[This is a draft of a section of a forthcoming study on “A Flexible Governance Framework for Artificial Intelligence,” which I hope to complete shortly. I welcome feedback. I have also cross-posted this essay at Medium.]
Debates about how to embed ethics and best practices into AI product design is where the question of public policy defaults becomes important. To the extent AI design becomes the subject of legal or regulatory decision-making, a choice must be made between two general approaches: the precautionary principle or the proactionary principle.[1] While there are many hybrid governance approaches in between these two poles, the crucial issue is whether the initial legal default for AI technologies will be set closer to the red light of the precautionary principle (i.e., permissioned innovation) or to the green light of the proactionary principle (i.e., (permissionless innovation). Each governance default will be discussed.
What happens when technological innovation outpaces the ability of laws and regulations to keep up?
This phenomenon is known as “the pacing problem,” and it has profound ramifications for the governance of emerging technologies. Indeed, the pacing problem is becoming the great equalizer in debates over technological governance because it forces governments to rethink their approach to the regulation of many sectors and technologies.
The Innovation Cornucopia
Had Rip Van Winkle woken up his famous nap today, he’d be shocked by all the changes around him. At-home genetics tests, personal drones, driverless cars, lab-grown meats, and 3D-printed prosthetic limbs are just some of the amazing innovations that would boggle his mind. New devices and services are flying at us so rapidly that we sometimes forget that most did not even exist a short time ago. Continue reading →
On Thursday, it was my great pleasure to participate in a Washington Legal Foundation (WLF) event on “Online Privacy Regulation: The Challenge of Defining Harm.” The entire event video can be found on YouTube here, but down below I pasted the clip of just my remarks. Other speakers at the event included: FTC Commissioner Maureen K. Ohlhausen, Commissioner; John B. Morris, Jr., the Associate Administrator and Director of Internet Policy athe U.S. Department of Commerce’s National Telecommunications and Information Administration; and Katherine Armstrong, Counsel at the law firm of Hogan Lovells. Glenn Lammi of the WLF moderated the session.
My remarks drew upon a few recent law review articles I have published relating digital privacy debates to previous debates over free speech and online child safety issues. (Here are those articles: 1, 2, 3).
If there are two general principles that unify my recent work on technology policy and innovation issues, they would be as follows. To the maximum extent possible:
We should avoid preemptive and precautionary-based regulatory regimes for new innovation. Instead, our policy default should be innovation allowed (or “permissionless innovation”) and innovators should be considered “innocent until proven guilty” (unless, that is, a thorough benefit-cost analysis has been conducted that documents the clear need for immediate preemptive restraints).
We should avoid rigid, “top-down” technology-specific or sector-specific regulatory regimes and/or regulatory agencies and instead opt for a broader array of more flexible, “bottom-up” solutions (education, empowerment, social norms, self-regulation, public pressure, etc.) as well as reliance on existing legal systems and standards (torts, product liability, contracts, property rights, etc.).
Weaver argues that new robot technology “is going to develop fast, almost certainly faster than we can legislate it. That’s why we need to get ahead of it now.” In order to preemptively address concerns about new technologies such as driverless cars or commercial drones, “we need to legislate early and often,” Weaver says. Stated differently, Weaver is proposing “precautionary principle”-based regulation of these technologies. The precautionary principle generally refers to the belief that new innovations should be curtailed or disallowed until their developers can prove that they will not cause any harms to individuals, groups, specific entities, cultural norms, or various existing laws, norms, or traditions.
Calo argues that we need “the establishment of a new federal agency to deal with the novel experiences and harms robotics enables” since there exists “distinct but related challenges that would benefit from being examined and treated together.” These issues, he says, “require special expertise to understand and may require investment and coordination to thrive.
I’ll address both Weaver and Calo’s proposals in turn. Continue reading →
My latest law review article is entitled, “Privacy Law’s Precautionary Principle Problem,” and it appears in Vol. 66, No. 2 of the Maine Law Review. You can download the article on my Mercatus Center page, on the Maine Law Review website, or via SSRN. Here’s the abstract for the article:
Privacy law today faces two interrelated problems. The first is an
information control problem. Like so many other fields of modern cyberlaw—intellectual property, online safety, cybersecurity, etc.—privacy law is being challenged by intractable Information Age realities. Specifically, it is easier than ever before for information to circulate freely and harder than ever to bottle it up once it is released.
This has not slowed efforts to fashion new rules aimed at bottling up those information flows. If anything, the pace of privacy-related regulatory proposals has been steadily increasing in recent years even as these information control challenges multiply.
This has led to privacy law’s second major problem:
the precautionary principle problem. The precautionary principle generally holds that new innovations should be curbed or even forbidden until they are proven safe. Fashioning privacy rules based on precautionary principle reasoning necessitates prophylactic regulation that makes new forms of digital innovation guilty until proven innocent.
