I am pleased to announce the release of my latest book, “Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom.” It’s a short manifesto (just under 100 pages) that condenses — and attempts to make more accessible — arguments that I have developed in various law review articles, working papers, and blog posts over the past few years. I have two goals with this book.

First, I attempt to show how the central fault line in almost all modern technology policy debates revolves around “the permission question,” which asks: Must the creators of new technologies seek the blessing of public officials before they develop and deploy their innovations? How that question is answered depends on the disposition one adopts toward new inventions. Two conflicting attitudes are evident.

One disposition is known as the “precautionary principle.” Generally speaking, it refers to the belief that new innovations should be curtailed or disallowed until their developers can prove that they will not cause any harms to individuals, groups, specific entities, cultural norms, or various existing laws, norms, or traditions.

The other vision can be labeled “permissionless innovation.” It refers to the notion that experimentation with new technologies and business models should generally be permitted by default. Unless a compelling case can be made that a new invention will bring serious harm to society, innovation should be allowed to continue unabated and problems, if they develop at all, can be addressed later.

I argue that we are witnessing a grand clash of visions between these two mindsets today in almost all major technology policy discussions today.

The second major objective of the book, as is made clear by the title, is to make a forceful case in favor of the latter disposition of “permissionless innovation.” I argue that policymakers should unapologetically embrace and defend the permissionless innovation ethos — not just for the Internet but also for all new classes of networked technologies and platforms. Some of the specific case studies discussed in the book include: the “Internet of Things” and wearable technologies, smart cars and autonomous vehicles, commercial drones, 3D printing, and various other new technologies that are just now emerging.

I explain how precautionary principle thinking is increasingly creeping into policy discussions about these technologies. The urge to regulate preemptively in these sectors is driven by a variety of safety, security, and privacy concerns, which are discussed throughout the book. Many of these concerns are valid and deserve serious consideration. However, I argue that if precautionary-minded regulatory solutions are adopted in a preemptive attempt to head-off these concerns, the consequences will be profoundly deleterious.

The central lesson of the booklet is this: Living in constant fear of hypothetical worst-case scenarios — and premising public policy upon them — means that best-case scenarios will never come about. When public policy is shaped by precautionary principle reasoning, it poses a serious threat to technological progress, economic entrepreneurialism, social adaptation, and long-run prosperity.

Again, that doesn’t mean we should ignore the various problems created by these highly disruptive technologies. But how we address these concerns matters greatly. If and when problems develop, there are many less burdensome ways to address them than through preemptive technological controls. The best solutions to complex social problems are almost always organic and “bottom-up” in nature. Luckily, there exists a wide variety of constructive approaches that can be tapped to address or alleviate concerns associated with new innovations. These include:

• education and empowerment efforts (including media literacy, digital citizenship efforts);
• social pressure from activists, academics, and the press and the public more generally.
• voluntary self-regulation and adoption of best practices (including privacy and security “by design” efforts); and,
• increased transparency and awareness-building efforts to enhance consumer knowledge about how new technologies work.

Such solutions are almost always superior to top-down, command-and-control regulatory edits and bureaucratic schemes of a “Mother, May I?” (i.e., permissioned) nature. The problem with “top-down” traditional regulatory systems is that they often tend to be overly-rigid, bureaucratic, inflexible, and slow to adapt to new realities. They focus on preemptive remedies that aim to predict the future, and future hypothetical problems that may not ever come about. Worse yet, administrative regulation generally preempts or prohibits the beneficial experiments that yield new and better ways of doing things. It raises the cost of starting or running a business or non-business venture, and generally discourages activities that benefit society.

