My latest law review article is entitled, “Privacy Law’s Precautionary Principle Problem,” and it appears in Vol. 66, No. 2 of the Maine Law Review. You can download the article on my Mercatus Center page, on the Maine Law Review website, or via SSRN. Here’s the abstract for the article:
Privacy law today faces two interrelated problems. The first is an
information control problem. Like so many other fields of modern cyberlaw—intellectual property, online safety, cybersecurity, etc.—privacy law is being challenged by intractable Information Age realities. Specifically, it is easier than ever before for information to circulate freely and harder than ever to bottle it up once it is released.
This has not slowed efforts to fashion new rules aimed at bottling up those information flows. If anything, the pace of privacy-related regulatory proposals has been steadily increasing in recent years even as these information control challenges multiply.
This has led to privacy law’s second major problem:
the precautionary principle problem. The precautionary principle generally holds that new innovations should be curbed or even forbidden until they are proven safe. Fashioning privacy rules based on precautionary principle reasoning necessitates prophylactic regulation that makes new forms of digital innovation guilty until proven innocent.
This puts privacy law on a collision course with the general freedom to innovate that has thus far powered the Internet revolution, and privacy law threatens to limit innovations consumers have come to expect or even raise prices for services consumers currently receive free of charge. As a result, even if new regulations are pursued or imposed, there will likely be formidable push-back not just from affected industries but also from their consumers.
In light of both these information control and precautionary principle problems, new approaches to privacy protection are necessary. Continue reading →
I am pleased to announce the release of my latest book, “Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom.” It’s a short manifesto (just under 100 pages) that condenses — and attempts to make more accessible — arguments that I have developed in various law review articles, working papers, and blog posts over the past few years. I have two goals with this book.
First, I attempt to show how the central fault line in almost all modern technology policy debates revolves around “the permission question,” which asks:
Must the creators of new technologies seek the blessing of public officials before they develop and deploy their innovations? How that question is answered depends on the disposition one adopts toward new inventions. Two conflicting attitudes are evident.
One disposition is known as the “precautionary principle.” Generally speaking, it refers to the belief that new innovations should be curtailed or disallowed until their developers can prove that they will not cause any harms to individuals, groups, specific entities, cultural norms, or various existing laws, norms, or traditions.
The other vision can be labeled “permissionless innovation.” It refers to the notion that experimentation with new technologies and business models should generally be permitted by default. Unless a compelling case can be made that a new invention will bring serious harm to society, innovation should be allowed to continue unabated and problems, if they develop at all, can be addressed later.
I argue that we are witnessing a grand clash of visions between these two mindsets today in almost all major technology policy discussions today. Continue reading →
Ladar Levison, founder of encrypted email service Lavabit, discusses recent government action that led him to shut down his firm. When it was suspected that NSA whistleblower Edward Snowden used Lavabit’s email service, the FBI issued a National Security Letter ordering Levison to hand over SSL keys, jeopardizing the privacy of Lavabit’s 410,000 users. Levison discusses his inspiration for founding Lavabit and why he chose to suspend the service; how Lavabit was different from email services like Gmail; developments in his case and how the Fourth Amendment has come into play; and his involvement with the recently-formed Dark Mail Technical Alliance.
Download
Related Links
Last week, it was my great pleasure to be invited on NPR’s “On Point with Tom Ashbrook,” to debate Jeffrey Rosen, a leading privacy scholar and the president and chief executive of the National Constitution Center. In an editorial in the previous Sunday’s New York Times (“Madison’s Privacy Blind Spot”), Rosen proposed “constitutional amendment to prohibit unreasonable searches and seizures of our persons and electronic effects, whether by the government or by private corporations like Google and AT&T.” He said his proposed amendment would limit “outrageous and unreasonable” collection practices and would even disallow consumers from sharing their personal information with private actors even if they saw an advantage in doing so.
I responded to Rosen’s proposal in an essay posted on the IAPP
Privacy Perspectives blog, “Do We Need A Constitutional Amendment Restricting Private-Sector Data Collection?” In my essay, I argued that there are several legal, economic, and practical problems with Rosen’s proposal. You can head over to the IAPP blog to read my entire response but the gist of it is that “a constitutional amendment [governing private data collection] would be too sweeping in effect and that better alternatives exist to deal with the privacy concerns he identifies.” There are very good reasons we treat public and private actors differently under the law and there “are all far more practical and less-restrictive steps that can be taken without resorting to the sort of constitutional sledgehammer that Jeff Rosen favors. We can protect privacy without rewriting the Constitution or upending the information economy,” I concluded.
But I wanted to elaborate on one particular thing I found particularly interesting about Rosen’s comments when we were on NPR together. During the show, Rosen kept stressing how we needed to adopt a more European construction of privacy as “dignity rights” and he even said his proposed privacy amendment would even disallow individuals from surrendering their private data or their privacy because he viewed these rights as “unalienable.” In other words, from Rosen’s perspective, privacy pretty much trumps
everything, even if you want to trade it off against other values. Continue reading →
I didn’t have nearly as much time this year to review the steadily growing stream of information policy books that were released. The end-of-year lists I put together in the past were fairly comprehensive (see 2008, 2009, 2010, 2011 and 2012), but I got sidetracked this year with 7 law review articles and an eBook project and had almost no time for book reviews, or even general blogging for that matter.
So, I’ve just listed some of the more notable titles from 2013 even though I didn’t find the time to describe them all. The first couple are the titles that I believe will have the most lasting influence on information technology policy debates. Needless to say, just because I believe that some of these titles will have an impact on policy going forward does not mean I endorse the perspectives or recommendations in any of them. And that would certainly be the case with my choice for most important Net policy book of the year, Ian Brown and Chris Marsden’s
Regulating Code. Their book does a wonderful job mapping the unfolding universe of Internet “co-regulation” and “multi-stakeholderism,” but their defense of a more politicized information policy future leaves lovers of liberty like me utterly demoralized.
