Posts tagged as:

Tech Policy, Unintended Consequences & the Failure of Good Intentions

by on September 26, 2019 · 0 comments

by Andrea O’Sullivan & Adam Thierer

This essay originally appeared on The Bridge on September 25, 2019.

It is quickly becoming one of the iron laws of technology policy that by attempting to address one problem (like privacy, security, safety, or competition), policymakers often open up a different problem on another front. Trying to regulate to protect online safety, for example, might give rise to privacy concerns, or vice versa. Or taking steps to address online privacy through new regulations might create barriers to new entry, thus hurting online competition.

In a sense, this is simply a restatement of the law of unintended consequences. But it seems to be occurring with greater regularity in the technology policy today, and it serves as another good reminder why humility is essential when considering new regulations for fast-moving sectors.

Consider a few examples.

Privacy vs security & competition 

Many US states and the federal government are considering data privacy regulations in the vein of the European Union’s wide-reaching General Data Privacy Regulation (GDPR). But as early experiences with the GDPR and various state efforts can attest, regulations aimed at boosting consumer privacy can often butt against other security and competition concerns. Continue reading →

SHARE: 0 comments

California Eraser Button Passes

by on September 26, 2013 · 2 comments

California’s continuing effort to make the Internet their own digital fiefdom continued this week with Gov. Jerry Brown signed legislation that creates an online “Eraser Button” just for minors. The law isn’t quite as sweeping as the seriously misguided “right to be forgotten” notion I’ve critique here (1, 2, 3, 4) and elsewhere (5, 6) before. In any event, the new California law will:

require the operator of an Internet Web site, online service, online application, or mobile application to permit a minor, who is a registered user of the operator’s Internet Web site, online service, online application, or mobile application, to remove, or to request and obtain removal of, content or information posted on the operator’s Internet Web site, service, or application by the minor, unless the content or information was posted by a 3rd party, any other provision of state or federal law requires the operator or 3rd party to maintain the content or information, or the operator anonymizes the content or information. The bill would require the operator to provide notice to a minor that the minor may remove the content or information, as specified.

As always, the very best of intentions motivate this proposal. There’s no doubt that some digital footprints left online by minors could come back to haunt them in the future, and that concern for their future reputation and privacy is the primary motivation for the measure. Alas, noble-minded laws like these often lead to many unintended consequences, and even some thorny constitutional issues. I’d be hard-pressed to do a better job of itemizing those potential problems than Eric Goldman, of Santa Clara University School of Law, and Stephen Balkam, Founder and CEO of the Family Online Safety Institute, have done in recent essays on the issue. Continue reading →

SHARE: 2 comments

Why Mandatory Online Age Verification is So Problematic: What Expert Task Forces Have Found

by on June 18, 2012 · 4 comments

There was an important article about online age verification in The New York Times yesterday entitled, “Verifying Ages Online Is a Daunting Task, Even for Experts.” It’s definitely worth a read since it reiterates the simple truth that online age verification is enormously complicated and hugely contentious (especially legally). It’s also worth reading since this issue might be getting hot again as Facebook considers allowing kids under 13 on its site.

Just five years ago, age verification was a red-hot tech policy issue. The rise of MySpace and social networking in general had sent many state AGs, other lawmakers, and some child safety groups into full-blown moral panic mode. Some wanted to ban social networks in schools and libraries (recall that a 2006 House measure proposing just that actually received 410 votes, although the measure died in the Senate), but mandatory online age verification for social networking sites was also receiving a lot of support. This generated much academic and press inquiry into the sensibility and practicality of mandatory age verification as an online safety strategy. Personally, I was spending almost all my time covering the issue between late 2006 and mid-2007. The title of one of my papers on the topic reflected the frustration many shared about the issue: “Social Networking and Age Verification: Many Hard Questions; No Easy Solutions.”

