[This is a draft of a section of a forthcoming study on “A Flexible Governance Framework for Artificial Intelligence,” which I hope to complete shortly. I welcome feedback. I have also cross-posted this essay at Medium.]

Debates about how to embed ethics and best practices into AI product design is where the question of public policy defaults becomes important. To the extent AI design becomes the subject of legal or regulatory decision-making, a choice must be made between two general approaches: the precautionary principle or the proactionary principle.[1] While there are many hybrid governance approaches in between these two poles, the crucial issue is whether the initial legal default for AI technologies will be set closer to the red light of the precautionary principle (i.e., permissioned innovation) or to the green light of the proactionary principle (i.e., (permissionless innovation). Each governance default will be discussed.

The Problem with the Precautionary Principle as the Policy Default for AI

The precautionary principle holds that innovations are to be curtailed or potentially even disallowed until the creators of those new technologies can prove that they will not cause any theoretical harms. The classic formulation of the precautionary principle can be found in the “Wingspan Statement,” which was formulated at an academic conference that took place at the Wingspread Conference Center in Wisconsin in 1998. It read: “Where an activity raises threats of harm to the environment or human health, precautionary measures should be taken even if some cause and effect relationships are not fully established scientifically.”[2] There have been many reformulations of the precautionary principle over time but, as legal scholar Cass Sunstein has noted, “in all of them, the animating idea is that regulators should take steps to protect against potential harms, even if causal chains are unclear and even if we do not know that those harms will come to fruition.”[3] Put simply, under almost all varieties of the precautionary principle, innovation is treated as “guilty until proven innocent.”^[4] We can also think of this as permissioned innovation.

The logic animating the precautionary principle reflects a well-intentioned desire to play it safe in the face of uncertainty. The problem lies in the way this instinct gets translated into law and regulation. Making the precautionary principle the public policy default for any given technology or sector has a strong bearing on how much innovation we can expect to flow from it. When trial-and-error experimentation is preemptively forbidden or discouraged by law, it can limit many of the positive outcomes that typically accompany efforts by people to be creative and entrepreneurial. This can, in turn, give rise to different risks for society in terms of forgone innovation, growth, and corresponding opportunities to improve human welfare in meaningful ways.

St. Thomas Aquinas once observed that if the sole goal of a captain were to preserve their ship, the captain would keep it in port forever. But that clearly is not the captain’s highest goal. Aquinas was making a simple but powerful point: There can be no reward without some effort and even some risk-taking. Ship captains brave the high seas because they are in search of a greater good, such as recognition, adventure, or income. Keeping ships in port forever would preserve their vessels, but at what cost?

Similarly, consider the wise words of Wilbur Wright, who pioneered human flight. Few people better understood the profound risks associated with entrepreneurial activities. After all, Wilbur and his brother were trying to figure out how to literally lift humans off the Earth. The dangers were real, but worth taking. “If you are looking for perfect safety,” Wright said, “you would do well to sit on a fence and watch the birds.” Humans would have never taken to the skies if the Wright brothers had not gotten off the fence and taken the risks they did. Risk-taking drives innovation and, over the long-haul, improves our well-being.^[5] Nothing ventured, nothing gained.

These lessons can be applied to public policy by considering what would happen if, in the name of safety, public officials told captains to never leave port or told aspiring pilots to never leave the ground. The opportunity cost of inaction can be hard to quantify, but it should be clear that if we organized our entire society around a rigid application of the precautionary principle, progress and prosperity would suffer.

Heavy-handed preemptive restraints on creative acts can have deleterious effects because they raise barriers to entry, increase compliance costs, and create more risk and uncertainty for entrepreneurs and investors. Thus, it is the unseen costs—primarily in the form of forgone innovation opportunities—that makes the precautionary principle so problematic as a policy default. This is why scientist Martin Rees speaks of “the hidden cost of saying no” that is associated with the precautionary principle.[6]

The precise way the precautionary principle leads to this result is that it derails the so-called learning curve by limiting opportunities to learn from trial-and-error experimentation with new and better ways of doing things.[7] The learning curve refers to the way that individuals, organizations, or industries are able to learn from their mistakes, improve their designs, enhance productivity, lower costs, and then offer superior products based on the resulting knowledge.[8] In his recent book, Where Is My Flying Car?, J. Storrs Hall documents how, over the last half century, “regulation clobbered the learning curve” for many important technologies in the U.S., especially nuclear, nanotech, and advanced aviation.[9] Hall shows how society was denied many important innovations due to endless foot-dragging or outright opposition to change from special interests, anti-innovation activists, and over-zealous bureaucrats.

In many cases, innovators don’t even know what they are up against because, as many scholars have noted, “the precautionary principle, in all of its forms, is fraught with vagueness and ambiguity.”[10] It creates confusion and fear about the wisdom of taking action in the face of uncertainty. Worst case thinking paralyzes regulators who aim to “play it safe” at all costs. The result is an endless snafu of red tape as layer upon layer of mandates build up and block progress. The result is what many scholars now decry as a culture of “vetocracy,” which describes the many veto points within modern political systems that hold back innovation, development and economic opportunity.[11] This endless accumulation of potential veto points in the policy process in the form of mandates and restrictions can greatly curtail innovation opportunities. “Like sediment in a harbor, law has steadily accumulated, mainly since the 1960s, until most productive activity requires slogging through a legal swamp,” says Philip K. Howard, chair of Common Good.[12] “Too much law,” he argues, “can have similar effects as too little law,” because:

People slow down, they become defensive, they don’t initiate projects because they are surrounded by legal risks and bureaucratic hurdles. They tiptoe through the day looking over their shoulders rather than driving forward on the power of their instincts. Instead of trial and error, they focus on avoiding error.[13]

This is exactly why it is important that policymakers not get too caught up in attempts to preemptively resolve every potential hypothetical worst case scenarios associated with AI technologies. The problem with that approach was succinctly summarized by the political scientist Aaron Wildavsky when he noted, “If you can do nothing without knowing first how it will turn out, you cannot do anything at all.”^[14] Or, as I have stated in a book on this topic, “living in constant fear of worst-case scenarios—and premising public policy on them—means that best-case scenarios will never come about.”[15]

This does not mean society should dismiss all concerns about the risks surrounding AI. Some technological risks do necessitate a degree of precautionary policy, but proportionality is crucial, notes Gabrielle Bauer, a Toronto-based medical writer. “Used too liberally,” she argues, “the precautionary principle can keep us stuck in a state of extreme risk-aversion, leading to cumbersome policies that weigh down our lives. To get to the good parts of life, we need to accept some risk.”[16] It is not enough to simply hypothesize that certain AI innovations might entail some risk. The critics need to prove it using risk analysis techniques that properly weigh both the potential costs and benefits.^[17] Moreover, when conducting such analyses, the full range of trade-offs associated with preemptive regulation must be evaluated. Again, where precautionary constraints might deny society life-enriching devices or services, those costs must be acknowledged.

Generally speaking, the most extreme precautionary controls should only be imposed when the potential harms in question are highly probable, tangible, immediate, irreversible, catastrophic, or directly threatening to life and limb in some fashion.^[18] In the context of AI and ML systems, it may be the case that such a test is satisfied already for law enforcement use of certain algorithmic profiling techniques. And that test is satisfied for so-called “killer robots,” or autonomous military technology.[19] These are often described as “existential risks.” The precautionary principle is the right default in these cases because it is abundantly clear how unrestricted use would have catastrophic consequences. For similar reasons, governments have long imposed comprehensive restrictions on certain types of weapons.[20] And although nuclear and chemical technologies have many important applications, their use must also be limited to some degree even outside of militaristic applications because they can pose grave danger if misused.

But the vast majority of AI-enabled technologies are not like this. Most innovations should not be treated the same a hand grenade or a ticking time bomb. In reality, most algorithmic failures will be more mundane and difficult to foresee in advance. By their very nature, algorithms are constantly evolving because programs and systems are being endlessly tweaked by designers to improve them. In his books on the evolution of engineering and systems design, Henry Petroski has noted that “the shortcomings of things are what drive their evolution.”[21] The normal state of things is “ubiquitous imperfection,” he notes, and it is precisely that reality that drives efforts to continuously innovate and iterate.[22]

Regulations rooted in the precautionary principle hope to preemptively find and address product imperfections before any harm comes from them. In reality, and as explained more below, it is only through ongoing experimentation that we find both the nature of failures and the knowledge to know how to correct them. As Petroski observes, “the history of engineering in general, may be told in its failures as well as in its triumphs. Success may be grand, but disappointment can often teach us more.”^[23] This is particularly true for complex algorithmic systems, where rapid-fire innovation and incessant iteration are the norm.

