On March 19th, I had the chance to debate Franklin Foer at a Patrick Henry College event focused on the question, “Is Big Tech Big Brother?” It was billed as a debate over the role of technology in American society and whether government should be regulating media and technology platforms more generally.  [The full event video is here.] Foer is the author of the new book, World Without Mind: The Existential Threat of Big Tech, in which he advocates a fairly expansive regulatory regime for modern information technology platforms. He is open to building on regulatory ideas from the past, including broadcast-esque licensing regimes, “Fairness Doctrine”-like mandates for digital intermediaries, “fiduciary” responsibilities, beefed-up antitrust intervention, and other types of controls. In a review of the book for Reason, and then again during the debate at Patrick Henry University, I offered some reflections on what we can learn from history about how well ideas like those worked out in practice.

My closing statement of the debate, which lasted just a little over three minutes, offers a concise summation of what that history teaches us and why it would be so dangerous to repeat the mistakes of the past by wandering down that disastrous path again. That 3-minute clip is posted below. (The audience was polled before and after the event and asked the same question each time: “Do large tech companies wield too much power in our economy, media and personal lives and if so, should government(s) intervene?” Apparently at the beginning, the poll was roughly Yes – 70% and No – 30%, but after the debated ended it has reversed, with only 30% in favor of intervention and 70% against. Glad to turn around some minds on this one!)

via ytCropper

I’ve been thinking about the “right to try” movement a lot lately. It refers to the growing movement (especially at the state level here in the U.S.) to allow individuals to experiment with alternative medical treatments, therapies, and devices that are restricted or prohibited in some fashion (typically by the Food and Drug Administration). I think there are compelling ethical reasons for allowing citizens to determine their own course of treatment in terms of what they ingest into their bodies or what medical devices they use, especially when they are facing the possibility of death and have exhausted all other options.

But I also favor a more general “right to try” that allows citizens to make their own health decisions in other circumstances. Such a general freedom entails some risks, of course, but the better way to deal with those potential downsides is to educate citizens about the trade-offs associated with various treatments and devices, not to forbid them from seeking them out at all.

The Costs of Control

But this debate isn’t just about ethics. There’s also the question of the costs associated with regulatory control. Practically speaking, with each passing day it becomes harder and harder for governments to control unapproved medical devices, drugs, therapies, etc.  Correspondingly, that significantly raises the costs of enforcement and makes one wonder exactly how far the FDA or other regulators will go to stop or slow the advent of new technologies.

I have written about this “cost of control” problem in various law review articles as well as my little Permissionless Innovation book and pointed out that, when enforcement challenges and costs reach a certain threshold, the case for preemptive control grows far weaker simply because of (1) the massive resources that regulators would have to pour into the task on crafting a workable enforcement regime; and/or (2) the massive loss of liberty it would entail for society more generally to devise such solutions. With the rise of the Internet of Things, wearable devices, mobile medical apps, and other networked health and fitness technologies, these issues are going to become increasingly ripe for academic and policy consideration.

A Hypothetical Regulatory Scenario

Here’s an interesting case study to consider in this regard:  Can  3D printing  of prosthetics be controlled? Clearly prosthetics are medical devices in the traditional regulatory sense, but few people are going to the FDA and asking for permission or a “right to try” new 3D-printed limbs. They’re just doing it. And the results have been incredibly exciting, as my Mercatus Center colleague Robert Graboyes has noted.

But let’s imagine what the regulators might do if they really wanted to impose their will and limit the right to try in this context:

• Could government officials ban 3D printers outright? I don’t see how. The technology is already too diffuse and is utilized for so many alternative (and uncontroversial) uses that it doesn’t seem likely such a control regime would work or be acceptable. And if any government did take this extreme step, “global innovation arbitrage” would kick in. That is, innovators would just move offshore.
• Could government officials ban the inputs used by 3D printers? Again, I don’t see how. After all, we are primarily talking about plastics and glue here!
• Could government officials ban 3D printer blueprints? Two problems with that. First, such blueprints are a form of free speech and government efforts to censor them would represent a form of prior restraint that would violate the First Amendment of the U.S. Constitution. Second, even ignoring the First Amendment issues, information control is just damned hard and I don’t see how you could suppress such blueprints effectively when are they are freely available across the Internet. Or, people would just “torrent” them, as they do (illegally) with copyrighted files today.
• Could government officials ban and/or fine specific companies (especially those with deep pockets)? Perhaps, but that is likely a losing strategy since 3D printing is already so highly decentralized and is done by average citizens in the comfort of their own home (and often for no monetary gain). So, attempting to go after a handful of corporate players and “make an example out of them” to deter others from experimenting isn’t likely to work. And, again, it’ll just lead to more offshoring and undergrounding of these devices and innovative activities.
• Could government officials ban the sale of certain 3D printing applications? They could try, but enterprising minds would likely start using alternative payment methods (like Bitcoin) to conduct their deals. But the question of payments is largely irrelevant in many fields because much of this activity is non-commercial and open-source in character. People are freely distributing blueprints for 3D-printed prosthetics, for example, and they are even giving away the actual 3D-printed prosthetic devices to those who need them.
• Could government officials just create a licensing / approval regime for narrowly-targeted 3D printed medical devices? Of course, but for all the reasons outlined above, it would likely be pretty easy to evade such a regime. Moreover, the very effort to enforce such a licensing regime would likely deter many beneficial innovations in the process, while also leading to the old cronyist problems associated with firms engaging in rent-seeking and courting favor with regulators in order to survive or prosper.

Anyway, you get the point: The practicality of control makes a difference and at some point the enormous costs associated with enforcement become an ethical matter in its own right. Stated differently, it’s not just that citizens should generally be at liberty to determine their own treatments and decide what drugs they ingest and what medical devices they use, it’s also the case that regulatory efforts aimed at limiting that right have so many corresponding enforcement costs that can spillover on to society more generally. And that’s an ethical matter of a different sort when you get right down to it. But, at a minimum, it’s an increasingly costly strategy and the costs associated with such technological control regimes should be considered closely and quantified where possible.

The Need for a Shift toward Risk Education

Let’s return to the question I raised above regarding the educational role that the FDA, or governments more generally, could play in the future. As I noted, a world in which citizens are granted the liberty to make more of their own health decisions is a world in which they could, at times, be rolling the dice with their health and lives. The highly paternalistic approach of modern food and drug regulation is rooted in the belief that citizens simply cannot be trusted to make such decisions on their own because they will never be able to appreciate the relative risks. You might be surprised to hear that I am somewhat sympathetic to that argument. People can and do make rash and unwise decisions about their health based on misinformation or a general lack of quality information presented in an easy-to-understand fashion. As a result, policymakers have taken the right to make these decisions away from us in many circumstances.

Although motivated by the best of intentions, paternalistic controls are not the optimal way to address these concerns. The better approach is rooted in risk education. To reiterate, the wise way to deal with the potential downsides associated with freedom of choice is to educate citizens about the relative risks associated with various medical treatments and devices, not to forbid them from seeking them out at all.

What does that mean for the future of the FDA? If the agency was smart, it would recognize that traditional command-and-control regulation is no longer a sensible strategy; it’s increasingly unworkable and imposes too many other costs on innovators and personal liberty. Thus, the agency needs to reorient its focus toward becoming a risk educator. Their goal should be to help create a more fully-informed citizenry that is empowered with more and better information about relative risk trade-offs.

Overcoming the Opposition & Getting Consent Mechanisms Right

Such an approach (i.e., shifting the FDA’s mission from being primarily a risk regulator to becoming a risk educator) will encounter opposition from strident defenders and opponents of the FDA alike.

The defenders of the FDA and its traditional approach will continue to insist that people can  never be trusted to make such decisions on their own, regardless of how much information they have at their disposal or how many warnings we might give them. The problem with that position is that it treats citizens like ignorant sheep and denies them the most basic of all human rights: The right to live a life of your own choosing and to make the ultimate determinations about your own health and welfare. And, again, blindly defending the old system isn’t wise because traditional command-and-control regulatory methods are increasingly impractical and incredibly costly to enforce.

Opponents of the FDA, by contrast, will insist that the agency can’t even be trusted to provide us with good information for us to make these decisions on our own. Additionally, critics will likely argue that the agency might give us the wrong information or try to “nudge” us in certain directions. I share some of those concerns, but I am willing to live with that possibility so long as we are moving toward a world in which that is the only real power that the FDA possess over me and my fellow citizens. Because if all the agency is doing is providing us with information about risk trade-offs, then at least we still remain free to seek out alternative information from other experts and then choose our own courses of action.

The tricky issue here is getting consent mechanisms right. In fact, it’s the lynchpin of the new regime I am suggesting. In other words, even if we could agree that a more fully-informed citizenry should be left free to make these decisions on their own, we need to make sure that those individuals have provided clear and informed consent to the parties they might need to contract with when seeking alternative treatments. That’s particularly essential in a litigious society like America, where the threat of liability always looms large over doctors, nurses, hospital, insurers, and medical innovators. Those parties will only be willing to go along with an expanded “right to try” regime if they can be assured they won’t be held to blame when citizens make controversial choices that they advised them against, or at least clearly laid out all the potential risks and other alternatives at their disposal. This will require not only an evolution of statutory law and regulatory standards, but also of the common law and insurance norms.

Once we get all that figured out—and it will, no doubt, take some time—we’ll be on our way to a better world where the idea of having a “right to try” is the norm instead of the exception.

(My thanks to Adam Marcus for commenting on a draft of this essay. For more general background on 3D printing, see his excellent 2011 primer here, “3D Printing: The Future is Here.”)

The “Internet of Things” (IoT) is already growing at a breakneck pace and is expected to continue to accelerate rapidly. In a short new paper (“Projecting the Growth and Economic Impact of the Internet of Things“) that I’ve just released with my Mercatus Center colleague Andrea Castillo, we provide a brief explanation of IoT technologies before describing the current projections of the economic and technological impacts that IoT could have on society. In addition to creating massive gains for consumers, IoT is projected to provide dramatic improvements in manufacturing, health care, energy, transportation, retail services, government, and general economic growth. Take a look at our paper if you’re interested, and you might also want to check out my 118-page law review article, “The Internet of Things and Wearable Technology: Addressing Privacy and Security Concerns without Derailing Innovation” as well as my recent congressional testimony on the policy issues surrounding the IoT.)

On June 9th, the Federal Trade Commission hosted an excellent workshop on “The ‘Sharing’ Economy: Issues Facing Platforms, Participants, and Regulators,” which included 4 major panels and dozens of experts speaking about these important issues. It was my great pleasure to be part of the 4th panel of the day on the policy implications of the sharing economy. Along with my Mercatus colleagues Christopher Koopman and Matt Mitchell, I submitted a 20-page filing  to the Commission summarizing our research findings in this area. (We also released a major new working paper that same day on, “How the Internet, the Sharing Economy, and Reputational Feedback Mechanisms Solve the ‘Lemons Problem.’” (All Mercatus Center research on sharing economy issues can be found on this page and we plan on releasing additional papers in coming months.)

The FTC has now posted the videos from their workshop and down below I have embedded my particular panel. My remarks begin around the 5-minute mark of the video.

I’ve just released a short new paper, co-authored with my Mercatus Center colleagues Christopher Koopman and Matthew Mitchell, on “The Sharing Economy and Consumer Protection Regulation: The Case for Policy Change.” The paper is being released to coincide with a Congressional Internet Caucus Advisory Committee event that I am speaking at today on “Should Congress be Caring About Sharing? Regulation and the Future of Uber, Airbnb and the Sharing Economy.”

In this new paper, Koopman, Mitchell, and I discuss how the sharing economy has changed the way many Americans commute, shop, vacation, borrow, and so on. Of course, the sharing economy “has also disrupted long-established industries, from taxis to hotels, and has confounded policymakers,” we note. “In particular, regulators are trying to determine how to apply many of the traditional ‘consumer protection’ regulations to these new and innovative firms.” This has led to a major debate over the public policies that should govern the sharing economy.

We argue that, coupled with the Internet and various new informational resources, the rapid growth of the sharing economy alleviates the need for much traditional top-down regulation. These recent innovations are likely doing a much better job of serving consumer needs by offering new innovations, more choices, more service differentiation, better prices, and higher-quality services. In particular, the sharing economy and the various feedback mechanism it relies upon helps solve the tradition economic problem of “asymmetrical information,” which is often cited as a rationale for regulation. We conclude, therefore, that “the key contribution of the sharing economy is that it has overcome market imperfections without recourse to traditional forms of regulation. Continued application of these outmoded regulatory regimes is likely to harm consumers.”

We note that this is especially likely to be the case when the failure of traditional regulatory models is taken into account. As we document in the paper, all too often, well-intentioned “public interest” regulation is often captured by industry and used to to serve their interests:

by limiting entry, or by raising rivals’ costs, regulations can be useful to the regulated firms. Though regulations often make consumers worse off, they are often sustained by political pressure from consumer advocates because they can be disguised as “consumer protection.”

We provide evidence of the problem of regulatory capture and note it has been a particular problem in many of the sectors that are now being disrupted by sharing economy innovators–such as taxi and transportation services. It is evident that regulation has not lived up to its lofty expectations in many sectors. Accordingly, when market circumstances change dramatically—or when new technology or competition alleviate the need for regulation—then public policy should evolve and adapt to accommodate these new realities.

Of course, many bad laws and regulations that policymakers remain on the books and have constituencies who will defend them vociferously. Our paper concludes with some recommendations for how to “level the regulatory playing field” in a pro-consumer, pro-innovation fashion. We note that while differential regulatory treatment of incumbents and new entrants does represent a potential problem, there’s a sensible, pro-consumer and pro-innovation way to solve that problem:

such regulatory asymmetries represent a legitimate policy problem. But the solution is not to punish new innovations by simply rolling old regulatory regimes onto new technologies and sectors. The better alternative is to level the playing field by “deregulating down” to put everyone on equal footing, not by “regulating up” to achieve parity. Policymakers should relax old rules on incumbents as new entrants and new technologies challenge the status quo. By extension, new entrants should only face minimal regulatory requirements as more onerous and unnecessary restrictions on incumbents are relaxed.

Download this new paper on the Mercatus website or via SSRN or ResearchGate. Incidentally, we plan to release a much longer Mercatus Center white paper early next year that will explore reputational feedback mechanisms in far greater detail and explain how these systems help address the problem of “asymmetrical information” in these and other contexts.

Also see: “The Debate over the Sharing Economy: Talking Points & Recommended Reading,” which includes the following video of me on the Stossel Show discussing these issues recently.

The Mercatus Center at George Mason University has just released my latest working paper, “The Internet of Things and Wearable Technology: Addressing Privacy and Security Concerns without Derailing Innovation.” The “Internet of Things” (IoT) generally refers to “smart” devices that are connected to both the Internet and other devices. Wearable technologies are IoT devices that are worn somewhere on the body and which gather data about us for various purposes. These technologies promise to usher in the next wave of Internet-enabled services and data-driven innovation. Basically, the Internet will be “baked in” to almost everything that consumers own and come into contact with.

Some critics are worried about the privacy and security implications of the Internet of Things and wearable technology, however, and are proposing regulation to address these concerns. In my new 93-page article, I explain why preemptive, top-down regulation would derail the many life-enriching innovations that could come from these new IoT technologies. Building on a recent book of mine, I argue that “permissionless innovation,” which allows new technology to flourish and develop in a relatively unabated fashion, is the superior approach to the Internet of Things.

As I note in the paper and my earlier book, if we spend all our time living in fear of the worst-case scenarios — and basing public policies on them — then best-case scenarios can never come about. As the old saying goes: nothing ventured, nothing gained. Precautionary principle-based regulation paralyzes progress and must be avoided.  We instead need to find constructive, “bottom-up” solutions to the privacy and security risks accompanying these new IoT technologies instead of top-down controls that would limit the development of life-enriching IoT innovations.

The better alternative is to deal with concerns creatively as they develop, using a balanced, layered approach  involving many different solutions, including: educational efforts, technological empowerment tools, social norms, public and watchdog pressure, industry best practices and self-regulation, transparency, torts and products liability law, and targeted enforcement of existing legal standards as needed.

Generally speaking, patience, humility, and forbearance by policymakers is crucial to allowing greater innovation and consumer choice in this arena. Importantly, policymakers should not forget that societal and individual adaptation will play a role here, just as it has during so many other turbulent technological transformations.

This article can be downloaded on my Mercatus Center page, on SSRN, or at Research Gate. I am hoping to find a law or policy journal interested in publishing this paper soon. If you with a journal and are interested, please contact me. [UPDATE 12/3/14: This paper has been accepted for publication in the Richmond Journal of Law & Technology, Vol. 21, Issue 6 (2015).]

Finally, if you are interested in this topic, you might want to flip through these slides I prepared for a presentation on this topic that I made at the Federal Communications Commission in September:

I want to bring to everyone’s attention an important new white paper by Dr. Robert Graboyes, a colleague of mine at the Mercatus Center at George Mason University who specializes in the economics of health care. His new 67-page study, Fortress and Frontier in American Health Care, seeks to move away from the tired old dichotomies that drive health care policy discussions: Left versus Right, Democrat versus Republican, federal versus state, and public versus private, and so on. Instead, Graboyes seeks to reframe the debate over the future of health care innovation in terms of “Fortress versus Frontier” and to highlight what lessons we can learn from the Internet and the Information Revolution when considering health care policy.

What does Graboyes mean by “Fortress and Frontier”? Here’s how he explains this conflict of visions:

The Fortress is an institutional environment that aims to obviate risk and protect established producers (insiders) against competition from newcomers (outsiders). The Frontier, in contrast, tolerates risk and allows outsiders to compete against established insiders. . . .  The Fortress-Frontier divide does not correspond neatly with the more familiar partisan or ideological divides. Framing health care policy issues in this way opens the door for a more productive national health care discussion and for unconventional policy alliances. (p. 4)

He elaborates in more detail later in the paper:

the Frontier encourages creative destruction and disruptive innovation. Undreamed-of products arise and old, revered ones vanish. New production processes sweep away old ones. This is a place where unknown innovators in garages destroy titans of industry. The Frontier celebrates and rewards risk, and there is a brutal egalitarianism to the creative process. In contrast, the Fortress discourages creative destruction and disruptive innovation. Insiders are protected from competition by government or by private organizations (such as insurers and medical societies) acting in quasigovernmental fashion. In the Fortress, insiders preserve the existing order. Innovation comes from well-established, credentialed insiders who, it is presumed, have the wisdom and motives and competence to identify opportunities for innovation.

In framing the debate in this fashion, Graboyes hopes that we will start paying more attention to the supply side of health care policy debates:

The debate over coverage (and over related issues concerning how health care providers are paid) has focused attention almost exclusively on the demand side of health care markets—who pays how much to whom for which currently offered services. The debate underplays questions of supply—how innovation can alter the very nature of the health care delivery system. (p. 3-4)

This is where Graboyes brings the Internet and information technology into the story to illustrate a powerful point: We could unlock many important life-enriching and potentially life-saving innovations by embracing the same vision we applied to the Internet and IT sectors. Graboyes is kind enough to cite my work on permissionless innovation and the importance of not letting public policy be dictated by excessive fear of worst-case scenarios regarding new technological innovations. As I noted in my book on the topic, “living in constant fear of worst-case scenarios—and premising public policy upon them—means that best-case scenarios will never come about. When public policy is shaped by precautionary principle reasoning, it poses a serious threat to technological progress, economic entrepreneurialism, social adaptation, and long-run prosperity.”

Had fear of potential worst-case outcomes driven policy for the Net, we might have never seen many of the life-enriching innovations that we enjoy today, as Graboyes explains eloquently in this passage:

Knowing what we know today, it would not be hard to persuade a cautious observer in 1989 to radically slow the pace of IT innovation. IT arguably poses personal risks as grave as those that health care poses. Cell phones have been essential components of improvised explosive devices in war zones. The 9/11 atrocities would have been difficult or impossible to carry out without cell phones. Thieves have used the Internet to steal. Stalkers have used the Internet to terrify their prey. Child predators find their victims on the web. People have been murdered by strangers they met in chatrooms. IT has allowed individuals and governments to violate others’ privacy in countless ways. Drug dealers and terrorist networks organize their efforts via cell phone and Internet. The Internet has greatly reduced the cost of destroying another’s reputation, and news accounts tell of suicides following cyberbullying. Our laws demand terribly high standards of safety and efficacy for drugs. We require no such standards for computers, cell phones, and software, but given the nefarious uses to which they are sometimes put, decades ago one could easily have argued for doing so. Had we done so, we would now be living in a much poorer, less interesting world—and perhaps one with even greater risks to life and limb than we have now. No online predators or improvised explosive devices, but also no OnStar to save you after an automobile crash or smartphone to alert police to your life-threatening situation and geographic location. (p. 41)

In other words–and this is another lesson I stress at length in my work–precautionary policies create profound trade-offs that are not always well understood upon enactment of new laws or regulations. As I noted in my book, “When commercial uses of an important resource or technology are arbitrarily prohibited or curtailed, the opportunity costs of such exclusion may not always be immediately evident. Nonetheless, those ‘unseen’ effects are very real and have profound consequences for individuals, the economy, and society.”

What Graboyes does so well in his new paper is prove that these trade-offs are already at work in the American health care system and that we had better get serious about acknowledging them before real damage is done. And what makes Fortress and Frontier such an enjoyable read is that Graboyes is a gifted story-teller who explains in clear terms how expanded health care innovation opportunities could improve the lives of real people. It’s not just abstract, textbook talk. We hear stories of real-world innovators and the patients who need their inventions. For example, Graboyes tells of “an unheralded doctor who pioneered stem-cell therapy in a small-town hospital, a carpenter and puppet-maker who invented functional prosthetic hands costing one-thousandth the price of professionally made devices (aided by an evolutionary biologist who started a worldwide consortium of amateur prosthetists), and college students who devised a low-cost treatment for clubfoot.” (p. 4) And much, much more.

“The most important thing to understand about disruptive innovation is that it often comes (perhaps usually comes) from strange and unexpected places,” Graboyes notes. (p. 20) “[A] shift from Fortress to Frontier would benefit the health and finances of Americans,” he argues, and “the task begins by easing limits on the supply of health care services, thereby clearing the way for innovators to take health care in directions we cannot yet imagine.” (p. 39)

Importantly, Graboyes also offers another reason why America should embrace the “frontier” spirit: Our global competitive advantage in this space is at risk if we don’t:

Moving health care from the Fortress to the Frontier may be more a matter of necessity than of choice. We are entering a period of rapid technological advances that will radically alter health care. Many of these advances require only modest capital and labor inputs that governments cannot easily control or prohibit. If US law obstructs these technologies here, it will be feasible for Americans to obtain them by Internet, by mail, or by travel. (p. 41-2)

He highlights several areas in which this debate will play out going forward including (and notice the intersection with the modern digital technologies and tech policy debates we often discuss here): genomic knowledge and personalized medicine, 3-D printing, artificial intelligence, information sharing via social media, wearable technology, and telemedicine.

