In a post earlier this week, I discussed Randy Cohen’s “guideline” for anonymous blogging. Specifically, Cohen argued in a recent New York Times piece that, “The effects of anonymous posting have become so baleful that it should be forsworn unless there is a reasonable fear of retribution.  By posting openly, we support the conditions in which honest conversation can flourish.”  While sympathetic to that guideline, I noted I agreed with it as an ethical principle, not a legal matter.  In others words, what might make sense as a “best practice” for the Internet and its users would not make sense as a regulatory standard.  I prefer using social norms and public pressure to drive these standards, not regulation that could have an unintended chilling effect on beneficial forms of anonymous online speech.

Dan Gillmor of the Center for Citizen Media of the Harvard Berkman Center has a new column up at the UK Guardian in which he takes a slightly different cut at a new standard or social norm for dealing with some of the more caustic anonymous speech out there:

One of the norms we’d be wise to establish is this: People who don’t stand behind their words deserve, in almost every case, no respect for what they say. In many cases, anonymity is a hiding place that harbours cowardice, not honour. The more we can encourage people to use their real names, the better. But if we try to force this, we’ll create more trouble than we fix.  But we don’t want, in the end, to turn everything over to the lawyers. The rest of us — the audience, if you will — need to establish some new norms as well.

Specifically, Gillmor argues that, ” We need to readjust our internal BS meters in a media-saturated age,” because “We are far too prone to accepting what we see and hear.”  I think Gillmor has too little faith in most digital denizens; most of us take anonymous comments with a grain of salt and assume that the ugliest of those comments are often untrue.  And that’s generally the “principle” he recommends each of us adopt going forward:

When you read or hear an anonymous or pseudonymous attack on someone else, you should not just assume — barring persuasive evidence of the charge — that it’s false. Assume that the accuser is an outright, contemptible liar.

I am generally sympathetic to Gillmor’s principle, but I think he goes a bit overboard in asking us to assume that all anonymous or pseudonymous attacks are false. So, here’s a reformulation of it: We should discount, by at least some small measure, anonymous online speech that attacks others in a heated manner and which lacks supporting evidence for the assertions made or charges levied. However, the more heated or vicious the attack, the greater we should discount the veracity of the claims asserted.

Of course, this is simply a guideline for readers, not speakers or the sites that host online speech.  Each speaker will have to decide for themselves whether to post anonymously or reveal their identities. As I noted in my previous essay, however, I think it makes sense to generally encourage people to reveal their true identities when blogging or commenting.  I have always lived by that rule personally when blogging or posting comments on other sites, whether they are blogs, discussion boards, or even shopping sites.

For sites that host speech, things get trickier.  Luckily, we have Section 230 of the CDA to protect online operators from onerous forms of liability for the content they host on their sites, although some would like to change that. Also, as I’ve discussed here before, some critics of online anonymity would like to see “civility check” or “cooling off periods” instituted that would prevent instantaneous comments from being posted without some sort of human or automated review of the content.  But tweaking Sec. 230 liability norms or requiring “cooling off periods” for comments could have a profoundly chilling effect on many beneficial forms of online speech. As Gillmor wisely notes in his essay:

anonymity has crucially important value. We need it for whistleblowers, for political dissidents in dictatorships — for those who have important stories to tell but whose lives or livelihoods would be in jeopardy if their identities were exposed.

And one has to think through the mechanics of regulation before willy-nilly proposing to “ban anonymity” online.  As Gillmor points out, that could lead to some troubling outcomes:

People who’d ban anonymity don’t seem to realise that it’s technically impossible unless we’re willing to turn over all of our communications in every venue to a central authority — a system that would herald the end of liberty. They can’t really want such a regime, can they? Meanwhile, even that kind of structure could and would be hacked by motivated types, though with more difficulty.

That’s exactly right. Nonetheless, online speakers and websites shouldn’t just treat Sec. 230 as a “get-out-of-jail-free” card or let their anonymous speech rights go to their heads.  There’s nothing wrong with a little sensible site policing and self-regulation to deal with the baser elements of the blogosphere.

If you’re a cyberlaw geek or tech policy wonk who needs to keep close tabs on Sec. 230 developments, here’s a terrific resource from the Citizen Media Law Project up at the Harvard Berkman Center.  The site offers a wealth of background info, including legislative history, all the relevant case law surrounding 230, and breaking news on this front.  Just a phenomenal resource; a big THANK YOU! to the folks at CMLP who put this together.

If you’re interested in these issues, you might also want to check out this friendly debate that Harvard’s John Palfrey and I engaged in over at Ars recently as well as my essay on how Sec. 230 has spawned a “utopia of utopias” online.

Ars Technica has just posted the transcript of a friendly debate I recently engaged in with Harvard University law professor John Palfrey about the future of Section 230 of the Communications Decency Act and online liability more generally.  Our debate got started last fall, shortly after I penned a favorable review of John’s excellent new book (with Urs Gasser), Born Digital: Understanding the First Generation of Digital Natives.  [Listen to my podcast with John about it here.]  Although I enjoyed John’s book, I also raised some concerns about his call in the book to reopen and revise Section 230, specifically to address child safety concerns.  At the time, John and I were working together on the Berkman Center’s “Internet Safety Technical Task Force” and we decided to begin an e-mail exchange about the future of 230 and online liability norms more generally.  The result was the debate that Ars has just published.

In our exchange, I begin by asking John to more fully develop some statements and proposals he sets forth in Born Digital.  Specifically, he and co-author Urs Gasser argue that: “The scope of the immunity the CDA provides for online service providers is too broad” and that the law “should not preclude parents from bringing a claim of negligence against [a social networking site] for failing to protect the safety of its users.” They also suggest that “There is no reason why a social network should be protected from liability related to the safety of young people simply because its business operates online.” Specifically, the call for “strengthening private causes of action by clarifying that tort claims may be brought against online service providers when safety is at stake,” although they do not define those instances.

Using those proposals as a launching point for our discussion, I challenge John as follows:

I’m troubled by your proposals because I believe Section 230 has been crucial to the success of the Internet and the robust marketplace of online freedom of speech and expression. In many ways — whether intentional or not — Section 230 was the legal cornerstone that gave rise to many of the online freedoms we enjoy today. I fear that the proposal you have set forth could reverse that. It could lead to crushing liability for many online operators-and not just giants like MySpace or Facebook-that might not be able to absorb the litigation costs. Could you elaborate a bit more about your proposal and explain why you think the time has come to alter Section 230 and online liability norms?

And John does and then we go back-and-forth from there.  Again, you can read the whole exchange over at Ars.

It was a great pleasure to engage in this exchange with Prof. Palfrey and I look forward to what others have to say in response to our debate.  I am working on a longer paper looking broadly at the rising threats to Sec. 230 and the increasing calls for expanded online liability and middleman deputization.  I will use whatever feedback I get from this exchange to refine my paper and proposals.

It’s been a big year for tech policy books. Several important titles were released in 2008 that offer interesting perspectives about the future of the Internet and the impact digital technologies are having on our lives, culture, and economy. Back in September, I compared some of the most popular technology policy books of the past five years and tried to group them into two camps: “Internet optimists” vs. “Internet pessimists.” That post generated a great deal of discussion and I plan on expanding it into a longer article soon. In this post, however, I will merely list what I regard as the most important technology policy books of the past year.

What qualifies as an “important” tech policy book? Basically, it’s a title that many people in this field are currently discussing and that we will likely be talking about for many years to come. I want to make it clear, however, that merely because a book appears on this list it does not necessarily mean I agree with everything said in it. In fact, I found much with which to disagree in my picks for the two most important books of 2008, as well as many of the other books on the list. [Moreover, after reading all these books, I am more convinced than ever that libertarians are badly losing the intellectual battle of ideas over Internet issues and digital technology policy. There’s just very few people defending a “Hands-Off-the-Net” approach anymore. But that’s a subject for another day!]

Another caveat: Narrowly focused titles lose a few points on my list. For example, as was the case in past years, a number of important IP-related books have come out this year. If a book deals exclusively with copyright or patent issues, it does not exactly qualify as the same sort of “tech policy book” as other titles found on this list since it is a narrow exploration of just one set of issues that have a bearing on digital technology policy. The same could be said of a book that deals exclusively with privacy policy, like Solove’s Understanding Privacy. It’s an important book with implications for the future of tech policy, but I demoted it a bit because of its narrow focus.

With those caveats in mind, here are my Top 10 Most Important Tech Policy Books of 2008 (and please let me know about your picks for book of the year):

(1) Jonathan Zittrain ­– The Future of the Internet, and How to Stop It

Zittrain’s book is the most important of 2008 because it’s the one we will still be talking the most about a decade from now. However, I think we’ll be talking about how wrong his thesis was that the “generative” Internet and general purpose PCs are dying.  Indeed, I’ve been quite critical of the thesis that Jonathan sets forth in his book, and I have discussed my reservations in a lengthy book review and a series of follow-up essays here and elsewhere. (Part 1, 2, 3, 4, 5).  We’ve also debated his book on the an NPR-Boston [audio is here] and we debated in person at New America Foundation in early November [video is here].

Despite my serious reservations, Jonathan’s book is important, well-written, and absolutely deserves your attention if you care about the future of technology policy.

(2) Nick Carr – The Big Switch: Rewiring the World, From Edison to Google

Part 1 of Nick Carr’s book is an eloquent early history of cloud computing, nicely comparing it to previous technological revolutions. It’s beautifully done. In Part 2 of the book, however, Carr turns sour and argues that the impact of cloud computing will be quite miserable for our economy, culture, and society. The Big Switch probably makes the best case than any Net pessimist has been penned thus far, and for that reason alone it deserves your attention. Ultimately, however, I found his case unconvincing.

You can find my complete review of Carr’s book here.

(3) John Palfrey and Urs Gasser – Born Digital: Understanding the First Generation of Digital Natives

Palfrey and Gasser’s fine early history of this generation of “Digital Natives” serves as a starting point for any conversation about how to mentor and interact with the children of the Web. It’s a comprehensive and very even-handed discussion about a variety of concerns or Internet pathologies, including: online safety, personal privacy, copyright piracy, offensive content, classroom learning, and much more. Despite a few nitpicks, I really enjoyed this book and highly recommend it. Importantly, it is a very accessible book that even the non-tech layman can pick up and appreciate. [Note: Don Tapscott’s Grown Up Digital: How the Net Generation is Changing Your World, shares a lot in common with Born Digital, but Tapscott doesn’t spend much time on policy issues and that’s why his book isn’t on my list.]

My review of Palfrey and Gasser’s Born Digital is here. [Update Feb 2009: I also hosted a podcast about the book featuring Prof. Palfrey.]

(4) Clay Shirky – Here Comes Everybody: The Power of Organizing without Organizations

While Nick Carr [see #2 above] and Lee Siegel [see #5 below] are leading the “techno-pessimist” parade this year, Clay Shirky is this year’s leading cheerleader for “cyber-optimism.” Shirky argues that the falling costs and growing ease of digital distribution are making it increasingly easy for individuals to engage in group-forming and collective action endeavors. The resulting rise of “mass amateurization” poses a significant challenge to old media operations and traditional business models and practices. In this sense, Shirky is building on many of the themes and arguments previously set forth in books like The Wealth of Networks (Benkler), Wikinomics (Tapscott and Williams), and Convergence Culture (Jenkins). If you’ve already read those titles, you’ll find a great deal of familiar thinking here.

I never got around to putting together a full review of Here Comes Everybody, but Tim Lee had a nice write-up over at Ars earlier this year.

(5) Lee Siegel – Against the Machine: Being Human in the Age of the Electronic Mob

Siegal is this year’s Andrew Keen; a cyber-sourpuss who thinks the whole world is going to hell and that the Internet is to blame. Like Keen’s Cult of the Amateur, Siegel’s Against the Machine is an anti-Web 2.0 screed that finds no redeeming qualities about the Internet or user-generated content.  In particular, Wikipedia and amateur production are blasted as being detrimental to professional media.