To the extent that other public policies are needed to guide technological developments, simple legal principles are greatly preferable to technology-specific, micro-managed regulatory regimes. Again, ex ante (preemptive and precautionary) regulation is often highly inefficient, even dangerous. To the extent that any corrective legal action is needed to address harms, ex post measures, especially via the common law (torts, class actions, etc.), are typically superior. And the Federal Trade Commission will, of course, continue to play a backstop here by utilizing the broad consumer protection powers it possesses under Section 5 of the Federal Trade Commission Act, which prohibits “unfair or deceptive acts or practices in or affecting commerce.” In recent years, the FTC has already brought and settled many cases involving its Section 5 authority to address identity theft and data security matters. If still more is needed, enhanced disclosure and transparency requirements would certainly be superior to outright bans on new forms of experimentation or other forms of heavy-handed technological controls.

In the end, however, I argue that, to the maximum extent possible, our default position toward new forms of technological innovation must remain: “innovation allowed.” That is especially the case because, more often than not, citizens find ways to adapt to technological change by employing a variety of coping mechanisms, new norms, or other creative fixes. We should have a little more faith in the ability of humanity to adapt to the challenges new innovations create for our culture and economy. We have done it countless times before. We are creative, resilient creatures. That’s why I remain so optimistic about our collective ability to confront the challenges posed by these new technologies and prosper in the process.

If you’re interested in taking a look, you can find a free PDF of the book at the Mercatus Center website or you can find out how to order it from there as an eBook. Hardcopies are also available. I’ll be doing more blogging about the book in coming weeks and months. The debate between the “permissionless innovation” and “precautionary principle” worldviews is just getting started and it promises to touch every tech policy debate going forward.

Related Essays :

• “The Growing Conflict of Visions over the Internet of Things & Privacy,” Technology Liberation Front, January 14, 2014.
• “CES 2014 Report: The Internet of Things Arrives, but Will Washington Welcome It?” Technology Liberation Front, January 8, 2014.
• “Who Really Believes in ‘Permissionless Innovation’?” Technology Liberation Front, March 4, 2013.
• “What Does It Mean to ‘Have a Conversation’ about a New Technology?” Technology Liberation Front, May 23, 2013.
• “On the Line between Technology Ethics vs. Technology Policy,” Technology Liberation Front, August 1, 2013.
• “Planning for Hypothetical Horribles in Tech Policy Debates,” Technology Liberation Front, August 6, 2013.
• “Edith Ramirez’s ‘Big Data’ Speech: Privacy Concerns Prompt Precautionary Principle Thinking,” Technology Liberation Front, August 29, 2013.
• “When It Comes to Information Control, Everybody Has a Pet Issue & Everyone Will Be Disappointed,” Technology Liberation Front, April 29, 2011.
• “Copyright, Privacy, Property Rights & Information Control: Common Themes, Common Challenges,” Technology Liberation Front, April 10, 2012.
• “Can We Adapt to the Internet of Things?” IAPP Privacy Perspectives, June 19, 2013.
• “Why Do We Always Sell the Next Generation Short?” Forbes, January 8, 2012.
• “The Six Things That Drive ‘Technopanics,’” Forbes, March 4, 2012.

Defining “privacy” is a legal and philosophical nightmare. Few concepts engender more definitional controversies and catfights. As someone who is passionate about his own personal privacy — but also highly skeptical of top-down governmental attempts to regulate and/or protect it — I continue to be captivated by the intellectual wrangling that has taken place over the definition of privacy. Here are some thoughts from a wide variety of scholars that make it clear just how frustrating this endeavor can be:

