This weekend, The Wall Street Journal ran my short letter to the editor entitled, “We Can Protect Children and Keep the Internet Free.” My letter was a response to columnist Peggy Noonan’s April 9 oped, “Can Anyone Tame Big Tech?” in which she proposed banning everyone under 18 from all social-media sites. She specifically singled out TikTok, Youtube, and Instagram and argued “You’re not allowed to drink at 14 or drive at 12; you can’t vote at 15. Isn’t there a public interest here?”

I briefly explained why Noonan’s proposal is neither practical nor sensible, noting how it:

would turn every kid into an instant criminal for seeking access to information and culture on the dominant medium of their generation. I wonder how she would have felt about adults proposing to ban all kids from listening to TV or radio during her youth. Let’s work to empower parents to help them guide their children’s digital experiences. Better online-safety and media-literacy efforts can prepare kids for a hyperconnected future. We can find workable solutions that wouldn’t usher in unprecedented government control of speech.

Let me elaborate just a bit because this was the focus of much of my writing a decade ago, including my book, Parental Controls & Online Child Protection: A Survey of Tools & Methods, which spanned several editions. Online child safety is a matter I take seriously and the concerns that Noonan raised in her oped have been heard repeatedly since the earliest days of the Internet. Regulatory efforts were immediately tried. They focused on restricting underage access to objectionable online content (as well as video games), but were immediately challenged and struck down as unconstitutionally overbroad restrictions on free speech and a violation of the First Amendment of the U.S. Constitution.

But practically speaking, most of these efforts were never going to work anyway. There was almost no way to bottle up all the content flowing in the modern information ecosystem without highly repressive regulation, and it was going to be nearly impossible to keep kids off the Internet altogether when it was the dominant communications and entertainment medium of their generation. The first instinct of every moral panic wave–from the waltz to comic books to rock or rap music to video games–has often been to take the easy way out by proposing sweeping bans on all access by kids to the content or platforms of their generation. It never works.

Nor should it. There is a huge amount of entirely beneficial speech, content, and communications that kids would be denied by such sweeping bans. That would make such ban highly counter-productive. But, again, usually such efforts just were not practically enforceable because kids are often better at the cat-and-mouse game than adults give them credit for. Moreover, imposing age limitations of speech or content are far more difficult than age-related bans on specific tangible products, like tobacco or other dangerous physical products.

Acknowledging these realities, most sensible people quickly move on from extreme proposals like flat bans of all kids using the popular media platforms and systems of the day. Over the past half century in the U.S., this has led to a flowering of more decentralized governance approach to kids and media that I have referred to as the “3E approach.” That stands for empowerment (of parents), education (of youth), and enforcement (of existing laws). The 3E approach includes a variety of mechanisms and approaches, including: self-regulatory codes, private content rating systems, a wide variety of different parental control technologies, and much more.

Over the past two decades, many multistakeholder initiatives and blue-ribbon commissions were created to address online safety issues in a holistic fashion. I summarized their conclusions in my 2009 report, “Five Online Safety Task Forces Agree: Education, Empowerment & Self-Regulation Are the Answer.” The crucial takeaway from all these task forces and commissions is that no silver-bullet solutions exist to hard problems. Child safety demands a vigilant but adaptive approach, rooted in a variety of best practices, educational approaches, and technological empowerment solutions to address various safety concerns. Digital literacy is particularly crucial to building wiser, more resilient kids and adults, who can work together to find constructive approaches to hard problems.

Importantly, our task here is never done. This is an ongoing and evolving process. Issues like underage access to pornography or violent content have been with us for a very long time and will never be completely “solved.” We must constantly work to improve existing online safety mechanisms while also devising new solutions for our rapidly evolving information ecosystem. Nothing should be off the table except the one solution that Noonan suggested in her essay. Just proposing outright bans on kids on social media or any other new media platform (VR will be next) is an unworkable and illogical response that we should dismiss fairly quickly. No matter how well-intentioned such proposals may be, moral panic-induced prohibitions on kids and media ultimately are not going to help them learn to live better, safer, and more enriching lives in the new media ecosystems of today or the future. We can do better.