Both Siegel and Keen are essentially channeling the ghost of the late Neil Postman, whose 1992 book Technopoly remains the classic statement of techno-pessimism. They prove worthy disciples as they preach the Gospel According to Chicken Little and push for a neo-Luddite revival. But Siegel’s techno-pessimism is boundless and his hatred for all things digital is truly breathtaking. For that reason, however, his book deserves attention.

My lengthy critique of Siegel’s book can be found here.

(6) Ronald J. Deibert, John G. Palfrey, Rafal Rohozinski, and Jonathan Zittrain (eds.) – Access Denied: The Practice and Policy of Global Internet Filtering

This is essential reading for anyone studying the methods governments are using to stifle online expression. The contributors provide a regional and country-by-country overview of the global state of online speech controls and discuss the long-term ramifications of increasing government filtering of online networks. Even if you don’t read the whole thing, this is a must-have title for your bookshelf since there is no other resource out there like this. And it should be required reading in every cyberlaw class in America. [Note: It also contains a very helpful chapter on the mechanics of Net filtering.]  Very highly recommended.

(7) Hal Abelson, Ken Ledeen, and Harry Lewis – Blown to Bits: Your Life, Liberty, and Happiness After the Digital Explosion

Think of this book as “Internet Policy for the Educated Layman.” Abelson, Ledeen, and Lewis survey a broad swath of tech policy territory — privacy, search, encryption, free speech, copyright, spectrum policy — and provide the reader with a nice history and technology primer on each topic. Like Palfrey and Gasser’s Born Digital [see #3 above], Blown to Bits is very accessible and each chapter contains a great deal of useful information to bring you up to speed on the hottest tech policy debates under the sun. Recommended.

My review of Blown to Bits can be found here.

(8) Lawrence Lessig – Remix: Making Art and Commerce Thrive in the Hybrid Economy

Remix treads a lot of ground already covered in Lessig’s other books and essays (perhaps it should have been called “Rehash”), but it more fully develops his thinking on the legal treatment of derivative works. Actually, in some ways (especially in the second half of the book), it’s more of a restatement of much of what is found in Benkler’s Wealth of Networks, albeit in a far less verbose fashion. Regardless, Prof. Lessig has attained rock-star status in tech policy circles and the release of each of his new books or papers becomes a bit of an event. Remix has been no different. It has already attracted a great deal of attention and deserves to be on this list for that reason alone. But if you have read his previous work, you’ll already be familiar with much of what you find in Remix.

Generally speaking, I thought Prof. Lessig made a good case regarding the benefits of remix culture and why copyright law should leave breathing room for the various derivative works of amateur creators. But he too often blurs remix culture with “ripoff culture” (i.e., those who aren’t out to create anything new but instead just take something without paying a penny for it). To solve that latter problem, he endorses a “simple” blanket licensing scheme for the Internet. In this essay, I addressed why blanket online licensing would be anything but simple.

(9) James Bessen and Michael J. Meurer – Patent Failure: How Judges, Bureaucrats, and Lawyers Put Innovators at Risk

Bessen and Meurer argue that America’s patent system is in trouble because “it fail[s] to provide clear and efficient notice of the boundaries of the rights granted.” Patent litigation has exploded, they say, and the costs of the system now outweigh the benefits. Generally speaking, with the exception of the chemical and pharmaceutical industries, Bessen and Meurer don’t feel the patent system does a lot of good.”[I]t seems unlikely that patents today are an effective policy instrument to encourage innovation overall,” they conclude. They detail several reforms to help improve notice and to “make patents work as property” again the way they claim they once did.

Although the authors deal with patents broadly, the book has great relevance to digital technology policy because of their discussion of business method patents and software patents. (Incidentally, that chapter from the book is available online). They argue that software technology is especially prone to problems of “abstraction” and obviousness. As a result, software patenting has been a major contributor to the litigation explosion we have seen in recent years.

Although I agree with their case against software patents, I remain unconvinced that the patent system is failing as badly as Bessen and Meurer claim. Nonetheless, they present a powerful case that deserves to be taken seriously. Patent Failure will have an enormous impact on these debates going forward.

For more opinions on the book… Tim Lee posted a favorable review of Patent Failure over at Ars this summer. And, back in March, there was a lively discussion about the book over at Patently-O. Finally, at last year’s PFF “Aspen Summit,” Michael Meurer debated these issues with some of America’s leading patent law experts. Bronwyn H. Hall, Professor of Economics at Cal-Berkeley, challenges his findings. The video of that panel is here.

(10) Daniel Solove – Understanding Privacy

Daniel Solove’s book — and his approach to classifying and dealing with privacy problems — will have a profound impact on all future privacy debates. In that sense, it is a vital text; a must read for all who follow, or engage in, privacy debates.  On the other hand, Solove’s claim that he can construct a new paradigm based strictly on a pragmatic, utilitarian, “?problem-solving” approach, is ultimately a failure. There is just no getting around the fact that, at some point, you are going to have to provide a more robust theory of rights or justice to explain why one right trumps another. I elaborate in this lengthy critique of Solove’s Understanding Privacy.

Honorable Mentions: Here are a couple of titles that I couldn’t fit on my list but that you might want to also consider reading: Neil Netanel – Copyright’s Paradox; Matt Mason – The Pirate’s Dilemma: How Youth Culture Is Reinventing Capitalism; David Friedman – Future Imperfect: Technology and Freedom in an Uncertain World; Cory Doctorow — Content; and Don Tapscott — Grown Up Digital: How the Net Generation is Changing Your World.

Please let me know if there are other titles I have overlooked, and let me know your opinion about the best technology policy book(s) of 2008 by voting in our poll and commenting more down below.

[poll id=”3″]

I’ve spent a lot of time in recent years trying to debunk various myths about online child safety or at least put those risks into perspective. Too often, press reports and public policy initiatives are being driven by myths, irrational fears, or unjustified “moral panics.”  Luckily, the New York Times reports that there’s another study out this week that helps us see things in a more level-headed light. This new MacArthur Foundation report is entitled Living and Learning with New Media: Summary of Findings from the Digital Youth Project. This white paper is a summary of three years of research on kids’ informal learning with digital media. The survey incorporates the insights from 800 youth and young adults and over 5000 hours of online observations. The information will eventually be contained in a book from MIT Press (“Hanging Out, Messing Around, Geeking Out: Living and Learning with New Media.”)

From the summary of the study on the MacArthur website:

“It might surprise parents to learn that it is not a waste of time for their teens to hang out online,” said Mizuko Ito, University of California, Irvine researcher and the report’s lead author. “There are myths about kids spending time online – that it is dangerous or making them lazy. But we found that spending time online is essential for young people to pick up the social and technical skills they need to be competent citizens in the digital age.”

Importantly, regarding the concerns many parents and policymakers have about online predation, Ms. Ito told the New York Times that, “Those concerns about predators and stranger danger have been overblown.” “There’s been some confusion about what kids are actually doing online. Mostly, they’re socializing with their friends, people they’ve met at school or camp or sports.”

In the report, according to the summary, the researchers “identified two distinctive categories of teen engagement with digital media: friendship-driven and interest-driven. While friendship-driven participation centered on “hanging out” with existing friends, interest-driven participation involved accessing online information and communities that may not be present in the local peer group.” The specific findings of the study are as follows:

• There is a generation gap in how youth and adults view the value of online activity.
  • Adults tend to be in the dark about what youth are doing online, and often view online activity as risky or an unproductive distraction.
  • Youth understand the social value of online activity and are generally highly motivated to participate.
• Youth are navigating complex social and technical worlds by participating online.
  • Young people are learning basic social and technical skills that they need to fully participate in contemporary society.
  • The social worlds that youth are negotiating have new kinds of dynamics, as online socializing is permanent, public, involves managing elaborate networks of friends and acquaintances, and is always on.
• Young people are motivated to learn from their peers online.
  • The Internet provides new kinds of public spaces for youth to interact and receive feedback from one another.
  • Young people respect each other’s authority online and are more motivated to learn from each other than from adults.
• Most youth are not taking full advantage of the learning opportunities of the Internet.
  • Most youth use the Internet socially, but other learning opportunities exist.
  • Youth can connect with people in different locations and of different ages who share their interests, making it possible to pursue interests that might not be popular or valued with their local peer groups.
  • “Geeked-out” learning opportunities are abundant – subjects like astronomy, creative writing, and foreign languages.

These findings are consistent with the much of the existing research already out there about online youth behavior and Internet interactions. As I have mentioned here before, over the past year, I have been serving on the Internet Safety Technical Task Force (ISTTF), which was formed following a January 2008 agreement between social networking website operator MySpace.com and 49 state Attorneys General. As part their “Joint Statement on Key Principles of Social Networking Safety,” MySpace promised the AGs it would expand online safety tools, improve education efforts, and expand its cooperation with law enforcement. Importantly, they also agreed to create the ISTTF to study online safety issues and technologies.

The Berkman Center for Internet & Society at Harvard Law School was tapped to run the ISTTF, and the Task Force included a wide diversity of child safety groups, non-profit organization, and Internet companies. During a session the Task Force held in Washington, DC on April 30th, we heard from several of the nation’s top researchers in the field of online child safety. The presentations were quite enlightening and the videos of the sessions — as well as supporting materials — have all been posted on a special Berkman Center website. I just wanted to share all of those links with you here so that you have access to these wonderful materials. As you will see, they tell the same story the new MacArthur report does: Almost everything the press and policymakers have told us about online child actions and safety has been wrong.

Anyway, read (or watch) for yourself and decide. (P.S. When the final ISTTF report comes out later this year, it will include a massive compendium of all the relevant surveys and academic research done in this field. It will be the definitive treatment of the issue. An early draft is online here. I will post the final link here once the Task Force wraps up.)

April 30, 2008 – ISTTF Child Online Safety Expert Panel

• Teens OnlineStranger Contact and Cyberbullying: What research is telling us Amanda Lenhart, Pew Internet & American Life Project Presentation in .pdf video
• Youth & Law Enforcement Surveys Janis Wolak, Crimes against Children Research Center Presentation in .pdf video
• Social networking sites, unwanted sexual solicitation, Internet harassment, and cyberbullying Michele Ybarra, Internet Solutions for Kids, Inc. Presentation in .pdf video
• Panel Q&A video
• Further reading
  • 1 in 7 Youth: The Statistics about Online Sexual Solicitations
  • Online “Predators” and Their Victims: Myths, Realities, and Implications for Prevention and Treatment
  • Internet Safety Education for Teens: Getting It Right
  • Internet Prevention Messages: Targeting the Right Online Behaviors
  • Teens, Stranger Contact & Cyberbullying
  • How Risky Are Social Networking Sites?
  • Updated Trends in Child Maltreatment, 2006

I’ve just finished reading Blown to Bits: Your Life, Liberty, and Happiness After the Digital Explosion, by Hal Abelson, Ken Ledeen, and Harry Lewis, and it’s another title worth adding to your tech policy reading list. The authors survey a broad swath of tech policy territory — privacy, search, encryption, free speech, copyright, spectrum policy — and provide the reader with a wonderful history and technology primer on each topic.

I like the approach and tone they use throughout the book. It is certainly something more than “Internet Policy for Dummies.” It’s more like “Internet Policy for the Educated Layman”: a nice mix of background, policy, and advice. I think Ray Lodato’s Slashdot review gets it generally right in noting that, “Each chapter will alternatively interest you and leave you appalled (and perhaps a little frightened). You will be given the insight to protect yourself a little better, and it provides background for intelligent discussions about the legalities that impact our use of technology.”