• “Perhaps the most striking thing about the right to privacy is that nobody seems to have any very clear idea what it is.” – Judith Jarvis Thomson, “The Right to Privacy,” in Philosophical Dimensions of Privacy: An Anthology, 272, 272 (Ferdinand David Schoeman ed., 1984).
• privacy is “exasperatingly vague and evanescent.” – Arthur Miller, The Assault on Privacy: Computers, Data Banks, and Dossiers, 25 (1971).
• “[T]he concept of privacy is infected with pernicious ambiguities.” – Hyman Gross,  The Concept of Privacy, 42 N.Y.U. L. REV. 34, 35 (1967).
• “Attempts to define the concept of ‘privacy’ have generally not met with any success.” – Colin Bennett, Regulating Privacy: Data Protection and Public Policy In Europe and the United States,  25 (1992).
• “When it comes to privacy, there are many inductive rules, but very few universally accepted axioms.” – David Brin, The Transparent Society: Will Technology Force Us To Choose Between Privacy and Freedom? 77 (1998).
• “Privacy is a value so complex, so entangled in competing and contradictory dimensions, so engorged with various and distinct meanings, that I sometimes despair whether it can be usefully addressed at all.” – Robert C. Post, Three Concepts of Privacy, 89 GEO. L.J. 2087, 2087 (2001).
• “[privacy] can mean almost anything to anybody.” – Fred H. Cate & Robert Litan, Constitutional Issues in Information Privacy, 9 Mich. Telecomm. & Tech. L. Rev. 35, 37 (2002).
• privacy has long been a “conceptual jungle” and a “concept in disarray.” “[T]he attempt to locate the ‘essential’ or ‘core’ characteristics of privacy has led to failure.” – Daniel J. Solove, Understanding Privacy 196, 8 (2008).
• “Privacy has really ceased to be helpful as a term to guide policy in the United States.” – Woodrow Hartzog, quoted in Cord Jefferson, Spies Like Us: We’re All Big Brother Now, Gizmodo, Sept. 27, 2012.
• “for most consumers and policymakers, privacy is not a rational topic. It’s a visceral subject, one on which logical arguments are largely wasted.” – Larry Downes,  A Rational Response to the Privacy “Crisis,” Cato Institute, Policy Analysis No. 716 (Jan. 7, 2013), at 6.

In my new Harvard Journal of Law & Public Policy article, “The Pursuit of Privacy in a World Where Information Control is Failing” I build on these insights to argue that:

1. precisely because privacy has always been a highly subjective philosophical concept;
2. and is also a constantly morphing notion that evolves as societal attitudes adjust to new cultural and technological realities;
3. America may never be able to achieve a coherent fixed definition of the term or determine when it constitutes a formal right outside of some narrow contexts.

That doesn’t mean the privacy isn’t profoundly important to many of us, but privacy is, first and foremost, an exercise of personal determination and personal responsibility. To some extent, we have to make our own privacy in this world. In this sense, we can liken it to our right to pursue happiness. Here’s how I put it in Part I of my Harvard JLPP article:

Even if agreement over the scope of privacy rights proves elusive, however, everyone would likely agree that citizens have the right to pursue privacy. In this sense, we might think about the pursuit of privacy the same way we think about the pursuit of happiness. Recall the memorable line from America’s Declaration of Independence: “We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.” Consider the importance of that qualifying phrase—“and the pursuit of”—before the mention of the normative value of happiness. America’s Founders obviously felt happiness was an important value, but they did not elevate it to a formal positive right alongside life, liberty, physical property, or even freedom of speech.

This framework provides a useful way of thinking about privacy. Even if we cannot agree whether we have a right to privacy, or what the scope of any particular privacy right should be, the right to pursue it should be as uncontroversial as the right to pursue happiness. In fact, pursing privacy is probably an important element of achieving happiness for most citizens. Almost everyone needs some time and space to be free with their own thoughts or to control personal information or secrets that they value. But that does not make it any easier to define the nature of privacy as a formal legal right, or any easier to enforce it, even if a satisfactory conception of privacy could be crafted to suit every context.

The most stable and widely accepted privacy rights in the United States have long been those that are tethered to unambiguous tangible or physical rights, such as rights in body and property, especially the sanctity of the home. Moreover, these rights have been focused on limiting the power of state actors, not private parties. By contrast, privacy claims premised on intangible or psychological harms have found far less support, and those claims have been particularly limited for private actors relative to the government. All this will likely remain the case for online privacy. Importantly, if privacy is enshrined as a positive right even in narrowly drawn contexts, it imposes obligations on the government to secure that right. These obligations create corresponding commitments and costs that must be taken into account since government regulation always entails tradeoffs.