Last week, it was my great pleasure to be invited on NPR’s “On Point with Tom Ashbrook,” to debate Jeffrey Rosen, a leading privacy scholar and the president and chief executive of the National Constitution Center. In an editorial in the previous Sunday’s New York Times (“Madison’s Privacy Blind Spot”), Rosen proposed “constitutional amendment to prohibit unreasonable searches and seizures of our persons and electronic effects, whether by the government or by private corporations like Google and AT&T.” He said his proposed amendment would limit “outrageous and unreasonable” collection practices and would even disallow consumers from sharing their personal information with private actors even if they saw an advantage in doing so.

I responded to Rosen’s proposal in an essay posted on the IAPP  Privacy Perspectives blog, “Do We Need A Constitutional Amendment Restricting Private-Sector Data Collection?” In my essay, I argued that there are several legal, economic, and practical problems with Rosen’s proposal. You can head over to the IAPP blog to read my entire response but the gist of it is that “a constitutional amendment [governing private data collection] would be too sweeping in effect and that better alternatives exist to deal with the privacy concerns he identifies.” There are very good reasons we treat public and private actors differently under the law and there “are all far more practical and less-restrictive steps that can be taken without resorting to the sort of constitutional sledgehammer that Jeff Rosen favors. We can protect privacy without rewriting the Constitution or upending the information economy,” I concluded.

But I wanted to elaborate on one particular thing I found particularly interesting about Rosen’s comments when we were on NPR together. During the show, Rosen kept stressing how we needed to adopt a more European construction of privacy as “dignity rights” and he even said his proposed privacy amendment would even disallow individuals from surrendering their private data or their privacy because he viewed these rights as “unalienable.” In other words, from Rosen’s perspective, privacy pretty much trumps  everything, even if you want to trade it off against other values. 

Privacy Paternalism?

I’ve been seeing more and more privacy advocates and scholars adopt this attitude, including Anita Allen, Julie Cohen, Siva Vaidhyanathan, and others. Allen, for example, says that privacy is such a “foundational” human right that it some cases the law should override individual choice when consumers act against their own privacy interests. Cohen and Vaidhyanathan make similar arguments in their recent books. Vaidhyanathan claims that consumers are being tricked by the “smokescreen” of “free” online services and “freedom of choice.” Although he admits that no one is forced to use online services and that consumers are also able to opt-out of most of services or data collection practices, he argues that “such choices mean very little” because “the design of the system rigs it in favor of the interests of the company and against the interests of users.” “Celebrating freedom and user autonomy is one of the great rhetorical ploys of the global information economy,” he says.“We are conditioned to believe that having more choices–empty though they may be–is the very essence of human freedom. But meaningful freedom implies real control over the conditions of one’s life.” These are the sort of arguments I increasingly hear made by privacy scholars when claiming that consumers simply can’t be left free to make choices for themselves in this regard.  In an interesting recent article in the Harvard Law Review , privacy scholar  Daniel Solove notes that what binds these thinkers and their work together is, in essence, a sort of privacy paternalism. The point of most modern privacy advocacy has been to better empower consumers to make privacy decisions for themselves. But, Solove notes, “t he implication [of these privacy scholar’s work] is that the law must override individual consent in certain instances.” Yet, if that choice is taken away from us by law, Solove notes, then privacy regulation, “risks becoming too paternalistic. Regulation that sidesteps consent denies people the freedom to make choices,” Solove argues.

Jeff Rosen now appears to be adopting the sort of approach Solove identifies by claiming that privacy is an “unalienable right” such that it cannot be traded away for other things. By making that choice for us, Rosen’s proposed amendment would, therefore, suffer from that same sort of privacy paternalism Solove identifies. In a forthcoming law review aritcle that will appear in the  Maine Law Review, I identify some of the problems associated with privacy paternalism. Most obviously, these scholars should keep in mind that not everyone shares the same privacy values as they do and that many of us will voluntarily trade some of our data for the innovative information services and devices that we desire. If imposed in the form of legal sanctions, privacy paternalism would open the door to almost boundless controls on the activities of both producers and consumers of digital services, potentially limiting future innovations in this space.