Abelson, Ledeen, and Lewis aren’t really seeking to be polemical in this book by advancing a single thesis or worldview. To the extent the book’s chapters are guided by any central theme, it comes in the form of the “two basic morals about technology” they outline in Chapter 1:

The first is that information technology is inherently neither good nor bad — it can be used for good or ill, to free us or to shackle us. Second, new technology brings social change, and change comes with both risks and opportunities. All of us, and all of our public agencies and private institutions, have a say in whether technology will be used for good or ill and whether we will fall prey to its risks or prosper from the opportunities it creates. (p. 14)

Mostly, what they aim to show is that digital technology is reshaping society and, whether we like or it not, we better get used to it — and quick!  “The digital explosion is changing the world as much as printing once did — and some of the changes are catching us unaware, blowing to bits our assumptions about the way the world works… The explosion, and the social disruption that it will create, have barely begun.” (p 3)

In that sense, most chapters discuss how technology and technological change can be both a blessing and a curse, but the authors are generally more optimistic than pessimistic about the impact of the Net and digital technology on our society. What follows is a quick summary of some of the major issues covered in Blown to Bits.

Privacy: In the chapter on privacy, the authors conclude that it is increasingly difficult to bottle up our personal information and protect it and ourselves entirely from the outside world. “Despite the very best efforts, and the most sophisticated technologies, we can not control the spread of our private information. And we often want information to be made public to serve our own, or society’s purposes.” (p. 70) They argue that there still may be some ways to deal with the misuse of information and that some new technologies might be able to help protect our privacy at the margins. Generally speaking, however, this is a losing battle, and, more importantly, there is an increasing tension between privacy and freedom of speech:

A continuing border war is likely to be waged, however, along an existing free speech front: the line separating my right to tell the truth about you from your right not to have that information used against you. In the realm of privacy, the digital explosion has left matters deeply unsettled. (p. 70)

These are issues I discussed in more detail in my recent review of Daniel Solove’s important new book, Understanding Privacy. Abelson, Ledeen, and Lewis are right to point out that these tensions are only going to increase in coming years and their chapter outlines many of the new fault lines in the debate over online privacy.

Encryption: Having followed the “crypto wars” closely in the mid-1990s, I also found their chapter on cryptography intriguing. The authors note that encryption has gone mainstream. “Keys are cheap. Secret messages are everywhere on the Internet. We are all cryptographers now.” Despite that, the authors note that “very little email is encrypted today.” With the exception of some human rights groups and some particularly privacy-sensitive users, most of us are perfectly content to send our e-mails unencrypted. They argue that there are three reasons most people are unconcerned about their e-mail privacy:

First, there is still little awareness of how easily our e-mail can be captured as the packets flow through the Internet. […] Second, there is little concern because most ordinary citizens feel they have little to hide, so why would anyone bother looking? […] Finally, encrypted email is not built into the Internet infrastructure in the way encrypted web browsing is. (p. 191-92)

They continue and conclude:

Overall, the public seems unconcerned about privacy of communication today, and that privacy fervor that permeated the crypto wars a decade ago is nowhere to be seen. In a very real sense, the dystopian predictions of both sides of that debate are being realized: On the one hand, encryption technology is readily available around the world, and people can hide the contents of their messages, just as law-enforcement feared… At the same time, the spread of the Internet has been accompanied by an increase in surveillance, just as the opponents of encryption regulation feared. (p. 193)

Actually, I’m not sure there really was a “privacy fervor that permeated the crypto wars a decade ago.” Many of us who argued passionately for crypto-freedom back then knew it was unlikely that the masses were going to rush right out and start encrypting all their mail the minute the policy battle ended. In reality, most of us live pretty mundane lives and just don’t care enough to go through the hassle of encrypting the random chatter of e-mail. But it was the principle of the matter that counted — the government should never be given the keys to unlock all private communications. That is what we were fighting about in the crypto wars — not the necessity of everyone encyrpting every e-mail they sent.

Importantly, however, the authors correctly note how the truly beneficial result of the fight for crypto-freedom was an explosion of online commerce, facilitated by behind-the-scenes crypto protecting our transactions. Amazon, eBay, and many other e-commerce vendors, both big and small, have prospered because of strong crypto. That was the security blanket many of us needed before we were willing to take the plunge and begin doing most of our shopping and financial transactions online. This is a great public policy success story, and Abelson, Ledeen, and Lewis do a wonderful job relaying it to the reader.

Online Free Speech / Age Verification: As a passionate First Amendment advocate, the chapter on free speech issues was also of great interest to me. The authors run through the early history of efforts to censor online speech, including the Communications Decency Act of 1996 (CDA) and the Child Online Protection Act of 1998 (COPA), and bring us right up to speed with congressional efforts such as the Deleting Online Predators Act (DOPA), which would ban social networking sites and services in publicly funded schools and libraries. “DOPA, which has not passed into law, is the latest battle in a long war between conflicting values,” note the authors. “On the one hand, society has an interest in keeping unwanted information away from children. On the other hand, society as a whole has an interest in maximizing open communication.” (p. 231)

Abelson, Ledeen, and Lewis go on to outline the dangers of online censorship and the importance of defending the First Amendment from new legislative and regulatory attacks, but they would have done well to cite the growing diversity of parental control tools and methods that are now on the market. I share their passion for defending free speech values, but it is equally important we work hard to show parents and policymakers how many effective self-help tools and strategies are out there on the market today to help them guide — or even control — their child’s media and Internet experiences. Not everyone is equally excited about what a world of media abundance offers us, or out children. If we hope to continue to fend off attacks on the First Amendment, we have to make sure parents are empowered to mentor their kids and limit access to content they find objectionable so they don’t expect Uncle Sam to play the role of national nanny.

I was glad to see the authors spend some time focusing on online age verification / identity authentication since that is probably the most important free speech debate raging today. [I’ve written quite a bit here about the battle over online age verification for social networking sites and other online sites.] The authors point out Congress already attempted to impose age verification on the Internet when they passed the Child Online Protection Act in 1998. “The big problem,” the authors note, “was that these methods either didn’t work or didn’t even exist.” (p. 248) Indeed, the effort in COPA to require “adult personal identification numbers” or a “digital certificate that verifies age” was in their words, “basically a plea from Congress for the industry to come up with some technical magic for determining age at a distance.” (p. 248)  And things really haven’t advanced much since then, they argue:

In the state-of-the-art, however, computers can’t reliably tell the if party on the other end of the communications link is a human or is another computer. For a computer to tell whether a human is over or under the age of 17, even imperfectly, would be very hard indeed. Mischievous 15-year-olds could get around any simple screening system that could be used in the home. The Internet just isn’t like a magazine store. (p. 249)

I hope policymakers are listening — especially the many stubborn state attorneys general who continue to push age verification as a silver-bullet solution to online child safety concerns.

Spectrum Policy: The authors point out how the death of media scarcity has profound implications for the future of speech regulation and spectrum policy alike. “As a society,” they argue, “we simply have to confront the reality that our mindset about radio and television is wrong. It has been shaped by decades of the scarcity argument.” (p. 292)  Regarding what it means for speech controls, they note:

If almost anyone can now send information that many people can receive, perhaps the government’s interest in restricting transmissions should be less than what it once was, not greater. In the absence of scarcity, perhaps the government should have no more authority over what gets said on radio and TV than it does over what gets printed in newspapers. (p. 261)

I couldn’t agree more, and I’ve written voluminously on the topic of creating a “consistent First Amendment standard for the Information Age.” Abelson, Ledeen, and Lewis seem to agree with what I said there when they argue:

Other regulation of broadcast words and images should end. Its legal foundation survives no longer in the newly engineered world of information. There are too many ways for the information to reach us. We need to take responsibility for what we see, and what our children are allowed to see. And they must be educated to live in a world of information plenty. (p. 293)

The death of the scarcity doctrine should also have a profound impact on the future spectrum policy decisions, they say. Perhaps scarcity-based rationales for regulation made (some) sense in the past, but:

These were facts of the technology of the time. They were true, but they were contingent truths of engineering. They were never universal laws of physics, and are no longer limitations of technology. Because of engineering innovations over the past 20 years, there is no practically significant “natural limitation” on the number of broadcast stations. Arguments from inevitable scarcity can no longer justify U.S. government denials of the use of the airwaves. The vast regulatory infrastructure, built to rationalize use of the spectrum but much more limited radio technology, has adjusted slowly — as it almost inevitably must: Bureaucracies don’t move as quickly as technological innovators. The FCC tries to anticipate resource needs centrally and far in advance. But technology can cause abrupt changes in supply, and market forces can cause abrupt changes in demand. Central planning works no better for the FCC than it did for the Soviet Union. (p. 272)

I completely agree, although challenging questions remain about how to get us out of the current mess. Abelson, Ledeen, and Lewis argue that “commons-based” approaches make the most sense. I am certainly open to the idea of treating certain swaths of spectrum as a commons, but it’s important to recognize that this does not necessarily get the regulators completely out of the picture. In fact, as my TLF colleague Jerry Brito has persuasively argued, there is the real potential that the FCC could become an aggressive device regulator if we switch to this approach. “A ‘commons’ model is not a third way between regulation and property, it is just another kind of regulation,” Brito concludes. That’s why I continue to believe that a property rights-based approach for most spectrum allocation makes the most sense and will get the spectrum deployed for its most highly-valued use. Commons-based approaches should supplement, not supplant, that model.

Abelson, Ledeen, and Lewis also fail to sweat the details about how to handle the issue of incumbent spectrum users in the transition to their preferred commons-based model. That strikes me as a pretty big problem. They repeatedly mention how incumbents often seek to block beneficial spectrum reforms — which is no doubt true on some occasions — but that doesn’t mean incumbent spectrum holders don’t have legitimate rights in their existing allocations that should be honored. I would hope that, even if they wanted to go with a pure commons approach going forward, the authors would at least be willing to grandfather-in existing spectrum users. If the goal is to encourage them to vacate what they currently have, incentivize them with flexible use and resale rights. For example, for the right price, a lot of broadcast spectrum holders might be willing to give up their current allotment. Alternatively, if flexible use was allowed, they might deploy their spectrum for a different purpose. Unfortunately, both of these options are currently prohibited by the FCC’s command-and-control regulatory system.

Overall, however, I enjoyed the spectrum chapter and found the history and technology primer in this chapter to be the best in the book.

Copyright: The authors have a strongly-worded chapter on copyright that generally argues for relaxing copyright protections. Interestingly, however, (unless I am missing something) I notice they don’t offer their book for free download on their site.  I’m always intrigued by copyright critics who refuse to put their own content online. Apparently, it’s another case of ‘copying is good for me, but not for thee.’ Regardless, in their copyright chapter, they argue that:

The war over copyright and the Internet has been escalating for more than 15 years. It is a spiral of more and more technology that makes it ever easier for more and more people to share more and more information. This explosion is countered by a legislative response that brings more and more acts within the scope of copyright enforcement, subject to punishments that grow ever more severe. Regulation tries to keep pace by banning technology, sometimes even before the technology exists… If we cannot slow the arms race, tomorrow’s casualties may come to include the open Internet and dynamic of innovation that fuels the information revolution. (p. 199)

The authors make a fair point about the perils of banning technologies to protect copyright. That’s never the right answer. Regrettably, however, they pay less attention to what I regard as the legitimate concerns of copyright holders about how to protect their creative works and expressive endeavors going forward. And it’s not just about protecting large-scale industries, as they and other copyright critics are often prone to claim. It’s about whether or not we want a workable copyright system going forward. Of course, some critics wouldn’t mind seeing copyright law fade into the sunset altogether. But Abelson, Ledeen, and Lewis don’t really make it clear how far they’d be willing to go. They do have a brief discussion about collective licensing approaches as a possible solution, which may be coming sooner than we think for the Net. Unfortunately, they don’t spend much time developing the details. I remain skeptical about the sensibility of that approach — especially since it will likely end up being compulsory in nature and fraught with fairness problems (i.e. Who pays in? How much? On the other end, who gets paid how much when their content appears online? etc.) Nonetheless, I think that’s where we’ll end up before the copyright wars are over, so it would have been nice to see the authors spend more time on collective licensing issues.

They also spend a lot of time discussing DRM. I was surprised by their comment that, “Developers of DRM and trusted platforms may be creating effective technologies to control the use of information, but no one has yet devised effective methods to circumscribe the limits of that control.” (p. 212) I must say, that does not seem to match up with the reality of the market we see around us today in which DRM systems are rapidly crumbling and being abandoned left and right.

