Robert Scoble, Startup Liaison Officer at Rackspace discusses his recent book, Age of Context: Mobile, Sensors, Data and the Future of Privacy, co-authored by Shel Israel. Scoble believes that over the next five years we’ll see a tremendous rise in wearable computers, building on interest we’ve already seen in devices like Google Glass. Much like the desktop, laptop, and smartphone before it, Scoble predicts wearable computers represent the next wave in groundbreaking innovation. Scoble answers questions such as: How will wearable computers help us live our lives? Will they become as common as the cellphone is today? Will we have to sacrifice privacy for these devices to better understand our preferences? How will sensors in everyday products help companies improve the customer experience?

Download

Related Links

• Age of Context: Mobile, Sensors, Data and the Future of Privacy , Amazon
• Naked Conversations: How Blogs are Changing the Way Businesses Talk with Customers, Amazon
• The Rackspace Blog & Newsroom, Scoble

It was my pleasure last night to take part in an hour-long conversation on “Privacy, Security, and the Digital Age,” which was co-sponsored by Mediaite and the Koch Institute. The discussion focused on a wide range of issues related to government surveillance powers, Big Data, and the future of privacy. It opened with dueling remarks from former U.S. Ambassador to the U.N. John Bolton and Ben Wizner of the ACLU. You can view their respective remarks here.

I then sat on a panel that included Atlantic Media CTO Tom Cochrane and Michael R. Nelson, who is affiliated with with Bloomberg Government and Georgetown University. The entire session was expertly moderated by Andrew Kirell of Mediaite. He did an amazing job facilitating the discussion. Anyway, the videos for my panel are below, split into two parts.  My comments focused heavily on the importance of separating the government uses of data from private sector uses and explaining the need to create a high and tight firewall between State and Industry when it comes to information sharing. I also argued that we will never get a handle on government-related privacy concerns until we get control of the scope of government power. I used the example of the drug war and our government’s constantly-expanding militaristic activities both abroad and here at home. So long as government is expanding without any rational, constitutional constraint, we are going to have serious surveillance and privacy problems. (See this essay, “It’s About Power, not Privacy,” by my colleague Eli Dourado for more on that theme.)

I cannot in strong enough terms recommend that everyone read Gordon Crovitz’s latest Wall Street Journal column, “Free Speech, Now that Speech is Free.”  It perfectly encapsulates everything we stand for here and makes the case that I have made again and again: Speech regulation — of all flavors — makes less and less sense in a world of information abundance and user empowerment, and it is a complete affront to our First Amendment rights.  As Crovitz argues:

The Constitution was drafted at a time when there were few media outlets, and few people could be heard. Since then, technology has made it possible for everyone to express their views. The cost of expressing opinions continues to fall. Now that speech is no longer expensive, it’s time to return to the Founders’ intention that speech be free and that Congress not abridge anyone’s right to speak.

Amen brother!  In his essay today, Crovitz specifically takes on America’s increasingly insane campaign finance laws, which make a mockery of the First Amendment.  In the wake of last week’s Supreme Court arguments in the Citizens United case, Crovitz points out the insulting stupidity and sheer futility of these analog era, scarcity-oriented laws:

In the era of YouTube and Facebook, the notion that anyone or any institution can dominate political debate is quaint at best. After last week’s Supreme Court argument, key parts of McCain-Feingold seem likely to be overturned. The justices are legal experts, not technologists, but in protecting constitutional rights, they know they are operating in a very different information environment than existed earlier in the decade. Lively political debate is supposed to benefit everyone—with the occasional exception of incumbent officeholders who are not re-elected. But McCain-Feingold banned the broadcast or transmission by cable or satellite of “electioneering communications” paid for by corporations in the 30 days before a presidential primary or 60 days before the general election. This always raised a First Amendment issue. The issue now goes deeper: How can any regulation based on an assumption of information scarcity be justified in an era of information abundance?

Absolutely, 100% right.  As I pointed out in my old City Journal essay, “The Media Cornucopia“:

Throughout most of history, humans lived in a state of extreme information poverty. News traveled slowly, field to field, village to village. Even with the printing press’s advent, information spread at a snail’s pace. Few knew how to find printed materials, assuming that they even knew how to read. Today, by contrast, we live in a world of unprecedented media abundance that once would have been the stuff of science-fiction novels. We can increasingly obtain and consume whatever media we want, wherever and whenever we want: television, radio, newspapers, magazines, and the bewildering variety of material available on the Internet.

And yet, despite these wonderful developments, we still have Washington policymakers and regulators conditioning speech rights on the supposed “scarcity” of viewpoints or soapboxes to stand on.  What utter rubbish.  Of course, that hasn’t stopped many regulatory activist groups from continuing to use such logic in favor of expanded media regulation.

Regardless, Crovitz suggests that, with any luck, we could get a replay of what happened to the Fairness Doctrine:

The likely demise of McCain-Feingold echoes the fate of the Fairness Doctrine. The Federal Communications Commission in 1949 required holders of broadcast licenses to present all sides of controversial topics. There were few broadcast outlets and at least arguably a risk of one-sided debates. The rule was abolished in 1987 as channels grew. With hundreds of cable channels and endless uploads of videos to the Web, it would be impossible to enforce “fairness” even if bureaucrats could track how much of which views were being expressed.

We can only hope that the course of human events follows that same trajectory and policymakers come around to once again realizing the error of their past ways.

What Unites Advocates of Speech Controls & Privacy Regulation? [pdf]

by Adam Thierer & Berin Szoka The Progress & Freedom Foundation, Progress on Point No. 16.19

Anyone who has spent time following debates about speech and privacy regulation comes to recognize the striking parallels between these two policy arenas. In this paper we will highlight the common rhetoric, proposals, and tactics that unite these regulatory movements. Moreover, we will argue that, at root, what often animates calls for regulation of both speech and privacy are two remarkably elitist beliefs:

1. People are too ignorant (or simply too busy) to be trusted to make wise decisions for themselves (or their children); and/or,
2. All or most people share essentially the same values or concerns and, therefore, “community standards” should trump household (or individual) standards.

While our use of the term “elitism” may unduly offend some understandably sensitive to populist demagoguery, our aim here is not to launch a broadside against elitism as Time magazine culture critic William H. Henry once defined it: “The willingness to assert unyieldingly that one idea, contribution or attainment is better than another.”^[1] Rather, our aim here is to critique that elitism which rises to the level of political condescension and legal sanction. We attack not so much the beliefs of some leaders, activists, or intellectuals that they have a better idea of what it in the public’s best interest than the public itself does, but rather the imposition of those beliefs through coercive, top-down mandates.

That sort of elitism—elitism enforced by law—is often the objective of speech and privacy regulatory advocates. Our goal is to identify the common themes that unite these regulatory movements, explain why such political elitism is unwarranted, and make it clear how it threatens individual liberty as well as the future of free and open Internet. As an alternative to this elitist vision, we advocate an empowerment agenda: fostering an environment in which users have the tools and information they need to make decisions for themselves and their families.

I. The Elitism of Speech Regulation

First, consider how those two elitist beliefs identified above are on display when lawmakers or regulatory advocates make efforts to control speech or content.^[2] Calls to regulate free speech are often premised on the belief that something must be done to “protect The Children.”^[3] Personal and parental responsibility ^[4] are regarded as inadequate safeguards ^[5] since some parents will inevitably fall down on the job by not adequately shielding their children’s eyes and ears from potentially objectionable (or supposedly harmful) speech. Therefore, government must regulate content that is indecent, profane, excessively violent, and so on. The definition of those things is then left to unelected bureaucrats and judges to make on our behalf.

But it’s not just about “The Children.” Some regulatory advocates believe that even the choices made by consenting adults must be disregarded because some people fail to understand the supposedly destructive nature of the speech they are consuming. Government must act to protect people from making what some regulatory advocates regard as destructive or even immoral choices that could bring harm to them or their loved ones.

In sum, regulatory advocates are essentially saying that people cannot be trusted or left to their own devices and, therefore, government must intervene and establish a baseline “community standard” on behalf of the entire citizenry to tell them what‘s best for them.^[6] Even if those citizens have tools and information at their disposal to make sensible decisions about objectionable content, that’s not good enough because they might not do the job properly. Government must do it for them!

II. The Elitism of Privacy Regulation

This same mentality motivates calls for privacy regulations. Those who call for government interventions to “protect privacy” often claim that people too willingly surrender personal information about themselves and that they don’t understand the adverse consequences of those actions.^[7] Alternatively, regulatory advocates claim that advertising and marketing efforts are inherently “manipulative” and that people do not realize they are being duped into surrendering personal information or into buying products or services they supposedly don’t need.^[8] Of course, those regulatory advocates rarely pause to explain to us how it is that they were not also duped and manipulated by the same things—again revealing their deeply-rooted elitism! (As discussed below, this makes it clear how the psychological phenomenon of “third-person effect hypothesis” is driving much of this debate.)

“Protecting The Children” is also used as a rhetorical cover for regulation here, but not as often in debates over speech controls.^[9] Instead, regulatory advocates mostly focus on adults who are presumed not to know what is in their own best interest—necessitating paternalistic government intervention on their behalf.