Simply put, too many people were looking for an easy, silver-bullet solution to complicated problems regarding how kids get online and how to keep them safe once they get there. For a time, age verification became that silver bullet for those who felt that “we must do something” politically to address online safety concerns. Alas, mandatory age verification was no silver bullet. As I summarized in this 2009 white paper, “Five Online Safety Task Forces Agree: Education, Empowerment & Self-Regulation Are the Answer,” all previous research and task force reports looking into this issue have concluded that a diverse toolbox and a “layered approach” must be brought to bear on these problems. There are no simple fixes. Specifically, here’s what each of the major online child safety task forces that have been convened since 2000 had to say about the wisdom of mandatory age verification: Continue reading →

SHARE: 4 comments

Techno-Panic Cycles (and How the Latest Privacy Scare Fits In)

by on February 24, 2011 · 12 comments

[UPDATE Feb. 2012: This little essay eventually led to an 80-page working paper, “Technopanics, Threat Inflation, and the Danger of an Information Technology Precautionary Principle.”]

In this essay, I will suggest that (1) while “moral panics” and “techno-panics” are nothing new, their cycles seem to be accelerating as new communications and information networks and platforms proliferate; (2) new panics often “crowd-out” or displace old ones; and (3) the current scare over online privacy and “tracking” is just the latest episode in this ongoing cycle.

What Counts as a “Techno-Panic”?

First, let’s step back and define our terms. Christopher Ferguson, a professor at Texas A&M’s Department of Behavioral, Applied Sciences and Criminal Justice, offers the following definition: “A moral panic occurs when a segment of society believes that the behavior or moral choices of others within that society poses a significant risk to the society as a whole.” By extension, a “techno-panic” is simply a moral panic that centers around societal fears about a specific contemporary technology (or technological activity) instead of merely the content flowing over that technology or medium. In her brilliant 2008 essay on “The MySpace Moral Panic,” Alice Marwick noted: Continue reading →

SHARE: 12 comments

NetChoice Comments to FCC — Age Verification Ain’t Going to Protect No Kids

by on February 24, 2010 · 5 comments

NetChoice filed comments today with the FCC in its inquiry on Empowering Parents and Protecting Children in an Evolving Media Landscape. PFF’s comments (jointly filed w/ EFF as described in their TLF post) are comprehensive, excellent, and very highly recommended (well done Adam and Berin). I took a narrower approach. My goal was to dismiss age and parental verification as a tool to keep kids safe online:

Teens are very active users of Internet websites. To verify parental consent, parents would have to provide identifying data (most often credit card information) to a myriad of sites and services. This would require private companies to store vast amounts of parents’ personal information and, by doing so, increase customers’ vulnerability to security breaches and identity theft. According to the Berkman study, “there are significant potential privacy concerns and security issues given the type and amount of data aggregated and collected by the technology solutions….” Many online companies have moved away from collecting and storing this type of data for good reason.

Like the comments filed jointly by PFF and EFF, I also asserted that the FCC lacks jurisdiction to regulate online media platforms. Neither the Telecommunications Act of 1996 nor the Children’s Television Act of 1990 provides the Commission with the authority to regulate online media content. Furthermore, if the FCC were to pursue regulation of the Internet in the same manner it regulates broadcast and cable television, we believe there would be serious first amendment implications.

Not sure where the FCC can go with this NOI (at least as it regards the Internet) but that’s the scariness of it all.

SHARE: 5 comments

Son of COPA?: H.R. 4059, “The Online Age Verification and Child Safety Act”

by on November 18, 2009 · 9 comments

Rep. Bart Stupak, (D-MI) recently introduced the ‘‘Online Age Verification and Child Safety Act’’ (H.R. 4059), which would require mandatory online age verification for “any pornographic website accessible by any computer located within the United States to display any pornographic material, including free content that may be available prior to the purchase of a subscription or product.”  The measure does not specify how such verification is to be administered, saying only that “any website or online service” must “establish and maintain a system of internal policies, procedures and controls to ensure that no such material is displayed to any user attempting to access their site without first verifying that the user is 18 years or older.”

In essence, the Stupak bill is the “Son of COPA,” or the Child Online Protection Act of 1998, a law that has been constitutionally tested and come up short during an epic, decade-long legal battle in which it was made clear that mandatory age verification is unwise, unworkable, and unconstitutional under the First Amendment.