Conclusion

I didn’t agree with everything in Blown to Bits, such as their unfortunate call for Net neutrality regulation. Overall, however, I enjoyed the book and recommend it. The narrative can be a little disjointed at times, almost sounding like a series of e-mail exchanges between friends (which may have been the case since the book had three authors). But the text is very accessible and contains a great deal of useful information to bring you up to speed on the hottest tech policy debates under the sun. If the authors are smart, they’ll throw the book online and update it periodically to keep it fresh. As I have found with my parental controls and Media Metrics reports, that’s the only way to keep up with the frantic pace of change in the tech policy arena — version your books like software and release periodic updates.

This book will definitely appear on my big, end-of-year “Most Important Tech Policy Books of 2008” list, which I should have wrapped up shortly. Also, I think this book makes a nice complement to Palfrey and Gasser’s Born Digital, which I reviewed here last month. And, if you are interested in another title that takes an approach similar to what Abelson, Ledeen, and Lewis have taken here, you might want to check out Bruce Owen’s outstanding 1999 book “The Internet Challenge to Television.” It’s an oldy but a goodie, as I noted here.

Finally, given the title of the book and the countless times in the text that Abelson, Ledeen, and Lewis talk about the “bits revolution,” how “bits are bits,” and how “bits behave strangely,” shockingly, they never seem to get around to crediting Nicholas Negroponte for his pioneering work on this front in Being Digital. Long before anybody else gave a damn about how the movement from a world of atoms to a world bits would change our entire existence, Nicholas Negroponte was preaching that gospel to the unconverted. And considering he was saying all that back in the dark (dial-up) ages of 1995, the man deserves some credit, as I have noted here before.

In a big post two months ago entitled “Age Verification Debate Continues; Schools Now at Center of Discussion,” I noted that there has been an important shift in the age verification debate: Schools and school records are increasingly being viewed as the primary mechanism to facilitate online identity authentication transactions. I pointed out that this raises two very serious questions: Do we want schools to serve as DMVs for our children? And, do we want more school records or information about our kids being accessed or put online?

Brad Stone of the New York Times has just posted an important article with relevance to this debate. In it, he points out that:

performing so-called age verification for children is fraught with challenges. The kinds of publicly available data that Web companies use to confirm the identities of adults, like their credit card or Social Security numbers, are either not available for minors or are restricted by federal privacy laws. Nevertheless, over the last year, at least two dozen companies have sprung up with systems they claim will solve the problem. Surprisingly, their work is proving controversial and even downright unpopular among the very people who spend their days worrying about the well-being of children on the Web. Child-safety activists charge that some of the age-verification firms want to help Internet companies tailor ads for children. They say these firms are substituting one exaggerated threat — the menace of online sex predators — with a far more pervasive danger from online marketers like junk food and toy companies that will rush to advertise to children if they are told revealing details about the users.

Stone highlights the efforts of eGuardian, a California company that, “asks a parent to submit the birth date, address, school and gender of a child, then it asks schools to confirm the information.”

Over the last year, eGuardian has been approaching schools, primarily in California, and offering them the entire $29 sign-up fee when they persuade parents to sign up their children. EGuardian’s real money-making hope — and this is what makes [Nancy] Willard nervous — is to have Web sites pay a commission for each eGuardian member. The Web site can then use the data on each child to tailor its advertising.

Nancy Willard, one of America’s leading online child safety experts, is the executive director of the Center for Safe and Responsible Internet Use, and the author of the outstanding book, Cyber-Safe Kids, Cyber-Savvy Teens. The concern she raised with Brad Stone is that “Age verification companies are selling parents on the premise that they can protect the safety of children online, and then they are using this information for market profiling and targeted advertising.” Basically, companies like eGuardian give the software to schools or parents and then hope to make it back through targeted advertising. According to Stone’s article, “EGuardian’s real money-making hope — and this is what makes Ms. Willard nervous — is to have Web sites pay a commission for each eGuardian member. The Web site can then use the data on each child to tailor its advertising.”

I’m not quite as concerned about the advertising / marketing issue as Nancy Willard, but I am equally disturbed about the prospect of using schools as online age verification agents– or partnering with others to make that happen. I apologize for quoting myself at length on this point, but here’s how I stated my concerns before:

[I]nvolving schools in any age verification scheme would raise serious privacy concerns and administrative problems. Depending on how the scheme worked, the administrative burdens imposed on schools could be significant. Someone at each school would have to be in charge of answering phones calls and e-mails from potentially hundreds of website operators looking to age-verify minors. Who will be liable if things go wrong? The school? The school district? An employee in the school’s administrative department who accidentally releases thousands of digital records? And will schools receive the additional funding needed to administer whatever scheme is mandated? Moreover, if schools are required to create more accessible databases containing personal information about minors, who else besides social networking websites would be given access? Data breaches would become a real concern for both students and schools alike. Such a scheme could run up against federal or state laws. For example, the Family Education Rights and Privacy Act of 1974 makes it illegal to release school records without written permission from parents. Both parents and government officials have long demanded that access to school records be tightly guarded because, as a society, we take the privacy of our children very seriously. Thus, serious questions remain about the wisdom and practicality of roping the schools into the age verification process. Most schools and school districts are already over-burdened with federal and state mandates and probably wouldn’t like the sound of additional mandates of this variety.  But what if a technology vendor could serve as the middleman and facilitate the easy transfer of some basic data about kids from the school system in an effort to provide digital credentials? That’s probably where we are heading.  Even the most vociferous advocates of age verification for minors must realize how absolutely radioactive this issue could become since school records about our kids are in play here.  Identity theft concerns are already running at an all-time high in our country and the thought of being required to surrender more info about our kids in this environment is not going to go over well with many parents. But, again, what if we could keep to a minimum the amount of data being transferred about the child to the vendor or the SNS?  Perhaps at the beginning of each school year when a minor is registering they could be given a “secure” digital token or ID number that only associated a grade year (i.e., “sophomore”) with their name, and little or no additional info was included in that token in order to minimize the threat of identity theft or privacy violations.  Of course, the fewer pieces of information contained in that token or credential, the less likely it will be a credible verification tool, or the more likely it is it will be easy to forge or defeat (especially by kids themselves). Regardless, whether we like it or not — and I do not like it one bit — schools are now at the center of the online age verification debate. It will be very interesting to hear what the educational community itself has to say about this development going forward. […] Something tells me that school administrators and educational officials aren’t going to look too kindly on proposals that would turn them into the equivalent of a DMV for kids.

Interestingly, Richard Blumenthal, the attorney general of Connecticut, who has been one of the leading proponents of age verification, told Brad Stone that the privacy issues raised by Willard and others are now on his radar screen:

“The attorneys general would be very concerned about using age verification to promote marketing or any other kinds of promotional pitches or gimmicks aimed at specific age groups,” he said. “Targeted marketing may have its place, but it should not be coupled with the issue of childhood safety.”

That’s good to hear. But I hope Mr. Blumenthal and the other AGs realize that that is just one of many reasons to be concerned about mandatory online age verification, especially if it involved schools as age verification agents. It has troubling implications for schools, kids, parents, free speech, online anonymity, privacy rights, and much more. Most importantly, as I made clear here, it remains highly unlikely that online age verification would actually do anything to really keep kids safer online. In sum, the costs far outweight the benefits when it comes to mandatory age verification.

Earlier this year, I mentioned an outstanding book that John Palfrey of the Berkman Center for Internet & Society at Harvard Law School co-edited entitled Access Denied: The Practice and Policy of Global Internet Filtering.  It’s an excellent resource for anyone studying the methods governments are (unfortunately) using to stifle online expression across the globe.  It’s one of the most important technology policy books of the year.

Well, it looks like John Palfrey will have a second title on this year’s “Best Tech Books” list.  I’ve just finished his new book with his Berkman Center colleague Urs Gasser, Born Digital: Understanding the First Generation of Digital Natives, and it is definitely worthy of your attention. In my book review posted today on the City Journal’s website, I argue that “Palfrey and Gasser’s fine early history of this generation serves as a starting point for any conversation about how to mentor the children of the Web.”  It’s a comprehensive and very even-handed discussion about a variety of concerns or Internet pathologies, including: online safety, personal privacy, copyright piracy, offensive content, classroom learning, and much more.

My City Journal review is down below, but in coming weeks I will be posting some additional thoughts about some specific things in the book worthy of more attention (including a few things I disagreed with).  Overall, I’d say Born Digital is a close runner-up in the race for “Tech Book of the Year,” closely trailing Jonathan Zittrain’s Future of the Internet and How to Stop It (which I have reviewed multiple times) and Nick Carr’s The Big Switch.  But I found far more to agree with in Born Digital than I did in those two books.  Highly recommended.

Understanding Our Digital Kids A new book offers a guide for mentoring the children of the Web.

a book review by Adam D. Thierer of

Born Digital: Understanding the First Generation of Digital Natives, by John Palfrey and Urs Gasser (Basic Books, 288 pp., $25.95)

City Journal 10 October 2008

You can’t blame parents today if they think that their children have been assimilated into the Borg or are living in the Matrix. Members of the “always on, always connected” generation have surrounded themselves with digital devices and networks and colonized cyberspace in the process. Meanwhile, back in “meatspace,” many Analog Era parents scratch their heads, trying to make sense of these momentous changes and what they mean for their kids and society.

Answers are available in Born Digital: Understanding the First Generation of Digital Natives, by John Palfrey and Urs Gasser, both of the Berkman Center for Internet & Society at Harvard Law School. Each chapter in the book addresses a different parental concern or Internet pathology: online safety, personal privacy, copyright piracy, offensive content, classroom learning, and more. Palfrey and Gasser aim “to separate what we need to worry about from what’s not so scary, (and) what we ought to resist from what we ought to embrace.”

The authors offer a balanced treatment of these issues—almost to a fault, in that they occasionally fail to develop fully their own positions. Of course, as they repeatedly—and correctly—note, often these thorny questions have no easy answers. “The hard problem,” they point out, “is how to balance caution with encouragement: How do we take effective steps to protect our children, as well as the interests of others, while allowing those same kids enough room to figure things out on their own?”

If there is a single solution, they argue, it’s education. The authors want parents, educators, and lawmakers to do more to engage the digital generation in a dialogue, instead of leaving it to fend for itself. “The traditional values and common sense that have served us well in the past will be relevant in this new world, too,” they maintain. But Palfrey and Gasser don’t rule out additional tools and methods, including technical controls, industry self-regulation, social norms, and even government action.

Consider online privacy concerns. “Never before has so much information about average citizens been so easily accessible to so many,” they note—and particularly when it comes to our kids. Despite the growing amount of online information about our kids (“digital dossiers”) and other potential threats to privacy, Palfrey and Gasser counsel prudence: “The answer . . . is not to avoid the networked publics in which so many people—especially Digital Natives—are leading their lives. Instead, we need to develop more nuanced ways to navigate these new publics.” Though “there is no single, simple answer,” they argue that “parents, peers, teachers, and mentors [all] have a role to play” to encourage youngsters to protect their information and identities. Most importantly, the digital natives must learn to use common sense when sharing information online.

The authors advocate the same reasoned approach when it comes to online child safety. The safety risks have often been greatly overstated—or at least largely misunderstood—by parents and policymakers. “The data do not suggest that the world is a more dangerous place for young people” because of the Internet, the authors contend. Most of the problems we see online today—cyber-bullying, for example—are really just old problems playing out on new platforms. “Involved parenting” and “open and honest conversations” are the most sensible responses, but intervention strategies by others—including kids’ peers—may be another part of the solution. Parental empowerment tools and industry self-regulation can help, too.

Palfrey and Gasser are open to government playing a role in some cases. They believe “governments should restrict the production and dissemination of certain types of violent content in combination with instituting mandatory, government-based ratings of these materials.” They also call for greater liability for online service providers and social networking sites to encourage them to crack down on potential dangers to children. Given their vagueness, however, both proposals would likely smash into serious First Amendment roadblocks that the authors fail to explore fully.