III. Intellectual Schizophrenia on Both the Left & Right

What is particularly interesting about all this is the way these two issues expose a sort of intellectual schizophrenia at work on both the Left and Right of the political spectrum. Left-leaning policymakers and intellectuals typically decry censorship efforts (except where “commercial speech,” “hate speech” and “bias” are at issue), but are quick to rally around proposals to layer privacy regulations on the Internet. The opposite is often true of many on the Right of the political spectrum: They typically declare privacy regulations to be paternalistic and antithetical to free enterprise (or perhaps just erosive of efforts to legislate morality),^[10] but in the next breath advocate controls on content they find objectionable.

Few on either side stop to consider the relationship between speech and privacy. In fact, they are but two sides of the same coin. After all, what is your “right to privacy” but a right to stop me from observing you and speaking about you?^[11] “Protecting privacy,” therefore, typically means restricting speech rights in the process. Advocates of privacy regulation often insist that the use, processing and collection of information are “conduct” unprotected by the First Amendment, but in fact, the First Amendment broadly protects the gathering and distribution of information as part of the process of communication (“speech”).^[12] Similarly, attempts to “clean up” speech or “protect The Children,” often require regulations that would betray the privacy of adults by expanding the role of government, and impose serious burdens on businesses and markets—such as age verification mandates ^[13] or extensive data retention requirements.^[14]

IV. Common Tactics & Regulatory Mechanisms

The two movements also share common political tactics and regulatory approaches. Privacy advocates generally favor “opt-in” mandates as the federal “baseline standard” for any website collecting information about users, especially their browsing habits (regardless of whether the information is “personally identifiable”). In other words, the law would create a property right in such “personal information” (ironically, many advocates of this approach criticize or reject intellectual property.) In a similar vein, many advocates of speech controls push for mandatory parental control tools or restrictive default settings.^[15] That is, if government won’t censor speech outright, regulatory advocates want lawmakers to at least (1) require that media, computing and communications devices be shipped to market with parental controls embedded or included (as proposed in Australia and with China’s “Green Dam” filter),^[16] and possibly, (2) that such controls be defaulted to their most restrictive position—forcing users to opt-out of the controls later if they want to consume media rated above a certain threshold.

More sophisticated advocates of speech controls and privacy regulation will likely argue that their paternalism is less elitist or intrusive because they merely want to “nudge” the public into making “better” decisions. Economist Richard Thaler and legal scholar Cass Sunstein (director of President Obama’s Office of Information and Regulatory Affairs, responsible for analyzing most new federal regulations) popularized this approach with their 2008 book Nudge: Improving Decisions about Health, Wealth, and Happiness. Based on behavioral economics studies, they argue that both government and private actors must inevitably make decisions about “choice architecture” and that, by setting defaults, incentives and rules smartly, “choice architects” can and should improve decision-making without blocking, fencing-off or significantly burdening choices.^[17]

In this regard, Sunstein and Thaler’s approach parallels the work of Lawrence Lessig, one of the most influential Internet policy thinkers. Lessig has argued that the “architecture” of “code” (how software is written) “regulates” all online activities and requires government oversight and intervention to keep in check. Otherwise, he warned ominously a decade ago, “Left to itself, cyberspace will become a perfect tool of control.”^[18] Lessig’s hyper-pessimistic predictions have proven unwarranted, however. Far from fostering a world of “perfect control,” code and cyberspace have proven remarkably difficult to regulate, but nonetheless has generally benefited consumers and citizens without centralized direction.^[19] Still, Lessig, Sunstein, and others of this ilk persist in their advocacy of “nudges” of many varieties to impose their will on cyberspace through mandates from above.

But while it might be possible to define “better decisions” and argue that poor choice architecture leads people to choose things they clearly don’t want in contexts like investment decisions and mortgages, how can elites know what other people really want in highly subjective contexts like privacy and speech? Should they rely on opinion polls—the highly subjective results of which depend heavily on “choice architecture” of question-crafting—to guess what the right default should be?^[20] Was the Chinese proposal to mandate deployment of “Green Dam” just a harmless “nudge” because users weren’t barred from uninstalling the filtering software that must accompany their computers (i.e., “opting-out”)? The problem becomes even more difficult where trade-offs among competing values are inevitable. For example, data collection about Internet users raises privacy concerns for some but benefits all, creating more funding for “free” content (i.e., speech) and services users prefer by making more valuable the advertising that supports online publishers. In short, regulations of speech and privacy are likely to be pure paternalism, even when billed as “libertarian paternalism as Thaler and Sunstein label their approach.^[21]

What might be called “regulatory blackmail” is also a time-honored tradition among both advocates of speech controls and privacy regulation. When censorship advocates have previously been impeded by the First Amendment, they have worked behind the scenes with lawmakers or regulatory agencies to use indirect pressure and strong-arming tactics to extract “voluntary concessions” from companies or others.^[22] For example, in 2004, the FCC strong-armed radio giant Clear Channel into agreeing to a “voluntary” consent decree that involved taking Howard Stern off the air.^[23] Similarly, in 2008, XM and Sirius Satellite Radio finally agreed to set aside 4% of their system capacity for use by politically favored racial minorities (a kind of speech control) as a “voluntary condition” of their merger—after the FCC had sat on their application for nearly 16 months.^[24] This race-based preference would have been unconstitutional if the FCC had imposed it directly.^[25] While the FTC has been far less prone to such abuse and actually plays a key role in holding companies to their promises, its current Chairman, Jon Leibowitz, has hung the “regulatory sword of Damocles” over the heads of the online advertising industry, threatening them with a “day of reckoning” if he doesn’t get what he wants from industry self-regulatory efforts.”^[26] The sword could actually fall if the FTC turns self-regulation into the European model of “co-regulation,” where the government steers and industry simply rows.^[27]

V. The Crisis Mentality that Drives Regulation

Speech and privacy regulatory advocates share another trait in common: an affinity for the use of a crisis mentality as a method of spurring political action. In his 1995 book The Vision of the Anointed: Self-Congratulation as a Basis for Social Policy, political philosopher and economist Thomas Sowell formulated a model that he argued drives ideological crusades to expand government power over our lives and economy. “The great ideological crusades of the twentieth-century intellectuals have ranged across the most disparate fields,” noted Sowell. But what they all had in common, he argued, was “their moral exaltation of the anointed above others, who are to have their different views nullified and superseded by the views of the anointed, imposed via the power of government.”^[28] These government-expanding crusades shared several key elements, which Sowell identified as follows:

1. Assertion of a great danger to the whole society, a danger to which the masses of people are oblivious.
2. An urgent need for government action to avert impending catastrophe.
3. A need for government to drastically curtail the dangerous behavior of the many, in response to the prescient conclusions of the few.
4. A disdainful dismissal of arguments to the contrary as either uninformed, irresponsible, or motivated by unworthy purposes.

We see this model at work on a daily basis today with our government’s various efforts to reshape our economy, but the model is equally applicable to debates over speech controls and privacy regulation. In particular, the various “technopanics”^[29] we have witnessed in recent years fit this model. For example, consider how this model plays out in the debate over online social networking:

1. Assertion of a great danger to the whole society [online sexual predators], a danger to which the masses of people are oblivious.
2. An urgent need for government action [such as mandatory online age verification ^[30] or the Deleting Online Predators Act ^[31]] to avert impending catastrophe.
3. A need for government to drastically curtail the dangerous behavior of the many [must stop kids and adults from being online together on same sites], in response to the prescient conclusions of the few [some state Attorneys General].^[32]
4. A disdainful dismissal of arguments to the contrary as either uninformed, irresponsible, or motivated by unworthy purposes [child safety researchers and others are told that their research is meaningless or offbase].^[33]

We also see this model in play in other debates, such as efforts to regulate “excessively violent” video games and television programming.^[34] And consider how this model plays out on the privacy front:

1. Assertion of a great danger to the whole society [amorphous privacy violations], a danger to which the masses of people are oblivious.
2. An urgent need for government action [“baseline federal privacy regulation”] to avert impending catastrophe.
3. A need for government to drastically curtail the dangerous behavior of the many [anyone who shares information online], in response to the prescient conclusions of the few [a handful of privacy advocacy groups].
4. A disdainful dismissal of arguments to the contrary as either uninformed, irresponsible, or motivated by unworthy purposes [any suggestion that privacy concerns are being overblown and that most information-sharing is socially beneficial is dismissed out-of-hand].

Worse yet, regulatory intervention in these cases simply begets more and more intervention to correct the inevitable failures of, or dissatisfaction with, previous interventions.^[35] Thus, the “crisis” cycle never ends.

VI. Third-Person Effect Hypothesis as an Explanation

Something more profound than simple political elitism seems to be at work here, however. A phenomenon psychologists refer to as the “third-person effect hypothesis” can explain many calls for government intervention, especially in the media world.^[36] Simply stated, speech and privacy critics sometimes seem to only see and hear in media or communications what they want to see and hear—or what they don’t want to see or hear. When they encounter perspectives or preferences that are at odds with their own, they are more likely to be concerned about the impact of those things on others throughout society and come to believe that government must “do something” to correct those perspectives. Many people desire regulation because they think it will be good for others, not necessarily for themselves. The regulation they desire has a very specific purpose in mind: “re-tilting” speech or market behavior in their desired direction.