To make sure that America can capitalize on the same innovative spirit that gave us the Information Revolution, Graboyes concludes his study with a laundry list of needed policy reforms. These include:

• reform of FDA drug & device approval process to expedite reviews.
• ensure that Americans have a “right to know” about themselves and their health (i.e., that individuals have a right to possess their own genetic information and to receive information about how to interpret the results.)
• abolish state certificate-of-need laws, which unnecessarily “require that hospital developers obtain government permission before building a new facility, or expanding an existing one, or even adding a specific piece of medical equipment.”
• reform state-based licensing laws, which “put barriers in the way of doctors moving from other states” and create physician shortages. Also need to reform state laws to allow nurse practitioners, optometrists, and others to practice independently of physicians.
• reform tort law by capping noneconomic damages, instituting a “loser pays” rule to discourage frivolous lawsuits, establishing safe harbors for vaccine developers, and more.
• revising tax laws to make sure medical devices are not hit with discriminatory tax burdens that discourage innovation, and then also revising other taxes that skew incentives in the health insurance marketplace.

Graboyes itemizes dozens of other potential reforms to give policymakers a smorgasbord of options from which to choose. It is unlikely that all the reforms he lists will be adopted, but even if policymakers would just pick a few of those proposed action items, it could provide a real boost to medical innovation in the short term. Importantly, most of these proposed reforms could be implemented without stirring up contentious debate over the future of the Affordable Care Act (ACA).

Needless to say, I highly recommend Fortress and Frontier and I very much hope that the vision that Graboyes articulates in it comes to influence public thinking and future policymaking in the health care arena. In a follow-up post, I will also discuss how Fortress versus Frontier provides us with another “innovation paradigm” that can help us frame future innovation policy debates in many other contexts.

The sharing economy is growing faster than ever and becoming a hot policy topic these days. I’ve been fielding a lot of media calls lately about the nature of the sharing economy and how it should be regulated. (See latest clip below from the Stossel show on Fox Business Network.) Thus, I sketched out some general thoughts about the issue and thought I would share them here, along with some helpful additional reading I have come across while researching the issue. I’d welcome comments on this outline as well as suggestions for additional reading. (Note: I’ve also embedded some useful images from Jeremiah Owyang of Crowd Companies.)

1) Just because policymakers claim that regulation is meant to protect consumers does not mean it actually does so.

1. Cronyism/ Rent-seeking: Regulation is often “captured” by powerful and politically well-connected incumbents and used to their own benefit. (+ Lobbying activity creates deadweight losses for society.)
2. Innovation-killing: Regulations become a formidable barrier to new innovation, entry, and entrepreneurism.
3. Unintended consequences: Instead of resulting in lower prices & better service, the opposite often happens: Higher prices & lower quality service. (Example: Painting all cabs same color destroying branding & ability to differentiate).

2) The Internet and information technology alleviates the need for top-down regulation & actually does a better job of serving consumers.

1. Ease of entry/innovation in online world means that new entrants can come in to provide better options and solve problems previously thought to be unsolvable in the absence of regulation.
2. Informational empowerment: The Internet and information technology solves old problem of lack of consumer access to information about products and services. This gives them monitoring tools to find more and better choices. (i.e., it lowers both search costs & transaction costs). (“To the extent that consumer protection regulation is based on the claim that consumers lack adequate information, the case for government intervention is weakened by the Internet’s powerful and unprecedented ability to provide timely and pointed consumer information.” – John C. Moorhouse)
3. Feedback mechanisms (product & service rating / review systems) create powerful reputational incentives for all parties involved in transactions to perform better.
4. Self-regulating markets: The combination of these three factors results in a powerful check on market power or abusive behavior. The result is reasonably well-functioning and self-regulating markets. Bad actors get weeded out.
5. Law should evolve: When circumstances change dramatically, regulation should as well. If traditional rationales for regulation evaporate, or new technology or competition alleviates need for it, then the law should adapt.

3) Sharing economy has demonstrably improved consumer welfare. It provides:

1. more choices / competition
2. more service innovation / differentiation
3. better prices
4. higher quality services  (safety & cleanliness /convenience / peace of mind)
5. Better options & conditions for workers

4) If we need to “level the (regulatory) playing field,” best way to do so is by “deregulating down” to put everyone on equal footing; not by “regulating up” to achieve parity.

1. Regulatory asymmetry is real: Incumbents are right that they are at disadvantage relative to new sharing economy start-ups.
2. Don’t punish new innovations for it: But solution is not to just roll the old regulatory regime onto the new innovators.
3. Parity through liberalization: Instead, policymakers should “deregulate down” to achieve regulatory parity. Loosen old rules on incumbents as new entrants challenge status quo.
4. “Permissionless innovation” should trump “precautionary principle” regulation: Preemptive, precautionary regulation does not improve consumer welfare. Competition and choice do better. Thus, our default position toward the sharing economy should be “innovation allowed” or permissionless innovation.
5. Alternative remedies exist: Accidents will always happen, of course. But insurance, contracts, product liability, and other legal remedies exist when things go wrong. The difference is that ex post remedies don’t discourage innovation and competition like ex ante regulation does. By trying to head off every hypothetical worst-case scenario, preemptive regulations actually discourage many best-case scenarios from ever coming about.

5) Bottom line = Good intentions only get you so far in this world.

1. Just because a law was put on the books for noble purposes, it does not mean it really accomplished those goals, or still does so today.
2. Markets, competition, and ongoing innovation typically solve problems better than law when we give them a chance to do so.

[P.S. On 9/30, my Mercatus Center colleague Matt Mitchell posted this excellent follow-up essay building on my outline and improving it greatly.]

Additional Reading

• Randolph J. May & Michael J. Horney, “The Sharing Economy: A Positive Shared Vision for the Future,” Free State Foundation, Perspectives from FSF Scholars, Vol. 9, No. 26, July 30, 2014.
• R.J. Lehmann, “The Sharing Economy Will Thrive Only If Government Doesn’t Strangle It,” Reason, August 2, 2014.
• Andrew Moylan and R.J. Lehmann, “Five Principles for Regulating the Sharing Economy,” R Street, Policy Study No. 26, July 2014.
• Eli Lehrer & Andrew Moylan, “Embracing the Peer-Production Economy,” National Affairs, 2014, p. 51-63.
• Arun Sundararajan, “Why the Government Doesn’t Need to Regulate the Sharing Economy,” Wired, October 22, 2012.
• Matthew Mitchell and Michael Farren, “If you Like Uber, You Would’ve Loved the Jitney,” LA Times, July 12, 2014.
• Daniel M. Rothschild, “How Uber and Airbnb Resurrect ‘Dead Capital,’” The Umlaut, April 9, 2014.
• Daniel M. Rothschild, “Renters and Rent-Seeking in San Francisco,” Technology Liberation Front, April 15, 2014.
• [podcast] Michael Munger on the Sharing Economy, EconTalk, July 7, 2014.
• video of Michael Munger talk on the Sharing Economy, September 25, 2014.
• John C. Moorhouse, “Consumer Protection Regulation and Information on the Internet,” in Fred E. Foldvary & Daniel B. Klein (eds), The Half-Life of Policy Rationales: How New Technology Affects Old Policy Issues (Cato Institute, 2003).
• Rachel Bostman, What’s Mine is Yours: The Rise of Collaborative Consumption (2010).
• Jeremiah Owyang, A Glossary of Emerging Terms in the Collaborative Economy, August 29, 2014

If there are two general principles that unify my recent work on technology policy and innovation issues, they would be as follows. To the maximum extent possible:

1. We should avoid preemptive and precautionary-based regulatory regimes for new innovation. Instead, our policy default should be innovation allowed (or “permissionless innovation”) and innovators should be considered “innocent until proven guilty” (unless, that is, a thorough benefit-cost analysis has been conducted that documents the clear need for immediate preemptive restraints).
2. We should avoid rigid, “top-down” technology-specific or sector-specific regulatory regimes and/or regulatory agencies and instead opt for a broader array of more flexible, “bottom-up” solutions (education, empowerment, social norms, self-regulation, public pressure, etc.) as well as reliance on existing legal systems and standards (torts, product liability, contracts, property rights, etc.).

I was very interested, therefore, to come across two new essays that make opposing arguments and proposals. The first is this recent Slate oped by John Frank Weaver, “We Need to Pass Legislation on Artificial Intelligence Early and Often.” The second is Ryan Calo’s new Brookings Institution white paper, “The Case for a Federal Robotics Commission.”

Weaver argues that new robot technology “is going to develop fast, almost certainly faster than we can legislate it. That’s why we need to get ahead of it now.” In order to preemptively address concerns about new technologies such as driverless cars or commercial drones, “we need to legislate early and often,” Weaver says. Stated differently, Weaver is proposing “precautionary principle”-based regulation of these technologies. The precautionary principle generally refers to the belief that new innovations should be curtailed or disallowed until their developers can prove that they will not cause any harms to individuals, groups, specific entities, cultural norms, or various existing laws, norms, or traditions.

Calo argues that we need “the establishment of a new federal agency to deal with the novel experiences and harms robotics enables” since there exists “distinct but related challenges that would benefit from being examined and treated together.” These issues, he says, “require special expertise to understand and may require investment and coordination to thrive.

I’ll address both Weaver and Calo’s proposals in turn.

Problems with Precautionary Regulation

Let’s begin with Weaver proposed approach to regulating robotics and autonomous systems.

What Weaver seems to ignore—and which I discuss at greater length in my latest book—is that “precautionary” policy-making typically results in technological stasis and lost opportunities for economic and social progress. As I noted in my book, if we spend all our time living in constant fear of worst-case scenarios—and premising public policy upon such fears—it means that best-case scenarios will never come about. Wisdom and progress are born from experience, including experiences that involve risk and the possibility of occasional mistakes and failures. As the old adage goes, “nothing ventured, nothing gained.”

More concretely, the problem with “permissioning” innovation is that traditional regulatory policies and systems tend to be overly-rigid, bureaucratic, costly, and slow to adapt to new realities. Precautionary-based policies and regulatory systems focus on preemptive remedies that aim to predict the future, and future hypothetical problems that may not ever come about. As a result, preemptive bans or highly restrictive regulatory prescriptions can limit innovations that yield new and better ways of doing things.

Weaver doesn’t bother addressing these issues. He instead advocates regulating “early and often” without stopping to think through the potential costs of doing so. Yet, all regulation has trade-offs and opportunity costs. Before we rush to adopt rules based on knee-jerk negative reactions to new technology, we should conduct comprehensive benefit-cost analysis of the proposals and think carefully about what alternative approaches exist to address whatever problems we have identified.

Incidentally, Weaver also does not acknowledge the contradiction inherent in his thinking when he says robotic technology “is going to develop fast, almost certainly faster than we can legislate it. That’s why we need to get ahead of it now.” Well, if robotic technology is truly developing “faster than we can legislate it,” then “getting out ahead of it” would be seemingly impossible! Unless, that is, he envisions regulating robotic technologies so stringently as to effectively bring new innovation to a grinding halt (or banning altogether).

To be clear, my criticisms should not be read to suggest that zero regulation is the best option. There are plenty of thorny issues that deserve serious policy consideration and perhaps even some preemptive rules. But how potential harms are addressed matters deeply. We should exhaust all other potential nonregulatory remedies first — education, empowerment, transparency, etc. — before resorting to preemptive controls on new forms of innovation. In other words, ex post (or after the fact) solutions should generally trump ex ante (preemptive) controls.

I’ll say more on this point in the conclusion since my response addresses general failings in Ryan Calo’s Federal Robotics Commission proposal, to which we now turn.

Problems with a Federal Robotics Commission

Moving on to Calo, it is important to clarify what he is proposing because he is careful not to overstate his case in favor of a new agency for robotics. He elaborates as follows:

“The institution I have in mind would not “regulate” robotics in the sense of fashioning rules regarding their use, at least not in any initial incarnation. Rather, the agency would advise on issues at all levels—state and federal, domestic and foreign, civil and criminal—that touch upon the unique aspects of robotics and artificial intelligence and the novel human experiences these technologies generate. The alternative, I fear, is that we will continue to address robotics policy questions piecemeal, perhaps indefinitely, with increasingly poor outcomes and slow accrual of knowledge. Meanwhile, other nations that are investing more heavily in robotics and, specifically, in developing a legal and policy infrastructure for emerging technology, will leapfrog the U.S. in innovation for the first time since the creation of steam power.”

Here are some of my concerns with Calo’s proposed Federal Robotics Commission.

Will It Really Just Be an Advisory Body?

First, Calo claims he doesn’t want a formal regulatory agency, but something more akin to a super-advisory body. He does, however, sneak in that disclaimer that he doesn’t envision it to be regulatory “at least not in any initial incarnation.” Perhaps, then, he is suggesting that more formal regulatory controls would be in the cards down the road. It remains unclear.

Regardless, I think it is a bit disingenuous to propose the formation of a new governmental body like this and pretend that it will not someday very soon come to possess sweeping regulatory powers over these technologies. Now, you may well feel that that is a good thing. But I fear that Calo is playing a bit of game here by asking the reader to imagine his new creation would merely stick to an advisory role.

Regulatory creep is real. There just aren’t too many examples of agencies being created solely for their advisory expertise and then not also getting into the business of regulating the technology or topic that is included in that agency’s name. And in light of some of Calo’s past writing and advocacy, I can’t help but think he is actually hoping that the agency comes to take on a greater regulatory role over time. Regardless, I think we can bank on that happening and I that there are reasons to worry about it for reasons noted above and which I will elaborate on below.

Incidentally, if Calo is really more interested in furthering just this expert advisory capacity, there are plenty of other entities (including non-governmental bodies) that could play that role. How about the National Science Foundation, for example? Or how about a multi-stakeholder body consisting of many different experts and institutions? I could go on, but you get the point. A single point of action is also a single point of failure. I don’t want just one big robotics bureaucracy making policy or even advising. I’d prefer a more decentralized approach, and one that doesn’t carry a (potential) big regulatory club in its hand.

Public Choice / Regulatory Capture Problems

Second, Calo underestimates the public choice problems of creating a sector-specific or technology-specific agency just for robotics. To his credit, he does admit that, “agencies have their problems, of course. They can be inefficient and are subject to capture by those they regulate or other special interests.” He also notes he has criticized other agencies for various failings. But he does not say anything more on this point.

Let’s be clear. There exists a long and lamentable history of sector-specific regulators being “captured” by the entities they regulate. To read the ugly reality, see my compendium, “Regulatory Capture: What the Experts Have Found.” That piece documents what leading academics of all political stripes have had to say about this problem over the past century. No one ever summarized the nature and gravity of this problem better than the great Alfred Kahn in his masterpiece, The Economics of Regulation: Principles and Institutions (1971):

“When a commission is responsible for the performance of an industry, it is under never completely escapable pressure to protect the health of the companies it regulates, to assure a desirable performance by relying on those monopolistic chosen instruments and its own controls rather than on the unplanned and unplannable forces of competition. [. . . ] Responsible for the continued provision and improvement of service, [the regulatory commission] comes increasingly and understandably to identify the interest of the public with that of the existing companies on whom it must rely to deliver goods.” (pgs. 12, 46)

The history of the Federal Communications Commission (FCC) is highly instructive in this regard and was documented in a 66-page law review article I penned with Brent Skorup entitled, “A History of Cronyism and Capture in the Information Technology Sector,” (Journal of Technology Law & Policy, Vol. 18, 2013). Again, it doesn’t make for pleasant reading. Time and time again, instead of serving the “public interest,” the FCC served private interests. The entire history of video marketplace regulation is one of the most sickening examples to consider since there have almost eight decades worth of case studies of the broadcast industry using regulation as a club to beat back new entry, competition, and innovation. [Skorup and I have another paper discussing that specific history and how to go about reversing it.] This history is important because, in the early days of the Commission, many proponents thought the FCC would be exactly the sort of “expert” independent agency that Calo envisions his Federal Robotics Commission would be. Needless to say, things did not turn out so well.

But the FCC isn’t the only guilty offender in this regard. Go read the history about how airlines so effectively cartelized their industry following World War II with the help of the Civil Aeronautics Board. Thankfully, President Jimmy Carter appointed Alfred Kahn to clean things up in the 1970s. Kahn, a life-long Democrat, came to realize that the problem of capture was so insidious and inescapable that abolition of the agency was the only realistic solution to make sure consumer welfare would improve. As a result, he and various other Democrats in the Carter Administration and in Congress worked together to sunset the agency and its hideously protectionist, anti-consumer policies. (Also, please read this amazing 1973 law review article on “Economic Regulation vs. Competition,” by Mark Green and Ralph Nader if you need even more proof of why this is a such a problem.)

In other words, the problem of regulatory capture is not something one can casually dismiss. The problem is still very real and deserves more consideration before we casually propose creating new agencies, even “advisory” agencies. At a minimum, when proposing new agencies, you need to get serious about what sort of institutional constraints you might consider putting in place to make sure that history does not repeat itself. Because if you don’t, various large, well-heeled, and politically-connected robotics companies could come to capture any new “Federal Robotics Commission” in very short order.

Can We Clean Up Old Messes Before Building More Bureaucracies?

Third, speaking of agencies, if it is the case that the alphabet soup collection of regulatory agencies we already have in place are not capable of handling “robotics policy” right now, can we talk about reforming them (or perhaps even getting rid of a few of them) first? Why must we just pile yet another sector-specific or technology-specific regulator on top of the many that already exist? That’s just a recipe for more red tape and potential regulatory capture. Unless you believe there is value in creating bureaucracy for the sake of creating bureaucracy, there is no excuse for not phasing out agencies that failed in their original mission, or whose mission is now obsolete, for whatever reason. This is a fundamental “good government” issue that politicians and academics of all stripes should agree on.

Calo indirectly addresses this point by noting that “we have agencies devoted to technologies already and it would be odd and anomalous to think we are done creating them.” Curiously, however, he spends no time talking about those agencies or asking whether they have done a good job. Again, the heart of Calo’s argument comes down the assertion that another specialized, technology-specific “expert” agency is needed because there are “novel” issues associated with robotics. Well, if it is true, as Calo suggests, that we have been down this path before (and we have), and if you believe our economy or society has been made better off for it, then you need to prove it. Because the objection to creating another regulatory bureaucracy is not simply based on distaste for Big Government; it comes down to the simple questions: (1) Do these things work; and (2) Is there a better alternative?

This is where Calo’s proposal falls short. There is no effort to prove that technocratic or “scientific” bureaucracies, on net, are worth their expense (to taxpayers) or cost (to society, innovation, etc.) when compared to alternatives. Of course, I suspect this is where Calo and I might part ways regarding what metrics we would use to gauge success. I’ll save that discussion for another day and shift to what I regard as the far more serious deficiency of Calo’s proposal.

Do We Become Global Innovation Leaders Through Bureaucratic Direction?

Fourth, and most importantly, Calo does not offer any evidence to prove his contention that we need a sector-specific or technology-specific agency for robotics in order to develop or maintain America’s competitive edge in this field. Moreover, he does not acknowledge how his proposal might have the exact opposite result. Let me spend some time on this point because this is what I find most problematic about his proposal.

In his latest Brookings essay and his earlier writing about robotics, Calo keeps suggesting that we need a specialized federal agency for robotics to avoid “poor outcomes” due to the lack of “a legal and policy infrastructure for emerging technology.” He even warns us that other countries who are looking into robotics policy and regulation more seriously “will leapfrog the U.S. in innovation for the first time since the creation of steam power.”

Well, on that point, I must ask: Did America need a Federal Steam Agency to become a leader in that field? Because unless I missed something in history class, steam power developed fairly rapidly in this country without any centralized bureaucratic direction. Or how about a more recent example: Did America need a Federal Computer Commission or Federal Internet Commission to obtain or maintain a global edge in computing, the Internet, or the Digital Economy?

To the contrary, we took the EXACT OPPOSITE approach. It’s not just that no new agencies were formed to guide the development of computing or the Internet in this country. It’s that our government made a clear policy choice to break with the past by rejecting top-down, command-and-control regulation by unelected bureaucrats in some shadowy Beltway agency.

Incidentally, it was Democrats who accomplished this. While many Republicans today love to crack wise-ass comments about Al Gore and the Internet while simultaneously imagining themselves to be the great defenders of Internet freedom, the reality is that we have the Clinton Administration and one its most liberal members—Ira Magaziner—to thank for the most blessedly “light-touch,” market-oriented innovation policy that the world has ever seen.

What did Magaziner and the Clinton Administration do? They crafted the amazing 1997 Framework for Global Electronic Commerce, a statement of the Administration’s principles and policy objectives toward the Internet and the emerging digital economy. It recommended reliance upon civil society, contractual negotiations, voluntary agreements, and ongoing marketplace experiments to solve information age problems. First, “the private sector should lead. The Internet should develop as a market driven arena not a regulated industry,” the Framework recommended. “Even where collective action is necessary, governments should encourage industry self-regulation and private sector leadership where possible.” Second, “governments should avoid undue restrictions on electronic commerce” and “parties should be able to enter into legitimate agreements to buy and sell products and services across the Internet with minimal government involvement or intervention.”

I’ve argued elsewhere that the Clinton Administration’s Framework, “remains the most succinct articulation of a pro-freedom, innovation-oriented vision for cyberspace ever penned.” Of course, this followed the Administration’s earlier move to allow the full commercialization of the Internet, which was even more important. The policy disposition they established with these decisions resulted in an unambiguous green light for a rising generation of creative minds who were eager to explore this new frontier for commerce and communications. And to reiterate,they did it without any new bureaucracy.

If You Regulate “Robotics,” You End Up Regulating Computing & Networking

Incidentally, I do not see how we could create a new Federal Robotics Commission without it also becoming a de facto Federal Computing Commission. Robotics and the many technologies and industries it already includes — driverless cars, commercial drones, Internet of Things, etc. — is becoming a hot policy topic, and proposals for regulation are already flying. These robotic technologies are developing on top of the building blocks of the Information Revolution: microprocessors, wireless networks, sensors, “big data,” etc.

Thus, I share Cory Doctorow’s skepticism about how one could logically separate “robotics” from these other technologies and sectors for regulatory purposes:

I am skeptical that “robot law” can be effectively separated from software law in general. … For the life of me, I can’t figure out a legal principle that would apply to the robot that wouldn’t be useful for the computer (and vice versa).

In his Brookings paper, Calo responded to Doctorow’s concern as follows:

the difference between a computer and a robot has largely to do with the latter’s embodiment. Robots do not just sense, process, and relay data. Robots are organized to act upon the world physically, or at least directly. This turns out to have strong repercussions at law, and to pose unique challenges to law and to legal institutions that computers and the Internet did not.

I find this fairly unconvincing. Just because robotic technologies have a physical embodiment does not mean their impact on society is all that more profound than computing, the Internet, and digital technologies. Consider all the hand-wringing going on today in cybersecurity circles about how hacking, malware, or various other types of digital attacks could take down entire systems or economies. I’m not saying I buy all that “technopanic” talk (and here are about three dozens of my essays arguing the contrary), but the theoretical ramifications are nonetheless on par with dystopian scenarios about robotics.

