Reading through the respective December 2010 privacy reports from the Federal Trade Commission (FTC) and Department of Commerce (DoC), one cannot help but be struck by the Obama Administration’s seeming desire to make America’s tech sector — and the regulatory regime that governs it — more closely resemble Europe’s.  The push for an ambitious new “privacy framework” and set of “fair information practices” is just a riff borrowed from the EU data directive.  And although the Obama team stops short of calling privacy a “dignity right” as many European policymakers are prone to do, it’s clear from both the FTC and DoC reports that that’s were they want to take us.

It’s interesting to me, though, that the Obama Administration relies on two fundamentally flawed rationales for the “European-ification” of American privacy law.  In this regard, I’ll reference some passages from the DoC’s report that appear in the section on “The Economic Imperative” for a new regime, which appears on pages 13-16 of the report.

Myth #1: Privacy Regs Are Needed to Get More People Online or Using Digital Technology

First, the DoC pulls out the old saw about the need for expanded privacy regs to ensure greater online trust and, as a result, promote increased online interactions.  The report claims that “maintaining consumer trust is vital to the success of the digital economy” and that “an erosion of trust will inhibit the adoption of new technologies” (p. 15)  The problem with the theory that online commerce or consumer interactions online are somehow being thwarted by a lack of more privacy regulation is that it is plainly contradicted by the facts. 

Interestingly, you need do nothing more that scan back just a couple of paragraphs in the DoC report to find some of those facts! For example, on pg. 14, the report notes: “The Internet is also increasingly important to the personal and working lives of individual Americans.  Ninety-six percent of working Americans use the Internet as part of their daily life, while sixty-two percent of working Americans use the Internet as an integral part of their jobs.”  Does the DoC not see the contradiction here, or is the Obama Administration claiming that we cannot rest until we move the needle from 96% to 100%?!

Then we have the DoC’s claim that “an erosion of trust will inhibit the adoption of new technologies.”  Really?  What, then, are we to make of the 500 million people who have flocked to Facebook despite repeated claims by some that it is a privacy pariah? And there are plenty of other examples of the explosion of online activity over the past decade.  The fact is, online participation and technology adoption is growing like wildfire. If you need more evidence, go through the data sets from the Pew Internet & American Life Project about Internet usage over time and try to find one metric that is decreasing.  [Just as an unrelated aside, I am still sometimes astonished by how many people use eBay despite continuing concerns about online fraud, which is a far more serious and legitimate “harm” than most supposed privacy violations.  Yet, eBay is now the world’s largest online marketplace with more than 90 million active users globally and $60 billion in transactions annually, or $2,000 every second.]

In sum, advocates of increased privacy regulation have fed the DoC a catchy line about the need for more privacy regulation in the name of encouraging greater online participation and the DoC has bought into that theory despite a lack of evidence that there is any real problem here.

Myth #2: Privacy Regs Are Needed to Promote the Competitiveness of U.S. High-Tech Firms

Second, we hear of the DoC speak of the need for “interoperability” or harmonization of privacy policies internationally to facilitate smoother online commercial interactions or data flows.  Despite the report’s admission that “a considerable amount of global commerce takes place on the Internet [and] global online transactions currently total an estimated $10 trillion annually” and is growing, the DoC continues on to argue that:

the lack of cross-border interoperability in privacy principles and regulations creates barriers to cross-border data flow and significant compliance costs for companies. Improving the global interoperability of data privacy approaches could enable increased exports of U.S. services and… support the overall objective of creating jobs by promoting exports. Thus, commercial data privacy considerations are vital not only to our domestic commerce, but also to international trade.

In other words, says the DoC, things are pretty good right now, but they will get a lot better once we harmonize privacy regulations in the direction of the E.U. and other regions.  But here’s the problem with that theory: The DoC is assuming that the benefits of regulatory harmonization — which, to be perfectly clear, would arrive in the form increased regulation on U.S. operators — would outweigh the cost of complying with those new rules.