Importantly, the problem with precautionary regulation for AI is not just that it might be over-inclusive in seeking to regulate hypothetical problems that never develop. Precautionary regulation can also be under-inclusive by missing problematic behavior or harms that no one anticipated before the fact. Only experience and experimentation reveal certain problems.

In sum, we should not presume that there is a clear preemptive regulatory solution to every problem some people raise about AI, nor should we presume we can even accurately identify all such problems that might come about in the future. Moreover, some risks will never be eliminated entirely, meaning that risk mitigation is the wiser approach. This is why a more flexible bottom-up governance strategy focused on responsiveness and resiliency makes more sense than heavy-handed, top-down strategies that would only avoid risks by making future innovations extremely difficult if not impossible.

The “Proactionary Principle” is the Better Default for AI Policy

The previous section made it clear why the precautionary principle should generally not be used as our policy default if we hope to encourage the development of AI applications and services. What we need is a policy approach that:

• objectively evaluates the concerns raised about AI systems and applications;
• considers whether more flexible governance approaches might be available to address them; and,
• does so without resorting to the precautionary principle as a first-order response.

The proactionary principle is the better general policy default for AI because it satisfies these three objectives.[24] Philosopher Max More defines the proactionary principle as the idea that policymakers should, “[p]rotect the freedom to innovate and progress while thinking and planning intelligently for collateral effects.”^[25] There are different names for this same concept, including the innovation principle, which Daniel Castro and Michael McLaughlin of the Information Technology and Innovation Foundation say represents the belief that “the vast majority of new innovations are beneficial and pose little risk, so government should encourage them.”^[26] Permissionless innovation is another name for the same idea. Permissionless innovation refers to the idea that experimentation with new technologies and business models should generally be permitted by default.^[27]

What binds these concepts together is the belief that innovation should generally be treated as innocent until proven guilty. There will be risks and failures, of course, but the permissionless innovation mindset views them as important learning experiences. These experiences are chances for individuals, organizations, and all of society to make constant improvements through incessant experimentation with new and better ways of doing things.[28] As Virginia Postrel argued in her 1998 book, The Future and Its Enemies, progress demands “a decentralized, evolutionary process” and mindset in which mistakes are not viewed as permanent disasters but instead as “the correctable by-products of experimentation.”^[29] “No one wants to learn by mistakes,” Petroski once noted, “but we cannot learn enough from successes to go beyond the state of the art.”^[30] Instead we must realize, as other scholars have observed, that “[s]uccess is the culmination of many failures”^[31] and understand “failure as the natural consequence of risk and complexity.”^[32]

This is why the default for public policy for AI innovation should, whenever possible, be more green lights than red ones to allow for the maximum amount of trial-and-error experimentation, which encourages ongoing learning.[33] “Experimentation matters,” observes Stefan H. Thomke of the Harvard Business School, “because it fuels the discovery and creation of knowledge and thereby leads to the development and improvement of products, processes, systems, and organizations.”^[34]

Obviously, risks and mistakes are “the very things regulators inherently want to avoid,”^[35] but “if innovators fear they will be punished for every mistake,” Daniel Castro and Alan McQuinn argue, “then they will be much less assertive in trying to develop the next new thing.”^[36] And for all the reasons already stated, that would represent the end of progress because it would foreclose the learning process that allows society to discover new, better, and safer ways of doing things. Technology author Kevin Kelly puts it this way:

technologies must be evaluated in action, by action. We test them in labs, we try them out in prototypes, we use them in pilot programs, we adapt our expectations, we monitor their alterations, we redefine their aims as they are modified, we retest them given actual behavior, we re-direct them to new jobs when we are not happy with their outcomes.[37]

In other words, the proactionary principle appreciates the benefits that flow from learning by doing. The goal is to continuously assess and prioritize risks from natural and human-made systems alike, and then formulate and reformulate our toolkit of possible responses to those risks using the most practical and effective solutions available. This should make it clear that the proactionary approach is not synonymous with anarchy. Various laws, government bodies, and especially the courts play an important role in protecting rights, health, and order. But policies need to be formulated such that innovators and innovation are given the benefit of the doubt and risks are analyzed and addressed in a more flexible fashion.

Some of the most effective ways to address potential AI risks already exist in the form of “soft law” and decentralized governance solution. These will be discussed at greater length below. But existing legal remedies include various common law solutions (torts, class actions, contract law, etc), recall authority possessed by many regulatory agencies, and various consumer protection policies. Ex post remedies are generally superior to ex ante prior restraints if we hope to maximize innovation opportunities. Ex ante regulatory defaults are too often set closer to the red light of the precautionary principle and then enforced through volumes of convoluted red tape.

This is what the World Economic Forum has referred to as a “regulate-and-forget” system of governance,[38] or what others call a “build-and-freeze model” or regulation.[39] In such technological governance regimes, older rules are almost never revisited, even after new social, economic, and technical realities render them obsolete or ineffective.[40] A 2017 survey of U.S. Code of Regulations by Deloitte consultants revealed that 68 percent of federal regulations have never been updated and that 17 percent have only been updated once.^[41] Public policies for complex and fast-moving technologies like AI cannot be set in stone and forgotten like that if America hopes to remain on the cutting edge of this sector.

Advocates of the proactionary principle look to counter this problem not by eliminating all laws or agencies, but by bringing them in line with flexible governance principles rooted in more decentralized approaches to policy concerns.[42] As many regulatory advocates suggest, it is important to embed or “bake in” various ethical best practices into AI systems to ensure that they benefit humanity. But this, too, is a process of ongoing learning and there are many ways to accomplish such goals without derailing important technological advances. What is often referred to as “value alignment” or “ethically-aligned design” is challenged by the fact that humans regularly disagree profoundly about many moral issues.[43] “Before we can put our values into machines, we have to figure out how to make our values clear and consistent,” says Harvard University psychologist Joshua D. Greene.[44]

The “Three Laws of Robotics” famously formulated decades ago by Isaac Asimov in his science fiction stories continue to be widely discussed today as a guide to embedding ethics into machines.[45] They read:

1. A robot may not injure a human being or, through inaction, allow a human being to come to harm.
2. A robot must obey orders given it by human beings except where such orders would conflict with the First Law.
3. A robot must protect its own existence as long as such protection does not conflict with the First or Second Laws.

What is usually forgotten about these principles, as AI expert Melanie Mitchell reminds us, is the way Asimov, “often focused on the unintended consequences of programming ethical rules into robots,” and how he made it clear that, if applied too literally, “such a set of rules would inevitably fail.”[46]

This is why flexibility and humility are essential virtues when thinking about AI policy. The optimal governance regime for AI can be shaped by responsible innovation practices and embed important ethical principles by design without immediately defaulting to a rigid application of the precautionary principle.[47] In other words, an innovation policy regime rooted in the proactionary principle can also be infused with the same values that animate a precautionary principle-based system.[48] The difference is that the proactionary principle-based approach will look to achieve these goals in a more flexible fashion using a variety of experimental governance approaches and ex post legal enforcement options, while also encouraging still more innovation to solve problems past innovations may have caused.

To reiterate, not every AI risk is foreseeable, and many risks and harms are more amorphous or uncertain. In this sense, the wisest governance approach for AI was recently outlined by the National Institute of Standards and Technology (NIST) in its initial draft AI Risk Management Framework, which is a multistakeholder effort “to describe how the risks from AI-based systems differ from other domains and to encourage and equip many different stakeholders in AI to address those risks purposefully.”[49] NIST notes that the goal of the Framework is:

to be responsive to new risks as they emerge rather than enumerating all known risks in advance. This flexibility is particularly important where impacts are not easily foreseeable, and applications are evolving rapidly. While AI benefits and some AI risks are well-known, the AI community is only beginning to understand and classify incidents and scenarios that result in harm.[50]

This is a sensible framework for how to address AI risks because it makes it clear that it will be difficult to preemptively identify and address all potential AI risks. At the same time, there will be a continuing need to advance AI innovation while addressing AI-related harms. The key to striking that balance will be decentralized governance approaches and soft law techniques described below.

[Note: The subsequent sections of the study will detail how decentralized governance approaches and soft law techniques already are helping to address concerns about AI risks.]

Endnotes:

[1]     Adam Thierer, Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom, 2nd ed. (Arlington, VA: Mercatus Center at George Mason University, 2016): 1-6, 23-38; Adam Thierer, Evasive Entrepreneurs & the Future of Governance (Washington, DC: Cato Institute, 2020): 48-54.

[2]     “Wingspread Statement on the Precautionary Principle,” January 1998, https://www.gdrc.org/u-gov/precaution-3.html.