The Alternative Approach

Of course, it certainly may be the case that some worst-case scenarios are worth worrying about in both cases—for robotics and computing, that is. Still, is a Federal Robotics Commission or a Federal Computing Commission really the sensible way to address those issues?

To the contrary, this is why we have a Legislative Branch! So many of the problems of our modern era of dysfunctional government are rooted in an unwise delegation of authority to administrative agencies. Far too often, congressional lawmakers delegate broad, ambiguous authority to agencies instead of facing up to the hard issues themselves. This results in waste, bloat, inefficiencies, and an endless passing of the buck.

There may very well be some serious issues raised by robotics and AI that we cannot ignore, and which may even require a little preemptive, precautionary policy. And the same goes for general computing and the Internet. But that is not a good reason to just create new bureaucracies in the hope that some set of mythical technocratic philosopher kings will ride in to save the day with their supposed greater “expertise” about these matters. Either you believe in democracy or you don’t. Running around calling for agencies and unelected bureaucrats to make all the hard choices means that “the people” have even less of a say in these matters.

Moreover, there are many other methods of dealing with robotics and the potential problems robotics might create than through the creation of new bureaucracy. The common law already handles many of the problems that both Calo and Weaver are worried about. To the extent robotic systems are involved in accidents that harm individuals or their property, product liability law will kick in.

On this point, I strongly recommend another new Brookings publication. John Villasenor’s outstanding April white paper, “Products Liability and Driverless Cars: Issues and Guiding Principles for Legislation,” correctly argues that,

“when confronted with new, often complex, questions involving products liability, courts have generally gotten things right. … Products liability law has been highly adaptive to the many new technologies that have emerged in recent decades, and it will be quite capable of adapting to emerging autonomous vehicle technologies as the need arises.”

Thus, instead of trying to micro-manage the development of robotic technologies in an attempt to plan for every hypothetical risk scenario, policymakers should be patient while the common law evolves and liability norms adjust. Traditionally, the common law has dealt with products liability and accident compensation in an evolutionary way through a variety of mechanisms, including strict liability, negligence, design defects law, failure to warn, breach of warranty, and so on. There is no reason to think the common law will not adapt to new technological realities, including robotic technologies. (I address these and other “bottom-up” solutions in my new book.)

In the meantime, let’s exercise some humility and restraint here and avoid heavy-handed precautionary regulatory regimes or the creation of new technocratic bureaucracies. And let’s not forget that many solutions to the problems created by new robotic technologies will develop spontaneously and organically over time as individuals and institutions learn to cope and “muddle through,” as they have many times before.

Additional Reading

• Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom (2014)
• Muddling Through: How We Learn to Cope with Technological Change, June 30, 2014
• New Paper: “Removing Roadblocks to Intelligent Vehicles and Driverless Cars,” September 17, 2014
• Slide Presentation: Policy Issues Surrounding the Internet of Things & Wearable Technology, September 12, 2014
• [Video] Cap Hill Briefing on Emerging Tech Policy Issues (June 2014)
• The Growing Conflict of Visions over the Internet of Things & Privacy, January 14, 2012
• Can We Adapt to the Internet of Things? IAPP Privacy Perspectives, June 19, 2013
• My Filing to the FTC in its ‘Internet of Things’ Proceeding, May 31, 2013

On Thursday, it was my great pleasure to present a draft of my forthcoming paper, “The Internet of Things & Wearable Technology: Addressing Privacy & Security Concerns without Derailing Innovation,” at a conference that took place at the Federal Communications Commission on “Regulating the Evolving Broadband Ecosystem.” The 3-day event was co-sponsored by the American Enterprise Institute and the University of Nebraska College of Law.

The 65-page working paper I presented is still going through final peer review and copyediting, but I posted a very rough first draft on SSRN for conference participants. I expect the paper to be released as a Mercatus Center working paper in October and then I hope to find a home for it in a law review. I will post the final version once it is released. [UPDATE:The final version of this working paper was released on November 19, 2014.]

In the meantime, however, I thought I would post the 46 slides I presented at the conference, which offer an overview of the nature of the Internet of Things and wearable technology, the potential economic opportunities that exist in this space, and the various privacy and security challenges that could hold this technological revolution back. I also outlined some constructive solutions to those concerns. I plan to be very active on these issues in coming months.

Additional Reading

• “The Growing Conflict of Visions over the Internet of Things & Privacy,” January 14, 2012
• “Can We Adapt to the Internet of Things?” IAPP Privacy Perspectives, June 19, 2013
• My Filing to the FTC in its ‘Internet of Things’ Proceeding, May 31, 2013
• Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom (2014)
• [Video] Cap Hill Briefing on Emerging Tech Policy Issues (June 2014)

My latest law review article is entitled, “Privacy Law’s Precautionary Principle Problem,” and it appears in Vol. 66, No. 2 of the Maine Law Review. You can download the article on my Mercatus Center page, on the Maine Law Review website, or via SSRN. Here’s the abstract for the article:

Privacy law today faces two interrelated problems. The first is an information control problem. Like so many other fields of modern cyberlaw—intellectual property, online safety, cybersecurity, etc.—privacy law is being challenged by intractable Information Age realities. Specifically, it is easier than ever before for information to circulate freely and harder than ever to bottle it up once it is released.

This has not slowed efforts to fashion new rules aimed at bottling up those information flows. If anything, the pace of privacy-related regulatory proposals has been steadily increasing in recent years even as these information control challenges multiply.

This has led to privacy law’s second major problem: the precautionary principle problem. The precautionary principle generally holds that new innovations should be curbed or even forbidden until they are proven safe. Fashioning privacy rules based on precautionary principle reasoning necessitates prophylactic regulation that makes new forms of digital innovation guilty until proven innocent.

This puts privacy law on a collision course with the general freedom to innovate that has thus far powered the Internet revolution, and privacy law threatens to limit innovations consumers have come to expect or even raise prices for services consumers currently receive free of charge. As a result, even if new regulations are pursued or imposed, there will likely be formidable push-back not just from affected industries but also from their consumers.

In light of both these information control and precautionary principle problems, new approaches to privacy protection are necessary. We need to invert the process of how we go about protecting privacy by focusing more on practical “bottom-up” solutions—education, empowerment, public and media pressure, social norms and etiquette, industry self-regulation and best practices, and an enhanced role for privacy professionals within organizations—instead of “top-down” legalistic solutions and regulatory techno-fixes. Resources expended on top-down regulatory pursuits should instead be put into bottom-up efforts to help citizens better prepare for an uncertain future.

In this regard, policymakers can draw important lessons from the debate over how best to protect children from objectionable online content. In a sense, there is nothing new under the sun; the current debate over privacy protection has many parallels with earlier debates about how best to protect online child safety. Most notably, just as top-down regulatory constraints came to be viewed as constitutionally-suspect and economically inefficient, and also highly unlikely to even be workable in the long-run for protecting online child safety, the same will likely be true for most privacy related regulatory enactments.

This article sketches out some general lessons from those online safety debates and discusses their implications for privacy policy going forward.

Read the full article here [PDF].

Related Material:

• Book: Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom
• Law review article: “The Pursuit of Privacy in a World Where Information Control Is Failing,” Harvard Journal of Law & Public Policy, 36 (2013): 409–55.
• Law review article: “A Framework for Benefit-Cost Analysis in Digital Privacy Debates,” George Mason University Law Review, 20, no. 4 (Summer 2013): 1055–105.
• Law review article: “Technopanics, Threat Inflation, and the Danger of an Information Technology Precautionary Principle,” Minnesota Journal of Law, Science & Technology, 14 (2013): 309–86.

Adam Thierer – Privacy Law’s Precautionary Problem (Maine Law Review, 2014) by Adam Thierer

I am pleased to announce the release of my latest book, “Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom.” It’s a short manifesto (just under 100 pages) that condenses — and attempts to make more accessible — arguments that I have developed in various law review articles, working papers, and blog posts over the past few years. I have two goals with this book.

First, I attempt to show how the central fault line in almost all modern technology policy debates revolves around “the permission question,” which asks: Must the creators of new technologies seek the blessing of public officials before they develop and deploy their innovations? How that question is answered depends on the disposition one adopts toward new inventions. Two conflicting attitudes are evident.

One disposition is known as the “precautionary principle.” Generally speaking, it refers to the belief that new innovations should be curtailed or disallowed until their developers can prove that they will not cause any harms to individuals, groups, specific entities, cultural norms, or various existing laws, norms, or traditions.

The other vision can be labeled “permissionless innovation.” It refers to the notion that experimentation with new technologies and business models should generally be permitted by default. Unless a compelling case can be made that a new invention will bring serious harm to society, innovation should be allowed to continue unabated and problems, if they develop at all, can be addressed later.

I argue that we are witnessing a grand clash of visions between these two mindsets today in almost all major technology policy discussions today.

The second major objective of the book, as is made clear by the title, is to make a forceful case in favor of the latter disposition of “permissionless innovation.” I argue that policymakers should unapologetically embrace and defend the permissionless innovation ethos — not just for the Internet but also for all new classes of networked technologies and platforms. Some of the specific case studies discussed in the book include: the “Internet of Things” and wearable technologies, smart cars and autonomous vehicles, commercial drones, 3D printing, and various other new technologies that are just now emerging.

I explain how precautionary principle thinking is increasingly creeping into policy discussions about these technologies. The urge to regulate preemptively in these sectors is driven by a variety of safety, security, and privacy concerns, which are discussed throughout the book. Many of these concerns are valid and deserve serious consideration. However, I argue that if precautionary-minded regulatory solutions are adopted in a preemptive attempt to head-off these concerns, the consequences will be profoundly deleterious.

The central lesson of the booklet is this: Living in constant fear of hypothetical worst-case scenarios — and premising public policy upon them — means that best-case scenarios will never come about. When public policy is shaped by precautionary principle reasoning, it poses a serious threat to technological progress, economic entrepreneurialism, social adaptation, and long-run prosperity.

Again, that doesn’t mean we should ignore the various problems created by these highly disruptive technologies. But how we address these concerns matters greatly. If and when problems develop, there are many less burdensome ways to address them than through preemptive technological controls. The best solutions to complex social problems are almost always organic and “bottom-up” in nature. Luckily, there exists a wide variety of constructive approaches that can be tapped to address or alleviate concerns associated with new innovations. These include:

• education and empowerment efforts (including media literacy, digital citizenship efforts);
• social pressure from activists, academics, and the press and the public more generally.
• voluntary self-regulation and adoption of best practices (including privacy and security “by design” efforts); and,
• increased transparency and awareness-building efforts to enhance consumer knowledge about how new technologies work.

Such solutions are almost always superior to top-down, command-and-control regulatory edits and bureaucratic schemes of a “Mother, May I?” (i.e., permissioned) nature. The problem with “top-down” traditional regulatory systems is that they often tend to be overly-rigid, bureaucratic, inflexible, and slow to adapt to new realities. They focus on preemptive remedies that aim to predict the future, and future hypothetical problems that may not ever come about. Worse yet, administrative regulation generally preempts or prohibits the beneficial experiments that yield new and better ways of doing things. It raises the cost of starting or running a business or non-business venture, and generally discourages activities that benefit society.

To the extent that other public policies are needed to guide technological developments, simple legal principles are greatly preferable to technology-specific, micro-managed regulatory regimes. Again, ex ante (preemptive and precautionary) regulation is often highly inefficient, even dangerous. To the extent that any corrective legal action is needed to address harms, ex post measures, especially via the common law (torts, class actions, etc.), are typically superior. And the Federal Trade Commission will, of course, continue to play a backstop here by utilizing the broad consumer protection powers it possesses under Section 5 of the Federal Trade Commission Act, which prohibits “unfair or deceptive acts or practices in or affecting commerce.” In recent years, the FTC has already brought and settled many cases involving its Section 5 authority to address identity theft and data security matters. If still more is needed, enhanced disclosure and transparency requirements would certainly be superior to outright bans on new forms of experimentation or other forms of heavy-handed technological controls.

In the end, however, I argue that, to the maximum extent possible, our default position toward new forms of technological innovation must remain: “innovation allowed.” That is especially the case because, more often than not, citizens find ways to adapt to technological change by employing a variety of coping mechanisms, new norms, or other creative fixes. We should have a little more faith in the ability of humanity to adapt to the challenges new innovations create for our culture and economy. We have done it countless times before. We are creative, resilient creatures. That’s why I remain so optimistic about our collective ability to confront the challenges posed by these new technologies and prosper in the process.

If you’re interested in taking a look, you can find a free PDF of the book at the Mercatus Center website or you can find out how to order it from there as an eBook. Hardcopies are also available. I’ll be doing more blogging about the book in coming weeks and months. The debate between the “permissionless innovation” and “precautionary principle” worldviews is just getting started and it promises to touch every tech policy debate going forward.

Related Essays :

• “The Growing Conflict of Visions over the Internet of Things & Privacy,” Technology Liberation Front, January 14, 2014.
• “CES 2014 Report: The Internet of Things Arrives, but Will Washington Welcome It?” Technology Liberation Front, January 8, 2014.
• “Who Really Believes in ‘Permissionless Innovation’?” Technology Liberation Front, March 4, 2013.
• “What Does It Mean to ‘Have a Conversation’ about a New Technology?” Technology Liberation Front, May 23, 2013.
• “On the Line between Technology Ethics vs. Technology Policy,” Technology Liberation Front, August 1, 2013.
• “Planning for Hypothetical Horribles in Tech Policy Debates,” Technology Liberation Front, August 6, 2013.
• “Edith Ramirez’s ‘Big Data’ Speech: Privacy Concerns Prompt Precautionary Principle Thinking,” Technology Liberation Front, August 29, 2013.
• “When It Comes to Information Control, Everybody Has a Pet Issue & Everyone Will Be Disappointed,” Technology Liberation Front, April 29, 2011.
• “Copyright, Privacy, Property Rights & Information Control: Common Themes, Common Challenges,” Technology Liberation Front, April 10, 2012.
• “Can We Adapt to the Internet of Things?” IAPP Privacy Perspectives, June 19, 2013.
• “Why Do We Always Sell the Next Generation Short?” Forbes, January 8, 2012.
• “The Six Things That Drive ‘Technopanics,’” Forbes, March 4, 2012.

Ladar Levison, founder of encrypted email service Lavabit, discusses recent government action that led him to shut down his firm. When it was suspected that NSA whistleblower Edward Snowden used Lavabit’s email service, the FBI issued a National Security Letter ordering Levison to hand over SSL keys, jeopardizing the privacy of Lavabit’s 410,000 users. Levison discusses his inspiration for founding Lavabit and why he chose to suspend the service; how Lavabit was different from email services like Gmail; developments in his case and how the Fourth Amendment has come into play; and his involvement with the recently-formed Dark Mail Technical Alliance.

Download

Related Links

• Lavabit, Levison
• Dark Mail, Zimmerman, Callas, Janke, Levison
• Lawyers raise civil liberty concerns in Lavabit case, Salon
• Lawyers for Lavabit founder: judges may dismiss civil liberties concerns, The Guardian

Last week, it was my great pleasure to be invited on NPR’s “On Point with Tom Ashbrook,” to debate Jeffrey Rosen, a leading privacy scholar and the president and chief executive of the National Constitution Center. In an editorial in the previous Sunday’s New York Times (“Madison’s Privacy Blind Spot”), Rosen proposed “constitutional amendment to prohibit unreasonable searches and seizures of our persons and electronic effects, whether by the government or by private corporations like Google and AT&T.” He said his proposed amendment would limit “outrageous and unreasonable” collection practices and would even disallow consumers from sharing their personal information with private actors even if they saw an advantage in doing so.

I responded to Rosen’s proposal in an essay posted on the IAPP  Privacy Perspectives blog, “Do We Need A Constitutional Amendment Restricting Private-Sector Data Collection?” In my essay, I argued that there are several legal, economic, and practical problems with Rosen’s proposal. You can head over to the IAPP blog to read my entire response but the gist of it is that “a constitutional amendment [governing private data collection] would be too sweeping in effect and that better alternatives exist to deal with the privacy concerns he identifies.” There are very good reasons we treat public and private actors differently under the law and there “are all far more practical and less-restrictive steps that can be taken without resorting to the sort of constitutional sledgehammer that Jeff Rosen favors. We can protect privacy without rewriting the Constitution or upending the information economy,” I concluded.

But I wanted to elaborate on one particular thing I found particularly interesting about Rosen’s comments when we were on NPR together. During the show, Rosen kept stressing how we needed to adopt a more European construction of privacy as “dignity rights” and he even said his proposed privacy amendment would even disallow individuals from surrendering their private data or their privacy because he viewed these rights as “unalienable.” In other words, from Rosen’s perspective, privacy pretty much trumps  everything, even if you want to trade it off against other values. 

Privacy Paternalism?

I’ve been seeing more and more privacy advocates and scholars adopt this attitude, including Anita Allen, Julie Cohen, Siva Vaidhyanathan, and others. Allen, for example, says that privacy is such a “foundational” human right that it some cases the law should override individual choice when consumers act against their own privacy interests. Cohen and Vaidhyanathan make similar arguments in their recent books. Vaidhyanathan claims that consumers are being tricked by the “smokescreen” of “free” online services and “freedom of choice.” Although he admits that no one is forced to use online services and that consumers are also able to opt-out of most of services or data collection practices, he argues that “such choices mean very little” because “the design of the system rigs it in favor of the interests of the company and against the interests of users.” “Celebrating freedom and user autonomy is one of the great rhetorical ploys of the global information economy,” he says.“We are conditioned to believe that having more choices–empty though they may be–is the very essence of human freedom. But meaningful freedom implies real control over the conditions of one’s life.” These are the sort of arguments I increasingly hear made by privacy scholars when claiming that consumers simply can’t be left free to make choices for themselves in this regard.  In an interesting recent article in the Harvard Law Review , privacy scholar  Daniel Solove notes that what binds these thinkers and their work together is, in essence, a sort of privacy paternalism. The point of most modern privacy advocacy has been to better empower consumers to make privacy decisions for themselves. But, Solove notes, “t he implication [of these privacy scholar’s work] is that the law must override individual consent in certain instances.” Yet, if that choice is taken away from us by law, Solove notes, then privacy regulation, “risks becoming too paternalistic. Regulation that sidesteps consent denies people the freedom to make choices,” Solove argues.

Jeff Rosen now appears to be adopting the sort of approach Solove identifies by claiming that privacy is an “unalienable right” such that it cannot be traded away for other things. By making that choice for us, Rosen’s proposed amendment would, therefore, suffer from that same sort of privacy paternalism Solove identifies. In a forthcoming law review aritcle that will appear in the  Maine Law Review, I identify some of the problems associated with privacy paternalism. Most obviously, these scholars should keep in mind that not everyone shares the same privacy values as they do and that many of us will voluntarily trade some of our data for the innovative information services and devices that we desire. If imposed in the form of legal sanctions, privacy paternalism would open the door to almost boundless controls on the activities of both producers and consumers of digital services, potentially limiting future innovations in this space.

For example, when we were on  NPR together, Rosen mentioned wireless geolocation technology as a potential source of serious privacy harm, although he did not make it clear whether he wanted it stopped entirely or what. If used improperly, wireless geolocation technology certainly can raise serious privacy concerns. But wireless geolocation technology is also what powers the mapping and traffic services that most of us now take for granted. Many of us expect — no, we demand — that our digital devices be able to give us real-time mapping and traffic notification capabilities. And most of us are willing to make the minor privacy trade-off associated with sharing our location constantly in exchange for the right to receive these services, which are also provided to us free of charge.

So, what would Rosen’s proposed amendment have to say about this trade-off? Would these wireless geolocation technologies be banned altogether, even if consumers desire them? It isn’t really clear at this point because he hasn’t offered us many details about his proposal. But, to the extent it would preempt these technological capabilities on the grounds that our locational privacy is somehow in unalienable right, then that seems like a fairly paternalistic approach to policy and it it would seem to confirm Thomas Lenard and Paul Rubin’s claim that “many of the privacy advocates and writers on the subject do not trust the consumers for whom they purport to advocate.”

Such paternalism is particularly problematic in this case since privacy is such a highly subjective value and one that evolves over time. As Solove notes, “the correct choices regarding privacy and data use are not always clear. For example, although extensive self-exposure can have disastrous consequences, many people use social media successfully and productively.” Privacy norms and ethics are changing faster than ever today. One day’s “creepy” tool or service is often the next day’s “killer app.”

Balancing Values; Considering Costs

As I will discuss in my forthcoming  Maine Law Review article and I also discussed in my recent George Mason University Law Review  article, at least here in the United States, consumer protection standards have traditionally depended on a clear showing of actual, not prospective or hypothetical, harm. In some cases, when the potential harm associated with a particular practice or technology is extreme in character and poses a direct threat to physical well-being, law has preempted the general presumption that ongoing experimentation and innovation should be allowed by default. But these are extremely rare scenarios, at least as it pertains to privacy concerns under American law, and they mostly involved health and safety measures aimed at preemptively avoiding catastrophic harm to individual or environmental well-being. In the vast majority of other cases, our culture has not accepted that paternalistic idea that law must “save us from ourselves” (i.e., our own irrationality or mistakes). As Solove notes in his recent essay, “People make decisions all the time that are not in their best interests. People relinquish rights and take bad risks, and the law often does not stop them.” Sometimes privacy advocates also ignore the costs of preemptive policy action and don’t bother conducting a serious review of the potential costs of their regulatory proposals. As a result, preemptive policy action is almost always the preferred remedy to any alleged harm. “By limiting or conditioning the collection of information, regulators can limit market manipulation at the activity level,” Ryan Calo argues in a recent paper. “We could imagine the government fashioning a rule — perhaps inadvisable for other reasons―that limits the collection of information about consumers in order to reduce asymmetries of information.” [*Clarification: In a comment down below and a subsequent Twitter exchange, Ryan clarifies that he ultimately does not come down in favor of such a rule, preferring instead to find various other incentives to solve these problems. I thank him for this clarification — and definitely welcome it! — although I found his position somewhat murky after debating him personally on these issues recently. Nonetheless, I apologize if I mischaracterized his position in any way here.]

Unfortunately, Professor Calo does not fully consider the corresponding cost of such regulatory proposals in calling for the enactment of such a rule. If preemptive regulation slowed or ended certain information practices, it could stifle the provision of new and better services that consumers demand, as I have noted elsewhere. It might also trump other choices or values that consumers care about. While privacy is obviously an incredibly important value, we cannot assume that it is the only value, or the most important value, at stake here. Consumers also care about having access to a constantly growing array of innovative goods and services, and they also care about getting those goods and services at a reasonable price.

Moving from “Rights Talk” to Practical Privacy Solutions

This is the point in the essay where some readers are getting pretty frustrated with me and thinking I am some sort of nihilist who doesn’t give a damn about privacy. I assure you that nothing is further from the truth and that I care very deeply about privacy.