The DoC says it wants to “prevent conflicting policy regimes from serving as a trade barrier” (p. 20), but should the U.S. impose burdensome new regulations on American companies to achieve that goal?  Would we really be better off if all U.S. firms and policy more closely resembled the E.U. in this regard?   To answer that question, you might conduct the simple experiment of stopping the average person in the street — here in the U.S. or even abroad — and asking them to name five major U.S. digital economy companies and then see if they can even name one major European competitor in the same arena. Needless to say, it’s hard to find many European counterparts that rival Google, Amazon, Apple, Facebook, eBay, Microsoft, etc.   Now, why is that?  Why is it that the information technology sector has thrived in America and that U.S. companies are leaders in many of their respective sectors across the globe?  Might it be precisely because we did not follow others down the path of “data directives” and heavy handed, top-down regulation of the Internet more generally?

Do you want some empirical evidence for why it’s a bad idea to achieve parity or harmonization in the fashion the DoC suggests?  Well then, consider this recent study by Avi Goldfarb and Catherine Tucker which found that “after the [European Union’s] Privacy Directive was passed [in 2002], advertising effectiveness decreased on average by around 65 percent in Europe relative to the rest of the world.”  They argue that because regulation decreases ad effectiveness, “this may change the number and types of businesses sustained by the advertising-supporting Internet.” Regulation of advertising and data collection for privacy purposes, it seems, can affect the global competitiveness of online firms.

The other problem with the DoC’s appeal for harmonization of privacy regulatory regimes through increased regulation is that it sets a horrible precedent.   At least thus far this has not been the approach the U.S. government has taken in most other Internet policy contexts, and with good reason.  Think about this in the context of speech controls.  When we see the Europeans or other regions and countries stifling free speech and expression online, has our response been to say, “Well, in the name of policy harmonization and improving cross-border interoperability, we Americans need to accept the wisdom of censoring the Net.”  Of course not!  That would be insane.  Instead, when confronted with conflicting regulatory regimes abroad, our response here in the States has usually been to proudly boast to the world that we have the more sensible approach to Net regulation, which is to say, it should be tightly limited so as not to stifle speech or commerce.  I really don’t care if you want to call that “American exceptionalism” or whatever else; I just think it’s plain old common sense.

And yet, in the case of privacy regulation, the Obama Administration’s Department of Commerce wants to throw that notion to the wind and harmonize in the direction of more regulation of U.S. companies.  Isn’t the Commerce Department supposed to be in the business of helping to promote U.S. trade, exports, commerce, and global competitiveness?  If so, the right approach to “leveling the playing field” in this context should be the same as it is in relation to speech policy or trade law: the rest of the world should deregulate down to our level; we should absolutely not regulate up to theirs.

I really enjoyed my Second Life appearance on “Government’s Place in Virtual Worlds and Online Communities,” which was hosted by Metanomics.  You can watch the entire segment on the Metanomics site.  But the folks at Metanomics have also posted 6 clips from the show at YouTube that highlight some of the topics we discussed.  Here’s the list of clips and the videos:

Part 1: Are the Feds about to Regulate Second Life & Virtual Worlds?

Part 2: Global Communities, Local Values, Internet Governance & The Dangers of “Harmonization”

Part 3:  Virtual Child Pornography & Our Virtual Reality Future

Part 4: Why Speech Controls & Privacy Regulations are Two Sides of the Same Coin

Part 5: Privacy, Advertising, User Empowerment, and the “Free” Internet

Part 6: Virtual World Self-Governance and a “Utopia of Utopias”

Finally, here’s some of the background material I referenced during the show:

• “Parental Controls and Online Child Protection: A Survey of Tools & Methods [VERSION 4.0]“
• “Parents, Kids & Policymakers in the Digital Age: Safeguarding Against ‘Techno-Panics’“, Inside ALEC, July 2009.
• “Five Online Safety Task Forces Agree: Education, Empowerment & Self-Regulation Are the Answer,” PFF Progress on Point 16.13, July 8, 2009
• “Cyberbullying Legislation:  Why Education is Preferable to Regulation,” by Berin Szoka and Adam Thierer, PFF Progress on Point 16.12, June 19, 2009
• “COPPA 2.0: The New Battle over Privacy, Age Verification, Online Safety & Free Speech,” by Berin Szoka and Adam Thierer, PFF Progress on Point 16.11, May 21, 2009
• Web 2.0, Section 230, and Nozick’s “Utopia of Utopias”, Jan. 13, 2009, Tech Liberation Front

I’ll be heading to Oxford University this week to participate in an Oxford Internet Institute (OII) forum on the subject of “Child Protection, Free Speech and the Internet: Mapping the Territory and Limitations of Common Ground.”  It’s being led by several experts from the OII as well as my good friends John Morris and Leslie Harris of the Center for Democracy & Technology (CDT).  The aims of this forum are:

• To facilitate a dialogue between NGOs campaigning to protect respectively, child protection and children’s rights online, and freedom of speech and other civil liberties online.
• To promote a better understanding of each others’ positions, to share perspectives and information with a view to identifying areas of common ground and areas of disagreement.
• To identify any shared policy goals, and possible tools to support the achievement of those goals.
• To publicize the findings of the forum in international policy debates about Internet governance and regulation.

Conference participants were asked to submit a 2-3 pg summary of their views on a couple of questions that will be discussed at this event.  I have listed those questions, and my answers, down below the fold.  It’s my best attempt to date to succinctly outline my views about how to balance content concerns and free speech issues going forward. 

What is the nature of your interest or experience in this field?

I have spent the last 18 years covering the intersection of child safety concerns and free speech issues at four different think tanks.  In recent years, I have tied together all my research in a constantly updated Progress & Freedom Foundation special report entitled, “Parental Controls & Online Child Protection: A Survey of Tools & Methods.” The 4^th edition of this 250-page report was released in August.

Are there particular values or principles which underlie your work?

The goal of my research has been to explore the tension between free speech and child protection and to identify methods of striking a sensible balance between these two important values.   It is my hope and belief that we are now in a position to more fully empower parents such that government regulation of content and communications will be increasingly unnecessary.

In the past, it was thought to be too difficult for families to enforce their own “household standard” for acceptable content. Thus, many believed government needed to step in and create a baseline “community standard” for the entire citizenry.  Unfortunately, those “community standards” were quite amorphous and sometimes completely arbitrary when enforced through regulatory edicts.  Worse yet, those regulatory standards treated all households as if they had the same tastes or values—which is clearly not the case in most pluralistic societies.

If it is the case that families now have the ability to effectively tailor media consumption and communications choices to their own preferences—that is, to craft their own “household standard”—then the regulatory equation can and should change.  Regulation can no longer be premised on the supposed helplessness of households to deal with content flows if families have been empowered and educated to make content determinations for themselves.  Luckily, that is the world we increasingly live in today. Parents have more tools and methods at their disposal to help them decide what constitutes acceptable media content in their homes and in the lives of their children.

Going forward, our goal should be to ensure that parents or guardians have (1) the information necessary to make informed decisions and (2) the tools and methods necessary to act upon that information.  Optimally, those tools and methods would give them the ability to not only block objectionable materials, but also to more easily find content they feel is appropriate for their families. In my work, I refer to this as the “household empowerment vision.”

Will we ever be able to achieve a world of perfect parental control over all online content and communications?  That is unlikely since both content and technology will continuously evolve and make that goal elusive. But government regulation of speech should yield where less restrictive alternatives such as household-based controls and strategies exist.  Given the value associated with free speech and the danger of government censorship, these alternatives need not be perfect to be preferable to government regulation.

What are the issues/policies or laws which you see as most problematic in terms of creating or illustrating a conflict between online child protection and free speech?