[3]     Cass R. Sunstein, Laws of Fear: Beyond the Precautionary Principle (Cambridge, UK: Cambridge University Press, 2005). (“The Precautionary Principle takes many forms. But in all of them, the animating idea is that regulators should take steps to protect against potential harms, even if causal chains are unclear and even if we do not know that those harms will come to fruition.”)

[4]     Henk van den Belt, “Debating the Precautionary Principle: ‘Guilty until Proven Innocent’ or ‘Innocent until Proven Guilty’?” Plant Physiology 132 (2003): 1124.

[5]     H.W. Lewis, Technological Risk (New York: WW. Norton & Co., 1990): x. (“The history of the human race would be dreary indeed if none of our forebears had ever been willing to accept risk in return for potential achievement.”)

[6]     Martin Rees, On the Future: Prospects for Humanity (Princeton, NJ: Princeton University Press, 2018): 136.

[7]     Adam Thierer, “Failing Better: What We Learn by Confronting Risk and Uncertainty,” in Sherzod Abdukadirov (ed.), Nudge Theory in Action: Behavioral Design in Policy and Markets (Palgrave Macmillan, 2016): 65-94.

[8]     Adam Thierer, “How to Get the Future We Were Promised,” Discourse, January 18, 2022, https://www.discoursemagazine.com/culture-and-society/2022/01/18/how-to-get-the-future-we-were-promised.

[9]     J. Storrs Hall, Where Is My Flying Car? (San Francisco: Stripe Press, 2021)

[10]    Derek Turner and Lauren Hartzell Nichols, “The Lack of Clarity in the Precautionary Principle,” Environmental Values, Vol 13, No. 4 (2004): 449.

[11]    William Rinehart, “Vetocracy, the Costs of Vetos and Inaction,” Center for Growth & Opportunity at Utah State University, March 24, 2022, https://www.thecgo.org/benchmark/vetocracy-the-costs-of-vetos-and-inaction; Adam Thierer, “Red Tape Reform is the Key to Building Again,” The Hill, April 28, 2022, https://thehill.com/opinion/finance/3470334-red-tape-reform-is-the-key-to-building-again.

[12]    Philip K. Howard, “Radically Simplify Law,” Cato Institute, Cato Online Forum, http://www.cato.org/publications/cato-online-forum/radically-simplify-law.

[13]    Ibid.

^[14]    Aaron Wildavsky, Searching for Safety (New Brunswick, NJ: Transaction Publishers, 1989): 38.

[15]    Thierer, Permissionless Innovation, at 2.

[16]    Gabrielle Bauer, “Danger: Caution Ahead,” The New Atlantis, February 4, 2022, https://www.thenewatlantis.com/publications/danger-caution-ahead.

[17]    Richard B. Belzer, “Risk Assessment, Safety Assessment, and the Estimation of Regulatory Benefits” (Mercatus Working Paper, Mercatus Center at George Mason University, Arlington, VA, 2012), 5, http://mercatus.org/publication/risk-assessment-safety-assessment-and-estimation-regulatory-benefits; John D. Graham and Jonathan Baert Wiener, eds. Risk vs. Risk: Tradeoffs in Protecting Health and the Environment, (Cambridge, MA: Harvard University Press, 1995).

[18]    Thierer, Permissionless Innovation, at 33-8.

[19]    Adam Satariano, Nick Cumming-Bruce and Rick Gladstone, “Killer Robots Aren’t Science Fiction. A Push to Ban Them Is Growing,” New York Times, December 17, 2021, https://www.nytimes.com/2021/12/17/world/robot-drone-ban.html.

[20]    Adam Thierer, “Soft Law: The Reconciliation of Permissionless & Responsible Innovation,” in Adam Thierer, Evasive Entrepreneurs & the Future of Governance (Washington, DC: Cato Institute, 2020): 183-240, https://www.mercatus.org/publications/technology-and-innovation/soft-law-reconciliation-permissionless-responsible-innovation.

[21]    Henry Petroski, The Evolution of Useful Things (New York: Vintage Books, 1994): 34.

[22]    Ibid., 27,

[23]    Henry Petroski, To Engineer is Human: The Role of Failure in Successful Design (New York: Vintage, 1992): 9.

[24]    James Lawson, These Are the Droids You’re Looking For: An Optimistic Vision for Artificial Intelligence, Automation and the Future of Work (London: Adam Smith Institute, 2020): 86, https://www.adamsmith.org/research/these-are-the-droids-youre-looking-for.

[25]    Max More, “The Proactionary Principle (March 2008),” Max More’s Strategic Philosophy, March 28, 2008, http://strategicphilosophy.blogspot.com/2008/03/proactionary-principle-march-2008.html.

[26]    Daniel Castro & Michael McLaughlin, “Ten Ways the Precautionary Principle Undermines Progress in Artificial Intelligence,” Information Technology and Innovation Foundation, February 4, 2019, https://itif.org/publications/2019/02/04/ten-ways-precautionary-principle-undermines-progress-artificial-intelligence.

[27]    Thierer, Permissionless Innovation.

[28]    Thierer, “Failing Better.”

[29]    Virginia Postrel, The Future and Its Enemies (New York: The Free Press, 1998): xiv.

[30]    Henry Petroski, To Engineer is Human: The Role of Failure in Successful Design (New York: Vintage, 1992): 62.

[31]    Kevin Ashton, How to Fly a Horse: The Secret History of Creation, Invention, and Discovery (New York: Doubleday, 2015): 67.

[32]    Megan McArdle, The Up Side of Down: Why Failing Well is the Key to Success (New York: Viking, 2014), 214.

[33]    F. A. Hayek, The Constitution of Liberty (London: Routledge, 1960, 1990): 81. (“Humiliating to human pride as it may be, we must recognize that the advance and even preservation of civilization are dependent upon a maximum of opportunity for accidents to happen.”)

[34]    Stefan H. Thomke, Experimentation Matters: Unlocking the Potential of New Technologies for Innovation (Harvard Business Review Press, 2003), 1.

[35]    Daniel Castro and Alan McQuinn, “How and When Regulators Should Intervene,” Information Technology and Innovation Foundation Reports, (February 2015): 2 http://www.itif.org/publications/how-and-when-regulators-should-intervene.

[36]    Ibid.

[37]    Kevin Kelly, “The Pro-Actionary Principle,” The Technium, November 11, 2008, https://kk.org/thetechnium/the-pro-actiona.

[38]    World Economic Forum, Agile Regulation for the Fourth Industrial Revolution (Geneva: Switzerland: 2020): 4, https://www.weforum.org/projects/agile-regulation-for-the-fourth-industrial-revolution.

[39]    Jordan Reimschisel and Adam Thierer, “’Build & Freeze’ Regulation Versus Iterative Innovation,” Plain Text, November 1, 2017, https://readplaintext.com/build-freeze-regulation-versus-iterative-innovation-8d5a8802e5da.

[40]    Adam Thierer, “Spring Cleaning for the Regulatory State,” AIER, May 23, 2019, https://www.aier.org/article/spring-cleaning-for-the-regulatory-state.

[41]    Daniel Byler, Beth Flores & Jason Lewris, “Using Advanced Analytics to Drive Regulatory Reform: Understanding Presidential Orders on Regulation Reform,” Deloitte, 2017, https://www2.deloitte.com/us/en/pages/public-sector/articles/advanced-analytics-federal-regulatory-reform.html.

[42]    Adam Thierer, Governing Emerging Technology in an Age of Policy Fragmentation and Disequilibrium, American Enterprise Institute (April 2022), https://platforms.aei.org/can-the-knowledge-gap-between-regulators-and-innovators-be-narrowed.

[43]    Brian Christian, The Alignment Problem: Machine Learning and Human Values (New York: W.W. Norton & Company, 2020).

[44]    Joshua D. Greene, “Our Driverless Dilemma,” Science (June 2016): 1515.

[45]    Susan Leigh Anderson, “Asimov’s ‘Three Laws of Robotics’ and Machine Metaethics,” AI and Society, Vol. 22, No. 4, (2008): 477-493.

[46]    Melanie Mitchell, Artificial Intelligence: A Guide for Thinking Humans (New York: Farrar, Straus and Giroux, 2019): 126 [Kindle edition.]

[47]    Thomas A. Hemphill, “The Innovation Governance Dilemma: Alternatives to the Precautionary Principle,” Technology in Society, Vol. 63 (2020): 6, https://ideas.repec.org/a/eee/teinso/v63y2020ics0160791x2030751x.html.

[48]    Adam Thierer, “Are ‘Permissionless Innovation’ and ‘Responsible Innovation’ Compatible?” Technology Liberation Front, July 12, 2017, https://techliberation.com/2017/07/12/are-permissionless-innovation-and-responsible-innovation-compatible.