Palfrey and Gasser view government action less favorably when it comes to combating copyright piracy. “Creativity is the upside of this brave new world of digital media,” they suggest, but “the downside is law-breaking. The vast majority of Digital Natives are currently breaking copyright laws on a regular basis.” But what should we do about piracy? Palfrey and Gasser sidestep some of the underlying ethical issues and bluntly declare that “the goal should be for copyright holders, technologists, and their customers to exchange royalty checks with one another instead of legal complaints.” Yes, but what happens when many refuse to pay even one penny for copyrighted content, as often happens today? Education can encourage youngsters to obey the law, but difficult questions remain about how to deal with those who won’t play by the rules.

In chapters debating the Internet’s impact on learning and culture, the authors worry about shortening attention spans and the rise of a “cut-and-paste culture,” due to the immediate gratification provided by Google searches, Wikipedia, blogs, and instant messaging. On the other hand, they rightly underscore how “Digital Natives are quite sophisticated in the ways that they gather information” and are learning “sophisticated information-gathering and information-processing skills,” while also creating content and sharing information with peers in ways unimaginable just a generation ago.

It will be fascinating to see what impact these changes have on digital natives as they get older and become parents themselves. Regardless, Palfrey and Gasser’s fine early history of this generation serves as a starting point for any conversation about how to mentor the children of the Web.

Update Feb. 2009: I hosted a TLF podcast featuring Prof. Palfrey and discussed this book with him. Listen here.

This week, I have been up at Harvard University participating in another meeting of the Internet Safety Technical Task Force (ISTTF), of which I am a member. The ISTTF was organized earlier this year pursuant to an agreement between 49 state attorneys general (AGs) and social networking giant MySpace.com. A group of experts from academia, non-profit organizations, and industry were appointed to the Task Force, which is charged with evaluating the market for online child safety tools and methods and issuing a report on the matter to the AGs at the end of this year.  ISTTF members have been meeting privately and publicly in both Cambridge, MA and Washington, D.C. The Task Force has been very ably chaired by John Palfrey, co-director of Harvard’s Berkman Center for Internet & Society.

Although the ISTTF is looking at a wide variety of tools and methods associated with online child protection (ex: filters, monitoring tools, educational campaigns, etc.), many of the AGs who crafted the agreement with MySpace that led to the Task Force’s formation have made it clear that they are most interested in having the ISTTF evaluate age verification / online verification technologies.  In fact, at the start of this week’s session at Harvard Law School, AGs Martha Coakely of Massachusetts and Richard Blumenthal of Connecticut both spoke and made it abundantly clear they expect the Task Force to develop age and identify-verification tools for social networking sites (SNS). AG Blumenthal said we need to deal with “the dangers of anonymity” and repeated his standard line about online age verification: “If we can put a man on the moon, we can make the Internet safe.”  [Of course, putting a man on the moon took hundreds of billions of dollars and a decade to accomplish, but never mind that fact! Moreover, one could also argue that if we can put a man on the moon we can cure hunger, AIDS, and the common cold, but some things are obviously easier said than done. Finally, putting a man on the moon didn’t require all Americans or their kids to give up their anonymity or privacy rights in order to accomplish the feat!]

On many occasions here before, I have outlined various questions and reservations about proposals to mandate online age verification.  Last year, I also published a lengthy white paper on the issue and hosted a lively debate on Capitol Hill [transcript here] about this.  I also have discussed age verification in my book on parental controls and online child safety. [Braden Cox also talked about his experiences up at Harvard this week here, and CNet’s Chris Soghoian had a brutal assessment of this week’s proposals on his “Surveillance State” blog.]

In this essay, I will discuss the new fault lines in the debate over online age verification and outline where I think we are heading next on this front.  I will argue:

• There is now widespread understanding that it is extraordinarily difficult to verify the ages and identities of minors online using the methods we typically use to verify adults. Because of this, age verification proponents are increasingly proposing two alternative models of verifying kids before they go online or visit SNS…
• First, for those who continue to believe that we must do whatever we can to verify kids themselves, schools and school records are increasingly being viewed as the primary mechanism to facilitate that. This raises two serious questions: Do we want schools to serve as DMVs for our children? And, do we want more school records or information about our kids being accessed or put online?
• Second, for those who are uncomfortable with the idea of verifying kids or using schools, or school records, to accomplish that task, parental permission-based forms of authentication are becoming the preferred regulatory approach. Under this scheme, which might build upon the regulatory model found in the Children’s Online Privacy Protection Act of 1998 (COPPA), parents or guardians would be verified somehow and then would vouch for their children before they were allowed on a SNS, however defined.  But how do we establish a clear link between parents and kids?  And will parents be willing to surrender a great deal more information (about themselves and their kids) before their kids can go online? And, is it sensible to use a law that was meant to protect the privacy and personal information of children to potentially gather a great deal more information about them, and their parents?
• It remains very unclear how either of those two verification methods would make children safer online. Indeed, that could actually make kids less safe by compromising their personal information and creating a false sense of security online for them and their parents.
• It is highly unlikely the Internet Safety Technical Task Force will be able to reach consensus on this complicated, controversial issue. A small camp will likely flock to the sort of proposals mentioned above. Another, larger camp (including me) will flock to education-based approaches to child safety as well increased reliance on other parental empowerment tools and strategies, industry self-regulatory efforts, social norms, and better intervention strategies for troubled youth. But the age verification debate will go on and, as was the case over the past two years, the legal battleground will be state capitals across America, with AGs likely pushing for age verification mandates regardless of what the Task Force concludes.

Continue reading if you are interested in the details.

How We Could Verify Kids, and Why We Should Not Do It

Let’s assume that we want to achieve AG Blumenthal’s “man-on-the-moon” dream of verifying all kids before they go online. How would we do it?  There are really only two solutions: (1) full-blown national ID cards for kids, or (2) tapping school records about kids to somehow age-verify kids (sort of a “National ID card-Lite” scheme).

National ID Cards for Kids

The first scheme is fairly straightforward, but incredibly frightening to those of us who care about civil liberties. Basically, government could demand that all minors be issued the equivalent of a domestic passport or a national ID card. After all, minors aged 14 to 17 are already required to obtain a passport before they travel overseas. Minors under 14 must have both parents or legal guardians appear together to vouch for the child when applying for a passport. Conceivably, government could simply extend this model to incorporate a domestic identification requirement. Once the youngster had been issued such a domestic passport, it could be requested by others — including social networking sites — as proof of age. Sites could cross-reference a government national ID database to verify identity.

Clearly, however, imposing such a solution domestically would raise serious privacy concerns because it would require the collection, retention and processing of sensitive information about children.  Adults are not required to carry such a domestic passport or national ID card, so why should children? Indeed, all the same privacy concerns related to national ID cards for adults would be amplified with children because, as a society, we generally take extra precautions to protect the privacy of minors and their personal information. And a national ID card for kids would need to include a great deal of information about themselves to allow the card to be used by third parties online as an age-verifying tool. Government would need to issue an age-verified identity, user name, and password to every child.

Particularly concerning is the fact that a national ID card for children would require the creation of more government databases and bureaucracy. The potential for “mission creep” then enters the picture in that more tracking of children by government (and others) becomes possible. What other uses might there be for such information? We don’t know, and we probably don’t want to find out.

The costs of setting up and enforcing such a system would be substantial and must also be considered. Although the cost of digital storage continues to fall, we’re talking about potentially massive digital databases here. But the more important cost factor is the human time and effort that would go into  collecting, processing, and organizing such records and databases.

For those reasons, a government-issued ID card or age verification scheme for kids is a nonstarter. It would raise grave privacy concerns, induce public paranoia, probably encourage a great deal of evasion, and require significant government expenditure to enforce. Moreover, a national ID card would do little to prevent youngsters from visiting offshore sites.

Using the Schools to Help Verify Kids

So, let’s work from the assumption that National ID cards for kids is not going to fly as an online identity authentication solution.  The only other realistic scheme would involve getting the schools involved in the process.  Why?  Because to paraphrase Willy Sutton: “That’s where the data is.”  Schools have more information about our children than probably every other institution or organization combined.  They have very detailed records about kids, their ages and much more, which makes schools a logical candidate for participation in a possible age verification system for minors.  But involving schools in any age verification scheme would raise serious privacy concerns and administrative problems.

Depending on how the scheme worked, the administrative burdens imposed on schools could be significant. Someone at each school would have to be in charge of answering phones calls and e-mails from potentially hundreds of website operators looking to age-verify minors. Who will be liable if things go wrong? The school? The school district? An employee in the school’s administrative department who accidentally releases thousands of digital records? And will schools receive the additional funding needed to administer whatever scheme is mandated?

Moreover, if schools are required to create more accessible databases containing personal information about minors, who else besides social networking websites would be given access? Data breaches would become a real concern for both students and schools alike. Such a scheme could run up against federal or state laws. For example, the Family Education Rights and Privacy Act of 1974 makes it illegal to release school records without written permission from parents. Both parents and government officials have long demanded that access to school records be tightly guarded because, as a society, we take the privacy of our children very seriously.

Thus, serious questions remain about the wisdom and practicality of roping the schools into the age verification process. Most schools and school districts are already over-burdened with federal and state mandates and probably wouldn’t like the sound of additional mandates of this variety.  But what if a technology vendor could serve as the middleman and facilitate the easy transfer of some basic data about kids from the school system in an effort to provide digital credentials? That’s probably where we are heading.  Even the most vociferous advocates of age verification for minors must realize how absolutely radioactive this issue could become since school records about our kids are in play here.  Identity theft concerns are already running at an all-time high in our country and the thought of being required to surrender more info about our kids in this environment is not going to go over well with many parents.

But, again, what if we could keep to a minimum the amount of data being transferred about the child to the vendor or the SNS?  Perhaps at the beginning of each school year when a minor is registering they could be given a “secure” digital token or ID number that only associated a grade year (i.e., “sophomore”) with their name, and little or no additional info was included in that token in order to minimize the threat of identity theft or privacy violations.  Of course, the fewer pieces of information contained in that token or credential, the less likely it will be a credible verification tool, or the more likely it is it will be easy to forge or defeat (especially by kids themselves).

Regardless, whether we like it or not — and I do not like it one bit — schools are now at the center of the online age verification debate. It will be very interesting to hear what the educational community itself has to say about this development going forward.  Incidentally, no one from the educational community was present at Harvard this week as these proposals were flying.  Something tells me that school administrators and educational officials aren’t going to look too kindly on proposals that would turn them into the equivalent of a DMV for kids.

How about Parental Permission Slips for Online Verification?

Another potential way to go about online verification is to avoid verifying the kids directly and instead just verify parents (or guardians) and then get them to vouch for their children.  Some age verification advocates are now calling for such parental consent-based forms of child verification.  Specifically, they are now attempting to drive regulation through the prism of the Children’s Online Privacy Protection Act (COPPA) of 1998.

By way of background, COPPA required websites that marketed to children under the age of 13 to get “verifiable parental consent” before allowing children access to their sites. Generally speaking, the goal was to make sure that such websites were not collecting personal information about children without getting parental permission. The Federal Trade Commission (FTC), which is responsible for enforcing COPPA, adopted a sliding scale approach to obtaining parental consent. The sliding scale approach allows website operators to use a mix of the methods to comply with the law, including print-and-fax forms, follow-up phone calls and e-mails, and credit card authorizations. The FTC also authorized four “safe harbor” programs operated by private companies that help website operators comply with COPPA.

In a February 2007 report to Congress about the status of the COPPA and its enforcement, the FTC said that no changes to COPPA were necessary at this time because it had “been effective in helping to protect the privacy and safety of young children online.” In discussing the effectiveness of the parental consent methods, however, the agency also said that “none of these mechanisms is foolproof” and that “age verification technologies have not kept pace with other developments, and are not currently available as a substitute for other screening mechanisms.” This seems to imply that the FTC does not regard COPPA’s parental consent methods as the equivalent of perfect age verification.