For example, when we were on  NPR together, Rosen mentioned wireless geolocation technology as a potential source of serious privacy harm, although he did not make it clear whether he wanted it stopped entirely or what. If used improperly, wireless geolocation technology certainly can raise serious privacy concerns. But wireless geolocation technology is also what powers the mapping and traffic services that most of us now take for granted. Many of us expect — no, we demand — that our digital devices be able to give us real-time mapping and traffic notification capabilities. And most of us are willing to make the minor privacy trade-off associated with sharing our location constantly in exchange for the right to receive these services, which are also provided to us free of charge.

So, what would Rosen’s proposed amendment have to say about this trade-off? Would these wireless geolocation technologies be banned altogether, even if consumers desire them? It isn’t really clear at this point because he hasn’t offered us many details about his proposal. But, to the extent it would preempt these technological capabilities on the grounds that our locational privacy is somehow in unalienable right, then that seems like a fairly paternalistic approach to policy and it it would seem to confirm Thomas Lenard and Paul Rubin’s claim that “many of the privacy advocates and writers on the subject do not trust the consumers for whom they purport to advocate.”

Such paternalism is particularly problematic in this case since privacy is such a highly subjective value and one that evolves over time. As Solove notes, “the correct choices regarding privacy and data use are not always clear. For example, although extensive self-exposure can have disastrous consequences, many people use social media successfully and productively.” Privacy norms and ethics are changing faster than ever today. One day’s “creepy” tool or service is often the next day’s “killer app.”

Balancing Values; Considering Costs

As I will discuss in my forthcoming  Maine Law Review article and I also discussed in my recent George Mason University Law Review  article, at least here in the United States, consumer protection standards have traditionally depended on a clear showing of actual, not prospective or hypothetical, harm. In some cases, when the potential harm associated with a particular practice or technology is extreme in character and poses a direct threat to physical well-being, law has preempted the general presumption that ongoing experimentation and innovation should be allowed by default. But these are extremely rare scenarios, at least as it pertains to privacy concerns under American law, and they mostly involved health and safety measures aimed at preemptively avoiding catastrophic harm to individual or environmental well-being. In the vast majority of other cases, our culture has not accepted that paternalistic idea that law must “save us from ourselves” (i.e., our own irrationality or mistakes). As Solove notes in his recent essay, “People make decisions all the time that are not in their best interests. People relinquish rights and take bad risks, and the law often does not stop them.” Sometimes privacy advocates also ignore the costs of preemptive policy action and don’t bother conducting a serious review of the potential costs of their regulatory proposals. As a result, preemptive policy action is almost always the preferred remedy to any alleged harm. “By limiting or conditioning the collection of information, regulators can limit market manipulation at the activity level,” Ryan Calo argues in a recent paper. “We could imagine the government fashioning a rule — perhaps inadvisable for other reasons―that limits the collection of information about consumers in order to reduce asymmetries of information.” [*Clarification: In a comment down below and a subsequent Twitter exchange, Ryan clarifies that he ultimately does not come down in favor of such a rule, preferring instead to find various other incentives to solve these problems. I thank him for this clarification — and definitely welcome it! — although I found his position somewhat murky after debating him personally on these issues recently. Nonetheless, I apologize if I mischaracterized his position in any way here.]

Unfortunately, Professor Calo does not fully consider the corresponding cost of such regulatory proposals in calling for the enactment of such a rule. If preemptive regulation slowed or ended certain information practices, it could stifle the provision of new and better services that consumers demand, as I have noted elsewhere. It might also trump other choices or values that consumers care about. While privacy is obviously an incredibly important value, we cannot assume that it is the only value, or the most important value, at stake here. Consumers also care about having access to a constantly growing array of innovative goods and services, and they also care about getting those goods and services at a reasonable price.