[49]    The National Institute of Standards and Technology, “AI Risk Management Framework: Initial Draft,” (March 17, 2022): 1, https://www.nist.gov/itl/ai-risk-management-framework.

[50]    Ibid., at 5.

Last week I attended the Section 230 cage match workshop at the DOJ. It was a packed house, likely because AG Bill Barr gave opening remarks. It was fortuitous timing for me: my article with Jennifer Huddleston, The Erosion of Publisher Liability in American Law, Section 230, and the Future of Online Curation, was published 24 hours before the workshop by the Oklahoma Law Review.

These were my impressions of the event:

I thought it was pretty well balanced event and surprisingly civil for such a contentious topic. There were strong Section 230 defenders and strong Section 230 critics, and several who fell in between. There were a couple cheers after a few pointed statements from panelists, but the audience didn’t seem to fall on one side or the other. I’ll add that my friend and co-blogger Neil Chilson gave an impressive presentation about how Section 230 helped make the “long tail” of beneficial Internet-based communities possible.

AG Bob Barr gave the opening remarks, which are available online. A few things jumped out. He suggested that Section 230 had its place but Internet companies are not an infant industry anymore. In his view, the courts have expanded Section 230 beyond drafters’ intent, and the Reno decision “unbalanced” the protections, which were intended to protect minors. The gist of his statement was that the law needs to be “recalibrated.”

Each of these points were disputed by one or more panelists, but the message to the Internet industry was clear: the USDOJ is scrutinizing industry concentration and its relationship to illegal and antisocial online content.

The workshop signals that there is now a large, bipartisan coalition that would like to see Section 230 “recalibrated.” The problem for this coalition is that they don’t agree on what types of content providers should be liable for and they are often at cross-purposes. The problematic content ranges from sex trafficking, to stalkers, to opiate trafficking, to revenge porn, to unfair political ads. For conservatives, social media companies take down too much content, intentionally helping progressives. For progressives, social media companies leave up too much content, unwittingly helping conservatives.

I’ve yet to hear a convincing way to modify Section 230 that (a) satisfies this shaky coalition, (b) would be practical to comply with, and (c) would be constitutional.

Now, Section 230 critics are right: the law blurs the line between publisher and conduit. But this is not unique to Internet companies. The fact is, courts (and federal agencies) blurred the publisher-conduit dichotomy for fifty years for mass media distributors and common carriers as technology and social norms changed. Some cases that illustrate the phenomenon:

In Auvil v. CBS 60 Minutes, a 1991 federal district court decision, some Washington apple growers sued some local CBS affiliates for airing allegedly defamatory programming. The federal district court dismissed the case on the grounds that the affiliates are conduits of CBS programming. Critically, the court recognized that the CBS affiliates “had the power to” exercise editorial control over the broadcast and “in fact occasionally [did] censor programming . . . for one reason or another.” Still, case dismissed. The principle has been cited by other courts. Publishers can be conduits.

Conduits can also be publishers. In 1989, Congress passed a law requiring phone providers to restrict “dial-a-porn” services to minors. Dial-a-porn companies sued. In Information Providers Coalition v. FCC, the 9th Circuit Court of Appeals held that regulated common carriers are “free under the Constitution to terminate service” to providers of indecent content. The Court relied on its decision a few years earlier in Carlin Communications noting that when a common carrier phone company is connecting thousands of subscribers simultaneously to the same content, the “phone company resembles less a common carrier than it does a small radio station.”

Many Section 230 reformers believe Section 230 mangled the common law would like to see the restoration of the publisher-conduit dichotomy. As our research shows, that dichotomy had already been blurred for decades. Until advocates and lawmakers acknowledge these legal trends and plan accordingly, the reformers risk throwing out the baby with the bathwater.

Relevant research:
Brent Skorup & Jennifer Huddleston, The Erosion of Publisher Liability in American Law, Section 230, and the Future of Online Curation (Oklahoma Law Review).

Brent Skorup & Joe Kane, The FCC and Quasi–Common Carriage: A Case Study of Agency Survival (Minnesota Journal of Law, Science & Technology).

“First electricity, now telephones. Sometimes I feel as if I were living in an H.G. Wells novel.” –Dowager Countess, Downton Abbey

Every technology we take for granted was once new, different, disruptive, and often ridiculed and resisted as a result. Electricity, telephones, trains, and television all caused widespread fears once in the way robots, artificial intelligence, and the internet of things do today. Typically it is realized by most that these fears are misplaced and overly pessimistic, the technology gets diffused and we can barely remember our life without it. But in the recent technopanics, there has been a concern that the legal system is not properly equipped to handle the possible harms or concerns from these new technologies. As a result, there are often calls to regulate or rein in their use.

In the late 1980s, video cassette recorders (VCRs) caused a legal technopanic. The concerns were less that VCRs would lead to some bizarre human mutation as in many technopanics, but rather that the existing system of copyright infringement and vicarious liability could not adequately address the potential harm to the motion picture industry. The then president of the Motion Picture Association of America Jack Valenti famously told Congress, “I say to you that the VCR is to the American film producer and the American public as the Boston Strangler is to the woman home alone.”

In the eyes of the film and television producers the legal system did not have the resources to protect their copyright or hold the manufacturers and distributors of these disruptive machines properly liable for their actions. The Ninth Circuit initially sided with the producers finding that recording of television programs for home-viewing was not part of a blanket fair use exception in copyright law and that the manufacturers and distributors of VCRs could be held vicariously liable for their actions. This was overturned at the Supreme Court by a single vote.

By denying the movie industry a victory, ironically, the courts actually handed them a much bigger one. By allowing for the widespread adoption of this technology, the courts actually provided a new line of profit for the studios in home video sales and did not cripple copyright law in the process. It also though shows that the process by and large works. Individuals who pirate or distributed copyrighted video material (remember the FBI warnings at the start of tapes) could still be held personally liable for their violations. If Congress had intervened, the actions would likely have been too broad or too narrow to give appropriate remedy as common law did. Similar concerns arise today with new creative techniques such as 3D printing, but typically it is best to at least let the common law attempt to address these concerns before deeming it incapable. This illustrates how liability norms can evolve naturally over time to strike a sensible balance.

This legal technopanic also emerged around the Internet. The global and anonymous nature of the Internet naturally make it more difficult to perceive the potential harms and to identify the perpetrators and gain jurisdiction over them. Or so the legal technopanic goes. Judge Easterbrook explained in his 1996 article Cyberspace and the Law of the Horse, “the law applicable to specialized endeavors is to study general rules.” Intellectual property law and property rights more generally are relatively well defined general rules. The beauty of the common law is its ability to adapt to a specific situation. Still there are concerns which may require interventions to be made. When necessary these interventions are especially important because, as John Villasenor wrote, “While technology is usually described as an enabler … liability is often described as an impediment.”

For example, Congress preemptively limited the liability of internet service providers in Section 230 of the Communications Decency Act. While there always seem to be concerns over this immunity when bad things happen on the internet, by and large the courts have been able to determine when the ISP was actively contributing to the violations of state and federal laws. In fact the protection provided by Section 230 merely codified the same principles at common law which lead to the protection of the VCR.

A little protection via legislation was necessary to allow the internet to flourish, but that protection was needed in part because of a legal technopanic. Similarly, Congress intervened to establish a notice-and-takedown procedure through the Digital Millennium Copyright Act (DMCA), when it became apparent that existing copyright law was not evolving as quickly as technology to address both the internet host and the copyright holders concerns. While ideally the common law would have been allowed to evolve to a conclusion on the issue, the sudden rise of YouTube and other online services necessitated at least a temporary intervention. Such legislation represents a compromise that likely would have resulted in a winner or loser if it had played out in the courts. As a result, while the common law is typically preferable sometimes legislation is necessary to at least temporarily establish a norm and stem the prevention of innovation from a possible legal technopanic.

By and large the courts have adapted disruptive technology as quickly or even more so then society, and as a result allowed the common law to see reason. Perhaps the moral of the story is as Edward Coke wrote in 1642, “The common law itself is nothing else but reason.”

If there are two general principles that unify my recent work on technology policy and innovation issues, they would be as follows. To the maximum extent possible:

1. We should avoid preemptive and precautionary-based regulatory regimes for new innovation. Instead, our policy default should be innovation allowed (or “permissionless innovation”) and innovators should be considered “innocent until proven guilty” (unless, that is, a thorough benefit-cost analysis has been conducted that documents the clear need for immediate preemptive restraints).
2. We should avoid rigid, “top-down” technology-specific or sector-specific regulatory regimes and/or regulatory agencies and instead opt for a broader array of more flexible, “bottom-up” solutions (education, empowerment, social norms, self-regulation, public pressure, etc.) as well as reliance on existing legal systems and standards (torts, product liability, contracts, property rights, etc.).