This puts privacy law on a collision course with the general freedom to innovate that has thus far powered the Internet revolution, and privacy law threatens to limit innovations consumers have come to expect or even raise prices for services consumers currently receive free of charge. As a result, even if new regulations are pursued or imposed, there will likely be formidable push-back not just from affected industries but also from their consumers.
In light of both these information control and precautionary principle problems, new approaches to privacy protection are necessary. Continue reading →
Defining “privacy” is a legal and philosophical nightmare. Few concepts engender more definitional controversies and catfights. As someone who is passionate about his own personal privacy — but also highly skeptical of top-down governmental attempts to regulate and/or protect it — I continue to be captivated by the intellectual wrangling that has taken place over the definition of privacy. Here are some thoughts from a wide variety of scholars that make it clear just how frustrating this endeavor can be:
“Perhaps the most striking thing about the right to privacy is that nobody seems to have any very clear idea what it is.” – Judith Jarvis Thomson, “The Right to Privacy,” in Philosophical Dimensions of Privacy: An Anthology, 272, 272 (Ferdinand David Schoeman ed., 1984).
privacy is “exasperatingly vague and evanescent.” – Arthur Miller, The Assault on Privacy: Computers, Data Banks, and Dossiers, 25 (1971).
“[T]he concept of privacy is infected with pernicious ambiguities.” – Hyman Gross, The Concept of Privacy, 42 N.Y.U. L. REV. 34, 35 (1967).
“Attempts to define the concept of ‘privacy’ have generally not met with any success.” – Colin Bennett, Regulating Privacy: Data Protection and Public Policy In Europe and the United States, 25 (1992).
“When it comes to privacy, there are many inductive rules, but very few universally accepted axioms.” – David Brin, The Transparent Society: Will Technology Force Us To Choose Between Privacy and Freedom? 77(1998).
“Privacy is a value so complex, so entangled in competing and contradictory dimensions, so engorged with various and distinct meanings, that I sometimes despair whether it can be usefully addressed at all.” – Robert C. Post, Three Concepts of Privacy, 89 GEO. L.J. 2087, 2087 (2001).
“[privacy] can mean almost anything to anybody.” – Fred H. Cate & Robert Litan, Constitutional Issues in Information Privacy, 9Mich. Telecomm. & Tech. L. Rev. 35, 37 (2002).
privacy has long been a “conceptual jungle” and a “concept in disarray.” “[T]he attempt to locate the ‘essential’ or ‘core’ characteristics of privacy has led to failure.” – Daniel J. Solove, Understanding Privacy 196, 8 (2008).
“Privacy has really ceased to be helpful as a term to guide policy in the United States.” – Woodrow Hartzog, quoted in Cord Jefferson, Spies Like Us: We’re All Big Brother Now, Gizmodo, Sept. 27, 2012.
“for most consumers and policymakers, privacy is not a rational topic. It’s a visceral subject, one on which logical arguments are largely wasted.” – Larry Downes, A Rational Response to the Privacy “Crisis,” Cato Institute, Policy Analysis No. 716 (Jan. 7, 2013), at 6.
Jim Adler, Chief Privacy Officer and General Manager of Data Systems at Intelius, always has interesting and thoughtful things to say about online privacy debates. I recommend following him on Twitter (@jim_adler). Today, he posted an interesting essay on his blog entitled “Creepy Is As Creepy Does, which begins by noting that “with increasing volume, ‘creepy’ has snuck its way in to the privacy lexicon and become a mainstay in conversations around online sharing and social networking. How is it possible that we use the same word to describe Frankenstein and Facebook?” Good question. Better question: Why is “creepiness” the standard by which we are judging privacy matters? I posted a comment to his blog post elaborating on that point that I thought I would also post here:
I think we’d be better served by moving privacy deliberations — at least the legal ones — away from “creepiness” and toward a serious discussion about what constitutes actual harm in these contexts. While there will be plenty of subjective squabbles over the definition of “harm” as it relates to online privacy / reputation, I believe we can be more concrete about it than continuing these silly debates about “creepiness,” which could not possibly be any more open-ended and subjective.
According to a report today from SAI Business Insider, “The Federal Trade Commission is actively investigating Twitter and the way it deals with the companies building applications and services for its platform.” Apparently the agency has reached out to some competing application / platform providers to ask questions about Twitter’s recent efforts to exert more control over the uses of its API by third parties. [The Wall Street Journal confirms the FTC’s interest in Twitter.]
It remains to be seen whether this leads to any serious regulatory action against Twitter by the FTC, but such a move wouldn’t necessarily be surprising considering the more activist tilt of the agency recently. It’s even less surprising considering that Columbia University law professor and prolific cyberlaw scholar Tim Wu was appointed as a senior advisor to the FTC earlier this year. When the announcement of Wu’s appointment was made, the Wall Street Journal kicked off an article with the warning, “Silicon Valley has a new fear factor.” It seems the Journal may have been on to something!