Nonetheless, what should be evident here is that COPPA’s parental consent framework could serve as a vehicle for pushing through greater regulation of all social networking sites, not just those sites geared toward kids under 13.   Indeed, we have already seen that proposed at the state level.  For example, in the debate that took place over age verification in the North Carolina statehouse last summer, a parental permission-based verification proposal supported by North Carolina Attorney General Roy Cooper was billed as a way to strengthen and expand the COPPA framework.  (Never mind the fact that COPPA is a federal statute, or that the state of North Carolina is likely barred from regulating Internet speech and commerce thanks to the First Amendment and the Commerce Clause of the Constitution!)

In other words, future age verification mandates could arrive in the form of COPPA amendments, or at least cite COPPA’s regulatory framework as precedent.  Specifically, the proposal would be to: (a) extend COPPA’s coverage to kids up to the age of 18 and then (b) broaden the range of SNS sites that are covered by its parental consent requirements.

There are many problems associated with such a proposal, and I will get to some of them in a moment. But here’s the more interesting question that few have asked: Is COPPA really working?  It is very much unclear to me that COPPA actually works as billed, but to the extent it does, it is likely because of the very limited scale and nature of the operations it covers.  As I have said in my past writing on the issue, there is a direct relationship between the size of a site and the likelihood of success in attempting to verify its users / members. Of course, that is hardly surprising.  But let’s get a little more concrete about why that is important.  Here are the two reasons that I believe the COPPA / parental consent regime has generally worked so far, or at least hasn’t failed miserably:

(1) Many smaller sites charge a fee for admission; and

(2) The functionality of those sites is usually tightly limited. They are closed, walled gardens.

Regarding the first point: Obviously, the more a site charges for access, the more likely it is that the parent / guardian pays attention to what their kid is doing.  Of course, that doesn’t mean a bad guy couldn’t still get into those “verified” environments under false pretenses.  And there’s the problem of minors with access to credit cards.  Moreover, even assuming credit cards worked as an age verification method, there is the more practical question of whether lawmakers have the guts to mandate that every social networking site in the land start charging admission for access.  Since almost all SNSs are free-of-charge today, that is not going to be a very popular mandate!

Nonetheless, for very small, niche-oriented social networking sites geared toward younger kids, credit cards and fees are part of the reason people think COPPA has “worked.”  In essence, it acts as a bit of a roadblock or hassle thrown in the way of access, and that gets parents thinking and talking to the kids about those sites. That is the argument put forward by Denise Tayloe of Privo, one of the four FTC-approved COPPA safe harbor providers.   Ironically, Tayloe has noted that one of the problems associated with the current COPPA regime is that “Children quickly learned to lie about their age in order to gain access to the interactive features on their favorite sites. As a result,” she notes, “databases have become tainted with inaccurate information and chaos seems to be king where COPPA is concerned,” she says.

Despite these problems, Tayloe argues that COPPA serves an important role.  Even though “there is no perfect solution” and it is not possible to completely “stop a child from lying and putting themselves at risk,” Tayloe believes that COPPA “provides a platform to educate parents and kids about privacy.”  Of course, providing a platform to educate parents and kids about online privacy or safety is very important, but it is not necessarily synonymous with strict age verification.  And we don’t really have any idea what level of parent-child interaction COPPA incentivizes.  More importantly, we don’t really have any good data regarding the accuracy of claims made pursuant to COPPA’s requirements regarding the relationship between parents and the kids seeking access to the site.  How many people (kids or adults) were able to gain access under false pretenses? We don’t know.

Nonetheless, the operating assumption here is that by creating an added economic hurdle or barrier to entry (in the form of the hassle of filling out paperwork or forms), COPPA gets some parents (perhaps most?) to put more thought into what their kids are doing online, and that somehow improves online safety in larger scheme of things.  The problem is that that does not necessarily mean that their kids are operating in perfectly “secure” or “verified” environments.  The danger is that – to the extent some “bad guys” are getting on those sites under false pretenses – kids and parents may fall prey to a false sense of security after they are told the site is COPPA-verified.  Of course, COPPA wasn’t put on the books to keep “bad guys” away from kids online; it was about keeping site operators from collecting personal information about kids.

The second reason COPPA has “worked” to a limited degree is that SNS sites geared toward younger kids tightly limit functionality.  In essence, the site administrators “cripple” the sort of functionality we find in SNS sites geared toward older kids.  That fact alone makes these sites far less likely to be subject to fraudulent entry or dangerous interactions.   If I am an older teen or a pervert, why would I ever want to gain access to a site that has nothing more than drop-down menus and a few buttons to click on when interacting with others?  Thus, the primary reason that kids are likely safer in those environments has almost nothing to do with COPPA’s parental consent mechanisms and almost everything to do with the fact that most of the sites it covers are tightly controlled walled gardens with very limited functionality.

With these facts in mind, let’s gets back to the ultimate question: What would happen if we tried to apply COPPA to all social networking sites for kids of all ages? The threshold question that would need to be answered remains the same as it does today: How do we verify the parent-child relationship when someone asserts they are the parent or guardian?  That’s a very thorny question.  But let me just list out the many other questions that everyone is overlooking here:

(1) What sort of mechanisms will need to be put in place to guarantee that the parent or guardian is who they claim to be (for both initial enrollment and subsequent visit authentication)?  Sign-and-fax forms can be easily forged, so credit cards (and perhaps mandatory user fees) will likely become the default solution. A third method, follow-up phone calls, just doesn’t seem practical.  But might lawmakers demand a mix of all of the above?

(2) Regardless, how burdensome will those mandates be for parents / guardians?

(3) And how burdensome will those mandates be for SNS site operators? What kind of compliance costs / legal penalties are we talking about?

(4) Will the barriers to site enrollment become economic in character such that it requires previously free social networking sites to charge admission?

(5) If so, could that be a disadvantage to low-income families / youth?

(6) If compliance costs go through the roof for SNS sites, will this be a recipe for massive industry consolidation in order to comply with the mandates?

(7) Who is collecting the massive databases of information created by such a mandate for all SNS? Who has access to that data? What might government use it for?

(8) Will this new regime be applicable to offshore sites? And will kids flock to offshore sites as a result of such mandates on domestic sites? If some do, how will we stop them?

And so on.  Bottom line: The future of age verification battles will likely be increasingly tied up with COPPA and the question of how well parental permission-based forms of authentication might work. It is unlikely, however, that such a framework could be easily applied on “Internet scale.”  There is a world of difference between something like Disney’s “Club Penguin” and MySpace, Xanga or Bebo.  And with social networking capabilities being integrated into every site and service these days — from CNN.com to Microsoft’s Xbox Live service — one wonders how that will magnify the compliance costs and hassles for all involved.  Are parents really going to be expected to verify themselves and then their kids for every “social networking site” their kids want to visit?  That seems unnecessary, unworkable, and potentially counter-productive.

Finally, the irony of a proposal to expand COPPA in this fashion is that lawmakers would be using a law that was meant to protect the privacy and personal information of children to potentially gather a great deal more information about them, and their parents!  It’s important we not overlook the privacy implications of any effort to expand COPPA to do something it was not originally intended to cover.

Conclusion

It will likely be very difficult for the Technical Task Force to reach consensus on these controversial and complicated issues.  There are many challenging technical, legal, and even philosophical issue in play here.  The problem is that this Task Force is charged with looking at technical solutions and yet most child safety advocates and academics on the Task Force are of the mind that technical solutions are only one part — and probably the smallest part — of the sort of “layered solution” to online child safety that I describe in my book on “Parental Controls and Online Child Protection.” As I argue in that book:

“the best answer to the problem of unwanted media exposure or contact with others is for parents to rely on a mix of technological controls, informal household media rules, and, most importantly, education and media literacy efforts.”

In sum, we need to get serious about talking to our kids about online safety and proper online behavior. Education is the key, and government has a major role to play in that regard in the classroom and through awareness-building efforts. And technical tools that empower parents to better monitor and guide their child’s online experiences can help too. Social networking sites and other online service providers can offer more of those tools and also take additional steps to improve the safety of their sites and encourage a dialog about appropriate and inappropriate online behavior. Again, it’s a multi-layered effort with education and communication at the core of the plan.

It’s not like I am saying anything new here. Indeed, that layered approach was the recommended approach of two previous online safety blue ribbon task force efforts: The 2000 COPA Commission and the 2002 National Academy of Sciences “Thornburgh Commission.” And every major book about online child safety published over the last 5 years has come to the same conclusion.

But that is not likely going to be enough for state attorneys general. There is no other way for me to state this than to just come right out and say it: The AGs are looking for a silver-bullet technical solution to a complex problem they do not fully understand.  And age verification schemes are the technical bullet du jour.

Alas, for all the reasons I have stated here and elsewhere, age verification schemes are likely to fail miserably.  Even if age verification systems worked as billed, it is unlikely that kids would really be any better off.  All the academic research in this field points to a single, inescapable conclusion: The primary danger to kids online is not adult predators, it is other kids.  In particular, it is peer-on-peer harassment and cyber-bullying.   As parents and a society, we have to do more — a lot more — to address that problem.

Age verification schemes, however, aren’t going to help us solve that problem.  Worse yet, by creating the illusion of safety, it could compromise our children’s privacy in the process and create a false sense of security when kids or their parents come to believe they are operating in “trusted” online environments.  For the sake of our children, it is essential we not fall prey to such a fatal conceit.

Sorry if it seems like I am beating a dead horse here, but the folks at the City Journal asked me a pen a review of Jonathan Zittrain’s new book, The Future of the Internet and How to Stop It.  Faithful readers here will no doubt remember that I have already penned a review of the book and several follow-up essays. (Part 1, 2, 3, 4). I swear I am not picking on Jonathan, but his book is probably the most important technology policy book of the year–Nick Carr’s Big Switch would be a close second–and deserves attention.  Specifically, I think it deserves attention because I believe that Jonathan’s provocative thesis is wildly out of touch with reality.  As I state in the City Journal review of his book:

[C]ontrary to what Zittrain would have us believe, reports of the Internet’s death have been greatly exaggerated. […] Not only is the Net not dying, but there are signs that digital generativity and online openness are thriving as never before. […] Essentially, Zittrain creates a false choice regarding the digital future we face. He doesn’t seem to believe that a hybrid future is possible or desirable. In reality, however, we can have a world full of some tethered appliances or even semi-closed networks that also includes generative gadgets and open networks. After all, millions of us love our iPhones and TiVos, but we also take full advantage of the countless other open networks and devices at our disposal. […]

Further, while it’s true that the creators of iPhone and TiVo maintain a high degree of control over the guts of the devices or their operating systems, the technologies themselves are hardly sterile or non-generative. In fact, these devices have amazing uses, and they have both recently become more open to third-party add-ons and applications. Geeks who demand still more are also hacking away at these and other digital devices to get them to do everything but wash their dishes.Most of us want networks and digital devices that work.

Zittrain, by contrast, seems to long for the era when we all had to load floppy disks into our PCs each morning to get our operating systems running. But those were hardly the good old days. Device makers realized that only techno-geeks would tolerate such hassles, and so our PCs and phones now come with more software and services built in to make our lives easier. Nothing stands in the way of those who still prefer the rugged individualist approach to conquering cyber-frontiers and digital devices. But what Zittrain does in The Future of the Internet is generalize his personal preferences to the whole of cyber-society. What’s good for the ivory-tower digerati may not be what the rest of us want or need.

If you are interested you can read the entire review here.  Again, I encourage you to read Zittrain’s entire book and decide for yourself if my critique is unfair.  Despite my criticisms, it’s a very well-written and interesting book.  As with everything Jonathan does, he has a special gift for making nerdy tech policy issues both interesting and entertaining.

Well, I actually didn’t exactly get a chance to say quite enough for this to qualify as much of a “debate,” but I was brought in roughly a half hour into this WBUR (Boston NPR affiliate) radio show featuring Jonathan Zittrain, author of the recently released: The Future of the Internet–And How to Stop It. Jonathan was kind enough to suggest to the producers that I might make a good respondent to push back a bit in opposition to the thesis set forth in his new book.