I was very interested, therefore, to come across two new essays that make opposing arguments and proposals. The first is this recent Slate oped by John Frank Weaver, “We Need to Pass Legislation on Artificial Intelligence Early and Often.” The second is Ryan Calo’s new Brookings Institution white paper, “The Case for a Federal Robotics Commission.”

Weaver argues that new robot technology “is going to develop fast, almost certainly faster than we can legislate it. That’s why we need to get ahead of it now.” In order to preemptively address concerns about new technologies such as driverless cars or commercial drones, “we need to legislate early and often,” Weaver says. Stated differently, Weaver is proposing “precautionary principle”-based regulation of these technologies. The precautionary principle generally refers to the belief that new innovations should be curtailed or disallowed until their developers can prove that they will not cause any harms to individuals, groups, specific entities, cultural norms, or various existing laws, norms, or traditions.

Calo argues that we need “the establishment of a new federal agency to deal with the novel experiences and harms robotics enables” since there exists “distinct but related challenges that would benefit from being examined and treated together.” These issues, he says, “require special expertise to understand and may require investment and coordination to thrive.

I’ll address both Weaver and Calo’s proposals in turn.

Problems with Precautionary Regulation

Let’s begin with Weaver proposed approach to regulating robotics and autonomous systems.

What Weaver seems to ignore—and which I discuss at greater length in my latest book—is that “precautionary” policy-making typically results in technological stasis and lost opportunities for economic and social progress. As I noted in my book, if we spend all our time living in constant fear of worst-case scenarios—and premising public policy upon such fears—it means that best-case scenarios will never come about. Wisdom and progress are born from experience, including experiences that involve risk and the possibility of occasional mistakes and failures. As the old adage goes, “nothing ventured, nothing gained.”

More concretely, the problem with “permissioning” innovation is that traditional regulatory policies and systems tend to be overly-rigid, bureaucratic, costly, and slow to adapt to new realities. Precautionary-based policies and regulatory systems focus on preemptive remedies that aim to predict the future, and future hypothetical problems that may not ever come about. As a result, preemptive bans or highly restrictive regulatory prescriptions can limit innovations that yield new and better ways of doing things.

Weaver doesn’t bother addressing these issues. He instead advocates regulating “early and often” without stopping to think through the potential costs of doing so. Yet, all regulation has trade-offs and opportunity costs. Before we rush to adopt rules based on knee-jerk negative reactions to new technology, we should conduct comprehensive benefit-cost analysis of the proposals and think carefully about what alternative approaches exist to address whatever problems we have identified.

Incidentally, Weaver also does not acknowledge the contradiction inherent in his thinking when he says robotic technology “is going to develop fast, almost certainly faster than we can legislate it. That’s why we need to get ahead of it now.” Well, if robotic technology is truly developing “faster than we can legislate it,” then “getting out ahead of it” would be seemingly impossible! Unless, that is, he envisions regulating robotic technologies so stringently as to effectively bring new innovation to a grinding halt (or banning altogether).

To be clear, my criticisms should not be read to suggest that zero regulation is the best option. There are plenty of thorny issues that deserve serious policy consideration and perhaps even some preemptive rules. But how potential harms are addressed matters deeply. We should exhaust all other potential nonregulatory remedies first — education, empowerment, transparency, etc. — before resorting to preemptive controls on new forms of innovation. In other words, ex post (or after the fact) solutions should generally trump ex ante (preemptive) controls.

I’ll say more on this point in the conclusion since my response addresses general failings in Ryan Calo’s Federal Robotics Commission proposal, to which we now turn.

Problems with a Federal Robotics Commission

Moving on to Calo, it is important to clarify what he is proposing because he is careful not to overstate his case in favor of a new agency for robotics. He elaborates as follows:

“The institution I have in mind would not “regulate” robotics in the sense of fashioning rules regarding their use, at least not in any initial incarnation. Rather, the agency would advise on issues at all levels—state and federal, domestic and foreign, civil and criminal—that touch upon the unique aspects of robotics and artificial intelligence and the novel human experiences these technologies generate. The alternative, I fear, is that we will continue to address robotics policy questions piecemeal, perhaps indefinitely, with increasingly poor outcomes and slow accrual of knowledge. Meanwhile, other nations that are investing more heavily in robotics and, specifically, in developing a legal and policy infrastructure for emerging technology, will leapfrog the U.S. in innovation for the first time since the creation of steam power.”

Here are some of my concerns with Calo’s proposed Federal Robotics Commission.

Will It Really Just Be an Advisory Body?

First, Calo claims he doesn’t want a formal regulatory agency, but something more akin to a super-advisory body. He does, however, sneak in that disclaimer that he doesn’t envision it to be regulatory “at least not in any initial incarnation.” Perhaps, then, he is suggesting that more formal regulatory controls would be in the cards down the road. It remains unclear.

Regardless, I think it is a bit disingenuous to propose the formation of a new governmental body like this and pretend that it will not someday very soon come to possess sweeping regulatory powers over these technologies. Now, you may well feel that that is a good thing. But I fear that Calo is playing a bit of game here by asking the reader to imagine his new creation would merely stick to an advisory role.

Regulatory creep is real. There just aren’t too many examples of agencies being created solely for their advisory expertise and then not also getting into the business of regulating the technology or topic that is included in that agency’s name. And in light of some of Calo’s past writing and advocacy, I can’t help but think he is actually hoping that the agency comes to take on a greater regulatory role over time. Regardless, I think we can bank on that happening and I that there are reasons to worry about it for reasons noted above and which I will elaborate on below.

Incidentally, if Calo is really more interested in furthering just this expert advisory capacity, there are plenty of other entities (including non-governmental bodies) that could play that role. How about the National Science Foundation, for example? Or how about a multi-stakeholder body consisting of many different experts and institutions? I could go on, but you get the point. A single point of action is also a single point of failure. I don’t want just one big robotics bureaucracy making policy or even advising. I’d prefer a more decentralized approach, and one that doesn’t carry a (potential) big regulatory club in its hand.

Public Choice / Regulatory Capture Problems

Second, Calo underestimates the public choice problems of creating a sector-specific or technology-specific agency just for robotics. To his credit, he does admit that, “agencies have their problems, of course. They can be inefficient and are subject to capture by those they regulate or other special interests.” He also notes he has criticized other agencies for various failings. But he does not say anything more on this point.

Let’s be clear. There exists a long and lamentable history of sector-specific regulators being “captured” by the entities they regulate. To read the ugly reality, see my compendium, “Regulatory Capture: What the Experts Have Found.” That piece documents what leading academics of all political stripes have had to say about this problem over the past century. No one ever summarized the nature and gravity of this problem better than the great Alfred Kahn in his masterpiece, The Economics of Regulation: Principles and Institutions (1971):

“When a commission is responsible for the performance of an industry, it is under never completely escapable pressure to protect the health of the companies it regulates, to assure a desirable performance by relying on those monopolistic chosen instruments and its own controls rather than on the unplanned and unplannable forces of competition. [. . . ] Responsible for the continued provision and improvement of service, [the regulatory commission] comes increasingly and understandably to identify the interest of the public with that of the existing companies on whom it must rely to deliver goods.” (pgs. 12, 46)

The history of the Federal Communications Commission (FCC) is highly instructive in this regard and was documented in a 66-page law review article I penned with Brent Skorup entitled, “A History of Cronyism and Capture in the Information Technology Sector,” (Journal of Technology Law & Policy, Vol. 18, 2013). Again, it doesn’t make for pleasant reading. Time and time again, instead of serving the “public interest,” the FCC served private interests. The entire history of video marketplace regulation is one of the most sickening examples to consider since there have almost eight decades worth of case studies of the broadcast industry using regulation as a club to beat back new entry, competition, and innovation. [Skorup and I have another paper discussing that specific history and how to go about reversing it.] This history is important because, in the early days of the Commission, many proponents thought the FCC would be exactly the sort of “expert” independent agency that Calo envisions his Federal Robotics Commission would be. Needless to say, things did not turn out so well.

But the FCC isn’t the only guilty offender in this regard. Go read the history about how airlines so effectively cartelized their industry following World War II with the help of the Civil Aeronautics Board. Thankfully, President Jimmy Carter appointed Alfred Kahn to clean things up in the 1970s. Kahn, a life-long Democrat, came to realize that the problem of capture was so insidious and inescapable that abolition of the agency was the only realistic solution to make sure consumer welfare would improve. As a result, he and various other Democrats in the Carter Administration and in Congress worked together to sunset the agency and its hideously protectionist, anti-consumer policies. (Also, please read this amazing 1973 law review article on “Economic Regulation vs. Competition,” by Mark Green and Ralph Nader if you need even more proof of why this is a such a problem.)