The same could be said of many other titles on the list. As I noted in concluding several reviews over the past year, liberty is increasingly a loser in Internet policy circles these days. And it’s not just neo-Marxist rants like McChesney’s
Digital Disconnect or Lanier’s restatement of the Unibomber Manifesto, Who Owns the Future? The sad reality is that pretty much everybody these days has a pet peeve they want addressed through pure power politics because, you know, something must be done! The very term “Internet freedom” has already been grotesquely contorted into something akin to an open mandate for governments to meticulously plan virtually every facet of economic and social activity in the Information Age.
Anyway, despite that caveat, many interesting books were released in 2013 on an ever-expanding array of specific information policy topics. Here’s the list of everything that landed on my desk over the past year. Continue reading →
I’m pleased to announce the release of my latest law review article, “A Framework for Benefit-Cost Analysis in Digital Privacy Debates.” It appears in the new edition of the George Mason University Law Review. (Vol. 20, No. 4, Summer 2013)
This is the second of two complimentary law review articles I am releasing this year dealing with privacy policy. The first, “The Pursuit of Privacy in a World Where Information Control is Failing,” was published in Vol. 36 of the Harvard Journal of Law & Public Policy
this Spring. (FYI: Both articles focus on privacy claims made against private actors — namely, efforts to limit private data collection — and not on privacy rights against governments.)
My new article on benefit-cost analysis in privacy debates makes a seemingly contradictory argument: benefit-cost analysis (“BCA”) is extremely challenging in online child safety and digital privacy debates, yet it remains essential that analysts and policymakers attempt to conduct such reviews. While we will never be able to perfectly determine either the benefits or costs of online safety or privacy controls, the very act of conducting a regulatory impact analysis (“RIA”) will help us to better understand the trade-offs associated with various regulatory proposals. Continue reading →
What works well as an ethical directive might not work equally well as a policy prescription. Stated differently, what one ought to do it certain situations should not always be synonymous with what they must do by force of law.
I’m going to relate this lesson to tech policy debates in a moment, but let’s first think of an example of how this lesson applies more generally. Consider the Ten Commandments. Some of them make excellent ethical guidelines (especially the stuff about not coveting neighbor’s house, wife, or possessions). But most of us would agree that, in a free and tolerant society, only two of the Ten Commandments make good law:
Thou shalt not kill and Thou shalt not steal.
In other words, not every sin should be a crime. Perhaps
some should be; but most should not. Taking this out of the realm of religion and into the world of moral philosophy, we can apply the lesson more generally as: Not every wise ethical principle makes for wise public policy. Continue reading →
Last month, it was my great pleasure to serve as a “provocateur” at the IAPP’s (Int’l Assoc. of Privacy Professionals) annual “Navigate” conference. The event brought together a diverse audience and set of speakers from across the globe to discuss how to deal with the various privacy concerns associated with current and emerging technologies.
My remarks focused on a theme I have developed here for years: There are no simple, silver-bullet solutions to complex problems such as online safety, security, and privacy. Instead, only a “layered” approach incorporating many different solutions–education, media literacy, digital citizenship, evolving society norms, self-regulation, and targeted enforcement of existing legal standards–can really help us solve these problems. Even then, new challenges will present themselves as technology continues to evolve and evade traditional controls, solutions, or norms. It’s a never-ending game, and that’s why education
must be our first-order solution. It better prepares us for an uncertain future. (I explained this approach in far more detail in this law review article.)
Anyway, if you’re interested in an 11-minute video of me saying all that, here ya go. Also, down below I have listed several of the recent essays, papers, and law review articles I have done on this issue.
Continue reading →
Ajit Pai, a Republican commissioner at the Federal Communications Commission (FCC), had an outstanding op-ed in the L.A. Times yesterday about state and local efforts to regulate private taxi or ride-sharing services such as Uber, Lyft, and Sidecar. “Ever since Uber came to California,” Pai notes, “regulators have seemed determined to send Uber and companies like it on a one-way ride out of the Golden State.” Regulators have thrown numerous impediments in their way in California as well as in other states and localities (including here in Washington, D.C.). Pai continues on to discuss how, sadly, “tech start-ups in other industries face similar burdens”:
For example, Square has created a credit card reader for mobile devices. Small businesses love Square because it reduces costs and is convenient for customers. But some states want a piece of the action. Illinois, for example, has ordered Square to stop doing business in the Land of Lincoln until it gets a money transmitter license, even though the money flows through existing payment networks when Square processes credit cards. If Square had to get licenses in the 47 states with such laws, it could cost nearly half a million dollars, an extraordinary expense for a fledgling company.
He also notes that “Obstacles to entrepreneurship aren’t limited to the tech world”:
Across the country, restaurant associations have tried to kick food trucks off the streets. Auto dealers have used franchise laws to prevent car company Tesla from cutting out the middleman and selling directly to customers. Professional boards, too, often fiercely defend the status quo, impeding telemedicine by requiring state-by-state licensing or in-person consultations and even restricting who can sell tooth-whitening services.
What’s going on here? It’s an old and lamentable tale of incumbent protectionism and outright cronyism, Pai notes: Continue reading →
Adam Thierer, Senior Research Fellow at the Mercatus Center discusses his recent working paper with coauthor Brent Skorup, A History of Cronyism and Capture in the Information Technology Sector. Thierer takes a look at how cronyism has manifested itself in technology and media markets — whether it be in the form of regulatory favoritism or tax privileges. Which tech companies are the worst offenders? What are the consequences for consumers? And, how does cronyism affect entrepreneurship over the long term?
Download
Related Links
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.