The third-person effect hypothesis was first formulated by W. Phillips Davison in a seminal 1983 article:

In its broadest formulation, this hypothesis predicts that people will tend to overestimate the influence that mass communications have on the attitudes and behavior of others. More specifically, individuals who are members of an audience that is exposed to a persuasive communication (whether or not this communication is intended to be persuasive) will expect the communication to have a greater effect on others than on themselves.^[37]

Davison used this hypothesis to explain how media critics on both the Left and Right seemed to simultaneously find “bias” in the same content or reports when they couldn’t possibly both be correct. In reality, their own personal preferences were biasing their ability to fairly evaluate that content. Davison’s article prompted further research by many other psychologists, social scientists, and public opinion experts to test just how powerful this phenomenon was in explaining calls for censorship and other social phenomena.^[38] In these studies, third-person effect has been shown to be the primary explanation for why many people fear—or even want to ban—various types of speech or expression, including news,^[39] misogynistic rap lyrics,^[40] television violence,^[41] video games,^[42] and pornography.^[43] In each case, the subjects surveyed expressed strong misgivings about allowing others to see or hear too much of the speech or expression in question, but greatly discounted the impact of that speech on themselves. Such studies thus reveal the strong paternalistic instinct behind proposals to regulate speech. As Davison notes:

Insofar as faith and morals are concerned… it is difficult to find a censor who will admit to having been adversely affected by the information whose dissemination is to be prohibited. Even the censor’s friends are usually safe from the pollution. It is the general public that must be protected. Or else, it is youthful members of the general public, or those with impressionable minds.^[44]

It’s easy to see how this same phenomenon is at work in debates about privacy. Regulatory advocates imagine their preferences are “correct” (right for everyone) and that the masses are being duped by external forces beyond their control or comprehension, even though the advocates themselves are somehow immune from the brain-washing and privy to some higher truth that the hoi polloi simply cannot fathom. Again, this is Sowell’s “Vision of the Anointed” at work.

Consider the flare-up in 2004 over the introduction of Gmail, Google’s free email service. At a time when Yahoo! mail (then as now the leading webmail provider) offered customers less than 10 megabytes of email storage, Gmail offered an astounding gigabyte of storage that would grow over time (now over 7 GB). Rather than charging some users for more storage or special features, Google paid for the service by showing advertisements next to each email “contextually” targeted to keywords in that email—a far more profitable form of advertising than “dumb banner” ads previously used by other webmail providers.^[45] Self-appointed (or, to extend Sowell’s framework, “self-anointed”) privacy advocates howled that Google was going to “read users’ email,” and led a crusade to ban such algorithmic contextual targeting.^[46] Thierer responded to these critics by pointing out that the service was purely voluntary and noted:

you don’t speak for me and a lot of other people in this world who will be more than happy to cut this deal with Google. So do us a favor and don’t ask the government to shut down a service just because you don’t like it. Privacy is a subjective condition and your value preferences are not representative of everyone else’s values in our diverse nation. Stop trying to coercively force your values and choices on others. We can decide these things on our own, thank you very much.^[47]

Interestingly, however, the frenzy of hysterical indignation about Gmail was followed by a collective cyber-yawn: Users increasingly understood that algorithms, not humans, were doing the “reading” and that, if they didn’t like it, they didn’t have to use it. Today, nearly 150 million of people around the world use Gmail, and it has a steadily growing share of the webmail market. Even though cyber-consumers have embraced the service, some privacy advocates persist in their effort to shut down Gmail. They appear determined to stop at nothing to impose their will on others—the essence of political elitism—even if that means cutting off free email service for 150 million people!^[48]

A similar debate has played out more recently regarding targeted online advertising in general. Advertising on search engines is, much like Gmail, targeted “contextually” based on search terms entered by users and most advertising on other websites is based on the nature of content on a site or page. But certain data is collected about users as they browse to make that advertising more effective—by measuring its performance, reducing fraud, preventing over-exposure, etc. Some privacy advocates have insisted that industry self-regulation of such practices (even if enforced by the FTC) is inadequate and have called for preemptive regulation. They are even more offended by “behavioral advertising” which allows publishers whose content would have little value as the basis for contextually targeting advertising on their own sites to compete for more highly valued advertising by showing ads to users based on other sites they’ve visited. In both cases, data collection can increase the funding available to publishers to produce more of the content and services preferred by users, thus conferring an enormous indirect benefit on users, but also directly benefits users by increasing the relevance of the advertising they see.^[49] For some of the more extreme advocates of privacy regulation, however, there are no trade-offs, only absolutist “solutions:” To them, privacy is so obviously desirable that they feel at ease in deciding what’s best for everyone else. Such absolutists often respond with righteous indignation and conspiratorial fulmination when challenged to identify the harm against which they’re protecting consumers, while disdainfully dismissing all talk of the benefits of online advertising as self-serving industry propaganda.^[50]

VII. The Principled Alternative: Trust People & Empower Them

There is an alternative to this elitist mentality: freedom and personal responsibility. Individuals should be permitted to live a life of their own, even if they sometimes make mistakes or choices that are at odds with what elites think is best for them. ^[51]

Of course, the world isn’t perfect. In an ideal world, adults would be fully empowered to tailor speech and privacy decisions to their own values and preferences. Specifically, in an ideal world, adults (and parents) would have (1) the information necessary to make informed decisions and (2) the tools and methods necessary to act upon that information. Importantly, those tools and methods would give them the ability to not only block the things they don’t like—objectionable content, annoying ads or the collection of data about them—while also finding the things they want.

Achieving that ideal is likely impossible, but the good news is that we are moving closer to it with each passing day. Citizens have more tools and methods at their disposal than ever before which enable them to make decisions for themselves and their families. And this is true for both parental controls ^[52] and privacy controls.^[53]

Of course, some speech and privacy elitists will argue that we can’t trust empowerment tools ( e.g., filters, rating systems, or other controls) that are created by companies or other affected parties. But rather than trying to enhance those tools and educate users about how to use them, these elitists skip right past user empowerment and channel their energies into regulations that would impose a top-down, one-size-fits all standard on all adults and families—or even into trying to craft the perfect “nudge” that will help users make what elites believe to be the “right” decisions. Of course, these tools can, and should, be improved. Those groups worried about speech/content and privacy issues should focus on how we might drive such protections from the bottom-up by empowering individuals instead of government bureaucrats. The goal in both cases should be a “let-a-thousand-flowers-bloom” approach, which offers diverse tools and strategies for our diverse citizenry.^[54] We need not accept “one-size-fits” all approaches, whether they be regulatory mandates or “nudges,” based on the presumption that elites know best.

Finally, it is vital not to lose sight of what’s ultimately at stake here. If regulatory approaches trump the empowerment agenda we have described, the future of a free and open Internet—indeed, as technology converges, the future of all media—is at risk.^[55] By imposing technological solutions from the top-down that can never keep pace with technological change, regulation necessarily forecloses freedom and innovation.^[56] By contrast, individual empowerment allows innovation to flourish. The better approach across the board is education, not regulation.^[57] Empowerment, not elitism, is the path forward. The digital elite should be leading this effort by developing and promoting technologies of empowerment, not crafting regulatory mandates to force their will upon us.^[58]

#

Adam Thierer is a Senior Fellow with The Progress & Freedom Foundation and the director of its Center for Digital Media Freedom. Berin Szoka  is a Senior Fellow with PFF and the Director of PFF’s Center for Internet Freedom.

[1] . William A. Henry, In Defense of Elitism (1995) at 2-3.

[2] . See Adam Thierer, The Progress & Freedom Foundation, Congress, Content Regulation, and Child Protection: The Expanding Legislative Agenda, Progress Snapshot 4.4, Feb. 2008, www.pff.org/issues-pubs/ps/2008/ps4.4childprotection.html. Like American courts, we use the term “speech” as a broad catch-all for communications, including both actual speaking as well as other forms of transmitting, as well as receiving, information (“content”).

[3] . See generally Adam Thierer, Don’t Scapegoat Media, USA Today, Dec. 4, 2008, www.pff.org/issues-pubs/ps/2008/ps4.24scapegoatmedia.html; Marjorie Heins, Not in Front of the Children, “Indecency,” Censorship, and the Innocence of Youth (2001); Karen Sternheimer, It’s Not the Media: The Truth about Pop Culture’s Influence on Children (2003); Karen Sternheimer, Kids These Days: Facts and Fictions about Today’s Youth (2006).

[4] . See Adam Thierer, The Progress & Freedom Foundation, FCC Violence Report Concludes that Parenting Doesn’t Work, PFF Blog, Apr. 26, 2007, http://blog.pff.org/archives/2007/04/fcc_violence_re.html.

[5] . See Adam Thierer, The Progress & Freedom Foundation, Sen. Rockefeller Gives Up on Parenting at Senate Violence Hearing, PFF Blog, June 26, 2007, blog.pff.org/archives/2007/06/sen_rockefeller_1.html.

[6] . Adam Thierer, Conservatives, Porn, and “Community Standards,” The Technology Liberation Front, March 2, 2009, http://techliberation.com/2009/03/02/conservatives-porn-and-community-standards.

[7] . Berin Szoka & Adam Thierer, The Progress & Freedom Foundation, Online Advertising & User Privacy: Principles to Guide the Debate, Progress Snapshot 4.19, Sept. 2008, www.pff.org/issues-pubs/ps/2008/ps4.19onlinetargeting.html.

