as possible.
“While sensationalizing the dangers of online privacy sure drives page views and ad revenue,” Constine also noted, “it also impedes innovation and harms the business of honest software developers.” These trade-offs are important because, to the extent policymakers get more interested in pursing privacy regulations based on these fears, they could force higher prices or less innovation upon us with very little benefit in exchange.
Of course, the press generating hypothetical fears or greatly inflating dangers is nothing new. We have seen it happen many times in the past and it can be seen at work in many other fields today (online child safety is a good example). In my recent 80-page paper on “Technopanics, Threat Inflation, and the Danger of an Information Technology Precautionary Principle,” I discussed how and why the press and other players inflate threats and sell fear. Here’s a passage from my paper: Continue reading →
I want to highly recommend everyone watch this interesting new talk by danah boyd on “Culture of Fear + Attention Economy = ?!?!” In her talk, danah discusses “how fear gets people into a frenzy” or panic about new technologies and new forms of culture. “The culture of fear is the idea that fear can be employed by marketers, politicians, the media, and the public to really regulate the public… such that they can be controlled,” she argues. “Fear isn’t simply the product of natural forces. It can systematically be generated to entice, motivate, or suppress. It can be leveraged as a political tool and those in power have long used fear for precisely these goals.” I discuss many of these issues in my new 80-page white paper, “Technopanics, Threat Inflation, and the Danger of an Information Technology Precautionary Principle.“
Webstock ’12: danah boyd – Culture of Fear + Attention Economy = ?!?! from Webstock on Vimeo.
danah points out that new media is often leveraged to generate fear and so we should not be surprised when the Internet and digital technologies are used in much the same way. She also correctly notes that our cluttered, cacophonous information age might also be causing an escalation of fear-based tactics. “The more there are stimuli competing for your attention, the more likely it is that fear is going to be the thing that will drive your attention” to the things that some want you to notice or worry about.
I spent some time in my technopanics paper discussing this point in Section III.C (“Bad News Sells: The Role of the Media, Advocates, and the Listener.”) Here’s the relevant passage: Continue reading →
In their paper, “Loving the Cyber Bomb? The Dangers of Threat Inflation in Cybersecurity Policy,” my Mercatus Center colleagues Jerry Brito and Tate Watkins warned of the dangers of “threat inflation” in cybersecurity policy debates. In early 2011, Mercatus also published a paper by Sean Lawson, an assistant professor in the Department of Communication at the University of Utah, entitled “Beyond Cyber Doom” that documented how fear-based tactics and cyber-doom scenarios and rhetoric increasingly were on display in cybersecurity policy debates. Finally, in my recent Mercatus Center working paper, “Technopanics, Threat Inflation, and the Danger of an Information Technology Precautionary Principle,” I extended their threat inflation analysis and developed a comprehensive framework offering additional examples of, and explanations for, threat inflation in technology policy debates.
These papers make it clear that a sort of hysteria has developed around cyberwar and cybersecurity issues. Frequent allusions are made in cybersecurity debates to the potential for a “Digital Pearl Harbor,” a “cyber cold war,” a “cyber Katrina,” or even a “cyber 9/11.” These analogies are made even though these historical incidents resulted in death and destruction of a sort not comparable to attacks on digital networks. Others refer to “cyber bombs” even though no one can be “bombed” with binary code. And new examples of such inflationary rhetoric seem to emerge each day. Continue reading →
[UPDATE: 2/14/2013: As noted here, this paper was published by the Minnesota Journal of Law, Science & Technology in their Winter 2013 edition. Please refer to that post for more details and cite this final version of the paper going forward.]
I’m pleased to report that the Mercatus Center at George Mason University has just released my huge new white paper, “Technopanics, Threat Inflation, and the Danger of an Information Technology Precautionary Principle.” I’ve been working on this paper for a long time and look forward to finding it a home in a law journal some time soon. Here’s the summary of this 80-page paper:
Fear is an extremely powerful motivating force, especially in public policy debates where it is used in an attempt to sway opinion or bolster the case for action. Often, this action involves preemptive regulation based on false assumptions and evidence. Such fears are frequently on display in the Internet policy arena and take the form of full-blown “technopanic,” or real-world manifestations of this illogical fear. While it’s true that cyberspace has its fair share of troublemakers, there is no evidence that the Internet is leading to greater problems for society.
This paper considers the structure of fear appeal arguments in technology policy debates and then outlines how those arguments can be deconstructed and refuted in both cultural and economic contexts. Several examples of fear appeal arguments are offered with a particular focus on online child safety, digital privacy, and cybersecurity. The various factors contributing to “fear cycles” in these policy areas are documented.
To the extent that these concerns are valid, they are best addressed by ongoing societal learning, experimentation, resiliency, and coping strategies rather than by regulation. If steps must be taken to address these concerns, education and empowerment-based solutions represent superior approaches to dealing with them compared to a precautionary principle approach, which would limit beneficial learning opportunities and retard technological progress.
The complete paper can be found on the Mercatus site here, on SSRN, or on Scribd. I’ve also embedded it below in a Scribd reader. Continue reading →
I enjoyed this new piece by Matt Welch over at Reason about the uses and abuses of the “if we can put a man on the moon” metaphor. “There’s no escaping the moonshot in contemporary political discourse,” Welch notes. Indeed, in the field of technology policy, we hear the old “if we can put a man on the moon, then we can [fill in the blank]… ” line with increasing regularity.
For example, just a few years ago, in the midst of the social networking “predator panic,” several state Attorneys General, led by Roy Cooper of North Carolina and Richard Blumenthal of Connecticut, pushed aggressively for a mandatory online age verification scheme. At several points during the debate, Blumenthal, now a U.S. Senator, argued that “The technology is available. The solution is financially feasible, practically doable. If we can put a man on the moon, we can check ages of people on these Web sites,” he claimed. Of course, just saying so doesn’t make it true. As I noted in a big paper on the issue, online age verification is extremely complicated, likely even impossible, and history has shown that no technological control is foolproof. Moreover, attempts to impose authentication and identification schemes would have numerous trade-offs and unintended consequences, especially for online anonymity, privacy, and free speech. A subsequent report by the Harvard-based blue ribbon Internet Safety Technical Task Force (ISTTF) showed why that was the case. Continue reading →
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.