But if you really care about expanding the horizons of privacy protection in our modern world, at some point you have to accept that all the “rights talk” and top-down enforcement efforts in the world are not necessarily going to help as much as you wish they would. The same thing is true for online safety, digital security, and IP protection efforts: No matter how much you might wish the opposite was true, information control is just really, really hard. Legal and regulatory approaches to bottling up information flows will inevitably be several steps behind cutting-edge technological developments. (I’ve discussed these issues in several essays here, including: “Privacy as an Information Control Regime: The Challenges Ahead,” “Copyright, Privacy, Property Rights & Information Control: Common Themes, Common Challenges,” and “When It Comes to Information Control, Everybody Has a Pet Issue & Everyone Will Be Disappointed.”)

That doesn’t mean we should surrender in our efforts to identify more concrete privacy harms, but we should recognize that it will always be a hugely contentious matter and that a great many people will gladly trade away their privacy in a way that others will consider outrageous. In a free society, we must allow them to do so if they derive greater utility from other things. A paternalistic approach based on a sort of privacy fundamentalism will deny them the right to make that choice for themselves. And, practically speaking, no matter how much some might think that privacy values are “unalienable,” the reality is that there will be no way to stop many others from making different choices and relinquishing their privacy all the time.

Educating and empowering citizens is the better way to address this issue. We can try to teach them to make better privacy choices and treat their information, and information about others, with far greater care. We should also work to provide citizens more tools to help accomplish those goals. And if the problem is “information asymmetry” or some general lack of awareness about certain data collection and use practices, then let’s work even harder to make sure consumers are aware of those practices and what they can do about them.

It’s all part of the media literacy and digital citizenship agenda that we need to be investing much more of time and resources into. I outlined that approach in much more detail in this law review article. We need diverse tools and strategies for a diverse citizenry. We need to be talking to both consumers and developers about smarter data hygiene and sensible digital ethics. We need more transparency. We need more privacy privacy professionals working inside organizations to craft sensible data collection and use policies. And so on. Only by working to change attitudes about privacy, online “Netiquette,” and more ethical data use, can we really start to make a dent in this problem.

If nothing else, we must understand the limitations of information control in such highly context-specific harm scenarios. Prof. Rosen might want to ask himself how long it would take to even get his proposed constitutional amendment in place and what the chances are such a movement would even been successful. But, again, and far more importantly, Prof. Rosen and advocates of similar regulatory approaches should remember that their values are not shared by everyone and that, in a free society, a value as inherently subjective as privacy is likely to remain a hugely contentious, every-changing matter, especially when elevated to the level of constitutional rights talk. We need practical solutions to our privacy problems, not pie-in-the-sky Hail Mary schemes that are unlikely to go anywhere and, even if they did, would end up being too heavy-handed and potentially override individual autonomy in the process.

I didn’t have nearly as much time this year to review the steadily growing stream of information policy books that were released. The end-of-year lists I put together in the past were fairly comprehensive (see 2008, 2009, 2010, 2011 and 2012), but I got sidetracked this year with 7 law review articles and an eBook project and had almost no time for book reviews, or even general blogging for that matter.

So, I’ve just listed some of the more notable titles from 2013 even though I didn’t find the time to describe them all.  The first couple are the titles that I believe will have the most lasting influence on information technology policy debates. Needless to say, just because I believe that some of these titles will have an impact on policy going forward does not mean I endorse the perspectives or recommendations in any of them. And that would certainly be the case with my choice for most important Net policy book of the year, Ian Brown and Chris Marsden’s Regulating Code. Their book does a wonderful job mapping the unfolding universe of Internet “co-regulation” and “multi-stakeholderism,” but their defense of a more politicized information policy future leaves lovers of liberty like me utterly demoralized.

The same could be said of many other titles on the list. As I noted in concluding several reviews over the past year, liberty is increasingly a loser in Internet policy circles these days. And it’s not just neo-Marxist rants like McChesney’s Digital Disconnect or Lanier’s restatement of the Unibomber Manifesto, Who Owns the Future? The sad reality is that pretty much everybody these days has a pet peeve they want addressed through pure power politics because, you know, something must be done! The very term “Internet freedom” has already been grotesquely contorted into something akin to an open mandate for governments to meticulously plan virtually every facet of economic and social activity in the Information Age.

Anyway, despite that caveat, many interesting books were released in 2013 on an ever-expanding array of specific information policy topics.  Here’s the list of everything that landed on my desk over the past year.

• Ian Brown & Christopher T. Marsden – Regulating Code: Good Governance and Better Regulation in the Information Age  [my review]
• Ronald Deibert – Black Code: Inside the Battle for Cyberspace  [my review]
• Anupam Chander – The Electronic Silk Road: How the Web Binds the World Together in Commerce [my review]
• Marvin Ammori – On Internet Freedom
• Jaron Lanier – Who Owns the Future?
• Ethan Zuckerman – Rewire: Digital Cosmopolitans in the Age of Connection
• Eric Schmidt & Jared Cohen – The New Digital Age: Reshaping the Future of People, Nations and Business
• Abraham H. Foxman & Christopher Wolf – Viral Hate: Containing Its Spread on the Internet [my review]
• Nicco Mele – The End of Big: How the Internet Makes David the New Goliath
• Clive Thompson – Smarter Than You Think: How Technology is Changing Our Minds for the Better [my review] (** note: This was my favorite book of the year, but it didn’t have a lot to say about policy.)
• Evgeny Morozov – To Save Everything, Click Here: The Folly of Technological Solutionism [my review]
• Viktor Mayer-Schonberger & Kenneth Cukier – Big Data: A Revolution That Will Transform How We Live, Work, and Think
• Thomas Rid – Cyber War Will Not Take Place
• Nate Anderson – The Internet Police: How Crime Went Online, and the Cops Followed
• Robert W. McChesney – Digital Disconnect: How Capitalism Is Turning the Internet Against Democracy
• Giovanni Ziccardi – Resistance, Liberation Technology and Human Rights in the Digital Age
• John O. McGinnis – Accelerating Democracy: Transforming Governance Through Technology
• Scott Shackelford – Managing Cyber Attacks in International Law, Business and Relations: In Search of Cyber Peace
• Paul Rosenzweig – Cyber Warfare: How Conflicts in Cyberspace Are Challenging America and Changing the World
• Alice E. Marwick – Status Update: Celebrity, Publicity, and Branding in the Social Media Age
• Dorothea Kleine – Technologies Of Choice? ICTs, Development, and the Capabilities Approach

I’m pleased to announce the release of my latest law review article, “A Framework for Benefit-Cost Analysis in Digital Privacy Debates.” It appears in the new edition of the George Mason University Law Review. (Vol. 20, No. 4, Summer 2013)

This is the second of two complimentary law review articles I am releasing this year dealing with privacy policy. The first, “The Pursuit of Privacy in a World Where Information Control is Failing,” was published in Vol. 36 of the Harvard Journal of Law & Public Policy this Spring. (FYI: Both articles focus on privacy claims made against private actors — namely, efforts to limit private data collection — and not on privacy rights against governments.)

My new article on benefit-cost analysis in privacy debates makes a seemingly contradictory argument: benefit-cost analysis (“BCA”) is extremely challenging in online child safety and digital privacy debates, yet it remains essential that analysts and policymakers attempt to conduct such reviews. While we will never be able to perfectly determine either the benefits or costs of online safety or privacy controls, the very act of conducting a regulatory impact analysis (“RIA”) will help us to better understand the trade-offs associated with various regulatory proposals.

However, precisely because those benefits and costs remain so remarkably subjective and contentious, I argue that we should look to employ less-restrictive solutions — education and awareness efforts, empowerment tools, alternative enforcement mechanisms, etc. — before resorting to potentially costly and cumbersome legal and regulatory regimes that could disrupt the digital economy and the efficient provision of services that consumers desire. This model has worked fairly effectively in the online safety context and can be applied to digital privacy concerns as well.

The article is organized as follows. Part I examines the use of BCA by federal agencies to assess the utility of government regulations. Part II considers how BCA can be applied to online privacy regulation and the challenges federal officials face when determining the potential benefits of regulation. Part III then elaborates on the cost considerations and other trade-offs that regulators face when evaluating the impact of privacy-related regulations. Part IV discusses alternative measures that can be taken by government regulators when attempting to address online safety and privacy concerns. This article concludes that policymakers must consider BCA when proposing new rules but also recognize the utility of alternative remedies such as education and awareness campaigns, to address consumer concerns about online safety and privacy.

I’ve embedded the full article down below in a Scribd reader, but you can also download it from my SSRN page and my Mercatus author page.

A Framework for Benefit-Cost Analysis in Digital Privacy Debates by Adam Thierer

What works well as an ethical directive might not work equally well as a policy prescription. Stated differently, what one ought to do it certain situations should not always be synonymous with what they must do by force of law.

I’m going to relate this lesson to tech policy debates in a moment, but let’s first think of an example of how this lesson applies more generally. Consider the Ten Commandments. Some of them make excellent ethical guidelines (especially the stuff about not coveting neighbor’s house, wife, or possessions). But most of us would agree that, in a free and tolerant society, only two of the Ten Commandments make good law: Thou shalt not kill and Thou shalt not steal.

In other words, not every sin should be a crime. Perhaps some should be; but most should not. Taking this out of the realm of religion and into the world of moral philosophy, we can apply the lesson more generally as: Not every wise ethical principle makes for wise public policy.

Before I get accused of being accused of being some sort of nihilist, I want to be clear that I am absolutely not saying that ethics should never have a bearing on policy. Obviously, all political theory is, at some level, reducible to ethical precepts. My own political philosophy is strongly rooted in the Millian harm principle (“The only purpose for which power can be rightfully exercised over any member of a civilized community, against his will, is to prevent harm to others.”) Not everyone will agree will Mill’s principle, but I would hope most of us could agree that, if we hope to preserve a free and open society, we simply cannot convert every ethical directive into a legal directive or else the scope of human freedom will need to shrink precipitously.

Can We Plan for Every “Bad Butterfly-Effect”?

Anyway, what got me thinking about all this and it its applicability to technology policy was an interesting Wired essay by Patrick Lin entitled, “The Ethics of Saving Lives With Autonomous Cars Are Far Murkier Than You Think.” Lin is the director of the Ethics + Emerging Sciences Group at California Polytechnic State University in San Luis Obispo and lead editor of Robot Ethics (MIT Press, 2012). So, this a man who has obviously done a lot of thinking about the potential ethical challenges presented by the growing ubiquity of robots and autonomous vehicles in society. (His column makes for particularly fun reading if you’ve ever spent time pondering Asimov’s “Laws of Robotics.”)

Lin walks through various hypothetical scenarios regarding the future of autonomous vehicles and discusses the ethical trade-offs at work here. He asks a number of questions about a future of robotic cars and encourages us to give some thoughtful deliberation to the benefits and potential costs of autonomous vehicles. I will not comment here on all the specific issues that lead Lin to question whether they are worth it; instead I want to focus on Lin’s ultimate conclusion.

I commenting on the potential risks and trade-offs, Lin notes:

The introduction of any new technology changes the lives of future people. We know it as the “butterfly effect” or chaos theory: Anything we do could start a chain-reaction of other effects that result in actual harm (or benefit) to some persons somewhere on the planet.

That’s self-evident, of course, but what of it? How should that truism influence tech ethics and/or tech policy? Here are Lin’s thoughts:

For us humans, those effects are impossible to precisely predict, and therefore it is impractical to worry about those effects too much. It would be absurdly paralyzing to follow an ethical principle that we ought to stand down on any action that could have bad butterfly-effects, as any action or inaction could have negative unforeseen and unintended consequences. But … we can foresee the general disruptive effects of a new technology, especially the nearer-term ones, and we should therefore mitigate them. The butterfly-effect doesn’t release us from the responsibility of anticipating and addressing problems the best we can. As we rush into our technological future, don’t think of these sorts of issues as roadblocks, but as a sensible yellow light — telling us to look carefully both ways before we cross an ethical intersection.

Lin makes some important points here, but these closing comments (and his article more generally) have a whiff of “precautionary principle” thinking to it that makes me more than a bit uncomfortable. The precautionary principle generally holds that, because a new idea or technology could pose some theoretical danger or risk in the future, public policies should control or limit the development of such innovations until their creators can prove that they won’t cause any harms. Before we walk down that precautionary path, we need to consider the consequences.

The Problem with Precaution

I have spent a great deal of time writing about the dangers of precautionary principle thinking in my recent articles and essays, including my recent law review article, “Technopanics, Threat Inflation, and the Danger of an Information Technology Precautionary Principle,” as well as in two lengthy blog posts asking the questions, “Who Really Believes in ‘Permissionless Innovation’?” and “What Does It Mean to ‘Have a Conversation’ about a New Technology?”

The key point I try to get across in those essays is that letting such precautionary thinking guide policy poses a serious threat to technological progress, economic entrepreneurialism, social adaptation, and long-run prosperity. If public policy is guided at every turn by the precautionary principle, technological innovation is impossible because of fear of the unknown; hypothetical worst-case scenarios trump all other considerations. Social learning and economic opportunities become far less likely, perhaps even impossible, under such a regime. In practical terms, it means fewer services, lower quality goods, higher prices, diminished economic growth, and a decline in the overall standard of living.

In Lin’s essay, we see some precautionary reasoning at work when he argues that “we can foresee the general disruptive effects of a new technology, especially the nearer-term ones, and we should therefore mitigate them” and that we have “responsibility [for] anticipating and addressing problems the best we can.”

To be fair, Lin caveats this by first noting that precise effects are “impossible to predict” and, therefore, that “It would be absurdly paralyzing to follow an ethical principle that we ought to stand down on any action that could have bad butterfly-effects, as any action or inaction could have negative unforeseen and unintended consequences.” Second, as it relates to general effects, he says we should just be “addressing problems the best we can.”

Despite those caveats, I continue to have serious concerns about the potential blurring of ethics and law here. The most obvious question I would have for Lin is: Who is the “we” in this construct?  Is it “we” as individuals and institutions interacting throughout society freely and spontaneously, or is it “we” as in the government imposing precautionary thinking through top-down public policy?

I can imagine plenty of scenarios in which a certain amount of precautionary thinking may be entirely appropriate if applied as an informal ethical norm at the individual, household, organizational or even societal level, but which would not be as sensible if applied as a policy prescription. For example, parents should take steps to shield their kids from truly offensive and hateful material on the Internet before they are mature enough to understand the ramifications of it. But that doesn’t mean it would be wise to enshrine the same principle into law in the form of censorship.

Similarly, there are plenty of smart privacy and security norms that organizations should practice that need not be forced on them by law, especially since such mandates would have serious costs if mandated. For example, I think that organizations should feel a strong obligation to safeguard user data and avoid privacy and security screw-ups. I’d like to see more organizations using encryption wherever they can in their systems and also delete unnecessary data whenever possible. But, for a variety of reasons, I do not believe any of these things should be mandated through law or regulation.

Don’t Foreclose Experimentation

While Lin rightly acknowledges the “negative unforeseen and unintended consequences” of preemptive policy action to address precise concerns, he does not unpack the full ramifications of those unseen consequences. Nor does he answer how the royal “we” separate the “precise” from the “general” concerns? (For example, are the specific issues I just raised in the preceding paragraphs “precise” or “general”? What’s the line between the two?)

But I have a bigger concern with Lin’s argument, as well with the field of technology ethics more generally: We rarely hear much discussion of the benefits associated with the ongoing process of trial-and-error experimentation and, more importantly, the benefits of failure and what we learn — both individually and collectively — from the mistakes we inevitably make.

The problem with regulatory systems is that they are permission-based. They focus on preemptive remedies that aim to forecast the future, and future mistakes (i.e., Lin’s “butterfly effects”) in particular.  Worse yet, administrative regulation generally preempts or prohibits the beneficial experiments that yield new and better ways of doing things — including what we learn from failed efforts at doing things. But we will never discover better ways of doing things unless the process of evolutionary, experimental change is allowed to continue. We need to keep trying and failing in order to learn how we can move forward. As Samuel Beckett once counseled: “Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better.” Real wisdom is born of experience, especially mistakes we make along the way.

This is why I feel so passionately about drawing a distinction between ethical norms and public policy pronouncements.  Law forecloses. It is inflexible. It does not adapt as efficiently or rapidly as social norms do. Ethics and norms provide guidance but also leave plenty of breathing room for ongoing experimentation, and they are refined continuously and in response to ongoing social developments.

It is worth noting that ethics evolve, too. There is a sort of ethical trial-and-error that occurs in society over time as new developments challenge, and then change, old ethical norms. This is another reason we want to be careful about enshrining norms into law.

Thus, policymakers should not be imposing prospective restrictions on new innovations without clear evidence of actual, not merely hypothesized, harm. That’s especially the case since, more often than not, human adapt to new technologies and find creative ways to assimilate even the most disruptive innovations into their lives. We cannot possibly plan for all the “bad butterfly-effects” that might occur, and attempts to do so will result in significant sacrifices in terms of social and economic liberty.

The burden of proof should be on those who advocate preemptive restrictions on technological innovation to show why freedom to tinker and experiment must be foreclosed by policy. There should exist the strongest presumption that the freedom to innovate and experiment will advance human welfare and teach us new and better ways of doing things to overcome most of those “bad butterfly-effects” over time.

So, in closing, let us yield at Lin’s “sensible yellow light — telling us to look carefully both ways before we cross an ethical intersection.” But let us not be cowed into an irrational fear of an unknown and ultimately unknowable future. And let us not be tempted to try to plan for every potential pitfall through preemptive policy prescriptions, lest progress and prosperity get sacrificed as a result of such hubris.

Last month, it was my great pleasure to serve as a “provocateur” at the IAPP’s (Int’l Assoc. of Privacy Professionals) annual “Navigate” conference. The event brought together a diverse audience and set of speakers from across the globe to discuss how to deal with the various privacy concerns associated with current and emerging technologies.

My remarks focused on a theme I have developed here for years: There are no simple, silver-bullet solutions to complex problems such as online safety, security, and privacy. Instead, only a “layered” approach incorporating many different solutions–education, media literacy, digital citizenship, evolving society norms, self-regulation, and targeted enforcement of existing legal standards–can really help us solve these problems. Even then, new challenges will present themselves as technology continues to evolve and evade traditional controls, solutions, or norms. It’s a never-ending game, and that’s why education  must be our first-order solution. It better prepares us for an uncertain future. (I explained this approach in far more detail in this law review article.)

Anyway, if you’re interested in an 11-minute video of me saying all that, here ya go. Also, down below I have listed several of the recent essays, papers, and law review articles I have done on this issue.

Some of My Recent Essays on Privacy & Data Collection

Testimony / Filings:

• Senate Testimony on Privacy, Data Collection & Do Not Track – April 24, 2013
• Comments of the Mercatus Center to the FTC in Privacy & Security Implications of the Internet of Things
• Mercatus filing to FAA on commercial domestic drones

Law Review Articles:

• “The Pursuit of Privacy in a World Where Information Control is Failing” – Harvard Journal of Law & Public Policy
• “Technopanics, Threat Inflation, and the Danger of an Information Technology Precautionary Principle” – Minnesota Journal of Law, Science & Technology
• “A Framework for Benefit-Cost Analysis in Digital Privacy Debates” – George Mason University Law Review

Blog posts:

• A Better, Simpler Narrative for U.S. Privacy Policy – March 19, 2013
• On the Pursuit of Happiness… and Privacy – March 31, 2013
• Let’s Not Place All Our Eggs in the Do Not Track Basket (IAPP Privacy perspectives blog)
•  Can We Adapt to the Internet of Things? – June 19, 2013 (IAPP Privacy perspectives blog)
• Isn’t “Do Not Track” Just a “Broadcast Flag” Mandate for Privacy? – Feb. 20, 2011
• Two Paradoxes of Privacy Regulation – Aug. 25, 2010
• Privacy as an Information Control Regime: The Challenges Ahead – Nov. 13, 2010
• When It Comes to Information Control, Everybody Has a Pet Issue & Everyone Will Be Disappointed – Apr. 29, 2011
• Lessons from the Gmail Privacy Scare of 2004 – March 25, 2011
• Who Really Believes in “Permissionless Innovation”? – March 4, 2013
• The Problem of Proportionality in Debates about Online Privacy and Child Safety – Nov. 28, 2009
• Obama Admin’s “Let’s-Be-Europe” Approach to Privacy Will Undermine U.S. Competitiveness– Jan. 5, 2011

Ajit Pai, a Republican commissioner at the Federal Communications Commission (FCC), had an outstanding op-ed in the L.A. Times yesterday about state and local efforts to regulate private taxi or ride-sharing services such as Uber, Lyft, and Sidecar. “Ever since Uber came to California,” Pai notes, “regulators have seemed determined to send Uber and companies like it on a one-way ride out of the Golden State.” Regulators have thrown numerous impediments in their way in California as well as in other states and localities (including here in Washington, D.C.). Pai continues on to discuss how, sadly, “tech start-ups in other industries face similar burdens”:

For example, Square has created a credit card reader for mobile devices. Small businesses love Square because it reduces costs and is convenient for customers. But some states want a piece of the action. Illinois, for example, has ordered Square to stop doing business in the Land of Lincoln until it gets a money transmitter license, even though the money flows through existing payment networks when Square processes credit cards. If Square had to get licenses in the 47 states with such laws, it could cost nearly half a million dollars, an extraordinary expense for a fledgling company.

He also notes that “Obstacles to entrepreneurship aren’t limited to the tech world”:

Across the country, restaurant associations have tried to kick food trucks off the streets. Auto dealers have used franchise laws to prevent car company Tesla from cutting out the middleman and selling directly to customers. Professional boards, too, often fiercely defend the status quo, impeding telemedicine by requiring state-by-state licensing or in-person consultations and even restricting who can sell tooth-whitening services.

What’s going on here? It’s an old and lamentable tale of incumbent protectionism and outright cronyism, Pai notes:

These are just the latest chapters in an old economic story. Incumbents have long promoted regulation in the name of protecting consumers when their actual goal is to block new entrants and stifle competition. As Milton Friedman observed, “The pressure on the legislature to license an occupation rarely comes from the members of the public … the pressure invariably comes from members of the occupation itself.”

Indeed, this is exactly the sort of cronyist nightmare that Brent Skorup and I documented in our new Mercatus Center report, “A History of Cronyism and Capture in the Information Technology Sector.” Our 73-page working paper outlines the evolution of government-granted privileges in America’s information and communications technology marketplace and in the media-producing sectors. Sadly, there are all too many examples of special interests seeking to commandeer the levers of government power to distort market outcomes and head off disruptive forms of innovation or new competition.

“Consumer protection is important,” Pai notes, “and rules to ensure safety and to deter fraud are necessary. But many regulations aren’t about safeguarding consumers; they’re about entrenching incumbents (at consumers’ expense), and they’re typically created by the very agencies that are supposed to oversee those incumbents.” he correctly observes.