[8] . Jeff Chester, for decades the great gadfly of American advertising, has decried “the system … developed to track each and every one of us and our behavior for one-on-one marketing efforts” as “manipulative, intrusive and un-democratic.” Wendy Melillo, Q&A: Chester Writes the Book on Privacy, Dec. 11, 2007, www.gfem.org/node/227. For instance, Chester and other leading “privacy advocates” ridicule the idea of smart phones as a “liberating technology” and insist that,

Despite the glowing words about customization and personalized service, what marketers and advertisers are increasingly offering consumers is merely the illusion of free choice. Mobile operators offer their various options and services, not on an individual basis, but preconfigured according to segmented demographic profiles.

Center for Digital Democracy and U.S. Public Interest Research Group, Complaint and Request for Inquiry and Injunctive Relief Concerning Unfair and Deceptive Mobile Marketing Practices, Jan. 13, 2009 (emphasis original), www.democraticmedia.org/files/FTCmobile_complaint0109.pdf. See generally Berin Szoka & Adam Thierer, The Progress & Freedom Foundation, Targeted Online Advertising: What’s the Harm & Where Are We Heading?, Progress on Point 16.2, Feb. 2009, www.pff.org/issues-pubs/pops/2009/pop16.2targetonlinead.pdf.

[9] . Berin Szoka & Adam Thierer, The Progress & Freedom Foundation, COPPA 2.0: The New Battle over Privacy, Age Verification, Online Safety & Free Speech, Progress on Point 16.11, May 2009, www.pff.org/issues-pubs/pops/2009/pop16.11-COPPA-and-age-verification.pdf.

[10] . The Supreme Court has used a “right to privacy” to strike down laws against the use of contraception by married couples, Griswold v Connecticut, 381 U.S. 479 (1965), and abortion, Roe v. Wade, 410 U.S. 113 (1973).

[11] . Eugene Volokh, Freedom of Speech and Information Privacy: The Troubling Implications of a Right to Stop People From Speaking About You, 52 Stanford L. Rev. 1049 (2000), available at www.pff.org/issues-pubs/pops/pop7.15freedomofspeech.pdf.

[12] . See , Amicus Brief for Association Of National Advertisers, Cato Institute, Coalition For Healthcare Communication, Pacific Legal Foundation And The Progress & Freedom Foundation In Support Of Appellants, IMS Health v. Sorrell, No. 09-1913-cv(L), 09-2056-cv(CON) (2nd Cir. 2009), available at www.pff.org/issues-pubs/filings/2009/071309-Brief-Amici-Curiae-ANA-et-al-Second-Circuit-(09-1913-cv).pdf.

[13] . See Adam Thierer, The Progress & Freedom Foundation, Social Networking and Age Verification: Many Hard Questions; No Easy Solutions, Progress on Point No. 14.5, March 2007, www.pff.org/issues-pubs/ pops/pop14.8ageverificationtranscript.pdf; www.pff.org/issues-pubs/pops/pop14.5ageverification.pdfAdam Thierer, The Progress & Freedom Foundation, Statement Regarding the Internet Safety Technical Task Force’s Final Report to the Attorneys General, Jan. 14, 2008, www.pff.org/issues-pubs/other/090114ISTTFthiererclosingstatement.pdf; Nancy Willard, Why Age and Identity Verification Will Not Work—And is a Really Bad Idea, Jan. 26, 2009, www.csriu.org/PDFs/digitalidnot.pdf; Jeff Schmidt, Online Child Safety: A Security Professional’s Take, The Guardian, Spring 2007, www.jschmidt.org/AgeVerification/Gardian_JSchmidt.pdf.

[14] . Adam Thierer, The Progress & Freedom Foundation, Mandatory Data Retention: How Much is Appropriate, PFF Blog, June 26, 2006, http://blog.pff.org/archives/2006/06/mandatory_data.html

[15] . Adam Thierer, The Progress & Freedom Foundation, The Perils of Mandatory Parental Controls and Restrictive Defaults, Progress on Point 14.4, Apr. 11, 2008, www.pff.org/issues-pubs/pops/2008/pop15.4defaultdanger.pdf.

[16] . Adam Thierer, China’s Green Dam Filter and the Threat of Rising Global Censorship, PFF Blog, June 17, 2009, http://blog.pff.org/archives/2009/06/chinas_green_dam_filter_and_threat_of_rising_globa.html

[17] . They define choice architecture as follows: “A structure designed by a choice architect(s) to improve the quality of decisions made by homo sapiens. Often invisible, choice architecture is the specific user-friendly shape of an organization’s policy or physical building when homo sapiens come into contact with it. Examples of choice architecture include a voter ballot, a procedure for handling well-meaning people who forget a deadline, or a skyscraper.” Nudge Glossary of Terms, www.nudges.org/glossary.cfm.

[18] . Lawrence Lessig, Code and Other Laws of Cyberspace (1999) at 6.

[19] . See Adam Thierer, Code, Pessimism, and the Illusion of “Perfect Control,” Cato Unbound, May 2009, www.cato-unbound.org/2009/05/08/adam-thierer/code-pessimism-and-the-illusion-of-perfect-control

[20] . See Solveig Singleton & Jim Harper, With A Grain of Salt: What Consumer Privacy Surveys Don’t Tell Us, 2001, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=299930.

[21] . As Cato Institute scholar Will Wilkinson has argued, the book’s “agreeably banal doctrine of choice-preserving helpfulness” blurs the lines between paternalism and libertarianism, and thus “the thrust of the conceptual renovation behind the term libertarian paternalism is to empower, not limit, political elites.” Why Opting Out Is No “Third Way,” Reason, October 2008, www.reason.com/news/show/128916.html. See also Adam Thierer, The Progress & Freedom Foundation, Sunstein’s “Libertarian Paternalism” is Really Just Paternalism, PFF Blog, April 7, 2008, http://blog.pff.org/archives/2008/04/sunsteins_liber.html.

[22] . See Robert Corn-Revere, “’Voluntary’ Self-Regulation and the Triumph of Euphemism,” in Rationales & Rationalizations: Regulating the Electronic Media (Robert Corn-Revere, ed., 1997), at 183-208.

[23] . Telecom Policy Report, Commission Settles Indecency Charges, But At What Cost?, June 30, 2004, http://findarticles.com/p/articles/mi_m0PJR/is_25_2/ai_n6091525.

[24] . See Adam Thierer, XM-Sirius, Regulatory Blackmail, and Diversity, June 17, 2008, http://blog.pff.org/archives/2008/06/xmsirius_regula.html.

[25] . See Comments of W. Kenneth Ferree on Implementation of Sirius-XM Merger Condition, The Progress & Freedom Foundation, MB Docket No. 07-57, March 30, 2009, www.pff.org/issues-pubs/filings/2009/033009siriusXMconditionfiling.pdf.

[26] . See Szoka & Adam Thierer, supra note 8 at 3.

[27] . See id. at 2.

[28] . Thomas Sowell, The Vision of the Anointed: Self-Congratulation as a Basis for Social Policy (1995) at 5.

[29] . Alice Marwick, To Catch a Predator? The MySpace Moral Panic, First Monday, Vol. 13, No. 6-2, June 2008, www.uic.edu/htbin/cgiwrap/bin/ojs/index.php/fm/article/view/2152/1966; Wade Roush, The Moral Panic over Social Networking Sites, Technology Review, Aug. 7, 2006, www.technologyreview.com/communications/17266; Anne Collier, Why Techopanics are Bad, Net Family News, April 23, 2009, www.netfamilynews.org/2009/04/why-technopanics-are-bad.html; Adam Thierer, Parents, Kids & Policymakers in the Digital Age: Safeguarding Against ‘Techno-Panics,’ Inside ALEC, July 2009, at 16-17, www.alec.org/am/pdf/Inside_July09.pdf; Adam Thierer, Progress & Freedom Foundation, Technopanics and the Great Social Networking Scare, PFF Blog, June 10, 2008, http://techliberation.com/2008/07/10/technopanics-and-the-great-social-networking-scare.

[30] . Supra note 13.

[31] . In the 109th Congress, former Rep. Michael Fitzpatrick (R-PA) introduced the Deleting Online Predators Act (DOPA), which proposed a ban on social networking sites in public schools and libraries. DOPA passed the House of Representatives shortly thereafter by a lopsided 410-15 vote, but failed to pass the Senate. The measure was reintroduced just a few weeks into the 110th Congress by Senator Ted Stevens (R-AK), the ranking minority member and former chairman of the Senate Commerce Committee. It was section 2 of a bill that Sen. Stevens sponsored titled the “Protecting Children in the 21st Century Act” (S. 49), but was later removed from the bill. See Declan McCullagh, Chat Rooms Could Face Expulsion, CNet News.com, July 28, 2006, http://news.com.com/2100-1028_3-6099414.html?part=rss&tag=6099414&subj=news.

[32] . See Emily Steel & Julia Angwin, MySpace Receives More Pressure to Limit Children’s Access to Site, Wall Street Journal, June 23, 2006, online.wsj.com/public/article/SB115102268445288250-YRxkt0rTsyyf1QiQf2EPBYSf7iU_20070624.html; Susan Haigh, Conn. Bill Would Force MySpace Age Check, Yahoo News.com, March 7, 2007, www.msnbc.msn.com/id/17502005.