In other words, the problem of regulatory capture is not something one can casually dismiss. The problem is still very real and deserves more consideration before we casually propose creating new agencies, even “advisory” agencies. At a minimum, when proposing new agencies, you need to get serious about what sort of institutional constraints you might consider putting in place to make sure that history does not repeat itself. Because if you don’t, various large, well-heeled, and politically-connected robotics companies could come to capture any new “Federal Robotics Commission” in very short order.

Can We Clean Up Old Messes Before Building More Bureaucracies?

Third, speaking of agencies, if it is the case that the alphabet soup collection of regulatory agencies we already have in place are not capable of handling “robotics policy” right now, can we talk about reforming them (or perhaps even getting rid of a few of them) first? Why must we just pile yet another sector-specific or technology-specific regulator on top of the many that already exist? That’s just a recipe for more red tape and potential regulatory capture. Unless you believe there is value in creating bureaucracy for the sake of creating bureaucracy, there is no excuse for not phasing out agencies that failed in their original mission, or whose mission is now obsolete, for whatever reason. This is a fundamental “good government” issue that politicians and academics of all stripes should agree on.

Calo indirectly addresses this point by noting that “we have agencies devoted to technologies already and it would be odd and anomalous to think we are done creating them.” Curiously, however, he spends no time talking about those agencies or asking whether they have done a good job. Again, the heart of Calo’s argument comes down the assertion that another specialized, technology-specific “expert” agency is needed because there are “novel” issues associated with robotics. Well, if it is true, as Calo suggests, that we have been down this path before (and we have), and if you believe our economy or society has been made better off for it, then you need to prove it. Because the objection to creating another regulatory bureaucracy is not simply based on distaste for Big Government; it comes down to the simple questions: (1) Do these things work; and (2) Is there a better alternative?

This is where Calo’s proposal falls short. There is no effort to prove that technocratic or “scientific” bureaucracies, on net, are worth their expense (to taxpayers) or cost (to society, innovation, etc.) when compared to alternatives. Of course, I suspect this is where Calo and I might part ways regarding what metrics we would use to gauge success. I’ll save that discussion for another day and shift to what I regard as the far more serious deficiency of Calo’s proposal.

Do We Become Global Innovation Leaders Through Bureaucratic Direction?

Fourth, and most importantly, Calo does not offer any evidence to prove his contention that we need a sector-specific or technology-specific agency for robotics in order to develop or maintain America’s competitive edge in this field. Moreover, he does not acknowledge how his proposal might have the exact opposite result. Let me spend some time on this point because this is what I find most problematic about his proposal.

In his latest Brookings essay and his earlier writing about robotics, Calo keeps suggesting that we need a specialized federal agency for robotics to avoid “poor outcomes” due to the lack of “a legal and policy infrastructure for emerging technology.” He even warns us that other countries who are looking into robotics policy and regulation more seriously “will leapfrog the U.S. in innovation for the first time since the creation of steam power.”

Well, on that point, I must ask: Did America need a Federal Steam Agency to become a leader in that field? Because unless I missed something in history class, steam power developed fairly rapidly in this country without any centralized bureaucratic direction. Or how about a more recent example: Did America need a Federal Computer Commission or Federal Internet Commission to obtain or maintain a global edge in computing, the Internet, or the Digital Economy?

To the contrary, we took the EXACT OPPOSITE approach. It’s not just that no new agencies were formed to guide the development of computing or the Internet in this country. It’s that our government made a clear policy choice to break with the past by rejecting top-down, command-and-control regulation by unelected bureaucrats in some shadowy Beltway agency.

Incidentally, it was Democrats who accomplished this. While many Republicans today love to crack wise-ass comments about Al Gore and the Internet while simultaneously imagining themselves to be the great defenders of Internet freedom, the reality is that we have the Clinton Administration and one its most liberal members—Ira Magaziner—to thank for the most blessedly “light-touch,” market-oriented innovation policy that the world has ever seen.

What did Magaziner and the Clinton Administration do? They crafted the amazing 1997 Framework for Global Electronic Commerce, a statement of the Administration’s principles and policy objectives toward the Internet and the emerging digital economy. It recommended reliance upon civil society, contractual negotiations, voluntary agreements, and ongoing marketplace experiments to solve information age problems. First, “the private sector should lead. The Internet should develop as a market driven arena not a regulated industry,” the Framework recommended. “Even where collective action is necessary, governments should encourage industry self-regulation and private sector leadership where possible.” Second, “governments should avoid undue restrictions on electronic commerce” and “parties should be able to enter into legitimate agreements to buy and sell products and services across the Internet with minimal government involvement or intervention.”

I’ve argued elsewhere that the Clinton Administration’s Framework, “remains the most succinct articulation of a pro-freedom, innovation-oriented vision for cyberspace ever penned.” Of course, this followed the Administration’s earlier move to allow the full commercialization of the Internet, which was even more important. The policy disposition they established with these decisions resulted in an unambiguous green light for a rising generation of creative minds who were eager to explore this new frontier for commerce and communications. And to reiterate,they did it without any new bureaucracy.

If You Regulate “Robotics,” You End Up Regulating Computing & Networking

Incidentally, I do not see how we could create a new Federal Robotics Commission without it also becoming a de facto Federal Computing Commission. Robotics and the many technologies and industries it already includes — driverless cars, commercial drones, Internet of Things, etc. — is becoming a hot policy topic, and proposals for regulation are already flying. These robotic technologies are developing on top of the building blocks of the Information Revolution: microprocessors, wireless networks, sensors, “big data,” etc.

Thus, I share Cory Doctorow’s skepticism about how one could logically separate “robotics” from these other technologies and sectors for regulatory purposes:

I am skeptical that “robot law” can be effectively separated from software law in general. … For the life of me, I can’t figure out a legal principle that would apply to the robot that wouldn’t be useful for the computer (and vice versa).

In his Brookings paper, Calo responded to Doctorow’s concern as follows:

the difference between a computer and a robot has largely to do with the latter’s embodiment. Robots do not just sense, process, and relay data. Robots are organized to act upon the world physically, or at least directly. This turns out to have strong repercussions at law, and to pose unique challenges to law and to legal institutions that computers and the Internet did not.

I find this fairly unconvincing. Just because robotic technologies have a physical embodiment does not mean their impact on society is all that more profound than computing, the Internet, and digital technologies. Consider all the hand-wringing going on today in cybersecurity circles about how hacking, malware, or various other types of digital attacks could take down entire systems or economies. I’m not saying I buy all that “technopanic” talk (and here are about three dozens of my essays arguing the contrary), but the theoretical ramifications are nonetheless on par with dystopian scenarios about robotics.

The Alternative Approach

Of course, it certainly may be the case that some worst-case scenarios are worth worrying about in both cases—for robotics and computing, that is. Still, is a Federal Robotics Commission or a Federal Computing Commission really the sensible way to address those issues?

To the contrary, this is why we have a Legislative Branch! So many of the problems of our modern era of dysfunctional government are rooted in an unwise delegation of authority to administrative agencies. Far too often, congressional lawmakers delegate broad, ambiguous authority to agencies instead of facing up to the hard issues themselves. This results in waste, bloat, inefficiencies, and an endless passing of the buck.

There may very well be some serious issues raised by robotics and AI that we cannot ignore, and which may even require a little preemptive, precautionary policy. And the same goes for general computing and the Internet. But that is not a good reason to just create new bureaucracies in the hope that some set of mythical technocratic philosopher kings will ride in to save the day with their supposed greater “expertise” about these matters. Either you believe in democracy or you don’t. Running around calling for agencies and unelected bureaucrats to make all the hard choices means that “the people” have even less of a say in these matters.

Moreover, there are many other methods of dealing with robotics and the potential problems robotics might create than through the creation of new bureaucracy. The common law already handles many of the problems that both Calo and Weaver are worried about. To the extent robotic systems are involved in accidents that harm individuals or their property, product liability law will kick in.

On this point, I strongly recommend another new Brookings publication. John Villasenor’s outstanding April white paper, “Products Liability and Driverless Cars: Issues and Guiding Principles for Legislation,” correctly argues that,

“when confronted with new, often complex, questions involving products liability, courts have generally gotten things right. … Products liability law has been highly adaptive to the many new technologies that have emerged in recent decades, and it will be quite capable of adapting to emerging autonomous vehicle technologies as the need arises.”

Thus, instead of trying to micro-manage the development of robotic technologies in an attempt to plan for every hypothetical risk scenario, policymakers should be patient while the common law evolves and liability norms adjust. Traditionally, the common law has dealt with products liability and accident compensation in an evolutionary way through a variety of mechanisms, including strict liability, negligence, design defects law, failure to warn, breach of warranty, and so on. There is no reason to think the common law will not adapt to new technological realities, including robotic technologies. (I address these and other “bottom-up” solutions in my new book.)