It’s impossible to know how much of an influence Tim Wu is having on the agency, but as I have noted here before, Prof. Wu is man with a healthy appetitefor regulatory activism. [See all my essays about Wu’s work here.] Moreover, he’s a man who has already determined that Twitter is a “monopolist” in his November 13, 2010 Wall Street Journal op-ed, “In the Grip of the New Monopolists.”
That essay prompted a fiery response from me [“Tim Wu Redefines Monopoly“] as well as a far more reasoned essay by antitrust gurus Geoff Manne and Josh Wright [“What’s An Internet Monopolist? A Reply to Professor Wu.”] Prof. Wu was kind enough to swing by the TLF and respond to my criticisms in an essay “On the Definition of Monopoly,” which he said served as a “corrective” to my earlier essay [even though I continue to believe that what I said fairly reflected the last four decades of economic wisdom on competition policy and that it is Wu who is well off the reservation with his expansionist views of antitrust enforcement].
Regardless of what one thinks about that exchange, if the FTC
is moving forward with a case against Twitter, three practical questions need to be considered: (1) What’s the relevant market? (2) Where’s the harm? and (3) What’s the remedy?
I’ll briefly discuss each question below but should also mention that I already explored many of these issues in my essay, “A Vision of (Regulatory) Things to Come for Twitter,” so I apologize in advance for the repetition. I will then discuss all this in the context of Tim Wu’s latest law review article on “Agency Threats” and what he approvingly refers to as regulatory “threat regimes.” Continue reading →
On this week’s John Stossel show on Fox Business Network, I debated Internet privacy, advertising, and data collection issues with Michael Fertik of Reputation.com. In the few minutes we had for the segment, I tried to reiterate a couple of keep points that we’ve hammered repeatedly here in the past:
There’s no free lunch. All the free sites and service we enjoy online today are powered by advertising and data collection. [see this op-ed]
There is no clear harm in most cases, or what some argue is harm also can have many benefits that are rarely discussed. [see this paper.]
There’s little acknowledgement of the trade-offs involved in having government create an information control regime for the Internet. [see this filing and these three essays: 1, 2, 3.]
The ultimate code of “fair information practices” is the First Amendment, which favors free speech, openness, and transparency over secrecy and information control. [see this piece.]
“Hands Off the Net” is a policy that has served us well. There are dangerous ramifications for our economy and long-term Internet freedoms if we continue down the road of “European-izing” privacy law here in the States. [see this essay and this filing.]
At some point, personal responsibility needs to come into the equation. With so many privacy enhancing empowerment tools already on the market, it begs the question: If consumers don’t take steps to use those tools, why should government intervene and take action for them?
Anyway, here’s the 7-min video of the debate between Fertik and me:
Stephanie Clifford of the
New York Times posted a very interesting article this week summarizing a recent “on-the-record chat” the Times staff had with Federal Trade Commission (FTC) chairman Jon Leibowitz and FTC Bureau of Consumer Protection chief David Vladeck. The interview [discussed by Braden here] is profoundly important in that it reveals an alarming disconnect regarding the relationship between “privacy” regulation and the future of media, which were the subjects of their discussion with Times staff. Namely, Leibowitz and Vladeck apparently fail to appreciate how the delicate balance between commercial advertising and journalism is at risk precisely because of the sort of regulations they apparently are ready to adopt. Because the value of online advertising depends on data about its effectiveness and consumers’ likely interests, and because advertising is indispensable to funding media, what’s ultimately at stake here is nothing short of the future of press freedom.
The “Day of Reckoning” Is Upon Us
Leibowitz and Vladeck spend the first half of
The Times interview wringing their hands about “privacy policies,” the declarations made by websites and advertising networks about their data collection and use practices (for which the FTC can and must hold them accountable). But the two feel that privacy policies don’t adequately inform consumers. Chairman Leibowitz claims that online companies “haven’t given consumers effective notice, so they can make effective choices.” And Mr. Vladeck states that advise-and-consent models “depended on the fiction that people were meaningfully giving consent.” But he and the FTC seem ready to abandon the notice and choice model because the “literature is clear” that few people read privacy policies, Vladeck told the Times. He and Leibowitz continue:
“Philosophically, we wonder if we’re moving to a post-disclosure era and what that would look like,” Mr. Vladeck said. “What’s the substitute for it?” He said the commission was still looking into the issue, but it hoped to have an answer by June or July, when it plans to publish a report on the subject. Mr. Leibowitz gave a hint as to what might be included: “I have a sense, and it’s still amorphous, that we might head toward opt-in,” Mr. Leibowitz said.
This clearly foreshadows the regulatory endgame we have long suspected was coming. When the FTC released its “Self-Regulatory Principles for Online Behavioral Advertising” eleven months ago, we asked: “What’s the Harm & Where Are We Heading?” Their answers to both questions have become clearer with each new calculated comment—all apparently intended to slowly “turn up the heat” on the advertising industry so that the proverbial frog will stay in the pot until the water finally boils. Leibowitz’s FTC has simply dodged the “harm” question with a four-part strategy: Continue reading →
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology. Learn more about TLF →
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.