[33] . See, e.g., Letter of Henry McMaster, Attorney General, South Carolina to Attorney General Richard Blumenthal and Attorney General Roy Cooper Regarding Internet Safety Task Force (“ISTTF”) Report, January 14, 2009, www.scag.gov/newsroom/pdf/2009/internetsafetyreport.pdf

[34] . See Adam Thierer, The Progress & Freedom Foundation, Video Games and “Moral Panic,” PFF Blog, Jan. 23, 2009, http://blog.pff.org/archives/2009/01/video_games_and_moral_panic.html ; Adam Thierer, The Progress & Freedom Foundation, Fact and Fiction in the Debate over Video Game Regulation, Progress Snapshot 13.7, March 2006, www.pff.org/issues-pubs/pops/pop13.7videogames.pdf.

[35] . “All varieties of interference with the market phenomena not only fail to achieve the ends aimed at by their authors and supporters, but bring about a state of affairs which—from the point of view of their authors’ and advocates’ valuations—is less desirable than the previous state affairs which they were designed to alter. If one wants to correct their manifest unsuitableness and preposterousness by supplementing the first acts of intervention with more and more of such acts, one must go farther and farther until the market economy has been entirely destroyed and socialism has been substituted for it.” Ludwig von Mises, Human Action, at 858 (3rd ed. 1963) (1949).

[36] . See generally Adam Thierer, The Progress & Freedom Foundation, Media Myths: Making Sense of the Debate over Media Ownership (2005) at 119-123, www.pff.org/issues-pubs/books/050610mediamyths.pdf (Explaining how the third-person effect serves as a powerful explanation for the heated backlash that followed an FCC effort to moderately liberalize media ownership rules in 2003-04).

[37] . W. Phillips Davison, The Third-Person Effect in Communication, 47 Public Opinion Quarterly 1, Spring 1983, at 3.

[38] . For the best overview of third-person effect research, see Douglas M. McLeod, Benjamin H. Detenber, and William P. Eveland., Jr., Behind the Third-Person Effect: Differentiating Perceptual Processes for Self and Other, 51 Journal of Communication, Vol. 51, No. 4, 2001, at 678-695.

[39] . Vincent Price, David H. Tewksbury & Li-Ning Huang, Third-person Effects of News Coverage: Orientations Toward Media, Journalism & Mass Communications Quarterly, Vol. 74, at 525-540.

[40] . Douglas M. McLeod, William P. Eveland & Amy I. Nathanson, Support for Censorship of Violent and Misogynic Rap Lyrics: And Analysis of the Third-Person Effect, Communications Research, Vol. 24, 1997, at 153-174.

[41] . Hernando Rojas, Dhavan V. Shah, and Ronald J. Faber, For the Good of Others: Censorship and the Third-Person Effect, International Journal of Public Opinion Research, Vol. 8, 1996, at 163-186.

[42] . James D. Ivory, Addictive, But Not For Me: The Third-Person Effect and Electronic Game Players’ Views Toward the Medium’s Potential for Dependency and Addiction, University of North Carolina at Chapel Hill, School of Journalism and Mass Communication, Aug. 2002.

[43] . Albert C. Gunther, Overrating the X-rating: The Third-person Perception and Support for Censorship of Pornography, Journal of Communication, Vol. 45, No. 1, 1995, at 27-38

[44] . Supra note 37 at 14. Along these lines, a December 2004 Washington Post article documented the process by which the Parents Television Council, a vociferous censorship advocacy group, screens various television programming. One of the PTC screeners interviewed for the story talked about the societal dangers of various broadcast and cable programs she rates, but then also noted how much she personally enjoys HBO’s “The Sopranos” and “Sex and the City,” as well as ABC’s “Desperate Housewives.” Apparently, in her opinion, what’s good for the goose is not good for the gander! See Bob Thompson, Fighting Indecency, One Bleep at a Time, The Washington Post, Dec. 9, 2004, at C1, www.washingtonpost.com/wp-dyn/articles/A49907-2004Dec8.html.

[45] . See Chris Anderson, Free: The Future of a Radical Price at 112-118 (2009).

[46] . See Letter from Chris Jay Hoofnagle, Electronic Privacy Information Center, Beth Givens, Privacy Rights Clearinghouse, Pam Dixon, World Privacy Forum, to California Attorney General Lockyer, May 3, 2004, http://epic.org/privacy/gmail/agltr5.3.04.html.

[47] . See email from Adam Thierer to Declan McCullaugh on Politech Email discussion group, April 30, 2004, http://lists.jammed.com/politech/2004/04/0083.html (emphasis added).

[48] . See Complaint and Request for Injunction of the Electronic Privacy Information Center against Google, Inc., March 17, 2009, http://epic.org/privacy/cloudcomputing/google/ftc031709.pdf; see also Ryan Radia, Should the FTC Shut Down Gmail and Google Docs Because of an Already-Fixed Bug?, Technology Liberation Front Blog, March 18, 2009, http://techliberation.com/2009/03/18/should-the-ftc-shut-down-gmail-and-google-docs-because-of-an-already-fixed-bug/.

[49] . See Berin Szoka & Mark Adams, The Progress & Freedom Foundation, The Benefits of Online Advertising & the Costs of Regulation, PFF Working Paper, forthcoming.

[50] . Anti-advertising crusader Jeff Chester often resorts to questioning the motives of those who question whether his regulatory prescriptions would actually benefit consumers, see, e.g., http://techliberation.com/2009/06/17/behavioral-advertising-industry-practices-hearing-some-issues-that-need-to-be-discussed/#comment-11698840. See generally Jeff Chester, Digital Destiny: New Media and the Future of Democracy (2007).

[51] . “The only freedom which deserves the name is that of pursuing our own good in our own way, so long as we do not attempt to deprive others of theirs or impede their efforts to obtain it. Each is the proper guardian of his own health, whether bodily or mental and spiritual.” John Stuart Mill, On Liberty (Penguin Classics, 1859, 1986) at 72.

[52] . Adam Thierer, The Progress & Freedom Foundation, Parental Controls & Online Child Protection, Special Report, Version 4.0, Summer 2009, www.pff.org/parentalcontrols.

[53] . Adam Thierer, Berin Szoka & Adam Marcus, The Progress & Freedom Foundation, Privacy Solutions, PFF Blog, Ongoing Series, http://blog.pff.org/archives/ongoing_series/privacy_solutions.

[54] . Comments of Adam Thierer, The Progress & Freedom Foundation, In the Matter of Implementation of the Child Save Viewing Act; Examination of Parental Control Technologies for Video or Audio Programming; MB Docket No. 09-26, April 16, 2009, www.pff.org/issues-pubs/filings/2009/041509-%5bFCC-FILING%5d-Adam-Thierer-PFF-re-FCC-Child-Safe-Viewing-Act-NOI-(MB-09-26).pdf.

[55] . See Adam Thierer, FCC v. Fox and the Future of the First Amendment in the Information Age, Engage, Feb. 20, 2009, www.fed-soc.org/doclib/20090216_ThiererEngage101.pdf

[56] . “To act on the belief that we possess the knowledge and the power which enable us to shape the processes of society entirely to our liking, knowledge which in fact we do not possess, is likely to make us do much harm.” Friedrich von Hayek, “The Pretence of Knowledge,” in The Essence of Hayek, (Hoover Inst., 1984), at 276.

[57] . Adam Thierer, The Progress & Freedom Foundation, Two Sensible, Education-Based Legislative Approaches to Online Child safety, Progress Snapshot 3.10, Sept. 2007, www.pff.org/issues-pubs/ps/2007/ps3.10safetyeducationbills.pdf.

[58] . See, e.g., Berin Szoka, Google, CDT, Online Advertising & Preserving Persistent User Choice Across Ad Networks Through Plug-ins, Technology Liberation Front Blog, March 13, 2009, http://techliberation.com/2009/ 03/13/google-cdt-online-advertising-preserving-persistent-user-choice-across-ad-networks-through-plug-ins/.

The new Maine law I blogged about on Sunday is much worse than I thought based on my initial reading. If allowed to stand, it would constitute a sweeping age verification mandate introduced through the back door of “child protection.”

The law, which goes into effect in September, would extend the approach of the Children’s Online Privacy Protection Act (COPPA) of 1998 by requiring “verifiable parental consent” before the collection of kids “personal information” about kids, not just those under 13, but also adolescents age 13-17.  Unlike other state-level proposals in New Jersey, Illinois, Georgia and North Carolina, Maine’s “COPPA 2.0” law would also cover health information, but would only govern the collection and use of  data for marketing purposes (while the FTC has interpreted COPPA to cover to essentially any capability for communicating personal information among users).

But the Maine law would go much further than these proposals or COPPA itself by banning transfer or use of such data in anything other than de-identified, aggregate form. Still I took some comfort in the fact that the Maine law, unlike COPPA or these other proposals, lacked the second of COPPA’s two prongs: (i) collection from kids and (ii) collection on sites that are directed at kids. It’s because of the second prong that COPPA applies not only when a site operator knows that it’s collecting information from kids (or merely allowing them to share information with other users), but also when the operator’s site is (like, say, Club Penguin) targeted to kids in terms of its subject matter, branding, interface, etc. Because I initially concluded that the Maine law would apply only to knowing collection, I supposed that it would be less likely to require age verification of all users, as other COPPA 2.0 proposals would—something that would be unlikely to survive a First Amendment challenge based on the harm to online anonymity.