It is essential that policymakers resist the temptation to extend traditional broadcast industry regulatory statutes and standards to new media outlets and digital technologies.  In a world of media convergence and increasing user empowerment, traditional regulatory rationales make increasingly less sense.  Nonetheless, many ongoing social problems and challenges remain to achieving the “household empowerment vision” I outlined above, including:

• The “lack of awareness” problem: Some parents remain unaware of empowerment tools.
• The “bad parent” problem: Some parents don’t use tools even when aware of them.
• The “bad neighbor” problem: “Good” parents fear what happens when their kids visit other kids with more permissive parents.
• The “generation gap” problem: Kids sometimes know more about new digital technologies than their parents.
• The “technological surprise” problem: Rapid emergence and diffusion of new digital technologies can catch some parents by surprise.
• The “bad corporate actor” problem: Most companies self-regulate, but a handful push the boundaries of good taste in ways that create social concerns that reflect on industry generally.
• The “user-generated content” problem: Even when “professional” content can be managed, it is difficult to control “amateur” expression and creations.
• The “peer-on-peer bullying” problem: While many are concerned about predators, the real online safety problem turns out to be cyber-bullying among peers.

Because of these ongoing social challenges or concerns, legal and regulatory proposals will continue to be put forward. But each has serious downsides:

• Future of filtering: Centralized, network-based or decentralized, user-based?  The former creates serious censorship threats, as we see in China and other repressive states. The latter is more consistent with the household empowerment vision.
• Middleman deputization: Should online intermediaries be required to police the Net for various social ills?  If so, as hand-maidens of the state, they could become over-zealous speech regulators.
• Universal content ratings: Can policymakers mandate unified (or “scientific”) content media ratings?  Doing so puts regulators in a position to dictate content standards—for better or worse.  Moreover, this does nothing to address user-generated “amateur” content.
• Mandatory online age / identity verification: Potentially threatens anonymity, privacy, and free speech rights.  Moreover, to the extent “bad guys” continue to get into “secured” environments it creates a false sense of security for parents and kids.
• Expanded data retention: Although it would help facilitate some law enforcement goals, it also gives rise to new privacy and data breach risks.

Might any of these conflicts be avoidable, e.g. through the use of improved legislative instruments or greater clarity and accountability in processes of self-regulation?

For the above reasons, it makes more sense to put our energies into finding new self-regulatory mechanisms, social norms, and user empowerment strategies to solve ongoing social problems instead of focusing on regulatory solutions or mandates.  Instead of providing greater clarity, legislative instruments are more likely to instead create greater ambiguity, or at least uncertainty, for content creators and consumers alike. This is because, as was noted above, “community standards” are notoriously subjective; they are ham-handed attempts to gloss over the diverse needs and values of a diverse citizenry. By contrast, self-regulation, social norms, and empowerment strategies are evolutionary in character and more responsive to differences among cultures and households.

What are the issues where you think there might be most scope for finding some common ground?

In two words: empowerment and education. Because reliance on legislation is perilously difficult and enforcement of regulatory mandates is complicated (and sometimes impossible in an increasingly borderless world), efforts to better empower families and educate both kids and parents offer the most sensible path forward.  All stakeholders involved in child safety and free speech debates can generally agree that empowerment efforts, media literacy programs, awareness-building programs, and so on, are both effective and unobjectionable.

At the international level, are there certain key principles which we ought to be defending above all others?

Because of the “values clash” at the international level, it’s hard to imagine we’ll ever achieve consensus on some of these issues.  Countries vary widely in their sensitivities about speech, making any attempt to devise “universal principles” complicated.  For example, Europeans generally deride America’s prudish ways when it comes to matters of sexuality or “indecency.”  By contrast, most Americans cannot understand European concerns about “hate speech” or violently-themed media.  Meanwhile, governments in many other parts of the world are still busy trying to quell political or religious dissent.  “Harmonization” among those competing cultural norms remains complicated, therefore, and it would be a mistake if international harmonization was accomplished by sacrificing free speech rights for countries and cultures who cherish them.