Therefore, even as America struggles to reach political consensus over the scope of privacy rights in the information age, it makes sense to find methods and mechanisms—most of which will lie outside of the law—that can help citizens cope with social and technological changes that affect their privacy. Part III will outline some of the ways citizens can pursue and achieve greater personal privacy.

I fully realize that this way of thinking about privacy leaves many challenging questions at the margin and I also understand how it will be unsatisfactory to those who view privacy as a “dignity right” that trumps all other values and considerations. But, to reiterate, what I am suggesting here is that we will likely never be able to achieve a coherent fixed definition of the term or determine when it constitutes a formal right outside of some narrow contexts (such as for sensitive health or financial information, where the potential harms of collection, sharing, and use are more tangible).  The primary reason for this is that privacy primary comes down to assertions about “harms” that are primarily psychological in character. But precisely because such asserted harms (1) lack a tangible/physical/monetary nature and (2) also can come into conflict with other liberty rights (especially the right to freely gather information and speak about it; i.e., First Amendment rights), it makes it more difficult to classify psychological “harms” as harms at all.

I feel the same way about concepts like “safety” and “security.” Who among us doubts these values and goals are important? As the father of two young digital natives, I am living a constant struggle to mentor my kids and ensure they have safe and healthy online interactions. But that doesn’t mean I think anyone in this world — including my own children — has an amorphous “right to safety.” What they do have a right to is not to be harmed by others in their online interactions. Where things become sticky, however, is when some child safety advocates adopt an extremely expansive view of what constitutes “harm” in this context and suggest that hearing a single dirty word or seeing a fleeting dirty image somehow irrevocably “harms” their mental well-being and development, or perhaps just their personal morality. (I have written about this here in dozens of essays through the years such as this one on “The Problem of Proportionality in Debates about Online Privacy and Child Safety” as well in longer papers, such as my recent law review article about, “Technopanics, Threat Inflation, and the Danger of an Information Technology Precautionary Principle.”)

While I appreciate the diverse beliefs and values that drives sensitivities about potentially objectionable online content, it is an entirely different matter when one claims “rights” and actionable “harms” in this context. It means that politics will essentially answer what are fundamentally deeply personal “eye of the beholder” questions. It is better, I believe to educate and empower citizens about safe and sensible online interactions and then let them determine what works best for them. Again, whether we are talking about safety or privacy, this model relies upon a certain amount of personal (and parental) responsibility.

To be sure, real harms exist and, at times, law will need to be brought in to right certain wrongs. For example, in the online safety context I favor strong penalties for anyone attempting predatory behavior or extreme forms of incessant harassment. In the privacy context, we’ll still need laws to deal with identity/data theft and certain uses of highly sensitive health and financial information. Outside of those narrow contexts, however, it is better to let people define their own online experiences free of top-down, one-size-fits-all regulatory enactments that attempt to make those determinations for all of us. To reiterate, we all have the right to pursue the objectives we care about–safety, privacy, or just happiness more generally–according to our own value systems. But we should be careful about elevating such amorphous concepts to the level of “rights” and then expecting the State to enforce one set of values and choices on a diverse citizenry.

The Pursuit of Privacy in a World Where Information Control is Failing

Playboy’s newly released 2009 College Sex Survey found that 49% of college students admitted to “Sexting” (having sent or received sexually explicit messages and pictures via cell phones). A survey conducted a year ago by the National Campaign to Prevent Teen and Unplanned Pregnancy and CosmoGirl.com found that 20% of teens (13-19) and 33% young adults (20-26) have “sent/posted nude or seminude pictures or video of themselves.” Together, these two studies give us a sense of just how prevalent sexting is.

Since nude photos of minors under 18 can be considered “child” pornography even if taken and shared voluntarily by the minor, there’s a very real possibility that minors will be prosecuted for common (if inappropriate) interactions with their peers under laws that were intended to prevent adults from exploiting children sexually. This is serious stuff indeed when one considers the dire consequences of being convicted not just of a felony, but a “sex offense.” Depending on state law, “sexters” put on a sex offender registry may spend the rest of their lives on sex registries as social pariahs with difficulty in finding a job, housing, being banned from using “social networking sites,” etc.