In the meantime, let’s exercise some humility and restraint here and avoid heavy-handed precautionary regulatory regimes or the creation of new technocratic bureaucracies. And let’s not forget that many solutions to the problems created by new robotic technologies will develop spontaneously and organically over time as individuals and institutions learn to cope and “muddle through,” as they have many times before.

Additional Reading

• Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom (2014)
• Muddling Through: How We Learn to Cope with Technological Change, June 30, 2014
• New Paper: “Removing Roadblocks to Intelligent Vehicles and Driverless Cars,” September 17, 2014
• Slide Presentation: Policy Issues Surrounding the Internet of Things & Wearable Technology, September 12, 2014
• [Video] Cap Hill Briefing on Emerging Tech Policy Issues (June 2014)
• The Growing Conflict of Visions over the Internet of Things & Privacy, January 14, 2012
• Can We Adapt to the Internet of Things? IAPP Privacy Perspectives, June 19, 2013
• My Filing to the FTC in its ‘Internet of Things’ Proceeding, May 31, 2013

I am pleased to announce the release of my latest book, “Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom.” It’s a short manifesto (just under 100 pages) that condenses — and attempts to make more accessible — arguments that I have developed in various law review articles, working papers, and blog posts over the past few years. I have two goals with this book.

First, I attempt to show how the central fault line in almost all modern technology policy debates revolves around “the permission question,” which asks: Must the creators of new technologies seek the blessing of public officials before they develop and deploy their innovations? How that question is answered depends on the disposition one adopts toward new inventions. Two conflicting attitudes are evident.

One disposition is known as the “precautionary principle.” Generally speaking, it refers to the belief that new innovations should be curtailed or disallowed until their developers can prove that they will not cause any harms to individuals, groups, specific entities, cultural norms, or various existing laws, norms, or traditions.

The other vision can be labeled “permissionless innovation.” It refers to the notion that experimentation with new technologies and business models should generally be permitted by default. Unless a compelling case can be made that a new invention will bring serious harm to society, innovation should be allowed to continue unabated and problems, if they develop at all, can be addressed later.

I argue that we are witnessing a grand clash of visions between these two mindsets today in almost all major technology policy discussions today.

The second major objective of the book, as is made clear by the title, is to make a forceful case in favor of the latter disposition of “permissionless innovation.” I argue that policymakers should unapologetically embrace and defend the permissionless innovation ethos — not just for the Internet but also for all new classes of networked technologies and platforms. Some of the specific case studies discussed in the book include: the “Internet of Things” and wearable technologies, smart cars and autonomous vehicles, commercial drones, 3D printing, and various other new technologies that are just now emerging.

I explain how precautionary principle thinking is increasingly creeping into policy discussions about these technologies. The urge to regulate preemptively in these sectors is driven by a variety of safety, security, and privacy concerns, which are discussed throughout the book. Many of these concerns are valid and deserve serious consideration. However, I argue that if precautionary-minded regulatory solutions are adopted in a preemptive attempt to head-off these concerns, the consequences will be profoundly deleterious.

The central lesson of the booklet is this: Living in constant fear of hypothetical worst-case scenarios — and premising public policy upon them — means that best-case scenarios will never come about. When public policy is shaped by precautionary principle reasoning, it poses a serious threat to technological progress, economic entrepreneurialism, social adaptation, and long-run prosperity.

Again, that doesn’t mean we should ignore the various problems created by these highly disruptive technologies. But how we address these concerns matters greatly. If and when problems develop, there are many less burdensome ways to address them than through preemptive technological controls. The best solutions to complex social problems are almost always organic and “bottom-up” in nature. Luckily, there exists a wide variety of constructive approaches that can be tapped to address or alleviate concerns associated with new innovations. These include:

• education and empowerment efforts (including media literacy, digital citizenship efforts);
• social pressure from activists, academics, and the press and the public more generally.
• voluntary self-regulation and adoption of best practices (including privacy and security “by design” efforts); and,
• increased transparency and awareness-building efforts to enhance consumer knowledge about how new technologies work.

Such solutions are almost always superior to top-down, command-and-control regulatory edits and bureaucratic schemes of a “Mother, May I?” (i.e., permissioned) nature. The problem with “top-down” traditional regulatory systems is that they often tend to be overly-rigid, bureaucratic, inflexible, and slow to adapt to new realities. They focus on preemptive remedies that aim to predict the future, and future hypothetical problems that may not ever come about. Worse yet, administrative regulation generally preempts or prohibits the beneficial experiments that yield new and better ways of doing things. It raises the cost of starting or running a business or non-business venture, and generally discourages activities that benefit society.

To the extent that other public policies are needed to guide technological developments, simple legal principles are greatly preferable to technology-specific, micro-managed regulatory regimes. Again, ex ante (preemptive and precautionary) regulation is often highly inefficient, even dangerous. To the extent that any corrective legal action is needed to address harms, ex post measures, especially via the common law (torts, class actions, etc.), are typically superior. And the Federal Trade Commission will, of course, continue to play a backstop here by utilizing the broad consumer protection powers it possesses under Section 5 of the Federal Trade Commission Act, which prohibits “unfair or deceptive acts or practices in or affecting commerce.” In recent years, the FTC has already brought and settled many cases involving its Section 5 authority to address identity theft and data security matters. If still more is needed, enhanced disclosure and transparency requirements would certainly be superior to outright bans on new forms of experimentation or other forms of heavy-handed technological controls.

In the end, however, I argue that, to the maximum extent possible, our default position toward new forms of technological innovation must remain: “innovation allowed.” That is especially the case because, more often than not, citizens find ways to adapt to technological change by employing a variety of coping mechanisms, new norms, or other creative fixes. We should have a little more faith in the ability of humanity to adapt to the challenges new innovations create for our culture and economy. We have done it countless times before. We are creative, resilient creatures. That’s why I remain so optimistic about our collective ability to confront the challenges posed by these new technologies and prosper in the process.

If you’re interested in taking a look, you can find a free PDF of the book at the Mercatus Center website or you can find out how to order it from there as an eBook. Hardcopies are also available. I’ll be doing more blogging about the book in coming weeks and months. The debate between the “permissionless innovation” and “precautionary principle” worldviews is just getting started and it promises to touch every tech policy debate going forward.

Related Essays :

• “The Growing Conflict of Visions over the Internet of Things & Privacy,” Technology Liberation Front, January 14, 2014.
• “CES 2014 Report: The Internet of Things Arrives, but Will Washington Welcome It?” Technology Liberation Front, January 8, 2014.
• “Who Really Believes in ‘Permissionless Innovation’?” Technology Liberation Front, March 4, 2013.
• “What Does It Mean to ‘Have a Conversation’ about a New Technology?” Technology Liberation Front, May 23, 2013.
• “On the Line between Technology Ethics vs. Technology Policy,” Technology Liberation Front, August 1, 2013.
• “Planning for Hypothetical Horribles in Tech Policy Debates,” Technology Liberation Front, August 6, 2013.
• “Edith Ramirez’s ‘Big Data’ Speech: Privacy Concerns Prompt Precautionary Principle Thinking,” Technology Liberation Front, August 29, 2013.
• “When It Comes to Information Control, Everybody Has a Pet Issue & Everyone Will Be Disappointed,” Technology Liberation Front, April 29, 2011.
• “Copyright, Privacy, Property Rights & Information Control: Common Themes, Common Challenges,” Technology Liberation Front, April 10, 2012.
• “Can We Adapt to the Internet of Things?” IAPP Privacy Perspectives, June 19, 2013.
• “Why Do We Always Sell the Next Generation Short?” Forbes, January 8, 2012.
• “The Six Things That Drive ‘Technopanics,’” Forbes, March 4, 2012.

One of the criticisms leveled at Bitcoin by those people determined to hate it is that Bitcoin transactions are irreversible. If I buy goods from an anonymous counterparty online, what’s to stop them from taking my bitcoins and simply not sending me the goods? When I buy goods online using Visa or American Express, if the goods never arrive, or if they aren’t what was advertised, I can complain to the credit card company. The company will do a cursory investigation, and if they find that I was indeed likely ripped off, they will refund me my money. Credit card transactions are reversible, Bitcoin transactions are not. For this service (among others), credit card companies charge merchants a few percentage points on the transaction.

The problem with this account is that it’s not true: Baked into the Bitcoin protocol, there is support for what are known as “m-of-n” or “multisignature” transactions, transactions that require some number  m out of some higher number n parties to sign off.