COPA sought to make it a crime for someone to “knowingly” place materials online that were “harmful to minors.” The law provided an affirmative defense from prosecution, however, to those parties who made a “good faith” effort to “restrict[ ] access by minors to material that is harmful to minors” using credit cards or age verification schemes. COPA was immediately challenge, however, and a 10-year court battle ensued.  The law was blocked by lower courts because it was too sweeping in effect and because courts held that there were other “less restrictive means” that parents could use to deal with objectionable content — such as Internet filters.

COPA’s decade-long legal battle finally concluded in January 2009 when the U.S. Supreme Court refused to revisit the law.  COPA had already been reviewed by the Supreme Court twice before — in 2002 and 2004.  Thus, a third visit to the Supreme Court by COPA would have been something of a historical development in the world of First Amendment jurisprudence. But with the Supreme Court’s rejection of the government’s appeal in January, lower court rulings stood and COPA remained unconstitutional and unenforceable. The key recent legal battle occurred in the Third Circuit Court of Appeals, which upheld a lower court ruling striking down COPA. The Third Circuit’s full decision is here. And I penned a 3-part series on the lower court ruling by Judge Lowell Reed Jr., senior judge of the U.S. District Court for the Eastern District of Pennsylvania, here, here, and here. Also make sure to check out this summary of COPA’s legal journey that Alex Harris penned last November.

Many, many times here before I have documented my serious ongoing reservations about mandatory age verification.  [In particular, see this lengthy white paper and this event transcript for all the details.]  Moreover, as I pointed out in a recent PFF white paper (“Five Online Safety Task Forces Agree: Education, Empowerment & Self-Regulation Are the Answer“), every major online safety task force that has studied the possibility of mandatory age verification for the Internet has come to the same conclusion: It won’t work, it’s unconstitutional, and it raises serious privacy concerns. Down below the fold I have pulled some of the relevant language from the five online safety task forces that have met since 2000 and considered this issue.  Continue reading →

SHARE: 9 comments

Transcript of 7/27 PFF Event on Child Safety, Privacy, and Free Speech

by on August 18, 2009 · 5 comments

On July 27th, The Progress & Freedom Foundation hosted a Capitol Hill panel discussion entitled “Online Child Safety, Privacy, and Free Speech: An Overview of Challenges in Congress & the States.” The event featured remarks from:

  • Parry Aftab, Executive Director, WiredSafety.org
  • Todd Haiken, Senior Manager of Policy, Common Sense Media
  • Jim Halpert, Partner, DLA Piper
  • Berin Szoka, Senior Fellow, The Progress & Freedom Foundation

We’ve just released the transcript of the event, which I have also pasted down below the fold in a Scribd document reader. Also, the audio for this event can be heard by clicking below:

Download mp3

Here is the full event description: Continue reading →

SHARE: 5 comments

“Parental Controls & Online Child Protection” PFF special report (Version 4.0 Release)

by on July 27, 2009 · 18 comments

ThiererBookCover062007The latest edition (Version 4.0) of my PFF special report on “Parental Controls and Online Child Protection: A Survey of Tools & Methods” is now up.  For those not familiar with the report, it explores the market for parental control tools, rating schemes, education and media literacy efforts, and various other tools, methods, and initiatives aimed at promoting online child safety.  After evaluating that state of this market, I conclude: “There has never been a time in our nation’s history when parents have had more tools and methods at their disposal to help them decide what constitutes acceptable media content in their homes and in the lives of their children.”  Moreover, I believe that the parental controls and content management tools cataloged in the report represent a better, less restrictive alternative to government regulation.

Version 4.0 of the report is now over 250 pages long (up from 200 pages in Version 3.0) and it contains almost 70 exhibits (up from 50), 725 references (up from roughly 500), and numerous updates in all five sections of the book. Major updates have been made to the Internet, social networking, and mobile media sections, reflecting the growing importance of those sectors and issues. Other new sections or appendices have also been added to the report, including:

  • a new section examining how many households really need parental control tools;
  • a new appendix on the downsides of mandatory parental controls and restrictive default settings;
  • a new section on the dangers of “deputizing the online middleman” solution as an approach to solving child safety concerns;
  • a new appendix reviewing the findings of 5 past online safety task forces;
  • … and much more.