The costs of cronyism can be significant. In our paper, Skorup and I note that when companies seek and receive favors from government, it can dull entrepreneurialism and competition in this highly innovative sector since time and resources spent on influencing politicians and capturing regulators cannot be spent competing and innovating in the marketplace. Every dollar spent trying to influence government is a dollar that could have been better spent trying to develop the next iPhone or other innovative gadget or service. Thus, cronyism can negatively impact consumer welfare by denying consumers more and better products and services. Additionally, consumers might end up paying higher prices or higher taxes due to government privileges for industry.

Worse yet, cronyism also raises the specter of greater government control of the Internet and of the digital economy. When policymakers dispense favors, they usually expect something in return. Just ask the agriculture and transportation sectors how their experience with favor-seeking has worked out. Yes, they have often received the special favors and benefits they sought, but along with the goodies came a litany of demands from lawmakers and regulators about how to run their businesses.

At the end of the day, it all goes back to the consumer and how they get screwed in this process. As Pai eloquently puts it:

Heavy-handed regulations hurt the very consumers they’re supposed to help. Consumers fare best when the barriers to business entry are low, which helps ensure that the market — any market — becomes competitive and stays that way. …  Governments at all levels should guard against this tendency by prioritizing innovation and removing unnecessary regulations that burden risk-taking entrepreneurs.

Amen, brother! If only all government officials thought this way. I hope some of them at least take the time to read Commissioner Pai’s excellent essay.

Adam Thierer, Senior Research Fellow at the Mercatus Center discusses his recent working paper with coauthor Brent Skorup, A History of Cronyism and Capture in the Information Technology Sector. Thierer takes a look at how cronyism has manifested itself in technology and media markets — whether it be in the form of regulatory favoritism or tax privileges. Which tech companies are the worst offenders? What are the consequences for consumers? And, how does cronyism affect entrepreneurship over the long term?

Download

Related Links

• A History of Cronyism and Capture in the Information Technology Sector, Thierer
• Video: A History of Cronysim and Capture in the Information Technology Sector, Thierer
• Adam Thierer Biography, Mercatus Center
• Adam Thierer on Anti-Tech Grump Evgeny Morozov, Thierer

The Mercatus Center at George Mason University has just released a new paper by Brent Skorup and me entitled, “A History of Cronyism and Capture in the Information Technology Sector.” In this 73-page working paper, which we hope to place in a law review or political science journal shortly, we document the evolution of government-granted privileges, or “cronyism,” in the information and communications technology marketplace and in the media-producing sectors. Specifically, we offer detailed histories of rent-seeking and regulatory capture in: the early history of the telephony and spectrum licensing in the United States; local cable TV franchising; the universal service system; the digital TV transition in the 1990s; and modern video marketplace regulation (i.e., must-carry and retransmission consent rules, among others.

Our paper also shows how cronyism is slowly creeping into new high-technology sectors.We document how Internet companies and other high-tech giants are among the fastest-growing lobbying shops in Washington these days. According to the Center for Responsive Politics, lobbying spending by information technology sectors has almost doubled since the turn of the century, from roughly $200 million in 2000 to $390 million in 2012.  The computing and Internet sector has been responsible for most of that growth in recent years. Worse yet, we document how many of these high-tech firms are increasingly seeking and receiving government favors, mostly in the form of targeted tax breaks or incentives.

We argue that the creeping cronyism could have two major negative ramifications. First, it could dull entrepreneurialism and competition in this highly innovative sector since time and resources spent on influencing politicians and capturing regulators cannot be spent competing and innovating in the marketplace. Cronyism will also negatively impact consumer welfare by denying consumers more and better products and services. Additionally, consumers might end up paying higher prices or higher taxes due to government privileges for industry.

Second, cronyism also raises the specter of greater government control of the Internet and of the digital economy. When policymakers dispense favors, they usually expect something in return. They also become accustomed to having greater informal powers over the sector receiving favors, and contribute to DC’s infamous “revolving door” problem.

High-tech America’s recent embrace of Washington could take it down the familiar path followed by the agriculture, telecommunications, and automotive sectors (among many others), with government becoming both protector and punisher of industry. Today’s dynamic tech industries will increasingly come under the “Mother, may I?” permission-based regulatory regime that encumbered the older information technology sectors.

Finally, this paper offers strategies for stalling and diminishing the cronyism already taking root in the high-tech sector. We suggest several targeted reforms to limit or undo cronyism. Generally speaking, however, we note that, as economist David R. Henderson argued in an earlier Mercatus Center report, “There is only one way to end, or at least to reduce, the amount of cronyism, and that is to reduce government power.”

The paper can be downloaded from the Mercatus website, SSRN, or Scribd. The Scribd version is embedded down below. (Also, here’s some coverage of the paper over at the Washington Post’s “Wonkblog” from our old colleague Tim Lee. Here’s more coverage from Bloomberg Businessweek and the San Francisco Chronicle. And here’s a U.S. News oped that Brent and I wrote condensing our paper into just 600 words. Finally, a short 3-minute video of me discussing the problem of tech cronyism is also embedded below.)

A History of Cronyism and Capture in the Information Technology Sector [Thierer and Skorup – July 2013] by Adam Thierer

Today over at the International Association of Privacy Professionals (IAPP) Daily Dashboard blog, I have a guest post entitled, “Let’s Not Place All Our Eggs in the Do Not Track Basket.” The essay builds on my Senate Commerce Committee testimony last week by arguing that:

If there’s one lesson I’ve learned in twenty-one years of covering information technology policy, it’s that there are no simple silver-bullet solutions to complex issues like online safety, hate speech, spam, cybersecurity, data breaches or digital privacy. Problems such as these demand a layered, multifaceted approach that incorporates many solutions, the first among these being education and awareness-based efforts.

I continue on to explain why that means we should be cautious about placing too much faith in privacy techno-fixes like Do Not Track, which won’t likely be any more successful than past silver bullet efforts. (Note: Justin Brookman of CDT will be offering a counterpoint to my essay next week on the IAPP blog. I look forward to seeing what he has to say. He also testified alongside me in the Senate last week.)

By the way, for those of you not familiar with the IAPP, it is “the largest and most comprehensive global information privacy community and resource, helping practitioners develop and advance their careers and organizations manage and protect their data. More than just a professional association, the IAPP provides a home for privacy professionals around the world to gather, share experiences and enrich their knowledge.” In my opinion, the IAPP is doing amazing work and deserves the attention of anyone who cares about the future of privacy and privacy policy. I strongly recommend you check out their excellent site and explore all the important resources they provide and other things they do.

Anyway, if you are interested in the issues discussed in my IAPP guest post, you might also want to check out some of the related essays down below the fold:

Additional Reading:

• Senate testimony of Adam Thierer on Do Not Track standard – Apr. 24, 2013
• A Better, Simpler Narrative for U.S. Privacy Policy – March 19, 2013
• On the Pursuit of Happiness… and Privacy – March 31, 2013 (condensed from Harvard Journal of Law & Public Policy article, “The Pursuit of Privacy in a World Where Information Control is Failing”)
• Isn’t “Do Not Track” Just a “Broadcast Flag” Mandate for Privacy? – Feb. 20, 2011
• Two Paradoxes of Privacy Regulation – Aug. 25, 2010
• Privacy as an Information Control Regime: The Challenges Ahead – Nov. 13, 2010
• When It Comes to Information Control, Everybody Has a Pet Issue & Everyone Will Be Disappointed – Apr. 29, 2011

Joshua Gans, professor of Strategic Management at the University of Toronto’s Rotman School of Management and author of the new book Information Wants to be Shared, discusses modern media economics, including how books, movies, music, and news will be supported in the future.

Gans argues that sharing enhances most information’s value. He also explains that the business models of traditional media companies, gatekeepers who have relied on scarcity and control, have collapsed in the face of new technologies. Equally important, he argues that sharing can revive moribund, threatened industries even as he examines platforms that have, almost accidentally, thrived in this new environment.

Download

Related Links

• Information Wants to be Shared, Gans
• Is There a Market for Ideas?, Gans and Scott Stern
• The Product Market and the Market for ‘Ideas’: Commercialization Strategies for Technology Entrepreneurs, Gans and Stern
• The Impact of Uncertain Intellectual Property Rights on the Market for Ideas: Evidence from Patent Grant Delays, Gans, Stern, and David H. Hsu

I’m excited to announce the release of my latest law review article, “The Pursuit of Privacy in a World Where Information Control is Failing,” which appears in the next edition (vol. 36) of the Harvard Journal of Law & Public Policy. This is the first of two complimentary law review articles that I will be releasing this year dealing with privacy policy. The second, which will be published later this summer by the George Mason University Law Review, is entitled, “A Framework for Benefit-Cost Analysis in Digital Privacy Debates.” (FYI: Both articles focus on privacy claims made against private actors — namely, efforts to limit private data collection — and not on privacy rights against governments.)

The new Harvard Journal article is divided into three major sections. Part I focuses on some of normative challenges we face when discussing privacy and argues that there may never be a widely accepted, coherent legal standard for privacy rights or harms here in the United States. It also explores the tensions between expanded privacy regulation and online free speech. Part II turns to the many enforcement challenges that are often ignored when privacy policies are being proposed or formulated and argues that legislative and regulatory efforts aimed at protecting privacy must now be seen as an increasingly intractable information control problem. Most of the problems policymakers and average individuals face when it comes to controlling the flow of private information online are similar to the challenges they face when trying to control the free flow of digitalized bits in other information policy contexts, such as online safety, cybersecurity, and digital copyright.

If the effectiveness of law and regulation is limited by the normative considerations discussed in Part I and the practical enforcement complications discussed in Part II, what alternatives remain to assist privacy-sensitive individuals? I address that question in Part III of the paper and argue that the approach America has adopted to deal with concerns about objectionable online speech and child safety offers a path forward on the privacy front as well. A so-called “3-E” solution that combines consumer education, user empowerment, and selective enforcement of existing targeted laws and other legal standards (torts, anti-fraud laws, contract law, and so on), has helped society achieve a reasonable balance in terms of addressing online safety while also safeguarding other important values, especially freedom of expression.  That does not mean perfect online safety exists, not only because the term means very different things to different people, but because it would be impossible to achieve in the first instance as a result of information control complications. But the “3-E” approach has the advantage of enhancing online safety without sweeping regulations being imposed that could undermine the many benefits information networks and online services offer individuals and society.  This same framework can guide online privacy decisions—both at the individual household level and the public policy level.

I’ve embedded the full article down below in a Scribd reader, but you can also download it from my SSRN page and it should be available on the HJLPP website shortly. [Update 4/16: It is now live on the site.] In coming weeks, I hope to do some blogging that builds on the themes and arguments I develop in this article.

The Pursuit of Privacy in a World Where Information Control is Failing

The number of major cyberlaw and information tech policy books being published annually continues to grow at an astonishing pace, so much so that I have lost the ability to read and review all of them. In past years, I put together end-of-year lists of important info-tech policy books (here are the lists for 2008, 2009, 2010, and 2011) and I was fairly confident I had read just about everything of importance that was out there (at least that was available in the U.S.). But last year that became a real struggle for me and this year it became an impossibility. A decade ago, there was merely a trickle of Internet policy books coming out each year. Then the trickle turned into a steady stream. Now it has turned into a flood. Thus, I’ve had to become far more selective about what is on my reading list. (This is also because the volume of journal articles about info-tech policy matters has increased exponentially at the same time.)

So, here’s what I’m going to do. I’m going to discuss what I regard to be the five most important titles of 2012, briefly summarize a half dozen others that I’ve read, and then I’m just going to list the rest of the books out there. I’ve read most of them but I have placed an asterisk next to the ones I haven’t.  Please let me know what titles I have missed so that I can add them to the list. (Incidentally, here’s my compendium of all the major tech policy books from the 2000s and here’s the running list of all my book reviews.)

As I do each year, I need to repeat a few disclaimers.  First, what qualifies as an “important” info-tech policy book is highly subjective, but I would define it as a title that many people — especially scholars in the field — are currently discussing and that we will likely be referencing for many years to come.  But I “weight” books in the sense that narrowly-focused titles lose a few points. For example, books that deal mostly with privacy issues, copyright law, or antitrust policy are docked a few points relative to “big picture” info-tech policy books that offer a broader exploration of policy issues and which offer more wide-ranging recommendations.

Second, almost all of the books included have something profound to say about Internet policy (either directly or indirectly) and the more profound and clear the policy recommendations or implications, the higher the titles rank in terms of importance on my list.

Third, and most importantly: Just because a book appears on this list that does not necessarily mean I agree with everything in it.  In fact, as was the case in previous years, I found much with which to disagree in most of the books listed here. Simply put, the cyber-liberty I cherish is a real loser in both academic and public policy circles these days. It has very few defenders today. So, if this was simply a list of my personal favorite books, there would only be 2 or 3 titles on it. Instead, this is my effort to list important books in the field, regardless of whether I agree with the content and conclusions found in those titles.

OK, on to the list.

(1) Rebecca MacKinnon – Consent of the Network: The Worldwide Struggle for Internet Freedom

Rebecca MacKinnon’s book was the most important information technology policy book released in 2012 because it: (1) presented a splendid history of the ideas and forces shaping Internet policy debates globally; (2) offered policy insights that were extremely relevant to breaking developments in this field; and (3) set forth a call-to-arms to global Internet activists and gave them a new way of framing their issue advocacy.

MacKinnon is a former journalist and her outstanding reporting skills are on display throughout the text. Her coverage of China’s efforts to regulate the Net is outstanding. She also surveys some of the recent policy fights here and abroad over issues such as online privacy, Net neutrality regulation, free speech matters, and the copyright wars. The book demands attention for this historical work and analysis alone.

Even more importantly, however, MacKinnon makes a forceful argument for how to think about Internet freedom and democracy in new digital worlds. Her book is an attempt to take the Net freedom movement to the next level; to formalize it and to put in place a set of governance principles that will help us hold the “sovereigns of cyberspace” more accountable. Many of her proposals are quite sensible. But, as I noted in my much longer review of the book, I had a real problem with MacKinnon’s use of the term “digital sovereigns” or “sovereigns of cyberspace” and the loose definition of “sovereignty” that pervades her narrative. She too often blurs and equates private power and political power, and she sometimes leads us to believe that the problem of the dealing with the mythical nation-states of “Facebookistan” and “Googledom” is somehow on par with the problem of dealing with actual sovereign power — government power — over digital networks, online speech, and the world’s Netizenry.

Despite these nitpicks, MacKinnon has many other ideas about Net governance in the book that are less controversial and entirely sensible in my opinion. She wants to “expand the technical commons” by building and distributing more tools to help activists and make organizations more transparent and accountable. These would include circumvention and anonymization tools, software and programs that allow both greater data security and portability, and devices and network systems to expand the range of communication and participation, especially in more repressed countries. She would also like to see neitzens “devise more systematic and effective strategies for organizing, lobbying, and collective bargaining with the companies whose service we depend upon — to minimize the chances that terms of service, design choices, technical decisions, or market entry strategies could put people at risk or result in infringement of their rights.” This also makes sense as part of a broader push for improved corporate social responsibility.

Regarding the role of law, MacKinnon has a mixed view. She says: “There is a need for regulation and legislation based on solid data and research (as opposed to whatever gets handed to legislative staffers by lobbyists) as well as consultation with a genuinely broad cross-section of people and groups affected by the problem the legislation seeks to solve, along with those likely to be affected by the proposed solutions.” Of course, that’s a fairly ambiguous standard that could open the door to excessive political meddling with the Net if we’re not careful. Overall, though, she acknowledges how regulation so often lags far behind innovation. “A broader and more intractable problem with regulating technology companies is that legislation appears much too late in corporate innovation and business cycles,” she rightly notes.

MacKinnon’s book will be of great interest to Internet policy scholars and students, but it is also accessible to a broader audience interested in learning more about the debates and policies that will shape the future of the Internet and digital networks for many years to come. One other note: MacKinnon’s clearly-worded prose and cool-headed tone deserve praise and emulation. It serves as a model for how to write a thoughtful Internet policy book, even if you don’t agree with all her conclusions or recommendations.

My complete review of Consent of the Networked can be found here.

(2) Susan Crawford – Captive Audience: The Telecom Industry and Monopoly Power in the New Gilded Age

Susan Crawford’s book was probably my least favorite title of 2012, but that doesn’t mean I can discount its significance within this field. Crawford has made herself a widely-recognized and highly-charged figure in the world of Internet policy through her work as an activist, an academic, and even a government official. In Captive Audience, she doesn’t even try to hide her self-described “radicalized” views on communications policy anymore and in the process she solidifies her role as the ringleader of the growing movement to impose centralized, top-down government control on America’s broadband infrastructure.

What is most astonishing about Captive Audience is the way Crawford so audaciously waxes nostalgic for the days of regulated monopoly. Simply put, Crawford doesn’t believe that capitalism or competition have any role to play in the provision of broadband networks and services. “No competitive pressure will force these companies to act [in the public interest],” she argues on the last page of the manifesto. “Americans,” she claims, “have allowed a naive belief in the power and beneficence of the free market to cloud their vision.” She suggests we should just give up our false hope that markets can deliver such an important service and get on with the task of converting broadband into a full-blown regulated public utility.

Her proposed solutions read like the typical Big Government grab-bag of policy proposals: more government spending, more government ownership, and more government regulation (forced access regulation and rate controls) for any private carriers that are allowed to remain in operation as de facto handmaidens of the state. Crawford’s perfect world scenario would seem to be some sort of amalgam of the U.S. Postal Service and the federal highway program. While both programs have sought to provide an important service to the masses, it goes without saying that both are also an absolute basket case in terms of service management and economic viability. But, for the sake of argument, let’s say that Crawford is right and that public ownership and comprehensive government management is the way to go. Where will all this money come from for all the new government activity Crawford desires? Apparently it grows on trees because she isn’t ever willing to admit that we find ourselves in the midst of major fiscal crisis that likely constrains the ability of governments to make these investments themselves. Luckily, private wireline and wireless broadband providers have been investing tens of billions in infrastructural upgrades in recent years (don’t take my word for it, read what the Progressive Policy Institute has to say), a fact that Crawford conveniently ignores.

More importantly, Crawford never fully confronts the fact that the era of regulated monopoly she cherishes was an unmitigated croynist disaster for consumers. That era had nothing to do with the “public interest” and everything to do with protecting the private interests of regulated entities — namely, Ma Bell on the communications side and broadcasters on the media side. She also doesn’t address the lackluster state of innovation during the 70 or so years during which time communications and media markets were under the tight grip of federal and state regulators, who controlled rates, restricted new entry, and discouraged innovation at virtually every juncture. If one is going to recommend a return to the regulatory past, they had better grapple with that uncomfortable, anti-consumer, anti-innovation history. Crawford utterly fails to in Captive Audience.

While the book is nominally about broadband regulation, the bulk of it is actually dedicated to taking on one company — Comcast — and specifically picking apart its recent merger with NBC Universal. For Crawford, the Comcast-NBC deal represented something akin to the Mayan apocalypse of media policy. She wants us to believe that the deal has forever solidified Comcast’s grasp on both programming and broadband markets. Comcast chief Brian Roberts is presented as the nefarious villain of the narrative; Crawford paints him as a cross between Gordon Gecko and Mr. Burns from “The Simpsons.” Usually such neurotic narratives are reserved for Rupert Murdoch and how he is supposedly plotting mass media domination to brainwash the minds of the masses. But Crawford suggests that Roberts is the new Bond villain du jour and chapter after chapter are devoted to demonizing him, his father, and other execs at Comcast. She argues that “Comcast now owns the Internet in America” and that the company is “squeezing independent online video” providers out of the market.

Despite all this hand-wringing, the situation in the video marketplace has never looked brighter. Crawford fails to put things in historical perspective and examine consumer choices in this market today relative to the past — a point I made in this debate with her last year. Of course, she probably didn’t want to seriously examine that evidence because by every metric available — and I published an entire report called Media Metrics a few years ago proving this — Americans have more and better viewing options at their disposal than ever before in history. We have more channels and more content available over more platforms (cable, satellite, telco, online, DVD, mail, etc) and more devices than ever before. Consumers have an unprecedented ability to access, record, time-shift, interact with, and even manipulate and redistribute video content. Of course, all this choice and quality comes at a cost, as Crawford continuously complains throughout the text. Apparently, in her view, all these great new programming options and technologies should just fall to us like manna from heaven with no price tag attached.

If you want to see what the opposite of Internet freedom and digital capitalism looks like, look no further than this book. It is the definitive articulation of the cyber-planner’s ethos. Of course, that’s also what makes Captive Audience one of the most important books of 2012. But if you really must read such one-sided propaganda — since this book will, no doubt, be assigned in many cyberlaw and media studies classes across America — then I encourage you to also read Christopher Yoo’s Dynamic Internet and Randy May’s edited collection of essays on Communications Law and Policy in the Digital Age, both of which are mentioned below. Both of those books offer a refreshingly level-headed examination of the true state of this marketplace. I’d also recommend you check out these recent essays by Bret Swanson and Richard Bennett for a hard look at the shoddy numbers and assumptions underlying many of the broadband policy critiques you hear out there today from Crawford and others.

(3) John Palfrey & Urs Gasser – Interop: The Promise and Perils of Highly Interconnected Systems

What makes Palfrey & Gasser’s book so important is that the authors aim to develop “a normative theory identifying what we want out of all this interconnectivity” that the information age has brought us. They correctly note “there is no single, agreed-upon definition of interoperability” and that “there are even many views about what interop is and how it should be achieved.” Generally speaking, they argue increased interoperability — especially among information networks and systems — is a good thing because it “provides consumers greater choice and autonomy,” “is generally good for competition and innovation,” and “can lead to systemic efficiencies.”

But they wisely acknowledge that there are trade-offs, too, noting that “this growing level of interconnectedness comes at an increasingly high price.” Whether we are talking about privacy, security, consumer choice, the state of competition, or anything else, Palfrey and Gasser argue that “the problems of too much interconnectivity present enormous challenges both for organizations and for society at large.” Their chapter and privacy and security offers many examples, but one need only look around at their own digital existence to realize the truth of this paradox. The more interconnected our information systems become, and the more intertwined our social and economic lives become with those systems, the greater the possibility of spam, viruses, data breaches, and various types of privacy or reputational problems. Interoperability giveth and it taketh away.

Ultimately, however, the authors fail to develop a clear standard for when interoperability is good and when governments should take steps to facilitate or mandate it. They argue that “there is no single form or optimal amount of interoperability that will suit every circumstance” and that “most of the specifics of how to bring interop about [must] be determined on a case-by-case basis. Yet, Palfrey and Gasser also make it clear they want government(s) to play an active role in ensuring optimal interoperability. They say they favor “blended approaches that draw upon the comparative advantages of the private and public sector,” but they argue that government should feel free to tip or nudge interoperability determinations in superior directions to satisfy “the public interest.” “If deployed with skill,” they argue, “the law can play a central role in ensuring that we get as close as possible to optimal levels of interoperability in complex systems.”