But I was quite wrong. During the PFF Capitol Hill briefing Adam and I held on Monday, Jim Halpert, one of our panelists, noted that the bill imposed “strict liability.” When I re-read the law, two small provisions with enormous consequences jumped out at me.  First, this section:

Unlawful collection. It is unlawful for a person to knowingly collect or receive health-related information or personal information for marketing purposes from a minor without first obtaining verifiable parental consent of that minor’s parent or legal guardian.

The knowledge requirement above pertains to whether the collection is done “knowingly,” not whether the operator “has actual knowledge that it is collecting personal information from a child” (COPPA’s language). It’s possible that the Maine legislature meant to require that operators know that they’re collecting information from kids, not merely that the collection is intentional and not inadvertent, but if so, they either didn’t read COPPA or don’t understand statutory drafting.

But even if operators could be held liable if they had actual knowledge that they were collecting personal or health information without parental consent, the other operative language of the bill has no knowledge requirement at all. Thus, if an operator truly had no idea it was collecting information from a kid—kids commonly lie about their age to gain access to age-restricted sites—the operator would still be strictly liable for transferring or using that data under the other operative provisions of the law:

Unlawful use. A person may not sell, offer for sale or otherwise transfer to another person health-related information or personal information about a minor if that information: A. Was unlawfully collected pursuant to subsection 1; B. Individually identifies the minor; or C. Will be used… for the purpose of marketing a product or service to that minor or promoting any course of action for the minor relating to a product.

Thus, the only way affected site operators ( e.g., anyone who asks for user’s names as part of a profile and also uses personal information in marketing) could protect themselves under the law would be to age verify all users. Thus, the Maine law is, like other COPPA 2.0 proposals, simply an age verification mandate imposed on all adult users of sites with increasingly prevalent social networking functionality dressed up as a child protection measure. Again, unlike other COPPA 2.0 proposals, the Maine law would not apply to all sites that collect personal information for marketing purposes, but for those that do, it would have the same consequence as other COPPA 2.0 proposals.  As we argue in our paper (p.24), COPPA 2.0 proposals in general are very likely to be struck down on the same grounds as the Child Online Protection Act (COPA), COPPA’s evil twin sister, which would have required age verification for all content deemed “harmful to minors” and which the courts have struck down as blatantly unconstitutional.

Although one might argue that the Maine law does less harm to speech because it applies only to sites that collect and use/transfer data for marketing purposes, while COPPA’s reach is far broader, the Dormant Commerce Clause argument against the law would also probably succeed: the law unduly burdens interstate commerce by imposing Maine’s standards on the rest of the country. Under the law’s strict liability regime, efforts to geo-target users in Maine (themselves a significant burden on website operators) would not protect out-of-state site operators from liability for collecting data from some users in Maine because geo-targeting is necessarily imperfect.

But wait; there’s more! Other COPPA 2.0 proposals would have this consequence because they would apply either to all social networking sites with a certain functionality (Illinois) or to collection of information through sites “directed at” adolescents (New Jersey), which could apply to sites used by large numbers of adults. But for most sites, such laws would only apply where the operator had “actual knowledge” that the user was a kid, thus recognizing (for those sites) that perfect age verification is impossible and that some kids will inevitably circumvent any age verification system imposed. By contrast, the Maine law would hold sites liable for “predatory marketing” for every collection, use, or transfer of a kid’s personal information whether or not the operator knew (or even had reason to know) that they were collecting information from kids at a rate of $10-20k for the first offense and $20k+ (with no upper bound at all) for each subsequent offense. Since offense here could mean each individual act of collection, and since large social networking websites have tens of millions of users, operators might theoretically be subject to fines in the hundreds of billions of dollars!

If this law survives constitutional challenge, I’ll eat the HTML in which this post is written! More likely, the legislature will back down at the first whiff of a legal challenge and go back to finding other, less obviously unconstitutional ways to impress their constituents with how much they care about “Protecting the Children” (or how little they care about free speech or know about how the Internet works).

As anyone who has spent time searching for comments on the FCC’s website can tell you, the agency doesn’t exactly have the most user-friendly website.  In the interest of making it easier for others to read the comments that came in last week in the agency’s “Child Safe Viewing Act” Notice of Inquiry, I have compiled all the major comments (those over 3 or 4 pages) and provided links to them below the fold.

Again, this proceeding was required under the “Child Safe Viewing Act of 2007,” which Congress passed last year and President Bush signed last December. The goal of the bill and the FCC’s proceeding (MB 09-26) is to study “advanced blocking technologies” that “may be appropriate across a wide variety of distribution platforms, including wired, wireless, and Internet platforms.”  I filed 150+ pages worth of comments in this matter last week, and here’s my analysis of why this bill and the FCC’s proceeding are worth monitoring closely.

• Association of National Advertisers (ANA)
• AT&T
• Center for Democracy & Technology (Individual Comments)
• CDT (Joint Comments with other Public Interest Groups)
• Children’s Media Policy Coalition
• Coalition for Independent Ratings
• Comcast
• Common Sense Media
• Consumer Electronic Association (CEA)
• CTIA – The Wireless Association
• Cox Communications
• CustomPlay
• Digimarc Corp
• Digital Watermarking Alliance
• Digital Media Association
• Dish Network
• DirecTV
• Entertainment Software Association (ESA)
• Family Online Safety Institute (FOSI)
• Google (+ attachments A, B, C)
• Motion Picture Association of America (MPAA)
• Microsoft
• NAB + NCTA + MPAA (0n TV Guidelines)
• National Cable & Telecommunications Association (NCTA)
• Progress & Freedom Foundation (PFF)
• Sanyo
• Smart Television Alliance
• Sprint-Nextel
• TiVo
• TV Guardian
• TV Watch
• U.S. Telecom Association
• Verizon & Verizon Wireless
• Wi-LAN V-Chip Corp

Today I filed comments with the Federal Communications Commission (FCC) in its proceeding examining the marketplace for “advanced blocking technologies.”  This proceeding was required under the “Child Safe Viewing Act of 2007,” which Congress passed last year and President Bush signed last December. The goal of the bill and the FCC’s proceeding (MB 09-26) is to study “advanced blocking technologies” that “may be appropriate across a wide variety of distribution platforms, including wired, wireless, and Internet platforms.”  My colleagues will no doubt laugh about the fact that I have dropped an absurd 150 pages worth of comments on the FCC in this matter, but I had a lot to say on this topic!  Parental controls, child safety, and free speech issues have been the focus of much of my research agenda over the past 10 years.

In my filing, I argue that the FCC should tread carefully in this matter since the agency has no authority over most of the media platforms and technologies described in the Commission’s recent Notice of Inquiry.  Moreover, any related mandates or regulatory actions in in this area could diminish future innovation in this field and would violate the First Amendment rights of media creators and consumers alike.  The other major conclusions of my filing are as follows:

• There exists an unprecedented abundance of parental control tools to help parents decide what constitutes acceptable media content in their homes and in the lives of their children.
• There is a trade-off between complexity and convenience for both tools and ratings, and no parental control tool is completely foolproof.
• Most homes have no need for parental control technologies because parents rely on other methods or there are no children in the home.
• The role of household media rules and methods is underappreciated and those rules have an important bearing on this debate.
• Parental control technologies work best in combination with educational efforts and parental involvement.
• The search for technological silver-bullets and “universal” solutions represent a quixotic, Holy Grail-like quest and it will destroy innovation in this marketplace.
• Enforcement of “household standards” made possible through use of parental controls and other methods negates the need for “community standards”-based content regulation.

My entire filing can be found here and down below in a Scribd reader.  All comments in the matter are due tomorrow and then reply comments are due on May 18th.

[FCC FILING] Adam Thierer-PFF Re Child Safe Viewing Act NOI (MB 09-26) http://d.scribd.com/ScribdViewer.swf?document_id=14264143&access_key=key-2nrvjm96q9cl5vep567l&page=1&version=1&viewMode=

This week, I have been up at Harvard University participating in another meeting of the Internet Safety Technical Task Force (ISTTF), of which I am a member. The ISTTF was organized earlier this year pursuant to an agreement between 49 state attorneys general (AGs) and social networking giant MySpace.com. A group of experts from academia, non-profit organizations, and industry were appointed to the Task Force, which is charged with evaluating the market for online child safety tools and methods and issuing a report on the matter to the AGs at the end of this year.  ISTTF members have been meeting privately and publicly in both Cambridge, MA and Washington, D.C. The Task Force has been very ably chaired by John Palfrey, co-director of Harvard’s Berkman Center for Internet & Society.

Although the ISTTF is looking at a wide variety of tools and methods associated with online child protection (ex: filters, monitoring tools, educational campaigns, etc.), many of the AGs who crafted the agreement with MySpace that led to the Task Force’s formation have made it clear that they are most interested in having the ISTTF evaluate age verification / online verification technologies.  In fact, at the start of this week’s session at Harvard Law School, AGs Martha Coakely of Massachusetts and Richard Blumenthal of Connecticut both spoke and made it abundantly clear they expect the Task Force to develop age and identify-verification tools for social networking sites (SNS). AG Blumenthal said we need to deal with “the dangers of anonymity” and repeated his standard line about online age verification: “If we can put a man on the moon, we can make the Internet safe.”  [Of course, putting a man on the moon took hundreds of billions of dollars and a decade to accomplish, but never mind that fact! Moreover, one could also argue that if we can put a man on the moon we can cure hunger, AIDS, and the common cold, but some things are obviously easier said than done. Finally, putting a man on the moon didn’t require all Americans or their kids to give up their anonymity or privacy rights in order to accomplish the feat!]