I issue major updates once a year and 1 or 2 minor tweaks during the course of the year to reflect the evolution of the parental control and online child safety marketplace and debate. The report is available free-of-charge on the PFF website, and the previous editions of the report are housed there too in case you want to see how it has evolved over the past couple of years. For those interested in taking a quick look at the report, I have embedded it down below the fold as a Scribd file. Finally, as is always the case, I encourage readers to send me updates and suggestions for how to improve the report and I will incorporate them into future versions. Continue reading →

SHARE: 18 comments

Maine Adopts COPPA 2.0 Law Heavily Restricting Marketing to Kids

by on July 26, 2009 · 19 comments

Maine has just enacted a law severely restricting marketing to kids: the Act To Prevent Predatory Marketing Practices against Minors, summarized by Covington & Burling. Adam and I released a major paper in June about such laws: COPPA 2.0: The New Battle over Privacy, Age Verification, Online Safety & Free Speech. Maine is following the lead of several other states that have tried to expand the Children’s Online Privacy Protection Act (COPPA) of 1998 to cover nost just kids under 13 but adolescents as well and potentially all social networking sites. We discussed at length the problems such laws create, particularly the possibility that large numbers of adults would, for the first time, be subject to age verification mandates before accessing (or participating in) the growing range of sites with social networking capabilities.  This, in turn, would significantly “chill” free speech online by undermining anonymity.

Like COPPA 2.0 proposals in New Jersey (simply extending COPPA to cover adolescents) and Illinois (applying COPPA to most social networking sites), the Maine law tries to build on COPPA’s “verifiable parental consent” requirement for the 13-17 audience as well as those under 13.

On the one hand, the Maine law goes much further than these other COPPA 2.0 proposals. While the original bill was limited to the Internet and wireless communications, the final bill’s scope applies to all communications.  The bill also covers “health-related” information (HRI) as well as “personal information” (PI). On the other hand, the Maine law is thus somewhat narrower than other COPPA 2.0 proposals and COPPA itself in that it applies only to “marketing or advertising products, goods or services.” While COPPA is commonly misunderstood to cover only marketing, it actually covers essentially any “collection” (broadly defined) of personal information from kids for any purpose—including merely giving kids access to communications functionality that might let them share personal information with other users (even if the site itself is not “collecting” that information in the commonly understood sense).

Continue reading →

SHARE: 19 comments

A Right to Anonymous Speech but Not a Right to Sue for Outing

by on June 16, 2009 · 4 comments

The Gawker offers a fascinating discussion of the legal right to anonymity:

“There is clearly a moral case that some people should be able to join the public debate and retain their anonymity,” Tench told Gawker. “And I think this will have a chilling effect. Blogs like this can only exist anonymously, and I imagine that anyone who wanted to set one up is thinking about this case.” As well they should. But the notion that anonymous publishers have a right, in perpetuity, to keep their identities a secret—or that people who learn their identities are honor-bound not to reveal them—is nonsense.

Amen! One can resist, fiercely, government efforts to reduce online anonymity through age verification or identity authentication mandates, as Adam Thierer have argued most recently in our work about efforts to expand COPPA to cover adolescents (“COPPA 2.0,” which would indirectly mandate age verification for large numbers of adults for the first time).  One might even argue that there are moral reasons to resist the urge to out pseudonymous/anonymous bloggers (just as one might avoid outing closeted gays out of respect for their privacy).   But one need not accept the pernicious idea that the government should punish the outing of peusodonymous/anonymous writers, which is simply a restraint on legitimate free speech.

This exchange, cited by the Gawker article, is particularly interesting, and demonstrates how one can distinguish the question of whether outing is “right” or “appropriate” from the question of whether it should be punished by law:

When the National Review‘s Ed Whelan revealed Publius, who writes for Obsidian Wingsto be a professor of law at the South Texas College of Law named John F. Blevins earlier this month, the palpable online outrage forced Whelan to apologize.

SHARE: 4 comments

← Previous Entries