Moving from “Rights Talk” to Practical Privacy Solutions

This is the point in the essay where some readers are getting pretty frustrated with me and thinking I am some sort of nihilist who doesn’t give a damn about privacy. I assure you that nothing is further from the truth and that I care very deeply about privacy.

But if you really care about expanding the horizons of privacy protection in our modern world, at some point you have to accept that all the “rights talk” and top-down enforcement efforts in the world are not necessarily going to help as much as you wish they would. The same thing is true for online safety, digital security, and IP protection efforts: No matter how much you might wish the opposite was true, information control is just really, really hard. Legal and regulatory approaches to bottling up information flows will inevitably be several steps behind cutting-edge technological developments. (I’ve discussed these issues in several essays here, including: “Privacy as an Information Control Regime: The Challenges Ahead,” “Copyright, Privacy, Property Rights & Information Control: Common Themes, Common Challenges,” and “When It Comes to Information Control, Everybody Has a Pet Issue & Everyone Will Be Disappointed.”)

That doesn’t mean we should surrender in our efforts to identify more concrete privacy harms, but we should recognize that it will always be a hugely contentious matter and that a great many people will gladly trade away their privacy in a way that others will consider outrageous. In a free society, we must allow them to do so if they derive greater utility from other things. A paternalistic approach based on a sort of privacy fundamentalism will deny them the right to make that choice for themselves. And, practically speaking, no matter how much some might think that privacy values are “unalienable,” the reality is that there will be no way to stop many others from making different choices and relinquishing their privacy all the time.

Educating and empowering citizens is the better way to address this issue. We can try to teach them to make better privacy choices and treat their information, and information about others, with far greater care. We should also work to provide citizens more tools to help accomplish those goals. And if the problem is “information asymmetry” or some general lack of awareness about certain data collection and use practices, then let’s work even harder to make sure consumers are aware of those practices and what they can do about them.

It’s all part of the media literacy and digital citizenship agenda that we need to be investing much more of time and resources into. I outlined that approach in much more detail in this law review article. We need diverse tools and strategies for a diverse citizenry. We need to be talking to both consumers and developers about smarter data hygiene and sensible digital ethics. We need more transparency. We need more privacy privacy professionals working inside organizations to craft sensible data collection and use policies. And so on. Only by working to change attitudes about privacy, online “Netiquette,” and more ethical data use, can we really start to make a dent in this problem.

If nothing else, we must understand the limitations of information control in such highly context-specific harm scenarios. Prof. Rosen might want to ask himself how long it would take to even get his proposed constitutional amendment in place and what the chances are such a movement would even been successful. But, again, and far more importantly, Prof. Rosen and advocates of similar regulatory approaches should remember that their values are not shared by everyone and that, in a free society, a value as inherently subjective as privacy is likely to remain a hugely contentious, every-changing matter, especially when elevated to the level of constitutional rights talk. We need practical solutions to our privacy problems, not pie-in-the-sky Hail Mary schemes that are unlikely to go anywhere and, even if they did, would end up being too heavy-handed and potentially override individual autonomy in the process.

Last month, it was my great pleasure to serve as a “provocateur” at the IAPP’s (Int’l Assoc. of Privacy Professionals) annual “Navigate” conference. The event brought together a diverse audience and set of speakers from across the globe to discuss how to deal with the various privacy concerns associated with current and emerging technologies.

My remarks focused on a theme I have developed here for years: There are no simple, silver-bullet solutions to complex problems such as online safety, security, and privacy. Instead, only a “layered” approach incorporating many different solutions–education, media literacy, digital citizenship, evolving society norms, self-regulation, and targeted enforcement of existing legal standards–can really help us solve these problems. Even then, new challenges will present themselves as technology continues to evolve and evade traditional controls, solutions, or norms. It’s a never-ending game, and that’s why education  must be our first-order solution. It better prepares us for an uncertain future. (I explained this approach in far more detail in this law review article.)

Anyway, if you’re interested in an 11-minute video of me saying all that, here ya go. Also, down below I have listed several of the recent essays, papers, and law review articles I have done on this issue.