On many occasions here before, I have outlined various questions and reservations about proposals to mandate online age verification.  Last year, I also published a lengthy white paper on the issue and hosted a lively debate on Capitol Hill [transcript here] about this.  I also have discussed age verification in my book on parental controls and online child safety. [Braden Cox also talked about his experiences up at Harvard this week here, and CNet’s Chris Soghoian had a brutal assessment of this week’s proposals on his “Surveillance State” blog.]

In this essay, I will discuss the new fault lines in the debate over online age verification and outline where I think we are heading next on this front.  I will argue:

• There is now widespread understanding that it is extraordinarily difficult to verify the ages and identities of minors online using the methods we typically use to verify adults. Because of this, age verification proponents are increasingly proposing two alternative models of verifying kids before they go online or visit SNS…
• First, for those who continue to believe that we must do whatever we can to verify kids themselves, schools and school records are increasingly being viewed as the primary mechanism to facilitate that. This raises two serious questions: Do we want schools to serve as DMVs for our children? And, do we want more school records or information about our kids being accessed or put online?
• Second, for those who are uncomfortable with the idea of verifying kids or using schools, or school records, to accomplish that task, parental permission-based forms of authentication are becoming the preferred regulatory approach. Under this scheme, which might build upon the regulatory model found in the Children’s Online Privacy Protection Act of 1998 (COPPA), parents or guardians would be verified somehow and then would vouch for their children before they were allowed on a SNS, however defined.  But how do we establish a clear link between parents and kids?  And will parents be willing to surrender a great deal more information (about themselves and their kids) before their kids can go online? And, is it sensible to use a law that was meant to protect the privacy and personal information of children to potentially gather a great deal more information about them, and their parents?
• It remains very unclear how either of those two verification methods would make children safer online. Indeed, that could actually make kids less safe by compromising their personal information and creating a false sense of security online for them and their parents.
• It is highly unlikely the Internet Safety Technical Task Force will be able to reach consensus on this complicated, controversial issue. A small camp will likely flock to the sort of proposals mentioned above. Another, larger camp (including me) will flock to education-based approaches to child safety as well increased reliance on other parental empowerment tools and strategies, industry self-regulatory efforts, social norms, and better intervention strategies for troubled youth. But the age verification debate will go on and, as was the case over the past two years, the legal battleground will be state capitals across America, with AGs likely pushing for age verification mandates regardless of what the Task Force concludes.

Continue reading if you are interested in the details.

How We Could Verify Kids, and Why We Should Not Do It

Let’s assume that we want to achieve AG Blumenthal’s “man-on-the-moon” dream of verifying all kids before they go online. How would we do it?  There are really only two solutions: (1) full-blown national ID cards for kids, or (2) tapping school records about kids to somehow age-verify kids (sort of a “National ID card-Lite” scheme).

National ID Cards for Kids

The first scheme is fairly straightforward, but incredibly frightening to those of us who care about civil liberties. Basically, government could demand that all minors be issued the equivalent of a domestic passport or a national ID card. After all, minors aged 14 to 17 are already required to obtain a passport before they travel overseas. Minors under 14 must have both parents or legal guardians appear together to vouch for the child when applying for a passport. Conceivably, government could simply extend this model to incorporate a domestic identification requirement. Once the youngster had been issued such a domestic passport, it could be requested by others — including social networking sites — as proof of age. Sites could cross-reference a government national ID database to verify identity.

Clearly, however, imposing such a solution domestically would raise serious privacy concerns because it would require the collection, retention and processing of sensitive information about children.  Adults are not required to carry such a domestic passport or national ID card, so why should children? Indeed, all the same privacy concerns related to national ID cards for adults would be amplified with children because, as a society, we generally take extra precautions to protect the privacy of minors and their personal information. And a national ID card for kids would need to include a great deal of information about themselves to allow the card to be used by third parties online as an age-verifying tool. Government would need to issue an age-verified identity, user name, and password to every child.

Particularly concerning is the fact that a national ID card for children would require the creation of more government databases and bureaucracy. The potential for “mission creep” then enters the picture in that more tracking of children by government (and others) becomes possible. What other uses might there be for such information? We don’t know, and we probably don’t want to find out.

The costs of setting up and enforcing such a system would be substantial and must also be considered. Although the cost of digital storage continues to fall, we’re talking about potentially massive digital databases here. But the more important cost factor is the human time and effort that would go into  collecting, processing, and organizing such records and databases.

For those reasons, a government-issued ID card or age verification scheme for kids is a nonstarter. It would raise grave privacy concerns, induce public paranoia, probably encourage a great deal of evasion, and require significant government expenditure to enforce. Moreover, a national ID card would do little to prevent youngsters from visiting offshore sites.

Using the Schools to Help Verify Kids

So, let’s work from the assumption that National ID cards for kids is not going to fly as an online identity authentication solution.  The only other realistic scheme would involve getting the schools involved in the process.  Why?  Because to paraphrase Willy Sutton: “That’s where the data is.”  Schools have more information about our children than probably every other institution or organization combined.  They have very detailed records about kids, their ages and much more, which makes schools a logical candidate for participation in a possible age verification system for minors.  But involving schools in any age verification scheme would raise serious privacy concerns and administrative problems.

Depending on how the scheme worked, the administrative burdens imposed on schools could be significant. Someone at each school would have to be in charge of answering phones calls and e-mails from potentially hundreds of website operators looking to age-verify minors. Who will be liable if things go wrong? The school? The school district? An employee in the school’s administrative department who accidentally releases thousands of digital records? And will schools receive the additional funding needed to administer whatever scheme is mandated?

Moreover, if schools are required to create more accessible databases containing personal information about minors, who else besides social networking websites would be given access? Data breaches would become a real concern for both students and schools alike. Such a scheme could run up against federal or state laws. For example, the Family Education Rights and Privacy Act of 1974 makes it illegal to release school records without written permission from parents. Both parents and government officials have long demanded that access to school records be tightly guarded because, as a society, we take the privacy of our children very seriously.

Thus, serious questions remain about the wisdom and practicality of roping the schools into the age verification process. Most schools and school districts are already over-burdened with federal and state mandates and probably wouldn’t like the sound of additional mandates of this variety.  But what if a technology vendor could serve as the middleman and facilitate the easy transfer of some basic data about kids from the school system in an effort to provide digital credentials? That’s probably where we are heading.  Even the most vociferous advocates of age verification for minors must realize how absolutely radioactive this issue could become since school records about our kids are in play here.  Identity theft concerns are already running at an all-time high in our country and the thought of being required to surrender more info about our kids in this environment is not going to go over well with many parents.

But, again, what if we could keep to a minimum the amount of data being transferred about the child to the vendor or the SNS?  Perhaps at the beginning of each school year when a minor is registering they could be given a “secure” digital token or ID number that only associated a grade year (i.e., “sophomore”) with their name, and little or no additional info was included in that token in order to minimize the threat of identity theft or privacy violations.  Of course, the fewer pieces of information contained in that token or credential, the less likely it will be a credible verification tool, or the more likely it is it will be easy to forge or defeat (especially by kids themselves).

Regardless, whether we like it or not — and I do not like it one bit — schools are now at the center of the online age verification debate. It will be very interesting to hear what the educational community itself has to say about this development going forward.  Incidentally, no one from the educational community was present at Harvard this week as these proposals were flying.  Something tells me that school administrators and educational officials aren’t going to look too kindly on proposals that would turn them into the equivalent of a DMV for kids.

How about Parental Permission Slips for Online Verification?

Another potential way to go about online verification is to avoid verifying the kids directly and instead just verify parents (or guardians) and then get them to vouch for their children.  Some age verification advocates are now calling for such parental consent-based forms of child verification.  Specifically, they are now attempting to drive regulation through the prism of the Children’s Online Privacy Protection Act (COPPA) of 1998.

By way of background, COPPA required websites that marketed to children under the age of 13 to get “verifiable parental consent” before allowing children access to their sites. Generally speaking, the goal was to make sure that such websites were not collecting personal information about children without getting parental permission. The Federal Trade Commission (FTC), which is responsible for enforcing COPPA, adopted a sliding scale approach to obtaining parental consent. The sliding scale approach allows website operators to use a mix of the methods to comply with the law, including print-and-fax forms, follow-up phone calls and e-mails, and credit card authorizations. The FTC also authorized four “safe harbor” programs operated by private companies that help website operators comply with COPPA.

In a February 2007 report to Congress about the status of the COPPA and its enforcement, the FTC said that no changes to COPPA were necessary at this time because it had “been effective in helping to protect the privacy and safety of young children online.” In discussing the effectiveness of the parental consent methods, however, the agency also said that “none of these mechanisms is foolproof” and that “age verification technologies have not kept pace with other developments, and are not currently available as a substitute for other screening mechanisms.” This seems to imply that the FTC does not regard COPPA’s parental consent methods as the equivalent of perfect age verification.