The study conducted last year offered some excellent advice for teens, young adults, and their parents. Perhaps we ought to spend more time focused on education than on criminalization.  The tips are worth repeating here.  First, for teens and kids: “Five Things to Think about Before Pressing Send:”

Don’t assume anything you send or post is going to remain private. Your messages and images will get passed around, even if you think they won’t: 40% of teens and young adults say they have had a sexually suggestive message (originally meant to be private) shown to them and 20% say they have shared such a message with someone other than the person for whom is was originally meant. There is no changing your mind in cyberspace—anything you send or post will never truly go away. Something that seems fun and flirty and is done on a whim will never really die. Potential employers, college recruiters, teachers, coaches, parents, friends, enemies, strangers and others may all be able to find your past posts, even after you delete them. And it is nearly impossible to control what other people are posting about you. Think about it: Even if you have second thoughts and delete a racy photo, there is no telling who has already copied that photo and posted it elsewhere. Don’t give in to the pressure to do something that makes you uncomfortable, even in cyberspace. More than 40% of teens and young adults (42% total, 47% of teens, 38% of young adults) say “pressure from guys” is a reason girls and women send and post sexually suggestive messages and images. More than 20% of teens and young adults (22% total, 24% teens, 20% young adults) say “pressure from friends” is a reason guys send and post sexually suggestive messages and images. Consider the recipient’s reaction. Just because a message is meant to be fun doesn’t mean the person who gets it will see it that way. Four in ten teen girls who have sent sexually suggestive content did so “as a joke” but many teen boys (29%) agree that girls who send such content are “expected to date or hook up in real life.” It’s easier to be more provocative or outgoing online, but whatever you write, post or send does contribute to the reallife impression you’re making. Nothing is truly anonymous. Nearly one in five young people who send sexually suggestive messages and images, do so to people they only know online (18% total, 15% teens, 19% young adults). It is important to remember that even if someone only knows you by screen name, online profile, phone number or email address, that they can probably find you if they try hard enough.

And tips for “parents to talk to their kids about sex and technology:”

Talk to your kids about what they are doing in cyberspace. Just as you need to talk openly and honestly with your kids about real life sex and relationships, you also want to discuss online and cell phone activity. Make sure your kids fully understand that messages or pictures they send over the Internet or their cell phones are not truly private or anonymous. Also make sure they know that others might forward their pictures or messages to people they do not know or want to see them, and that school administrators and employers often look at online profiles to make judgments about potential students/employees. It’s essential that your kids grasp the potential short-term and long-term consequences of their actions. Know who your kids are communicating with. Of course it’s a given that you want to know who your children are spending time with when they leave the house. Also do your best to learn who your kids are spending time with online and on the phone. Supervising and monitoring your kids’ whereabouts in real life and in cyberspace doesn’t make you a nag; it’s just part of your job as a parent. Many young people consider someone a “friend” even if they’ve only met online. What about your kids? Consider limitations on electronic communication. The days of having to talk on the phone in the kitchen in front of the whole family are long gone, but you can still limit the time your kids spend online and on the phone. Consider, for example, telling your teen to leave the phone on the kitchen counter when they’re at home and to take the laptop out of their bedroom before they go to bed, so they won’t be tempted to log on or talk to friends at 2a.m. Be aware of what your teens are posting publicly. Check out your teen’s MySpace, Facebook and other public  online profiles from time to time. This isn’t snooping—this is information your kids are making public. If everyone else can look at it, why can’t you? Talk with them specifically about their own notions of what is public and what is private. Your views may differ but you won’t know until you ask, listen, and discuss. Set expectations. Make sure you are clear with your teen about what you consider appropriate “electronic” behavior. Just as certain clothing is probably off-limits or certain language unacceptable in your house, make sure you let your kids know what is and is not allowed online either. And give reminders of those expectations from time to time. It doesn’t mean you don’t trust your kids, it just reinforces that you care about them enough to be paying attention.