The fundamental problem this “public interest” approach to interoperability regulation is that it is no better than the “I-know-it-when-I-see-it” standard we sometimes at work in the realm of speech regulation. It’s an empty vessel, and if it is the lodestar by which policymakers make determinations about the optimal level of interoperability, then it leaves markets, innovators, and consumers subject to the arbitrary whims of what a handful of politicians or regulators think constitutes “optimal interoperability,” “appropriate standards,” and “best available technology.”

In my absurdly long review of their book, I offered an alternative framework that suggests patience, humility, and openness to ongoing marketplace experimentation as the primary public policy virtues that lawmakers should instead embrace. Ongoing marketplace experimentation with technical standards, modes of information production and dissemination, and interoperable information systems, is almost always preferable to the artificial foreclosure of this dynamic process through state action. The former allows for better learning and coping mechanisms to develop while also incentivizing the spontaneous, natural evolution of the market and market responses. The latter (regulatory foreclosure of experimentation) limits that potential.

Defining “optimal interoperability,” is not just difficult as Palfrey and Gasser suggest, but I would argue that it is a pipe dream. Sometimes consumers demanded a certain amount interoperability and they usually get it. But it seems equally obvious that consumers don’t always demand perfect interoperability. Just look at your iPhone or Xbox for proof. Quite often, a lack of interoperability helps firms finance important new products and services while simultaneously ensuring users a tailored and potentially more secure and satisfying experience. Importantly, however, non-interoperability also spurs new forms of innovation from rivals looking to leap-frog the old front-runners. Progress flows from this never-ending cycle of technological change and industrial churn.

In sum, we cannot define or determine “optimal interoperability” in an a priori fashion; only ongoing experimentation can help us determine what truly lies in “the public interest.” Despite my different approach and conclusions, Palfrey and Gasser’s book perfectly frames what should be a very interesting ongoing debate over these issues and for that reason will be required reading on this subject for years to come.

Again, my longer review of Palfrey and Gasser’s book can be found here, and listen to John Palfrey’s podcast discussion with Jerry Brito here.]

(4) Christopher Yoo – The Dynamic Internet: How Technology, Users, and Businesses are Transforming the Network

Christopher Yoo’s book was my personal favorite of the year, but it won’t capture as much interest and recognition as some of the other titles on this list. The book offers a concise overview of how Internet architecture has evolved and a principled discussion of the public policies that should govern the Net going forward. Yoo makes two straight-forward arguments. First, the Internet is changing. In Part 1 of the book, Yoo offers a layman-friendly overview of the changing dynamics of Internet architecture and engineering. He documents the evolving nature of Internet standards, traffic management and congestion policies, spam and security control efforts, and peering and pricing policies. He also discusses the rise of peer-to-peer applications, the growth of mobile broadband, the emergence of the app store economy, and what the explosion of online video consumption means for ongoing bandwidth management efforts. Those are the supply-side issues. Yoo also outlines the implications of changes in the demand-side of the equation, such as changing user demographics and rapidly evolving demands from consumers. He notes that these new demand-side realities of Internet usage are resulting in changes to network management and engineering, further reinforcing changes already underway on the supply-side.

Yoo’s second point in the book flows logically from the first: as the Internet continues to evolve in such a highly dynamic fashion, public policy must as well. Yoo is particularly worried about calls to lock in standards, protocols, and policies from what he regards as a bygone era of Internet engineering, architecture, and policy. “The dramatic shift in Internet usage suggests that its founding architectural principles form the mid-1990s may no longer be appropriate today,” he argues. “[T]he optimal network architecture is unlikely to be static. Instead, it is likely to be dynamic over time, changing with the shifts in end-user demands,” he says. Thus, “the static, one-size-fits-all approach that dominates the current debate misses the mark.”

Yoo makes a particular powerful case for flexible network pricing policies. His outstanding chapter on “The Growing Complexity of Internet Pricing” offers an excellent overview of the changing dynamics of pricing in this arena and explains why experimentation with different pricing methods and business models must be allowed to continue. Getting pricing right is essential, Yoo notes, if we hope to ensure ongoing investment in new networks and services. He also notes how foolish it is to expect the government to come in and save the day thought massive infrastructure investment to cover the hundreds of billions of dollars needed to continue to build-out high-speed services.

Throughout the second half of his book, Yoo explains why it would be a disaster for consumers and high-tech innovation if policymakers limited pricing flexibility and experimentation with new business models and technological standards. He argues that public policy should generally seek to avoid ex ante forms of preemptive, prophylactic Internet regulation and instead rely on an ex post approach when and if things go wrong. Essentially, he wants policymakers to embrace “techno-agnosticism” toward ongoing debates over standards, protocols, business models, pricing methods, and so on. Lawmakers should not be preemptively tilting the balance in one direction or the other or, worse yet, restricting experimentation that can help us find superior solutions.

And even under that model of retrospective review, Yoo makes it clear throughout the book that there should be a very high bar established before any regulation is pursued. This is particularly true because of the First Amendment values at stake when the government attempts to regulate speech platforms. In Chapter 9 of the book, Yoo walks the reader through all the relevant case law on this front and makes it clear how “the Supreme Court has repeatedly recognized that the editorial discretion exercised by intermediaries serves important free speech values.” Yoo also makes the case that a certain degree of intermediation helps serve consumer needs by helping them more easily find the content and services they desire. Law should not seek to constrain that and, under current Supreme Court First Amendment jurisprudence, it probably cannot.

To me, Yoo’s approach strikes the right balance for Net governance and public policy in the information age. It all comes down to flexibility and freedom. If the Internet and all modern digital technologies are to thrive, we must reject the central planner’s mindset that dominated the analog era and forever bury all the static thinking it entailed.

My complete review of Yoo’s Dynamic Internet is here.

(5) Brett Frischmann – Infrastructure: The Social Value of Shared Resources

Frischmann’s book offers a nice contrast with Yoo’s in that it suggests a far more ambitious role for the state in shaping the future of digital networks and online platforms. Although not strictly a book about information technology infrastructure, Frischmann spends a great deal of time making the case for a greater government action in the realm of communications policy and for open access and Net neutrality regulation in particular. (There’s also a chapter on intellectual property issues that tech policy wonks will find of interest). The book is a veritable paean to open access regulation; Frischmann aims to persuade the reader that “society is better off sharing infrastructure openly” and devotes considerable energy to hammering that point home in one context after another.

In my review of the book, which was part of 2-day symposium on the book over at the Concurring Opinions blog, I took Frischmann’s book to task for its almost complete absence of public choice insights and his general disregard for thorny “supply-side” questions.  Frischmann is so single-mindedly focused on making the “demand-side” case for better appreciating how open infrastructures “generate spillovers that benefit society as a whole” and facilitate various “downstream productive activities,” that he short-changes the supply-side considerations regarding how infrastructure gets funded and managed to begin with.

The book also ignored the omnipresent threat of regulatory capture and the fact that any major infrastructure regulatory system big enough and important to be captured by special interests and affected parties often will be. Frischmann acknowledges the problem of capture in just a single footnote in the book and admits that “there are many ways in which government failures can be substantial,” but he asks the reader to quickly dispense with any worries about government failure since he believes “the claims rest on ideological and perhaps cultural beliefs rather than proven theory or empirical fact.”  I found that assertion outrageous and argued that, to the contrary, decades of scholarship has empirically documented the reality of government failure and its costs to society, as well as the plain old-fashioned inefficiency often associated with large-scale government programs. For infrastructure projects in particular, the combination of these public choice factors usually adds up to massive inefficiencies and cost overruns.

For those reasons, I argued in my review that society would be better off adopting a “3-P” approach to infrastructure management: privatize, property-tize, and price. But Frischmann is dead set against such thinking and makes it clear that everything must be subservient to the goal of “openness” and commons-based management. Unsurprisingly, therefore, this leads him to suggest that we need “a dramatic shift — perhaps a paradigm shift — away from the conventional position favoring market provisioning and markets ‘free’ from government intervention.” But the problem with that reasoning, as I pointed out in my review, is that most of the infrastructure that Frischmann cites as failing us today is already managed in the fashion he favors! Nonetheless, he wants to pile on still more commons-based government control / ownership solutions even though they are the primary cause of our infrastructure problems today. In this sense, Frischmann’s approach parallels Susan Crawford’s in her book Captive Audience, discussed above. They both seek to gloss over the ugly realities of traditional public infrastructure (mis-)management and they imply that we just need to build a better breed of bureaucrats who will somehow be immune to all the problems of the past. Needless to say, I don’t place much faith in such efforts.

Despite these serious deficiencies, students and scholars studying infrastructure theory will benefit from Frischmann’s excellent treatment of public goods and social goods; spillovers and externalities; proprietary versus commons systems management; common carriage policies and open access regulation; congestion pricing strategies; and the debate over price discrimination for infrastructural resources. He at least does a nice job outlining these concepts and controversies, even if he ultimately fails to make the case for radically expanding government control of infrastructural resources.

Again, you can read my entire review of Frischmann’s book here.

— Other Major Releases in 2012 —

Julie E. Cohen – Configuring the Networked Self: Law, Code, and the Play of Everyday Practice

Cohen’s book represents an effort to move “beyond the bounds of traditional liberal political theory” by transcending what she labels the traditional “information-as-freedom” versus “information-as-control” paradigms. Her aim is to promote “cultural environmentalism” and “the structural conditions of human flourishing.” She argues that “a commitment to human flourishing demands a more critical stance toward the market-driven evolution of network architectures.” In other words, don’t trust markets.

I didn’t find her case very convincing and it didn’t help that the book is filled with impenetrable prose that sometimes leaves the reader’s head a bit numb. (Two representative samples: “With respect to space, surveillance employs a twofold dynamic of containerization and affective modulation in order to pursue large-scale behavioral modification.” … and… “Here the performative impulse introduces static into the circuits of the surveillant assemblage; it seeks to reclaim bodies and reappropriate spaces.” Say what? Write in plain English, professor!)

The closing chapter also includes a strange reinterpretation of Ludditism. Cohen argues: “the tale of the Luddites poses an important challenge for scholars and policy makers in the emerging networked information society. If technologies do not have natural trajectories, it is our obligation to seek pathways of development that promote the well-being of situated, embodied users and communities. When our preferred policy prescriptions persistently produce information architectures and institutions that undermine human flourishing in critical ways, it is time to question them and to experiment with ways of doing better.”  Hmmm… I’m not sure I want to know what that would mean in practice!

Regardless, Cohen’s book has a lot to say about modern privacy and copyright battles and will be of great interest to scholars in those specific fields of study.  You can find all the chapters online here.

Cole Stryker – Hacking the Future: Privacy, Identity, and Anonymity on the Web

Stryker’s Hacking the Future provides a concise overview of the battles over online anonymity that have raged since the Net’s early days and he outlines the many new threats to it. “What we are seeing is an all-out war on anonymity, and thus free speech, waged by a variety of armies with widely diverse motivations, often for compelling reasons,” he says. The book will be a great use to those covering ongoing policy debates over cybersecurity, the “nymwars” and online authentication / identification debates, post-Arab Spring political activism & “hactivism,” encryption issues, social networking privacy, troll culture and cyberbullying, and much more. Stryker makes a strong case for the continuing importance of online anonymity but isn’t scared to ask hard questions about the trade-offs society faces when some can mask their online identities. But he also explores the question of whether anonymity can survive given recent technological and policy-related developments, both of which aim to make individuals more identifiable online. I particularly enjoyed Chapter 10’s breakdown of the “Faces of Anonymity,” in which Stryker crafts a detailed taxonomy of anonymous character types online.

He also offers a run-down of the tools and steps that people can take advantage of if they want to ensure their anonymity / privacy online, including: cookie blocking, private browsing tools, disabling HTML in email and limiting or disabling broswer extensions, clearing browser histories, and using encryption tools, proxy servers, and VPN tunneling. “The question we have to ask ourselves,” Stryker notes, is “Does the accessibility of these anonymizing technologies make the world a safer, more equitable place, better place?” He answers: “It’s difficult to measure, but their abolition certainly wouldn’t.” He also draws this interesting parallel with efforts to regulate firearms: “The logic here is not unlike that used by those who oppose gun control: if guns are made illegal, then only criminals will have guns, leaving well-meaning folks defenseless. The reasoning is compelling within the identity space,” he argues, “regardless of what you might think about the merits of gun control.”

Two other notes: First, Wide Open Privacy: Strategies For The Digital Life by J.R. Smith & Siobhan MacDermott makes a nice compliment to Hacking the Future. It also offers a breakdown of privacy-enhancing technologies and outlines other strategies to safeguard your online anonymity. Second, if you are interested in digging even deeper in the Luzsec side of this story, you should check out Parmy Olson’s W e are Anonymous: Inside the Hacker Wor ld of Lulzsec, Anonymous and the Global Cyber Insurgency. It’s a splendid history but doesn’t have as much to say about the various policy issues that Stryker tackles in Hacking the Future. Or just listen to Olson’s podcast discussion with Jerry Brito. Speaking of that Brito character…

Jerry Brito (ed.) – Copyright Unbalanced: From Incentive to Excess

My Mercatus Center colleague Jerry Brito put together this important collection of essays by various conservatives and libertarian authors to highlight growing concerns about copyright policy. Contributors include Tom W. Bell, David G. Post, Reihan Salam, Patrick Ruffini, Tim Lee, Christina Mulligan, and Eli Dourado (also of Mercatus). Their essays suggest that the tide may be turning against copyright among free market analysts. Their chapters explore the increasingly complexity of copyright law and the rising costs associated with its enforcement and make a powerful case for reform of, or at least restraints on, the current copyright system. The consensus seemed to revolve around a few key reforms: significantly shortened copyright terms, the reintroduction of formalities (i.e., registration), and limits on criminal prosecution and civil asset forfeiture. The authors also make a strong case that public choice problems pervade today’s copyright system and that we should be concerned that cronyism is increasing creeping into the politics of copyright law and its seemingly endless expansion.

If you interested in a different take on IP issues to balance out Brito’s collection, I’d recommend picking up the forthcoming Laws of Creation: Property Rights in the World of Ideas by Ronald A. Cass and Keith N. Hylton. It’s a 2013 release but it is already in stock. I’m reading an advance copy from the publisher right now and will likely have more to say about it in a forthcoming post.

Randolph J. May (ed.) – Communications Law and Policy in the Digital Age: The Next Five Years

My former colleague Randy May put together this nice collection of essays by some of America’s leading communications and media policy scholars, including Bruce Owen, Christopher Yoo, James Speta, Daniel Lyons and others. The authors offer a generally skeptical take on the expansion of communications and broadband regulation and the growing power of the Federal Communications Commission over these markets. In particular, many of the contributors take the FCC to task for sketchy assertions of jurisdiction and the agency’s efforts to expand its imperial regulatory ambitions without always having the clear statutory authority to do so. The chapters by James Speta and Seth Cooper are particularly good in that regard. Admin law geeks will eat them up.

Those analysts following the ongoing Net neutrality wars will also find the book informative, even if they disagree with the generally skeptical take on the issue from contributors. Spectrum and universal service policy wonks will also appreciate the excellent chapters on those two issues from Michele P. Connolly and Daniel A. Lyons, respectively. And the closing chapter by Bruce Owen is, like everything Bruce does, a masterpiece. Owen is probably the most respected media economist on the planet and his decades of experience in this field shines through in his powerful essay on “Communications Policy Reform, Interest Groups, and Legislative Capture.” He crafts a political economy of the regulatory state and points out that the explosion of rent-seeking and legislative/regulatory capture in this sector is unlikely to dissipate. “Therefore,” Owen argues, “communications policy likely will continue to be subject to welfare-suppressing regulation because such regulation is consistent with the interests of legislators,” who are often beholden to special interests and their campaign dollars.

Joshua Gans – Information Wants to Be Shared

I really enjoyed this book. It’s an insightful exploration of modern media economics filled with interesting questions and scenarios about how information markets will evolve in the future. What will sustain movies, music, book, local reporting, and so on in the future? Gans does a terrific job making these issues easy to understand and doesn’t try to evangelize as much as the many others who have written on these issues. If you’ve read and enjoyed Carl Shapiro and Hal Varian’s classic text, Information Rules, then you will find Gans’ book to be the perfect compliment.

Gans doesn’t have a lot to say about public policy, however. This is really more of a business book suited for industry analysts and business school students. Nonetheless, some of its implications for policy are clear since many of these business model debates boil over into the policy arena.

P.S. I should mention that, even if you don’t pick up his new book, you should be following Gans’ “Digitopoly” blog. It is always worth reading.

Andrew Keen – Digital Vertigo: How Today’s Online Social Revolution Is Dividing, Diminishing, and Disorienting Us

If you’re into ‘the-whole-world-is-going-to-Hell-and-the-Internet-is-to-blame’ screeds, Andrew Keen will never disappoint. In Digital Vertigo as well as his earlier book, The Cult of the Amateur, Keen is grumpy about, well, just about everything under the sun. In the earlier book, it was the Web 2.0 world of blogging and “amateur” content creation — most notably Wikipedia and YouTube — that earned Keen’s wrath. In the new book, it is users themselves and the social sharing sites and technologies that they favor that Keen goes off on.

Specifically, Keen is worried that our increased reliance on new online and interactive technologies is spawning a “hypervisible age of great exhibitionism” that sacrifices privacy and individuality at the altar of sharing and social status-seeking. He also makes sweeping claims that we are now living in “a world in which many of us have forgotten what it means to be human,” or that “we are forgetting who we really are.” As I noted in my Forbes review of the book, it’s classic technopanic talk. Not only does Keen fail to substantiate such claims, but he also doesn’t bother to even offer the reader any sort of practical plan for how to achieve a more balanced digital life.

Bruce Schneier – Liars & Outliers: Enabling the Trust that Society Needs to Thrive

Security expert Bruce Schneier’s latest book was a terrific read and easily one of my favorites of the year. It wasn’t a book about technology policy per se, but it certainly has important ramifications for it. Schneier explains four “societal pressures” combine to help create and preserve trust within society. Those pressures include: (1) Moral pressures; (2) Reputational pressures; (3) Institutional pressures; and (4) Security systems. By “dialing in” these societal pressures in varying degrees, trust is generated over time within groups. Of course, these societal pressures also fail on occasion, Schneier notes. He explores a host of scenarios — in organizations, corporations, and governments — when trust breaks down because defectors seek to evade the norms and rules the society lives by. These defectors are the “liars and outliers” in Schneier’s narrative and his book is an attempt to explain the complex array of incentives and trade-offs that are at work and which lead some humans to “game” systems or evade the norms and rules others follow.

Indeed, Schneier’s book serves as an excellent primer on game theory as he walks readers through complex scenarios such as prisoner’s dilemma, the hawk-dove game, the free-rider problem, the bad apple effect, principle-agent problems, the game of chicken, race to the bottom, capture theory, and more. These problems are all quite familiar to economists, psychologists, and political scientists, who have spent their lives attempting to work through these scenarios. Schneier has provided a great service here by making game theory more accessible to the masses and given it practical application to a host of real-world issues.

The most essential lesson Schneier teaches us is that perfect security is an illusion, and this is where the implications for tech policy come in. We can rely on those four societal pressures in varying mixes to mitigate problems like theft, terrorism, fraud, online harassment, and so on, but it would be foolish and dangerous to believe we can eradicate such problems completely. “There can be too much security,” Schneier explains, because, at some point, constantly expanding security systems and policies will result in rapidly diminishing returns. Trying to eradicate every social pathology would bankrupt us and, worse yet, “too much security system pressure lands you in a police state,” he correctly notes.

Despite these challenges, Schneier reminds us that there is cause for optimism. Humans adapt better to social change than they sometimes realize, usually by tweaking the four societal pressures Schneier identifies until a new balance emerges. While liars and outliers will always exist, society will march on.

See my longer review of Schneier’s excellent book over at Forbes. I highly recommend you pick up Liars & Outliers no matter what your field of study. It is outstanding.

… and still more titles from 2012 (* asterisk means I didn’t find time to finish them)…

• E. Gabriella Coleman – Coding Freedom: The Ethics and Aesthetics of Hacking *
• Sean A. Pager & Adam Candeub (eds.) – Transnational Culture in the Internet Age *
• John Naughton – From Gutenberg to Zuckerberg: What You Really Need to Know about the Internet
• Erik Brynjolfsson & Andrew McAfee – Race Against the Machine: How the Digital Revolution is Accelerating Innovation, Driving Productivity, and Irreversibly Transforming Employment and the Economy [listen to McAfee’s podcast discussion with Jerry Brito]
• Chris Reed – Making Laws for Cyberspace *
• J.R. Smith & Siobhan MacDermott – Wide Open Privacy: Strategies For The Digital Life
• Virginia Eubanks – Digital Dead End: Fighting for Social Justice in the Information Age *
• Lori Andrews – I Know Who You Are and I Saw What You Did: Social Networks and the Death of Privacy
• Hassan Masum and Mark Tovey (eds.) – The Reputation Society: How Online Opinions Are Reshaping the Offline World *
• Reed Hundt & Blair Levin – The Politics of Abundance: How Technology Can Fix the Budget, Revive the American Dream, and Establish Obama’s Legacy *
• Kal Raustiala & Christopher Sprigman – The Knockoff Economy: How Imitation sparks Innovation* [listen to Sprigman’s podcast discussion with Jerry Brito]
• Jason Mazzone, Copyfraud and Other Abuses of Intellectual Property Law * [listen to Mazzone’s podcast discussion with Jerry Brito]
• Clay A. Johnson – The Information Diet: A Case for Conscious Consumption
• Julian Assange – Cypherpunks: Freedom and the Future of the Internet
• Andy Greenberg – This Machine Kills Secrets: How WikiLeakers, Cypherpunks, and Hacktivists Aim to Free the World’s Information

… and, again, here are the lists of important books from 2008, 2009, 2010, and 2011.

[Updated 7/10/14: See new addendum at bottom. Updated 4/28/13: Included links to several things + started list of additional resources at end.]

Each year I am contacted by dozens of people who are looking to break into the field of information technology policy as a think tank analyst, a research fellow at an academic institution, or even as an activist. Some of the people who contact me I already know; most of them I don’t. Some are free-marketeers, but a surprising number of them are independent analysts or even activist-minded Lefties. Some of them are students; others are current professionals looking to change fields (usually because they are stuck in boring job that doesn’t let them channel their intellectual energies in a positive way). Some are lawyers; others are economists, and a growing number are computer science or engineering grads. In sum, it’s a crazy assortment of inquiries I get from people, unified only by their shared desire to move into this exciting field of public policy.

I always do my best to answer their emails, calls, and requests for meetings. Unfortunately, there’s only so much time in the day and I am sometimes not able to get back to all of them. I always feel bad about that, so, this essay is an effort to gather my thoughts and advice and put it all one place so that I will at least have something to send these folks. Perhaps I’ll try to update it over time.

#1) Understand that Specialization Matters

I don’t want to bury the lede here, so let me start with the most important piece of advice I share with everyone who contacts me: specialization matters. When I got started in the sleepy field of information technology policy back in 1991, it was possible to be a jack-of-all-trades. There were only a few issues that really mattered, and most of them were tied up with traditional communications and media policy. If you knew a little something about telephony, universal service subsidies, spectrum policy, and broadcast regulation, then you could be an analyst in this field. There were only a handful of people in the think tank world back then who even cared about such issues.