Jonathan starts about 6 minutes into the show and they bring me in around 29 minutes in. Although I only got about 10 minutes to push back, I thought the show’s host Tom Ashbrook did an excellent job raising many of the same questions I do in my 3-part review (Part 1, 2, 3) of Jonathan’s provocative book.

In the show, I stress the same basic points I made in those reviews: (1) he seems to be over-stating things quite a bit in saying that the old “generative” Internet is “dying”; and in doing so, (2) he creates a false choice of possible futures from which we must choose. What I mean by false choice is that Jonathan doesn’t seem to believe a hybrid future is possible or desirable. I see no reason why we can’t have the best of both worlds–-a world full of plenty of tethered appliances, but also plenty of generativity and openness.

If you’re interested, listen in.

I swear I’m not trying to pick on Jonathan Zittrain, but I continue to find examples that create problems for his thesis from The Future of the Internet–And How to Stop It that the whole world is going to hell because of the rise of what he contemptuously calls “sterile, tethered devices.” Again, in his provocative book, Zittrain argues that, for a variety of reasons, the glorious days of the generative, open Internet and general-purpose PCs are supposedly giving way to closed networks and closed devices. In my lengthy review of his book, I argued that Zittrain was over-stating things and creating a false choice of possible futures from which we must choose. I see no reason why we can’t have the best of both worlds–a world full of plenty of tethered appliances, but also plenty of generativity and openness. In a follow-up essay, I pointed out how Apple’s products create a particular problem for Zittrain’s thesis because even though they are “sterile and tethered,” there is no doubt that the company’s approach has produced some wonderful results. As I said..

Personally… I prefer all those “general purpose” devices that Zittrain lionizes. But, again, we can have both. Let Steve Jobs be a control freak and keep those walls around Apple’s digital garden high and tight if he wants. There are plenty of other wide open gardens for the rest of us to play in.

In my original review, I briefly mentioned another problem for the Zittrain thesis: old people! I was reminded about this when I was reading this New York Times article today entitled, “At a Certain Age, Simplicity Sells in High-Tech Gadgets,” by Alina Tugend. Tugend argues:

All right, everyone under the age of 40, go run around the block or something. This column is not for you. It is for people like me, inching toward 50, who are, let us say, not technology-averse, but do not embrace it with the unquestioning love that our children do. For them, no gadget is unnecessary, no add-on excessive, no upgrade superfluous. Now, I know this is not just a generational divide. Some people of any age — we all know a few — buy every new gizmo, the more bells and whistles and buttons, the better. And some people in their 20s and 30s are not enamored with the high-tech side of life. But for those of us who remember getting off the couch to change the channel, technology is not necessarily as innate a part of our lives as it is for those chronologically behind us. I’m sure many of you have played the game with your children, seeing what most shocks them: “We had to watch movies in theaters!” “Phones were attached to the wall!” “We only had an AM-FM radio in the car!” And my personal favorite, “I typed my college senior thesis on an electric typewriter, and used Wite-Out for mistakes!” O.K., enough dawdling on memory lane. The point is that technology does not always come naturally. And everything seems to be getting more diminutive and more complex just as I am getting older and slower. “There are folks who are feeling that things are getting too complicated,” said Jim Barry, a spokesman for the Consumer Electronics Association. “The good news is that you have a lot of choices. The bad news is that you have a lot of choices.”

What this proves is that preferences cannot be generalized. What’s good for tech geeks and the digerati may not be best for everyone else. Here’s how I put it in my original review of Zittrain’s book:

put yourself in the shoes of a mere mortal. It’s easy for many us who are tech geeks to look down our noses at those who seem to want to have the hand held through cyberspace or digital experiences. But there’s nothing wrong with those people who seek stability and security in digital devices and their networking experiences—even if they find those solutions in the form of “tethered appliances.” Not everyone wants to have the same cyber-experiences we do. Not everyone wants to reprogram their mobile phones, hack their consoles, write their own code, or even just write a blog or join a social networking site. Millions upon millions of people live perfectly normal lives without ever doing any of these things! (It’s true, I even met a couple of these people… They are called my parents!) Still, many of those mere mortals WILL want to use many of the same toys we tech geeks use, or take cautious steps into the occasional cold pool called cyberspace—one tippy toe at a time. Why shouldn’t those folks be accommodated with “lesser” devices?

Tugend’s NYT article points out that the market for such devices is developing rapidly because there is hot demand for “simpler” devices (i.e., Zittrain’s much-lamented “sterile, tethered devices”):

Consider the ubiquitous cellphone. Two models of phones, Jitterbug by GreatCall Inc. and Coupe by Verizon, offer the most basic services available. One version of the Samsung Jitterbug, for example, has only three buttons: one you can program to call one number, say a friend, work or home; another to call a live operator; and a third to call 911. The other Jitterbug is more like a regular phone, but both have dial tones and larger keypads. Each Jitterbug costs $147, with minutes extra. There is no contract required. Although the Jitterbug is being marketed primarily to older people (hearing aid compatible), with no cameras, games or confusing icons, I can certainly see the appeal. My children, however, laughed when they heard about the phone. “What’s the point with no games?” my older son asked. Consumer Reports, in fact, called the Jitterbug a cellphone “for the technology weary.” The Coupe ($40 with a two-year calling plan) is aimed at a similar market. It has a few more features than the Jitterbug. Both phones have received mixed reviews from users. Microsoft and Apple have certainly noticed this growing market. Last year, Microsoft began selling the SeniorPC (Memo: may want to think about a name change). Hewlett-Packard’s computers, available as desktops or laptops, come with mental acuity games, prescription software (that provides reminders when to take medication at the correct dosage and when to reorder, as well as medical history), financial software and the option of a keyboard with larger buttons. They can also be used with a simplified desktop screen that hides options, for those who need just a few functions, said Rob Sinclair, director for accessibility at Microsoft. “A lot of technology was originally developed for people with severe disabilities,” Mr. Sinclair said. “But these solutions are proving valuable to a much broader range of people.” Many of these features, known as “ease of access settings,” are automatically available with Windows Vista, like screen readers that audibly describe what is on the screen, screen magnifiers, colors and fonts for easy reading and speech recognition, which allows you to direct the computer with your voice. We have Windows XP, the earlier version of the operating system, and it is easy to click into the accessibility options, which do not include speech recognition, through the control panel. But it has a wheelchair icon, which has been eliminated in the later version. “We now talk about ‘ease of access’ to a computer rather than ‘accessibility,’ ” Mr. Sinclair said. “The subtle change in language reflects a significant change in our approach.”

And what’s wrong with this? Answer: Nothing! People are getting the choices and configurations they want. Older generations are simply not comfortable with the “general purpose” devices that tinker-happy gadgeteers like Zittrain and me prefer. Shouldn’t those people get to enjoy some of the same digital experiences and communications options that the rest of us do without being expected to configure their cell phones or program their PCs?

Again, markets are responding to these needs, but not in ways that Prof. Zittrain prefers. Perhaps in another 25 years, when today’s generation of techno-geeks are grandparents, we’ll all be perfectly comfortable with the devices and networks that Zittrain (and I) prefer. For now, that is not enough. People demand more choices–even if they are “sterile and tethered.” They should get them, and luckily they are.

[Note: You might want to first read my review of Jonathan Zittrain’s book to give this essay some context.]

Jonathan Zittrain must have been smiling as he read Leander Kahney’s excellent Wired cover story this month, “How Apple Got Everything Right By Doing Everything Wrong.” In a sense, the article vindicates Zittrain’s thesis in The Future of the Internet–And How to Stop It. Again, in his provocative book, Zittrain argues that, for a variety of reasons, the glorious days of the generative, open Internet and general-purpose PCs are supposedly giving way to closed networks and a world of what he contemptuously calls “sterile, tethered devices.” And Apple products such as the iPhone, the iPod, and iTunes serve as prime examples of the troubling world that await us. And Kahney’s article confirms that Apple is every bit as closed and insular as Zittrain suggests. Kahney nicely contrasts Apple with Google, a company that “embraces openness,” trusts “the wisdom of crowds,” and has its famous “Don’t be evil” philosophy:

It’s ironic, then, that one of the Valley’s most successful companies ignored all of these tenets. Google and Apple may have a friendly relationship — Google CEO Eric Schmidt sits on Apple’s board, after all — but by Google’s definition, Apple is irredeemably evil, behaving more like an old-fashioned industrial titan than a different-thinking business of the future. Apple operates with a level of secrecy that makes Thomas Pynchon look like Paris Hilton. It locks consumers into a proprietary ecosystem. And as for treating employees like gods? Yeah, Apple doesn’t do that either.

On the other hand, Kahney’s article serves as vindication of my response to Zittrain’s book since the article illustrates how, despite breaking all the typical rules of Silicon Valley, the company is more successful than ever and has legions of happy customers. Again, in my review of his book, I argued that there is no reason that we can’t have the best of both worlds. Much of the time, “open” systems produce the best results. Other times, more closed, proprietary models give rise to great products. Today’s digital marketplace is full of wonderful devices and services of both flavors. Apple’s success proves that point, as Kahney’s Wired article shows:

by deliberately flouting the Google mantra, Apple has thrived. When Jobs retook the helm in 1997, the company was struggling to survive. Today it has a market cap of $105 billion, placing it ahead of Dell and behind Intel. Its iPod commands 70 percent of the MP3 player market. Four billion songs have been purchased from iTunes. The iPhone is reshaping the entire wireless industry. Even the underdog Mac operating system has begun to nibble into Windows’ once-unassailable dominance; last year, its share of the US market topped 6 percent, more than double its portion in 2003. It’s hard to see how any of this would have happened had Jobs hewed to the standard touchy-feely philosophies of Silicon Valley. Apple creates must-have products the old-fashioned way: by locking the doors and sweating and bleeding until something emerges perfectly formed. It’s hard to see the Mac OS and the iPhone coming out of the same design-by-committee process that produced Microsoft Vista or Dell’s Pocket DJ music player. Likewise, had Apple opened its iTunes-iPod juggernaut to outside developers, the company would have risked turning its uniquely integrated service into a hodgepodge of independent applications — kind of like the rest of the Internet, come to think of it.

Importantly, it’s not just that Apple has thrived, it’s that consumers have loved their products to the point that there is a sort of “cult of Apple” out there. I should make clear that I am no Apple fanboy. As my TLF colleagues Tim Lee and Jerry Brito can attest, I am constantly making fun of them for their love of Apple products. I am willing to deal with the warts associated with the PC environment because I love the more open-ended nature of it. That being said, there are times when I have to swallow my pride and admit to Tim and Jerry that, in many ways, their Apple products are superior to my PC and Windows-based toys. It’s impossible to spend a few minutes with the iPhone or the latest iPods and Macs and not fall in love with those devices and their interfaces. They are truly spectacular. Thus, as Kahney’s article makes clear, whether you love him or hate him, you have to admit that Jobs is on to something:

No other company has proven as adept at giving customers what they want before they know they want it. Undoubtedly, this is due to Jobs’ unique creative vision. But it’s also a function of his management practices. By exerting unrelenting control over his employees, his image, and even his customers, Jobs exerts unrelenting control over his products and how they’re used. And in a consumer-focused tech industry, the products are what matter.

Indeed they are. And even though Zittrain labels Apple’s products “sterile and tethered,” there is no doubt that the company’s approach has produced some wonderful results. Personally, they are not for me since I prefer all those “general purpose” devices that Zittrain lionizes. But, again, we can have both. Let Steve Jobs be a control freak and keep those walls around Apple’s digital garden high and tight if he wants. There are plenty of other wide open gardens for the rest of us to play in.

Jonathan Zittrain, who is affiliated with Oxford University and Harvard’s Berkman Center, recently released a provocatively titled book: The Future of the Internet–And How to Stop It. It’s an interesting read and I recommend you pick it up despite what I’ll say about it in a moment. (Incidentally, if you ever have a chance to hear Jonathan speak, I highly recommend you do so. He is, bar none, the most entertaining tech policy geek in the world. Imagine Dennis Miller with a cyberlaw degree.)