The simplest variant is a 2-of-3 transaction. Let’s say that I want to buy goods online from an anonymous counterparty. I transfer money to an address jointly controlled by me, the counterparty, and a third-party arbitrator (maybe even Amex). If I get the goods, they are acceptable, and I am honest, I sign the money away to the seller. The seller also signs, and since 2 out of 3 of us have signed, he receives his money. If there is a problem with the goods or if I am dishonest, I sign the bitcoins back to myself and appeal to the arbitrator. The arbitrator, like a credit card company, will do an investigation, make a ruling, and either agree to transfer the funds back to me or to the merchant; again, 2 of 3 parties must agree to transfer the funds.

This is  not an escrow service; at no point can the arbitrator abscond with the funds. The arbitrator is paid a market rate in advance for his services, which are offered according to terms agreed upon by all three parties. This is better than the equivalent service using credit cards, because credit cards rely on huge network effects and consequently there are only a handful of suppliers of such transaction arbitration. Using Bitcoin, anyone can be an abitrator, including the traditional credit card companies (although they might have to lower their fees). Competition in both terms and fees is likely to result in better discovery of efficient rules for dispute resolution.

While multisignature transactions are not well understood, they are right there in the Bitcoin protocol, as much a valid Bitcoin transaction as any other. So  some Bitcoin transactions are irreversible; others are reversible, exactly as reversible as credit card transactions are.

Bitrated.com is a new site (announced yesterday on Hacker News) that facilitates setting up multisignature transactions. Bitcoin client support for multisignature transactions is limited, so the site helps create addresses that conform to the m-of-n specifications. At no point does the site have access to the funds in the multisignature address.

In addition, Bitrated provides a marketplace where people can advertise their arbitration services. Users are able to set up transactions using arbitrators both from the site or from anywhere else. The entire project is open source, so if you want to set up a competing directory, go for it.

What excites me most about the decentralized arbitration afforded by multisignature transactions is that it could be the beginnings of a Common Law for the Internet. The plain, ordinary Common Law developed as the result of competing courts that issued opinions basically as advertisements of how fair and impartial they were. We could see something similar with Bitcoin arbitration. If arbitrators sign their transactions with links to and a cryptographic hash of a PDF that explains why they ruled as they did, we could see real competition in the articulation of rules. Over time, some of these articulations could come to be widely accepted and form a body of Bitcoin precedent. I look forward to reading the subsequent Restatements.

Multisignature transactions are just one of the many innovations buried deep in the Bitcoin protocol that have yet to be widely utilized. As the community matures and makes full use of the protocol, it will become more clear that Bitcoin is not just a currency but a platform for financial innovation.

Originally posted at elidourado.com.

Adam and I have been pretty hard on the FTC’s current leadership for pushing to dramatically expand regulation of online data use with little thought to the impact on ad-supported media, while in the next breath opening the door to dramatic expansion of direct government support of media, and all the while seeking sweeping new regulatory powers from Congress.

After all that complaining (and bashing their Soviet Realist-style statue, “Man Controlling Trade”), you might think we had it in for the agency. But as I’ve said repeatedly, we’re actually big fans of the FTC’s core consumer protection mission: holding companies to their promises. (Indeed, we want to make sure they stay focused on that mission, and have the staff, resources and technological tools to pursue it effectively—which might mean, as I’ve pointed out, increased funding rather than increased powers.) We’ve also repeatedly praised the FTC’s efforts to educate kids, parents, and Internet users in general about things like online privacy, advertising, spyware, user empowerment tools, online scams, etc.

But I don’t want to be accused of being only a fair-weather friend of the agency. So I wanted to point out a particularly good concrete example of the FTC doing what we talk about in the abstract: holding companies to their promises.  Grant Gross notes that the FTC sent a stern letter earlier this month to the company that is seeking to buy the subscriber info and photos and other assets of the now-defunct XY Magazine, which served primarily gay U.S. teens, warning them that the FTC would hold them to the terms of the privacy policy under which XY collected information from its subscribers.

This is a great example of how the FTC can effectively use its existing authority to protect consumers against clear harms involved in the disclosure of truly sensitive data, sometimes even prophylactically—in this case, outing around 100,000 gay youths and young adults—collected by companies that make unambiguous promises to protect users’ data. This incident also illustrates how privacy law can evolve in an organic fashion from a growing body of such well-justified preemptive warnings, enforcement actions brought against truly bad actors, and ultimately court decisions that decide whether the FTC has properly weighed the interests at stake. In other words, just because we don’t have a privacy code enforced by a Data Protection Authority as in Europe doesn’t mean our legal system doesn’t protect privacy!

As Oliver Wendell Holmes Jr., famously described the Common Law in his 1897 article The Path of the Law:

The life of the law has not been logic; it has been experience. The felt necessities of the time, the prevalent moral and political theories, intuitions of public policy, avowed or unconscious, even the prejudices which judges share with their fellow men, have had a good deal more to do than the syllogism in determining the rules by which men should be governed. The law embodies the story of a nation’s development through many centuries, and it cannot be dealt with as if it contained only the axioms and corollaries of a book of mathematics.

F.A. Hayek said something very similar:

Until the discovery of Aristotle’s Politics in the thirteenth century and the reception of Justinian’s code in the fifteenth… WesternEurope passed through… [an] epoch of nearly a thousand yearswhen law was… regarded as something given independently of human will, something to be discovered, not made, and when the conception that law could be deliberately made or altered seemed almost sacrilegious.

I’d much rather see the FTC work to find the law of privacy over time in an iterative, case-by-case process than attempt to make such law in the form of, say, “comprehensive baseline privacy legislation.” The XY Magazine case is a great example of what, academic theory aside, the “path of privacy law” (to paraphrase Holmes) really looks like.  The FTC may over- or under- enforce in any particular case, but as long as they stick to that noble path, I’ll cheer them on from the sidelines—for I know how tedious the path can seem, and how seductive must be the promise of “axioms and corollaries” of privacy law reduced to mathematical precision.

Recall a couple of years ago when I lauded Google – and also picked on them – for making customer data “more anonymous”?

“‘Anonymous’ is correctly regarded as an absolute condition,” I wrote. “Like pregnancy, anonymity is either there or it’s not. Modifying the word with a relative adjective like ‘more’ is a curious use of language.”

The challenge of these concepts – “anonymized” or “de-identified” data – is still around, and it’s still a difficult one.

Here’s a sophisticated take on the question:

Information is increasingly difficult to classify as “identified” or “de-identified,” particularly as it is copied, exchanged, or recombined with other information. With rapidly evolving technologies and databases, it is more appropriate to describe a spectrum of “identifiability,” rather than a binary classification of information as identifiable or not. The question could then become not whether deidentified information might be made re-identifiable, but rather which entities would be able to re-identify the information, how much effort they would have to expend, and what limits are placed on their doing so.

And here’s an advocacy group apparently lacking that sophistication. They treat information as flatly “de-identified” in a legal filing about a New Hampshire law that bans the sale of prescription drug data for marketing purposes:

[T]he Prescription Information Law does not implicate patient privacy. While it purports to protect privacy interests, the statute regulates patient de-identified information.

Here’s the thing: Both quotes were issued by the Center for Democracy and Technology.

The first is from CDT’s filing with the Department of Health and Human Services about the circumstances under which HHS should require health providers to notify patients about a data breach. CDT wants more breach notices, so it argues that information might be pieced together. The concept of “de-identification” is weak.

The second quote is from a CDT legal brief asking the Supreme Court to review (and I believe they would argue to reject) the New Hampshire law. CDT wants the data to be shared, so it argues that the data is “de-identified.”

However, as data is copied, exchanged, or recombined with other information such as payment claims to Medicare and Medicaid, it’s easy to imagine records of doctors’ prescribing practices being used to help piece together patients’ drug-taking habits and health conditions.

Is this mendacity on the part of CDT? I don’t think so. It illustratates how difficult these issues are, even for sophisticated parties. Until more intellectual groundwork is laid, information policy arguments before regulators, lawmakers, and courts will not rest on solid footing. Everyone’s trying their best!

You’re dying to know the right answers, of course: Government-mandated data breach notifications are part of a growing trend toward command-and-control data security. Giving injured parties common law remedies and letting the legal incentives sort things out would be much better. HHS, of all agencies, should not be doing data security.

The New Hampshire law weakens drug comanies’ ability to market to doctors, which deprives them of information that could help them serve patients better. The remote privacy risk to patients when doctors’ prescribing practices are shared should also be handled by common law remedies rather than the state’s regulation, with its attenuated privacy claims. Rather than the U.S. Supreme Court finding a federal trump card, the legislature in New Hampshire should correct its error and maximize the flow of information in the state’s health care system.