But then came the Internet. It really did change everything, including this field of policy study. In the old days, people in this field were called telecom policy analysts or media policy analysts. We had titles like “Director of Telecommunications Studies” or “Fellow in Media Studies.” But when the Net came along, it almost instantly made such titles seem archaic. Today, this field is more appropriately labelled “information technology policy studies.” That term incorporates those old telecom and media policy issues, but it includes much more now.

That’s why specialization matters more than ever. In essence, over the past 15 years, the information technology policy world underwent a metamorphosis similar to the one that occurred in the field of environmental policy a decade or two before. In the early days of environmental policy, it was enough to say you were interested in environmental policy at all. That could probably win you a job (or at least an activist role) somewhere in that field. By the mid-1980s, however, the field of environmental policy had become remarkably specialized. Academic programs and public policy jobs started developing around very targeted issues: water, air, waste management, nuclear issues, endangered species, farming / sustainable development, climate change, etc, etc. Today, therefore, if you are looking for a career in the environmental policy arena, you are generally expected to first develop a more finely-honed specialization in one of its many sub-issue areas.

This is exactly what has been happening in the field of information technology policy since the mid-1990s. If you want a career in the field of information technology policy studies today, you need to be thinking about a very specific area of expertise. Do you already have that expertise? Great, then skip to step #5 below. If not, read on.

#2) The Major Areas of Specialization in the Modern Information Technology Policy Arena

OK, so you understand that specialization matters. What specific topic / field should you choose as your particular area of focus? Well, that’s up to you and your particular interests. Here’s the good news: There are more options than ever.

It’s useful to divide the information technology policy world into 3 big buckets (Note: This is a taxonomy that Jerry Brito, Eli Dourado, and I use to think about our priorities of the Mercatus Center’s Technology Policy Program each year):

• Conduit / Infrastructure
• Content / Speech
• Other

Let’s break down each one of these to reveal just how specialized this field has become:

(A) Conduit: Generally refers to anything involving the physical infrastructure side of information technology policy, including:

• Broadband policy (including traditional communications / common carrier regs)
• Spectrum / Wireless
• Universal service (and other tech subsidies)
• Media marketplace regs (broadcasting, cable)
• Antitrust & mergers

(B) Content: Generally refers to any (mostly intangible) information control or speech control issue

• Public Morals / Free Speech (porn, gambling, spam, cyberbullying, political speech, etc)
• Privacy (including reputation & defamation concerns)
• Cybersecurity (online security, national security concerns, state secrets, encryption controls)
• IP (copyright & patents)

Here’s the key takeaway from this taxonomy: You can develop a specialized career around countless information policy issues today. Do you want to be a privacy guru? Great, there are countless policy opportunities in that area alone. Do you love freedom of speech? Excellent, you can find plenty of cool gigs there, too. Cybersecurity strike your fancy? No problem. That field is growing like wildfire. And there are entire academic programs and activist institutions that long ago developed around digital copyright.

If you prefer to stick with the “conduit” bucket, have no fear, there exists many opportunities in those sub-areas. I know many professionals who describe themselves as a “cable lawyer” or a “media economist” or an “antitrust consultant.” Those fields are heavily saturated today, however, especially because they tended to pay quite well in the past. That could change as the “content” issues become more visible and important in coming years. Privacy policy is probably the biggest growth market in this regard. Huge opportunities await you there if you are so inclined.

I could go on, but you get the idea: You need to think about specialization because just randomly contacting someone and telling them you want to be an Internet policy analyst today is not enough. You need to be able to tell them, “I am interested in information technology policy and I possess a particular interest/expertise in X.” What “X” is is up to you, but you better have something to fill in that blank.

#3) What Specific Academic Experience Will Help?

Many people who contact me about how to advance their careers in the information technology policy arena are already far along in advanced degree programs or even finished those degrees long ago. But, for what it’s worth, here’s some general advice about which degrees will help you out the most in this arena. They are listed in order of importance:

• Law: A law degree from a program with a specialized cyberlaw program will probably help you out most in this arena. It will open more doors for you than the other degrees mentioned below. I suppose that is true for most public policy fields and jobs, of course. Legal experience is also easier to “re-purpose” than other degrees; it offers excellent training for many different professions. The downside: The field of information technology policy is increasingly being flooded with lawyers. While a law degree still offers important advantages over other degrees, that may change if the legal market grows over-saturated. The way to counter that, of course, is to hyper-specialize! Start thinking about how to develop a very targeted legal expertise in privacy law, free speech policy, copyright law, cybersecurity, media/spectrum policy, antitrust law, etc.
• Economics: An economics degree offers you the opportunity to analyze public policy using a very different toolbox than the lawyer will use. Economists are in increasing demand in the field of information technology policy because (a) there are just too many damn lawyers in the field already and (b) economists can actually offer some hard data to support their claims or make their case. PhD economists with a focused expertise in a particular tech area can also command a very impressive premium for their skills. (Note: MBAs are less in demand than economists and are generally a rare bird in the information technology policy arena. I am one of them, and I regret to say that it really hasn’t done much to help my career.)
• Computer Science / Engineering: Increasingly, employers in this arena are interested in finding skilled CS grads and engineering experts (ex: spectrum engineers) who can tackle special jobs and projects. If you have such expertise, you will be able to cover certain technical policy issues in a far more authoritative fashion. That’s increasingly valuable to institutions as they look to broaden their stable of talent. For example, many policy institutions and even government agencies now hire a “Chief Technologist” to offer the rest of the staff their specialized advice on highly technical matters. In the future, I expect policy institutions will employ several technologists to fit the specialized needs they have.
• Poly Sci / Public Policy / History: Degrees in political science, public policy, and even history probably won’t help you out as much as degrees from one of the three previous areas, but it depends on what you are looking to do. Again, the information technology policy arena is specialized enough today that certain jobs will require this skill set. For example, I have personally done a lot of work on cronyism and regulatory capture in this arena and my undergrad degree in poly sci has actually come in quite handy as I try to explain the political economy of high-tech rent-seeking. Similarly, many advanced degrees in public policy today offer very specialized areas of focus that could help. For example, the School of Public Policy here at George Mason University offers a couple of excellent M.A. and PhD. programs related to information technology policy. I’ve found many other Public Policy M.A. and PhD. programs that offer similar degree opportunities.

Needless to say, if you can combine two of these degrees, you’ll be golden. I’m finding a lot more analysts in this field have economics undergrad degrees and then a law degree to boot. Even better, however, would be combining a technical degree in CS or engineering with one of these other degrees. Then you are talking about truly valuable academic experience. And it had damn well better be valuable because you are going to be dead broke after you get done with all that education!

One other point: I don’t want to suggest that you can’t break into the info-tech policy world with other degrees under your belt. There’s a growing group of philosophers and sociologists, for example, who are doing important Internet policy work. Likewise, there have always been major media studies and journalism programs that offered a path toward being a tech policy wonk. (My other undergrad degree was in journalism). For now, however, that policy work is being doing almost exclusively within universities. If you are looking to come to Washington (or a state or international capital) and do public policy work, you would probably be better served having one of the degrees listed above.

#4) What Other Experience Will Help?

Regardless of what academic degree you are pursing or already possess, additional “real-world” experience will help you advance you career in the the information technology policy arena, much like every other policy field. Here’s what I think will be most useful to you:

• Hill / govt work: If you can stomach spending a semester or even an entire year working on Capitol Hill or in a regulatory agency, it will do wonders to advance your career in the information technology policy world. It’s not just about the experience you gain from working inside the system; people care about the connections you make, too. When you work for the right sort of Hill office or committee (like Energy & Commerce), or for the right sort of agency (FCC, FTC, NTIA), you gain important connections in those institutions that can benefit you (or your future employer) for many years to come.
• Legal associate / clerkship: For you lawyers out there, experience in a firm, or clerking for a judge, puts a big star on any resume and is increasingly important in this field. Again, if you can land a gig in the right firm or with the right judge (one that has a very specialized expertise), that’s even better.
• Corporate internship / fellowship: Working for a major corporation or trade association offers very specialized experience that can help advance your career, but it comes with one potential downside: It could label you as being too close to that interest. For example, tech firms like Google and Microsoft offer some wonderful internships and research fellowships, but once you accept such positions it could be held against you by others who, for whatever reason, might have issues with those firms.
• University programs/ projects: If you are still at university finishing up a higher degree, are their programs internally that can help advance your career in the information technology policy field? There are obvious things like serving on the law review, but how about more specialized programs that might allow you to work with other tech policy scholars on special reports and projects? Can you help a scholar in that program with research for a big paper? Can you help them build a website to highlight an important new project? Can you join together with other students in your program to develop new sites or tools that highlight a particular public policy issue that you care deeply about?  Stuff like this can help boost your visibility in an increasingly crowded field.
• Think tank internship / fellowship: There are a lot of great opportunities available to you in the think tank world, so long as you don’t mind slave wages! Think tanks of all stripes offer aspiring tech policy analysts a wonderful opportunity to get their feet wet and experience the tech policy world first-hand.  Some think tanks will even let interns or junior analysts write for their blogs or at least work on major projects as a research assistant. Again, the pay absolutely blows and you will struggle to make ends meet, but the experience will be quite valuable. If you are already older and looking to shift from you current dead-end profession into the world of Internet policy, think tanks can offer you an excellent platform — perhaps the very best platform of all. Again, the downside is the pay. You won’t be able to command a premium for your talent in the think tank world. They just don’t have the budget to pay you handsomely and there will probably also be plenty of other competition for your position. But you’ll have the opportunity to write and speak and preach like no other job can provide.

Again, if you can combine a few of these things, it’ll be a hell of a resume-builder.

#5) Write (and then write some more!)

Whether you are a student looking to break into this field or an established professional looking to shift jobs, there is one piece of advice I have for all of you: If you really want to get involved in the information technology policy world, you need to start writing about the information technology policy world.

I suppose this general word of advice could apply to all public policy fields and professions, but the reason it is particularly important in this field is because, quite obviously, we are in the information business! We are using the same technologies we are writing about. And people in our arena generally use these technologies far more aggressively than people in other professions. So, it is generally expected that you should be using them, too.

There are two specific reasons why writing is vitally important. First, it shows others you have a deep interest (and potential expertise) in information technology policy. Second, it serves as a writing sample when others want to gauge your capabilities and grasp of the issues.

Here are a few ways you can start writing more and building your brand:

• Start a blog or start blogging with others: If you’re already doing so, that’s great. But kick it up a notch. Just find anything that interests you — an academic paper, a news report, another blog post — and write about it. Even if you just summarize that other piece and add a line or two of commentary, that’s something. It’ll help get your name out there and help you develop your own brand. Better yet, when you write about others and their work or advocacy, they see it. Most academics and policy wonks have a big enough ego that they probably have a Google Alert set up for their own name. I certainly do because I want to know what others are saying about me and my work. So, if I see you writing about me, I’m going to be far more likely to add your blog to my RSS feed or even follow you on Twitter.
• Try to publish something “professionally”: If you can, find a way to get some of your work published in a academic journal, a professional publication, or a leading media outlet in the field. I realize that this isn’t easy. Sometimes it will be impossible, especially at a young age when you are first breaking into the field. But the good news is that there are more outlets than ever and, if you work hard enough, you’ll eventually find one of them that will republish your work. Having a few independent publications under your belt and on your resume can really help jumpstart your career in the policy world. It goes without saying that getting published matters even more if you’re hoping to secure a position with a university-based research center. If your work is more academic in character, get it on SSRN immediately.
• Use Twitter and other social media services (but be careful): Twitter can do wonders to help you build a following in the information technology policy arena by (1) letting you share your insights about tech policy with the world and, more importantly, (2) getting you connected with well-established figures in the field. Not every tech guru will follow you back once you start following them, but many will. And, with enough work (and a little brown-nosing), you will eventually get on their radar screen. For example, if you enjoy papers and essays by a particular cyberlaw guru or digital policy economist, retweet their work and add a thoughtful comment. Keep doing that for them and others. And do the same for journalists who post interesting tech policy stories. Put all these people on a curated Twitter list of your own and label it something flattering like “Tech Policy Gurus” or “Best Net Policy Wonks.” I can say from personal experience that when I find myself on such lists, I am more likely to follow the people who created them. One word of caution about Twitter and social media, however: Being provocative can get you noticed, but it can also piss people off and cost you followers / respect. Worse yet, it could come back to haunt you when you pursue future job opportunities. If you are at the stage in your career where you are fairly well-established and don’t necessary care as much about what the rest of the world thinks about you (hey, that’s me!), then it’s easier to get away with being provocative and even a bit snarky online. But when you are young and just getting started, be careful not to burn bridges before you’ve even built any. Be friendly, at least at first. There will be plenty of time in the future for you to tell me that you think I am full of sh*t!

#6) Network

Sure, you can get plenty of networking done using online tools and strategies, some of which I discussed above. But meeting people in person still matters. A little face time and a few handshakes can open up opportunities that you would otherwise not even known existed. Toward that end, if you are near a major university center or city that hosts occasional tech policy events, get to them. Or, if you can, plan occasional visits to major university events or other tech policy galas. When you visit these places, see if you can schedule a few minutes of private face time with leading analysts that you respect. Tell them how much you value their time but ask for just a few minutes with them to get some advice on how to be the next great tech policy analyst, just like them! (Again, flattery gets you everywhere in this world).

Finally, if you are lucky enough to live near Washington, DC, then you’ll have no problem finding an endless array of technology policy events to attend on a near-daily basis.  Get to as many as you can and introduce yourself to as many people as possible. Tell them all you are interested in pursuing a career in the information technology field and stress the particular area of policy that most interests you. I have probably found more jobs for people during cocktail hours than anything else. One person will come up to me and explain their interests and background and then I will point them to the 2 or 3 other people in the room who can help them advance their particular career objective.

#7) Read

Geez… do I really need to say this? Well, I do only because I wanted to offer a list of a few things I read regularly to keep my finger on the pulse of the info-tech policy world. Perhaps the easiest way to do so is to just list some of what’s in my daily RSS and/or Twitter feed. Here’s a sample:

• Tech News: Ars Technica, National Journal’s Tech Daily Dose, The Hill’s Hillicon Valley, WSJ tech reporters and “Digits” blog, NYT’s technology feed, GigaOm, CNet politics & law
• Tech Policy Blogs: The Technology Liberation Front (of course!), EFF Deeplinks, TechDirt, Freedom to Tinker, Eric Goldman’s Technology & Marketing Law Blog, Digitopoly, Public Knowledge blog, CDT blog, Monday Note, Rough Type, Regulation 2.0, various Forbes contributors (esp. Kashmir Hill), and sharp philosophers of technology (like Evan Selinger & Michael Sacasas)
• Cyberlaw or other university-based tech policy centers: Berkman Center at Harvard, CIS at Stanford, Oxford Internet Institute, CLIP at Fordham, CLI at Maine, Yale ISP, HTLI at Santa Clara, Boalt Center at Berkeley, Columbia Institute for Tele-Information, IEP at George Mason, Center for Information Technology Policy at Princeton, (also here’s the list of all of them that I follow on Twitter)
• Corporate / Law Firm Blogs: Google, Verizon, AT&T, and many other companies and trade associations have blogs worth following. Also, law firms are finally starting to open to door a bit to blogging, although they are still hyper-cautious about it. I follow a couple of law firm blogs that have top privacy and antitrust attorneys blogging for them. I can’t even begin to name them all here.

This just scratches the surface.  Again, the more specialized your focus, the more likely it is you’ll follow very targeted blogs and media outlets. For example, there are dozens of targeted blogs on copyright and privacy policy. I follow many of them casually on Twitter but don’t keep them in my daily RSS feed.

More generally, you should be keeping up with major Internet policy books so that you are conversant in intellectual circles about the hottest publications du jour. That can be challenging — both because reading books takes time and the field is increasingly crowded with new titles. At the end of each year, I try to put together a list of important info-tech policy books. (Here are the lists for 2008, 2009, 2010, 2011 and 2012). You should try to be familiar with some of the big titles on those lists. Also, here’s my compendium of all the major titles from the 2000s and here’s the running list of all my tech policy book reviews.

Conclusion

Well, that’s all I got for ya. I promise to try to offer my thoughts to you in person or via email if you call or write, but please understand that I’m just sometimes too busy to respond to everyone at length. But I hope what I’ve written here helps some of you out in your effort to break into the tech policy world.  Best of luck, and if you make it big, buy me a beer someday!

Additional Reading / Resources:

• Internet Society – “Brief History of the Internet” (by various authors who helped give birth to it)
• Internet Society’s “History of the Internet” page
• list of cyberlaw professionals & groups on LinkedIn
• William H. Dutton, “Internet Studies: The Foundations of a Transformative Field,” in Oxford Handbook of Internet Studies (W. H. Dutton, eds., Oxford University Press, 2013)
• Adam Thierer, “The Digital Decade’s Definitive Reading List: Internet & Info-Tech Policy Books of the 2000s,” Technology Liberation Front, Dec. 29, 2009.
• Robert D. Atkinson, “Who’s Who in Internet Politics: A Taxonomy of Information Technology Policy“
• James Grimmelmann, Internet Law: Cases and Problems

*** Addendum, July 2014 ***

If I was penning this essay today, I think I would have instead entitled it, “So You Want to Be a Technology Policy Analyst?” Since I penned this back in Dec 2012, a lot has changed in the world of Internet policy, starting with the fact that, as Marc Andreessen has noted, “software is eating the world.” As Jerry Brito, Eli Dourado, and I noted in our May 2014 essay, “Technology Policy: A Look Ahead”:

many of the underlying drivers of the digital revolution—massive increases in processing power, exploding storage capacity, steady miniaturization of computing, ubiquitous communications and networking capabilities, the digitization of all data, and increasing decentralization and disintermediation—are beginning to have a profound impact beyond the confines of cyberspace.

As a result of this convergence of the old “meatspace” economy (the world of atoms) and the digital economy (the world of bits), what it means to be an “Internet policy analyst” is changing and expanding once again. A wide variety of new innovations are now emerging and raising fresh policy concerns. For example, a short list of the technologies and sectors I am now covering includes: the “Internet of Things” and “wearable technologies;” smart car technology and autonomous vehicles; commercial drones; robotics; mobile medicine; biohacking and genetic engineering; and much more.

Just a few years ago, none of these issues were on my list of policy priorities. Today, they constitute 90% of what I write and speak about on a daily basis.

What this means for aspiring technology policy analysts is that the opportunities here are virtually boundless. The sky is the limit!

Of course, I will reiterate my first piece of advice above by once again stressing that specialization matters. While it would be wonderful to be able to be a jack-of-all-trades who could cover all these issues effectively, that’s just impossible. You need to focus, and that is even truer today as the universe of tech policy issues expands rapidly. I had to abandon issues that I once cared deeply about, such as Internet governance, intellectual property, infrastructure regulation, and mass media policy. I wrote 4 books on those topics in the past decade, and now I’ve had to give up on them entirely to make room for all the hot new tech policy issues out there.

But while it may seem a bit overwhelming at times, again, the upside of all this is that you have countless opportunities at your disposal to make your mark in these new policy arenas. There has never been a more exciting time to be a technology policy analyst. Good luck, and I hope you enjoy it half as much as I do, because I am having a blast! Every day brings an exciting new challenge.

(Seriously, why would anyone want to cover any other issue?!)

*** Addendum, Sept. 2015 ***

On the whiteboard in my office I have a giant matrix of technology policy issues and the policy “threat vectors” that might end up driving regulation of particular technologies or sectors. Along with my colleagues at the Mercatus Center, we constantly revise this list of policy priorities and simultaneously make a (very unscientific) attempt to weight the potential policy severity in each area. I use 5 policy groupings: Privacy, safety, security, economic disruption, and IP. We then use this matrix to help us determine what we should be paying more attention to and then decide what sort of scholarly outputs are needed on each front. [See this post for more elaboration about the categories and issues.]

Several people who have seen that matrix in my office tell me I should do something more with it, but I’m not really sure what that something would be. But I thought it might make  sense to plop it into this old post to give readers a feel for the current generation of tech policy issues that might be worth focusing on. Again, there are lots and lots of opportunities here! I’ll try to upload new versions of the matrix as that giant whiteboard in my office morphs over time.

[UPDATE 4/30/13: This article was subsequently published in Volume 65, Issues 2 of the Federal Communications Law Journal in April 2013. The links below now point to the final FCLJ version.]

The Mercatus Center at George Mason University has just released a new paper by Brent Skorup and me entitled, “Uncreative Destruction: The War on Vertical Integration in the Information Economy.”  Brent, who is the research director for the Information Economy Project at the George Mason University School of Law, and I have been working on this paper since the Spring and we are looking forward to getting it published in a law review shortly. The paper focuses on Tim Wu’s “separations principle” for the digital economy, something I’ve spent some time critiquing here in the past. Here’s the introduction from the 44-page paper that Brent and I just released:

Are information sectors sufficiently different from other sectors of the economy such that more stringent antitrust standards should be applied to them preemptively? Columbia Law School professor Tim Wu responds in the affirmative in his book The Master Switch: The Rise and Fall of Information Empires. Having successfully pushed net-neutrality regulation into the policy spotlight, Wu has turned his attention to what he regards as excessive market concentration and threats to free speech throughout the entire information economy.To support his call for increased antitrust intervention, Wu explains his view of competition in the information economy—a view that deviates substantially from current mainstream antitrust theory. First, Wu contends that “information monopolies” are pervasive in the information economy. Wu’s “monopolists” include Facebook, Apple, Google, and even Twitter. In The Master Switch and essays like “In the Grip of the New Monopolists,” Wu argues that these so-called monopolies are increasing their market power and require more aggressive oversight and regulation.Second, Wu argues that traditional antitrust analysis is not sufficient for information systems because they carry speech. He claims, “Information industries… can never be properly understood as ‘normal’ industries,”and traditional forms of regulation, including antitrust enforcement, “are clearly inadequate for the regulation of information industries.”Wu believes that because information industries “traffic in forms of individual expression” and are “fundamental to democracy,” they should be subject to greater regulatory treatment.Third, in contrast to current competition law’s focus on horizontal relationships, Wu desires a reinvigorated regulatory enforcement that addresses “the corrupting effects of vertically integrated power” in the information sectors.He is particularly concerned about private threats to free speech arising from such vertical integration.The solution, he says, is preventing vertical mergers in the information economy and the mandatory divestiture of vertically integrated companies. To implement this, Wu proposes a Separations Principle for the information economy, which would segregate information providers into three buckets, which we have labeled information creators, information distributors, and hardware makers.This article outlines Wu’s separations proposal, explains why his fears regarding vertical relationships should be rejected by regulatory and antitrust policymakers, and illustrates the legal and practical problems his Separations Principle poses. Wu justifies his Separations Principle by citing monopolies and market power in the information economy. He also advocates using U.S. antitrust authorities to enforce his Principle. We argue that the antitrust harms he fears are not present, and we highlight scholarship on the accepted benefits of vertically integrated firms. We show that Wu’s remedies are policy preferences wrapped in the language of competition law. In fact, the information economy is largely competitive and does not warrant interventionist regulatory enforcement. Since much of American economic vitality flows from the information economy and technology, policymakers should reject a radical antitrust remedy like Wu’s preemptive Separations Principle.