Jonathan’s book contrasts two different paradigms that he argues could define the Net’s future: The “generative” Net versus what he refers to as a world of “tethered, sterile appliances.” By “generative” he means technologies or networks that invite or allow tinkering and all sorts of creative uses. Think general-purpose personal computers and the traditional “best efforts” Internet. “Tethered, sterile appliances” by contrast, are technologies or networks that discourage or disallow tinkering. Basically, “take it or leave it” proprietary devices like Apple’s iPhone or the TiVo, or online walled gardens like the old AOL and current cell phone networks.

Jonathan’s thesis is that, for a variety of reasons [viruses, Spam, identify theft, etc], we run the risk of seeing the glorious days of the generative, open Net give way to more tethered devices and closed networks. He states:

“Today, the same qualities that led to [the success of the Internet and general-purpose PCs] are causing [them] to falter. As ubiquitous as Internet technologies are today, the pieces are in place for a wholesale shift away from the original chaotic design that has given rise to the modern information revolution. This counterrevolution would push mainstream users away from the generative Internet that fosters innovation and disruption, to an appliancized network that incorporates some of the most powerful features of today’s Internet while greatly limiting its innovative capacity—and, for better or worse, heightening its regulability. A seductive and more powerful generation of proprietary networks and information appliances is waiting for round two. If the problems associated with the Internet and PC are not addressed, a set of blunt solutions will likely be applied to solves problems at the expense of much of what we love about today’s information ecosystem.” [p. 8].

In other words, Jonathan fears that many people will flock to tethered appliances in a search for stability or security. That’s bad, in his opinion, because those tethered appliances are less “open” and more likely to be “regulable,” either by large corporate intermediaries or government officials. Thus, the “future of the Internet” he is hoping to “stop” is a world dominated by tethered digital appliances because it is too limiting and too easy for others to control.

My primary objection to Jonathan’s thesis is that (1) he seems to be over-stating things quite a bit; and in doing so, (2) he creates a false choice of possible futures from which we must choose. What I mean by false choice is that Jonathan doesn’t seem to believe a hybrid future is possible or desirable. I see no reason why we can’t have the best of both worlds–a world full of plenty of tethered appliances, but also plenty of generativity and openness.

Importantly–and Jonathan acknowledges this point to some extent–the boundaries between “generative” and “tethered appliances” are growing increasingly murky. Social networking sites, for example, allow a great deal of generative activity, but they also impose some limitations on what can be posted, or limit the porting of profiles / information over to other sites. Similarly, the iPhone—which Jonathan calls a “sterile” technology—was completely closed at first, but is now growing more open to tinkering with the SDK rollout. But it’s unlikely it will ever be perfectly open. Finally, the TiVo, which Jonathan also throws into the “sterile” bucket, is a tightly controlled technology in some ways, but allows consumers to do some truly wonderful things with it within certain confines.

And there’s a good reason for all of this: Hybrid solutions often make a great deal of sense. They offer creative opportunities within certain confines in an attempt to balance openness and stability. And this brings us back to how Jonathan is over-stating his thesis, in my opinion; he just doesn’t convince me that the old order—of open networks & general-purpose PCs—is dying. It’s still around and always will be. It’s just that a new crop of characters—let’s call them “mere mortals”—have joined us in cyberspace and are increasingly part of the ongoing digital experience. But those of us who are true-blue tech geeks and tinker-happy gadgeteers still have plenty of generative toys at our disposal even though the mere mortals now walk among us.

For example, like many other tech geeks, I have an outrageously expensive mobile phone that allows me to add just about any application I want to it. Problem is, the more I muck with it, the slower and less reliable it gets in some ways, which is precisely why some mere mortals just want a good old-fashion “sterile” phone that won’t give them any hassles. Regardless, on the “generative-vs.-sterile appliance” spectrum, the range of mobile devices just continues to grow and grow in both directions. You can decide what type of device you want. I want something more generative—warts and all. My wife—a true mere mortal if there ever was one—just wants something that works, even if has far fewer options in terms of generative capabilities. (Of course, she’s not trying to compose blog posts like this on her phone like I am! She just wants to check e-mail on occasion and make phone calls. Imagine that: using a phone just to make calls. Crazy!)

So, my question to Jonathan is—to quote the great philosopher Rodney King—Why can’t we all just get along? Isn’t it a sign of progress that we now have different models that appeal to different types of users? After all, those supposedly “sterile” applications like the iPhone and Tivo are loved by millions. Even calling them “sterile” seems a bit silly to me. After all, those devices have “fostered innovation and disruption” just like PCs and the Net have, just in a different way. Regardless, does Jonathan think all those people would really be better off if they were forced to fend for themselves with completely open iPhones and TiVos? Should the iPhone be shipped to market with no apps loaded on the main screen, forcing everyone to get them for on their own? Should TiVos have no interactive menus out-of-the-box, forcing you to go online and find some homebrew that someone whipped up to give you an open source guide in all its blocky ugliness?

Again, before you answer that question for yourself, put yourself in the shoes of a mere mortal. It’s easy for many us who are tech geeks to look down our noses at those who seem to want to have the hand held through cyberspace or digital experiences. But there’s nothing wrong with those people who seek stability and security in digital devices and their networking experiences—even if they find those solutions in the form of “tethered appliances.” Not everyone wants to have the same cyber-experiences we do. Not everyone wants to reprogram their mobile phones, hack their consoles, write their own code, or even just write a blog or join a social networking site. Millions upon millions of people live perfectly normal lives without ever doing any of these things! (It’s true, I’ve even met a couple of these people… They are called my parents!) Still, many of those mere mortals WILL want to use many of the same toys we tech geeks use, or take cautious steps into the occasional cold pool called cyberspace—one tippy toe at a time. Why shouldn’t those folks be accommodated with “lesser” devices?

I fear that Jonathan has spent a little too much time in the ivory tower surrounded by countless people like me who are almost part cyborg in that they use so much technology that they are practically at one with their devices. (If I don’t have a laptop in my backpack and a mobile phone in my pocket I start to experience phantom pains, like I am missing appendages). If one finds themselves stuck in an echo chamber with enough of these other cyborg-humans, they can start to fear the consequences of what might happen when the mere mortals start walking in the front door and asking asinine questions about how to boot up their devices or log on to certain websites. But we have nothing to fear from these aliens. They can have their closed systems and we can have our open systems. We can tinker; they can just play with what they are given. We can be highly interactive cyber-goobers; they can be utterly passive couch potatoes. And so on.

Moreover, a big part of the gap here is simply generational and will pass with time. Once today’s tech geeks are grandparents, most of our kids and grandkids will largely demand the same sort of systems we do because they will be more accustomed to the occasional downsides that accompany the Wild West that cyberspace can sometimes be. But there will always be a crowd who demands some hand-holding and added security.

Jonathan’s short-term concern about how the desire for more stable and secure systems will lead to a more “regulable” world, is understandable. Concerns about privacy, child safety, defamation, identity theft and so on, will continue to lead to calls for more intervention. At the corporate level, however, some of that potential intervention makes a great deal of sense. For example, if ISPs are in a position to help do something to help alleviate some of these problems—especially Spam and viruses—what’s wrong with that? Of course, it gets a lot trickier with things like child safety and copyright issues. That’s where excessive intervention by ISPs could create serious speech and privacy problems—namely in the form of a forced surrender of anonymity.

But, again, I think there is a happy balance here. Bruce Owen, one of my intellectual heroes, really nails it in his response to Jonathan’s thesis:

“Why does Zittrain think that overreaction is likely, and that its costs will be unusually large? Neither prediction is self-evident. Faced with the risk of infection or mishap, many users already restrain their own taste for PC-mediated adventure, or install protective software with similar effect. For the most risk-averse PC users, it may be reasonable to welcome “tethered” PCs whose suppliers compete to offer the most popular combinations of freedom and safety. Such risk-averse users are reacting, in part, to negative externalities from the poor hygiene of other users, but such users in turn create positive externalities by limiting the population of PCs vulnerable to contagion or hijacking. As far as one can tell, this can as easily produce balance or under reaction as overreaction—it is an empirical question. But, as long as flexibility has value to users, suppliers of hardware and interconnection services will have incentives to offer it, in measured ways, or as options.”

That’s exactly right. We can find happy middle-ground solutions. By contrast, Jonathan’s alternative solutions to these problems are quite amorphous. He speaks of the need for a “latter-day Manhattan project, not to build a bomb but to design the tools and conventions by which to continuously defuse one.” (p. 173). That seems like a strange metaphor or paradigm for him to choose since the Manhattan project was highly secretive and centrally planned, the exact opposite of what he seems to desire. But, again, what he desires remains very murky. It seems he wants to solve the problems brought about by openness with more openness—primarily in the form of collective intelligence and action. If we all just find smart ways to work together, we can improve open systems, he argues. Well, sure we can.. sorta. But it will never work perfectly on its own. Some people are going to want more safety and security. They should get it, even if comes in the form of “sterile appliances and tethered devices.” Because, again, the rest of us always have the option to choose something else.

One proposed solution that Jonathan does spell out in a bit more detail troubles me greatly. When discussing the future of Net neutrality, he makes some interesting arguments similar to those we often make here about how unlikely it is that network intermediaries will really be able to stifle the free flow of bits. But then Jonathan goes on to say:

“If there is a present worldwide threat to neutrality in the movement of bits, it comes not from restrictions on traditional Internet access that can be evaded using generative PCs, but from enhancements to traditional and emerging appliancized services that are not open to third-party tinkering.” (p. 181)

He then blasts cable and satellite boxes as being “walled gardens” and creating “mediated experiences” and goes on to ask: “So when should we consider network neutrality-style mandates for appliancized systems?” I would have hoped the answer would be NEVER, since we don’t want pesky FCC bureaucrats making those sort of calls for us and stifling device innovation as a result. Alas, Jonathan seems to feel differently, and responds to his own question as follows:

“The answer lies in that subset of appliancized systems that seeks to gain the benefits of third-party contributions while reserving the right to exclude it later. … Those who offer open APIs on the Net in an attempt to harness the generative cycle ought to remain application-neutral after their efforts have succeeded, so all those who built on top of their interface can continue to do so on equal terms.” (p. 184)

I have many problems with that logic. First, most developers who offer open APIs aren’t likely to close them later precisely because they don’t want to incur the wrath of “those who built on top of their interface.” But, second, for the sake of argument, let’s say they did want to abandoned previously open APIs and move to some sort of walled garden. So what? Isn’t that called marketplace experimentation? Are we really going to make that illegal? Finally, if they were so foolish as to engage in such games, it might be the best thing that ever happened to the market and consumers since it could encourage more entry and innovation as people seek out more open, pro-generative alternatives.

Consider this example: Now that Apple has opened to door to third-party iPhone development a bit with the SDK, does that mean that under Jonathan’s proposed paradigm we should treat the iPhone as the equivalent of commoditized common carriage device? That seems incredibly misguided to me. If Steve Jobs opens the development door just a little bit only to slam it shut a short time later, he will pay dearly for that mistake in the marketplace. For God’s sake, just spend a few minutes over on the Howard Forums or the PPC Geeks forum if you want to get a taste for the insane amount of tinkering going on out there in the mobile world right now on other systems. If Apple tries to roll back the clock, Microsoft and others will be all too happy to take their business by offering a wealth of devices that allow you to tinker to your heart’s content. We should let such experiments continue and let the future of the Internet be determined by market choices, not regulatory choices such as forced API neutrality.

Anyway, read Jonathan’s book. I’ve probably gone a bit too hard on him here, but it’s an important and enlightening book about one possible vision of the Net’s future. In the end, I guess my outlook is just a little rosier than his.

( Update: Following this review, I discussed my reservations in a series of follow-up essays. (Part 2, 3, 4, 5).  We’ve also debated his book on the an NPR-Boston [audio is here] and we debated in person at New America Foundation in early November [video is here]. Finally, I named Jonathan’s book the “most important tech policy book of 2008” on my end-of-year Top 10 list.)