Nonetheless, what should be evident here is that COPPA’s parental consent framework could serve as a vehicle for pushing through greater regulation of all social networking sites, not just those sites geared toward kids under 13.   Indeed, we have already seen that proposed at the state level.  For example, in the debate that took place over age verification in the North Carolina statehouse last summer, a parental permission-based verification proposal supported by North Carolina Attorney General Roy Cooper was billed as a way to strengthen and expand the COPPA framework.  (Never mind the fact that COPPA is a federal statute, or that the state of North Carolina is likely barred from regulating Internet speech and commerce thanks to the First Amendment and the Commerce Clause of the Constitution!)

In other words, future age verification mandates could arrive in the form of COPPA amendments, or at least cite COPPA’s regulatory framework as precedent.  Specifically, the proposal would be to: (a) extend COPPA’s coverage to kids up to the age of 18 and then (b) broaden the range of SNS sites that are covered by its parental consent requirements.

There are many problems associated with such a proposal, and I will get to some of them in a moment. But here’s the more interesting question that few have asked: Is COPPA really working?  It is very much unclear to me that COPPA actually works as billed, but to the extent it does, it is likely because of the very limited scale and nature of the operations it covers.  As I have said in my past writing on the issue, there is a direct relationship between the size of a site and the likelihood of success in attempting to verify its users / members. Of course, that is hardly surprising.  But let’s get a little more concrete about why that is important.  Here are the two reasons that I believe the COPPA / parental consent regime has generally worked so far, or at least hasn’t failed miserably:

(1) Many smaller sites charge a fee for admission; and

(2) The functionality of those sites is usually tightly limited. They are closed, walled gardens.

Regarding the first point: Obviously, the more a site charges for access, the more likely it is that the parent / guardian pays attention to what their kid is doing.  Of course, that doesn’t mean a bad guy couldn’t still get into those “verified” environments under false pretenses.  And there’s the problem of minors with access to credit cards.  Moreover, even assuming credit cards worked as an age verification method, there is the more practical question of whether lawmakers have the guts to mandate that every social networking site in the land start charging admission for access.  Since almost all SNSs are free-of-charge today, that is not going to be a very popular mandate!

Nonetheless, for very small, niche-oriented social networking sites geared toward younger kids, credit cards and fees are part of the reason people think COPPA has “worked.”  In essence, it acts as a bit of a roadblock or hassle thrown in the way of access, and that gets parents thinking and talking to the kids about those sites. That is the argument put forward by Denise Tayloe of Privo, one of the four FTC-approved COPPA safe harbor providers.   Ironically, Tayloe has noted that one of the problems associated with the current COPPA regime is that “Children quickly learned to lie about their age in order to gain access to the interactive features on their favorite sites. As a result,” she notes, “databases have become tainted with inaccurate information and chaos seems to be king where COPPA is concerned,” she says.

Despite these problems, Tayloe argues that COPPA serves an important role.  Even though “there is no perfect solution” and it is not possible to completely “stop a child from lying and putting themselves at risk,” Tayloe believes that COPPA “provides a platform to educate parents and kids about privacy.”  Of course, providing a platform to educate parents and kids about online privacy or safety is very important, but it is not necessarily synonymous with strict age verification.  And we don’t really have any idea what level of parent-child interaction COPPA incentivizes.  More importantly, we don’t really have any good data regarding the accuracy of claims made pursuant to COPPA’s requirements regarding the relationship between parents and the kids seeking access to the site.  How many people (kids or adults) were able to gain access under false pretenses? We don’t know.

Nonetheless, the operating assumption here is that by creating an added economic hurdle or barrier to entry (in the form of the hassle of filling out paperwork or forms), COPPA gets some parents (perhaps most?) to put more thought into what their kids are doing online, and that somehow improves online safety in larger scheme of things.  The problem is that that does not necessarily mean that their kids are operating in perfectly “secure” or “verified” environments.  The danger is that – to the extent some “bad guys” are getting on those sites under false pretenses – kids and parents may fall prey to a false sense of security after they are told the site is COPPA-verified.  Of course, COPPA wasn’t put on the books to keep “bad guys” away from kids online; it was about keeping site operators from collecting personal information about kids.

The second reason COPPA has “worked” to a limited degree is that SNS sites geared toward younger kids tightly limit functionality.  In essence, the site administrators “cripple” the sort of functionality we find in SNS sites geared toward older kids.  That fact alone makes these sites far less likely to be subject to fraudulent entry or dangerous interactions.   If I am an older teen or a pervert, why would I ever want to gain access to a site that has nothing more than drop-down menus and a few buttons to click on when interacting with others?  Thus, the primary reason that kids are likely safer in those environments has almost nothing to do with COPPA’s parental consent mechanisms and almost everything to do with the fact that most of the sites it covers are tightly controlled walled gardens with very limited functionality.

With these facts in mind, let’s gets back to the ultimate question: What would happen if we tried to apply COPPA to all social networking sites for kids of all ages? The threshold question that would need to be answered remains the same as it does today: How do we verify the parent-child relationship when someone asserts they are the parent or guardian?  That’s a very thorny question.  But let me just list out the many other questions that everyone is overlooking here:

(1) What sort of mechanisms will need to be put in place to guarantee that the parent or guardian is who they claim to be (for both initial enrollment and subsequent visit authentication)?  Sign-and-fax forms can be easily forged, so credit cards (and perhaps mandatory user fees) will likely become the default solution. A third method, follow-up phone calls, just doesn’t seem practical.  But might lawmakers demand a mix of all of the above?

(2) Regardless, how burdensome will those mandates be for parents / guardians?

(3) And how burdensome will those mandates be for SNS site operators? What kind of compliance costs / legal penalties are we talking about?

(4) Will the barriers to site enrollment become economic in character such that it requires previously free social networking sites to charge admission?

(5) If so, could that be a disadvantage to low-income families / youth?

(6) If compliance costs go through the roof for SNS sites, will this be a recipe for massive industry consolidation in order to comply with the mandates?

(7) Who is collecting the massive databases of information created by such a mandate for all SNS? Who has access to that data? What might government use it for?

(8) Will this new regime be applicable to offshore sites? And will kids flock to offshore sites as a result of such mandates on domestic sites? If some do, how will we stop them?

And so on.  Bottom line: The future of age verification battles will likely be increasingly tied up with COPPA and the question of how well parental permission-based forms of authentication might work. It is unlikely, however, that such a framework could be easily applied on “Internet scale.”  There is a world of difference between something like Disney’s “Club Penguin” and MySpace, Xanga or Bebo.  And with social networking capabilities being integrated into every site and service these days — from CNN.com to Microsoft’s Xbox Live service — one wonders how that will magnify the compliance costs and hassles for all involved.  Are parents really going to be expected to verify themselves and then their kids for every “social networking site” their kids want to visit?  That seems unnecessary, unworkable, and potentially counter-productive.

Finally, the irony of a proposal to expand COPPA in this fashion is that lawmakers would be using a law that was meant to protect the privacy and personal information of children to potentially gather a great deal more information about them, and their parents!  It’s important we not overlook the privacy implications of any effort to expand COPPA to do something it was not originally intended to cover.

Conclusion

It will likely be very difficult for the Technical Task Force to reach consensus on these controversial and complicated issues.  There are many challenging technical, legal, and even philosophical issue in play here.  The problem is that this Task Force is charged with looking at technical solutions and yet most child safety advocates and academics on the Task Force are of the mind that technical solutions are only one part — and probably the smallest part — of the sort of “layered solution” to online child safety that I describe in my book on “Parental Controls and Online Child Protection.” As I argue in that book:

“the best answer to the problem of unwanted media exposure or contact with others is for parents to rely on a mix of technological controls, informal household media rules, and, most importantly, education and media literacy efforts.”

In sum, we need to get serious about talking to our kids about online safety and proper online behavior. Education is the key, and government has a major role to play in that regard in the classroom and through awareness-building efforts. And technical tools that empower parents to better monitor and guide their child’s online experiences can help too. Social networking sites and other online service providers can offer more of those tools and also take additional steps to improve the safety of their sites and encourage a dialog about appropriate and inappropriate online behavior. Again, it’s a multi-layered effort with education and communication at the core of the plan.

It’s not like I am saying anything new here. Indeed, that layered approach was the recommended approach of two previous online safety blue ribbon task force efforts: The 2000 COPA Commission and the 2002 National Academy of Sciences “Thornburgh Commission.” And every major book about online child safety published over the last 5 years has come to the same conclusion.

But that is not likely going to be enough for state attorneys general. There is no other way for me to state this than to just come right out and say it: The AGs are looking for a silver-bullet technical solution to a complex problem they do not fully understand.  And age verification schemes are the technical bullet du jour.

Alas, for all the reasons I have stated here and elsewhere, age verification schemes are likely to fail miserably.  Even if age verification systems worked as billed, it is unlikely that kids would really be any better off.  All the academic research in this field points to a single, inescapable conclusion: The primary danger to kids online is not adult predators, it is other kids.  In particular, it is peer-on-peer harassment and cyber-bullying.   As parents and a society, we have to do more — a lot more — to address that problem.

Age verification schemes, however, aren’t going to help us solve that problem.  Worse yet, by creating the illusion of safety, it could compromise our children’s privacy in the process and create a false sense of security when kids or their parents come to believe they are operating in “trusted” online environments.  For the sake of our children, it is essential we not fall prey to such a fatal conceit.