The paper can be downloaded from the Mercatus website, SSRN, or Scribd.

Andrew Orlowski of The Register (U.K.) recently posted a very interesting essay making the case for treating online copyright and privacy as essentially the same problem in need of the same solution: increased property rights. In his essay (“‘Don’t break the internet’: How an idiot’s slogan stole your privacy“), he argues that, “The absence of permissions on our personal data and the absence of permissions on digital copyright objects are two sides of the same coin. Economically and legally they’re an absence of property rights – and an insistence on preserving the internet as a childlike, utopian world, where nobody owns anything, or ever turns a request down. But as we’ve seen, you can build things like libraries with permissions too – and create new markets.” He argues that “no matter what law you pass, it won’t work unless there’s ownership attached to data, and you, as the individual, are the ultimate owner. From the basis of ownership, we can then agree what kind of rights are associated with the data – eg, the right to exclude people from it, the right to sell it or exchange it – and then build a permission-based world on top of that.”

And so, he concludes, we should set aside concerns about Internet regulation and information control and get down to the business of engineering solutions that would help us property-tize both intangible creations and intangible facts about ourselves to better shield our intellectual creations and our privacy in the information age. He builds on the thoughts of Mark Bide, a tech consultant:

For Bide, privacy and content markets are just a technical challenges that need to be addressed intelligently.”You can take two views,” he told me. “One is that every piece of information flowing around a network is a good thing, and we should know everything about everybody, and have no constraints on access to it all.” People who believe this, he added, tend to be inflexible – there is no half-way house. “The alternative view is that we can take the technology to make privacy and intellectual property work on the network. The function of copyright is to allow creators and people who invest in creation to define how it can be used. That’s the purpose of it. “So which way do we want to do it?” he asks. “Do we want to throw up our hands and do nothing? The workings of a civilised society need both privacy and creator’s rights.”  But this a new way of thinking about things: it will be met with cognitive dissonance. Copyright activists who fight property rights on the internet and have never seen a copyright law they like, generally do like their privacy. They want to preserve it, and will support laws that do. But to succeed, they’ll need to argue for stronger property rights. They have yet to realise that their opponents in the copyright wars have been arguing for those too, for years. Both sides of the copyright “fight” actually need the same thing. This is odd, I said to Bide. How can he account for this irony? “Ah,” says Bide. “Privacy and copyright are two things nobody cares about unless it’s their own privacy, and their own copyright.”

These are important insights that get at a fundamental truth that all too many people ignore today: At root, most information control efforts are related and solutions for one problem can often be used to address others. But there’s another insight that Orlowski ignores: Whether we are discussing copyright, privacy, online speech and child safety, or cybersecurity, all these efforts to control the free flow of digitized bits over decentralized global networks will be increasingly complex, costly, and riddled with myriad unintended consequences. Importantly, that is true whether you seek to control information flows through top-down administrative regulation or by assigning and enforcing property rights in intellectual creations or private information.

Let me elaborate a bit (and I apologize for the rambling mess of rant that follows).

Parallels in Debates over Copyright & Privacy Protection

In several essays here over the past few years I have attempted to draw parallels between the battles over protecting digital copyright and online privacy, as well as battle over online safety/speech and cybersecurity. Here are a few of those essays in case you’re interested in seeing the evolution of my thinking about this:

• When It Comes to Information Control, Everybody Has a Pet Issue & Everyone Will Be Disappointed
• And so the IP & Porn Wars Give Way to the Privacy & Cybersecurity Wars
• SOPA & Selective Memory about a Technologically Incompetent Congress
• Privacy as an Information Control Regime: The Challenges Ahead
• Isn’t “Do Not Track” Just a “Broadcast Flag” Mandate for Privacy?

In those essays I have argued that a combination of selective morality and wishful thinking are at work in the information policy world these days. In essence, people hate Internet regulation… until they love it! Here’s how I summarized that fact during the debate over SOPA:

… conservatives rush out and breathlessly denounce each and every effort to impose Net neutrality regulation because of the danger of empowering an already over-zealous bunch of bumbling bureaucrats at the FCC. (And I agree with them.) Yet, with their next breath many conservatives praise SOPA even though it also empowers government to muck with the inner workings of the Internet. Some of those conservatives are also turning a blind eye to the growing appetite of the defense/security community to meddle with the Net’s architecture in the name of avoiding any number of non-catastrophes. Meanwhile, the liberals decry SOPA and want it stopped at all costs. There’s never been a copyright protection measure they liked, of course, but each time one pops up we hear them claim that our analog era Congress is not well-positioned to be designing industrial policy schemes for the Internet. (And I generally agree with them.) But most liberals do a complete 180 whenever online privacy or Net neutrality regulations are the subject of congressional inquiry. Suddenly, the cyber-oafs in Congress are considered veritable technocratic philosopher kings who we should trust to guard our cyber-freedoms to lead us to the digital promised land.

Again, it’s both selective morality and wishful thinking. It’s selective morality in that some folks think certain values are sacrosanct and deserving of a “by-any-means-necessary” enforcement attitude, yet they are often just as likely to denounce similar information control efforts when it comes to issues or values they don’t give a damn about.  And it is wishful thinking in that you can’t run around insisting that “information wants to be free” in some contexts but then express outrage when something that you want to bottle up turns out to “just want to be free” as well!

But the important takeaway here is that, consistent with what Orlowski argues, I believe that online copyright and privacy are essentially the same problem: It’s an information control problem.

Potential Costs of Control

Once you start thinking about Internet policy debates as a single issue — namely, information control — you can begin to investigate the potential costs of control in a somewhat more objective fashion. Of course, challenging issues remain:

1. Which method of control should we choose? On one hand, there are many varieties of administrative regulation, technical infrastructure controls, and device mandates. On the other hand, there are property rights and liability / tort schemes. And there are many hybrid enforcement models, such as increasingly popular “co-regulation” models, government standard-setting, and “nudging” of system defaults. Each method will entail different costs and trade-offs.
2. What metric(s) should we use when attempting to determine whether the benefits of control exceed the costs? Ask any advocate of information control about whether the costs might exceed the benefits of regulation for their pet issue and they will typically suggest that either (a) there are no costs or that (b) the benefits dwarf any costs that may exist. But all too often the benefits they identify are extremely subjective and amorphous in character (“privacy,” “safety,” and “security” are hard to quantify, after all) while the costs are very real and increasingly substantial.

In my view, these practical questions are increasingly the most interesting issues to explore in the field of cyberlaw and digital economics. We can debate the normative or ethical considerations until we’re all blue in the face and ready to rip each other’s heads off, but I am less and less interested in such squabbles. Instead, I keep coming back to the question of how we’ll go about controlling info flows and how much effort and resources it makes sense to expend in pursuit of each of the values identified above. Some of the specific considerations I find myself asking in every paper I write these days include:

(A) Will the proposed form of information control tie us up in the courts forever, lead to increasingly onerous and unworkable liability norms, and end up yielding outrageous litigation costs?

(B) Will the proposed form of information control require a significant increase in regulatory bureaucracy? How many levels of government will need to be involved in the proposed enforcement scheme? How many new offices and officials will need to be empowered in the hope of achieving some measure of control?

(C) What are the alternatives to the proposed form of information control? Are there less costly or less restrictive means of addressing the concern in question? For example, education and empowerment effort are often an effective way to address many online safety and digital privacy concerns. Can we use those methods in conjunction with social norms, public pressure, self-regulation, informal contracting, and other methods to address these and other concerns?

For me, the costs associated with the A & B are increasing so rapidly that I almost always default to C as the better approach. Importantly, although A & B will be less onerous or costly when the solution is of the increased property-ization variety than of the administrative regulation variety, that does not mean property rights-based solutions for information are costless. Indeed, I increasingly find myself concluding that C solutions are more cost-effective even compared to increased property rights.

Practical Advice Once You Accept the Increasing Costs & Complications of Control

At this point, readers may be thinking: “Wait a minute, this dude is just some kooky libertarian who doesn’t want any form of information control, so he’s just trying to rationalize anarchy here.” No, I’m not. I certainly favor less control across the board than most people, but I also understand that there are times, at the margin, when some forms of “control” are necessary. But my views on the wisdom of control are heavily influenced by the costs of control. The costs of control — broadly defined — are a key factor in every cost-benefit analysis I do related to the wisdom of Net regulation and information control methods — even when one of those methods is increased “property-ization.” And because I have come to believe that those costs are going up and that most information control efforts will not work well in practice, I have boiled down my advice on this front to two simple principles:

1. Choose your info control battles wisely. Figure out where the most serious harms or threats lie and then target the info control solution accordingly and forget about the rest. For example, in child safety debates, that would mean going after child porn rings but leaving run-of-the-mill adult porn alone entirely. In copyright, it would mean nailing the largest commercial mass piracy sites but accepting a certain amount of casual sharing. In the field of personal info, it means singling out health and financial information and data for special protections and likely giving up on most other forms of info control. And so on. In essence, these are where the greatest potential harms lie that most people would consider intolerable. As you move further away from such issues, the case for control becomes harder and harder and the costs will almost certainly exceed the benefits.
2. Have a good backup plan in mind when those info control plans fail anyway. That backup plan should generally be based on education, empowerment, coping strategies, and resiliency. Again, these are the “C” solutions mentioned above. [I developed this model more robustly in the second half of this recent paper.] This approach won’t be perfect but it will likely be what you’ll end up relying on anyway, so you better start thinking about plowing more resources into this alternative approach even while you’re trying to devise info control mechanisms.

Let me just say a brief word to my market-oriented friends who are dismayed by my inclusion of property rights in the mix of “information control” efforts. I’m a big believer in the importance of property rights in many contexts, but context does matter. More specifically, physicality matters. It is easy to create property rights in tangible goods and almost always right to do so. Property rights in intangible ideas and creations raise special issues, however. Because ideas are non-rivalrous and have public good qualities, it makes property-ization more complicated and less effective. Property rights in facts can also come into conflict with other values and more well-established rights, especially freedom of speech and expression.

On the privacy front, Eugene Volokh made this point in his famous 2000 law review article, “Freedom of Speech, Information Privacy, and the Troubling Implications of a Right to Stop People from Speaking About You,” when he noted that, “The difficulty[with] the right to information privacy — the right to control other people’s communication of personally identifiable information about you — is a right to have the government stop people from speaking about you. And the First Amendment (which is already our basic code of “fair information practices”) generally bars the government from “control[ling the communication] of information,” either by direct regulation or through the authorization of private lawsuits.” That doesn’t mean free speech values should always trump privacy values, but denying this tension is just plain silly. If you want to propertytize all personal information, then you better be prepared to explain how that plays out in practice. How far are you prepared to go to ban the dissemination of facts? Would you place prior restraint on the press to accomplish it? Would you ban a historian from writing a biographies that reveal intimate facts about the subject? Would you shut down all the online sites and services that rely on a certain amount of personal information to fuel their free offerings?

Likewise, copyright law was far more effective in the analog age when we were still pressing music on vinyl and plastic. As soon as digitization become widespread, it was pretty much game over for traditional copyright law and now we are off and running with all sorts of convoluted and increasingly costly regulatory regimes. It’s not that I don’t want these some of these schemes to work — I’ve been a long-time copyright defender — but, again, the practicality of control simply must be considered here. I am not will to “pay any price, bear any burden” in defense of protecting intellectual property rights even as I remain outraged by the staggering amount of free-riding at work every single second of the day on the Internet. So, adopting the framework I outlined about, we might try targeted solutions to go after the biggest of those freeloaders — commercial mass piracy hubs — but we should generally avoid the sort of ham-handed technical control methods we saw in SOPA and other fights, like the broadcast flag battle among others. But, generally speaking, property rights just aren’t going to work as well in this space going forward. I’ve come to believe that the best hope lies in massive consolidation of content and conduit. In other words, pipe and device owners need to buy out all the content-creating industries and just embed a small fee in their monthly services to cross-subsidize content. This is essentially a private collective licensing solution and it is not unprecedented. Nor is it perfect. It will be very leaky. Plenty of piracy will still take place. But it will probably offer creators a better chance of finding a sustainable revenue stream than the current system does. The old copyright system that served them and us so well is dying and they had better start thinking of alternatives like this. Of course, antitrust law may never allow it, so I could be wasting my breath here. (Just look at all the grief that antitrust officials both here and abroad are giving Apple and eBook sellers for working together even though that it probably the best scheme devised in recent memory to sustain publishing in an age of mass piracy. Policymakers should be encouraging more of that sort of thing, not punishing it.)

An Uncertain Future

So, to wrap up… I can imagine a future in which both heavy-handed, top-down info control efforts and property / liability solutions are failing almost universally because of the ubiquitous, instantaneous, quicksilver-like flow of information across decentralized digital networks. Some utopians will argue that such a world will be better in every way than the one we live in today. I do not share such hyper-optimism. While I believe that, on balance, the free flow if information generally benefits society, I also understand how it creates enormous angst and intractable challenges for many. It’s a world in which copyright is a hollow shell of its former self that offers creators very little protection for their expressive works. And it’s a world in which personal privacy is harder to safeguard with each passing day because no matter how hard we try to property-tize facts about ourselves, that enforcement model simply breaks down at some point or becomes socially and economically intolerable. As with copyright, efforts to property-tize personal information will lose the battle against data sharing. As computer scientist Ben Adida argued in his essay, “(Your) Information Wants to be Free,” “unfortunately, information replication doesn’t discriminate: your personal data, credit cards and medical problems alike, also want to be free. Keeping it secret is really, really hard.”

Indeed, and it is growing harder by the day. Contrary to what Orlowski suggests, therefore, this isn’t a simple engineering problem. I wish it were as easy as he suggests to build “permissions-based markets” because they could have real benefits for individuals and society. But it is most certainly not that simple. It is far more costly and complicated than ever to devise workable information control schemes on one hand and “permissions-based” property rights schemes on the other. In some cases, I might still be willing to try the latter, but unlike Orlowski, I just don’t place much faith in the success of the endeavor.

Over at Forbes I have posted some thoughts on the new privacy framework (Consumer Data Privacy in a Networked World) that the Obama Administration released today. In my essay, “The Problem with Obama’s “Let’s Be More Like Europe” Privacy Plan,” I hammer home the same point I’ve made here before many times: Regulation is not a costless exercise. No matter how well-intentioned regulatory proposals may be, they can often have unforeseen, unintended consequences. This is equally true for privacy controls. I discuss how a new privacy regulatory regime could drive up prices for services that currently are free or inexpensive, limit new digital services and innovations, create barriers to entry for new entrants and entrepreneurs, negatively impact the competitiveness of existing U.S. Internet operators, and, more generally, increase the horizons of government power over the Internet.

For a more detailed analysis of these issues, I encourage you to check out my big Mercatus Center filing to the FTC last year on privacy and Do Not Track regulation. Also, here are few TLF essays that summarize my skepticism about expanded privacy controls:

• Isn’t “Do Not Track” Just a “Broadcast Flag” Mandate for Privacy?
• Privacy as an Information Control Regime: The Challenges Ahead
• Obama Admin’s “Let’s-Be-Europe” Approach to Privacy Will Undermine U.S. Competitiveness
• Lessons from the Gmail Privacy Scare of 2004
• When It Comes to Information Control, Everybody Has a Pet Issue & Everyone Will Be Disappointed
• And so the IP & Porn Wars Give Way to the Privacy & Cybersecurity Wars
• Book Review: Solove’s Understanding Privacy

It seems peculiar to me that some of the same individuals and groups who so vociferously opposed a “broadcast flag” technological mandate in past years are now in a mad rush to have federal policymakers mandate a “Do Not Track” regulatory regime for privacy purposes. The broadcast flag debate, you will recall, centered around the wisdom of mandating a technological fix to the copyright arms race before digitized high-definition broadcast signals were effectively “Napster-ized.” At least that was the fear six or seven years ago. TV broadcasters and some content companies wanted the Federal Communications Commission (FCC) to recognize and enforce a string of code that would have been embedded in digital broadcast program signals such that mass redistribution of video programming could have been prevented.

Flash forward to the present debate about mandating a “Do Not Track” scheme to help protect privacy online. As I noted in my filing last week to the Federal Trade Commission, at root, Do Not Track is just another “information control regime.” Much like the broadcast flag proposal, it’s an attempt to use a technological quick-fix to solve a complex problem. When it comes to such information control efforts, however, there aren’t many good examples of simple fixes or silver-bullet solutions that have worked, at least not for very long. The debates over Wikileaks, online porn, Internet hate speech, and Spam all demonstrate how challenging it can be to put information back into the bottle once it is released into the digital wild.

To be clear, I am not opposed to technological solutions like broadcast flag or Do Not Track, but I am opposed to forcing them upon the Internet and digital markets in a top-down, centrally-planned fashion. While I am skeptical that either scheme would work well in practice (whether voluntary or mandated), my concern in these debates is that forcing such solutions by law will have many unintended consequences, not the least of which will be the gradual growth of invasive cyberspace controls in these or other contexts. After all, if we can have “broadcast flags” and “Do Not Track” schemes, why not “flag” mandates for objectionable speech or “Do Not Porn” browser mandates?

From 2002-2005, when the broadcast flag wars were really raging, groups like the Electronic Frontier Foundation and Center for Democracy & Technology made several legitimate legal and practical arguments against a mandatory broadcast flag regime. But their principled case against broadcast flag mandates came down to an underlying fear about government encroachment on the Internet and the specter of more far-reaching regulation of cyberspace. For example, in a December 2003 report, CDT noted that even if other details could be worked out, “the [broadcast] flag approach will still pose unresolved concerns regarding technical regulation of computers and the Internet by the government [and] the impact of regulations on innovation and future consumer uses” was also problematic.

Importantly, EFF and CDT hammered broadcast flag proponents on the question of jurisdictional authority. They rightly asked where the FCC  got the authority to impose such rules at all and worried about the spillover effects of such arbitrary mandates in other Internet contexts. (The broadcast flag scheme was eventually tossed out by the D.C. Court of Appeals because of the FCC’s lack of authority.)

So, why wouldn’t these same concerns and arguments apply to Do Not Track regulation? CDT and EFF seem to care little that the Federal Trade Commission is aggressively pushing this new information control regime on the Internet.  Indeed, CDT and EFF are two of the biggest cheerleaders for FTC action in this regard.  Sorry, but I just don’t get it.  If it was misguided for regulators to push a broadcast flag regime upon cyberspace, isn’t it just as misguided for them to be pushing Do Not Track? I suspect this inconsistency has something to do with CDT and EFF being inherently skeptical of the benefits of most online copyright protection schemes while being more sympathetic to legal efforts aimed at protecting personal privacy online. Simply stated, they think there’s something to the notion of privacy “rights” and will bend over backward to engineer an information control regime to protect against the “unauthorized” flow of personal information online. When it comes to the “unauthorized” flow of copyrighted bits of information online, however, they aren’t nearly as interested in inviting the code cops in.

But even if one sympathizes with that distinction — absolute privacy “rights”  vs. minimal copy-“rights” — all the same concerns and criticisms that CDT and EFF raised earlier about the broadcast flag regulatory scheme would seemingly apply to the Do Not Track regime. Both regimes face formidable enforcement challenges and raise the specter of broader government control of cyberspace. There’s just no getting around that reality, and Do Not Track defenders who deny it are basically hiding from the ugly truth that they are greasing the skids for future information control efforts and regimes — both here and abroad.

I suppose that they might also argue that regulation is justified where it ensures more “choice” for consumers.  But forcing “choice” upon online markets isn’t exactly the same thing as allowing it evolve in a natural, non-destructive fashion. As I noted in my filing, many others besides me are concerned about what mandatory Do Not Track would mean for the online ecosystem of mostly “free” content and services. Lauren Weinstein, co-founder of People For Internet Responsibility (PFIR), worries that the “ability [of Do Not Track concepts] to cause major collateral damage to the Internet ecosystem of free Web services is being unwisely ignored or minimized by many Do Not Track proponents.” And in a brilliant Huffington Post column this week about the rise of a privacy techno-panic, Jeff Jarvis said, “I also worry that efforts to bring in a ‘Do Not Track’ list and other demonization of ad targeting could cripple the revenue of the media and news industries even as they struggle to find sustainability; it could kill news outlets and reduce journalism.”

Weinstein and Jarvis are right. There is no free lunch. While groups like EFF and CDT who support Do Not Track regulation are well-intentioned in their aims, the reality is that government regulation that attempts to create a cost-free opt-out for data collection and targeted online advertising will likely have damaging consequences for the future provision of online content and services. In terms of direct costs to consumers, Do Not Track could result in higher prices for service as paywalls go up or, at a minimum, advertising will become less relevant to consumers and, therefore, more “intrusive” in other ways.

Which leads to my final point. What is perhaps most perplexing about this is how many of the advocates of Do Not Track argue that such a regulatory scheme will slow the “arms race” in the privacy arena. For example, EFF has said “The header-based Do Not Track system appeals because it calls for an armistice in the arms race of online tracking.” And my favorite frenemy Chris Soghoian argues that “opt out mechanisms… [could] finally free us from this cycle of arms races, in which advertising networks innovate around the latest browser privacy control.”  At best, this is highly wishful thinking. At worst, it’s outright deceit aimed at sugar-coating the hard truth: If anything, a Do Not Track mandate will speed up the technological arms race and have many other unintended consequences. Online advertising will almost certainly become more “annoying” and even invasive as a result of such regulation.  And “tracking” techniques aren’t going to be stopped or even slowed as a result of Do Not Track. (Hello DPI!) Again, check out my filing to the FTC for more details.

The important point here is that one intervention will simply beget another and another in an attempt to address the “arms race” and to refine and rework Do Not Track to cover more and more online information flows. One wonders how expansive this new regulatory regime will need to be to deal with the growing scale and volume of online information flows. Really, does anyone think there will be less personal information online in coming years?  Unless we stop the unprecedented voluntary information-sharing and self-revelation of personal data that takes place on social networking sites and via user-generated content sites, there is simply no way in hell this problem is going to be curtailed. When 600 million people use Facebook as an open diary to the world (among many other examples I could cite), it’s hard to imagine we’ll ever be able to stop the mercurial flow of personal information across the Internet. Do Not Track certainly won’t stop it, but the cost of putting such a regulatory regime in place in an attempt to put the genie back in the bottle could be profound for the future of the Internet and online content and culture.

Again, this is essentially the same argument previously set forth against a broadcast flag mandate. As EFF once noted, “the technology mandate proposed… is unnecessary, ineffective, and unwise.”  I agree, and I invite Do Not Track defenders at CDT and EFF (or anyone else) to explain why, conceptually speaking, Do Not Track isn’t just broadcast flag in drag.