Some of My Recent Essays on Privacy & Data Collection

Testimony / Filings:

• Senate Testimony on Privacy, Data Collection & Do Not Track – April 24, 2013
• Comments of the Mercatus Center to the FTC in Privacy & Security Implications of the Internet of Things
• Mercatus filing to FAA on commercial domestic drones

Law Review Articles:

• “The Pursuit of Privacy in a World Where Information Control is Failing” – Harvard Journal of Law & Public Policy
• “Technopanics, Threat Inflation, and the Danger of an Information Technology Precautionary Principle” – Minnesota Journal of Law, Science & Technology
• “A Framework for Benefit-Cost Analysis in Digital Privacy Debates” – George Mason University Law Review

Blog posts:

• A Better, Simpler Narrative for U.S. Privacy Policy – March 19, 2013
• On the Pursuit of Happiness… and Privacy – March 31, 2013
• Let’s Not Place All Our Eggs in the Do Not Track Basket (IAPP Privacy perspectives blog)
•  Can We Adapt to the Internet of Things? – June 19, 2013 (IAPP Privacy perspectives blog)
• Isn’t “Do Not Track” Just a “Broadcast Flag” Mandate for Privacy? – Feb. 20, 2011
• Two Paradoxes of Privacy Regulation – Aug. 25, 2010
• Privacy as an Information Control Regime: The Challenges Ahead – Nov. 13, 2010
• When It Comes to Information Control, Everybody Has a Pet Issue & Everyone Will Be Disappointed – Apr. 29, 2011
• Lessons from the Gmail Privacy Scare of 2004 – March 25, 2011
• Who Really Believes in “Permissionless Innovation”? – March 4, 2013
• The Problem of Proportionality in Debates about Online Privacy and Child Safety – Nov. 28, 2009
• Obama Admin’s “Let’s-Be-Europe” Approach to Privacy Will Undermine U.S. Competitiveness– Jan. 5, 2011

This afternoon, Berin Szoka asked me to participate in a TechFreedom conference on “COPPA: Past, Present & Future of Children’s Privacy & Media.” [CSPAN video is here.] It was a in-depth, 3-hour, 2-panel discussion of the Federal Trade Commission’s recent revisions to the rules issued under the 1998 Children’s Online Privacy Protection Act (COPPA).

While most of the other panelists were focused on the devilish details about how COPPA works in practice (or at least should work in practice), I decided to ask a more provocative question to really shake up the discussion: What are we going to do when COPPA fails?

My notes for the event follow down below. I didn’t have time to put them into a smooth narrative, so please pardon the bullet points.

COPPA will fail in the long-run for two reasons:

(1)    With COPPA, the FTC is engaged in a technological arms race that it cannot win.

• COPPA was formulated for a Web 1.0 world of static websites with limited interactivity. In that environment is worked reasonably well, although it certainly imposed costs on site developers and affected market structure.
• As we moved into a Web 2.0 world of interactive social media in the mid to late-2000s, however, the rule has been strained by marketplace new realities. COPPA’s drafters never really envisioned sites like Facebook, Twitter, etc.
• In our current environment—let’s call it the Web 2.5 world—we have added mobile geolocation and social discovery to the mix and that is straining COPPA to the breaking point.
• But we are about to enter the Web 3.0 world of the “Internet of Things;” a sensor-based world in which the communication technology will literally be woven into the clothes we wear and all the devices we use.
  • Cisco has estimated that by 2020, 37 billion devices will be linked together and communicating.
  • It will be almost impossible for COPPA to keep up with the explosion of these technologies because everything in our lives and our children’s lives will be interconnected, communicating, and collecting data.
  • Information will be ubiquitously collected simply by nature of the technology itself.
  • The entire Web 3.0 world will be one of comprehensive passive information collection.
  • So, notions like “collection”, “directed at children” and “personal information” will be become impossible to enforce absence a flat-out ban on the technologies themselves

(2)    COPPA will also fail because of the simple reality that the more complicated and costly this regulatory regime becomes, the more likely it is that that both kids and parents will ignore it or seek to actively evade it.

• The actual monetary cost of any online service may obviously be one thing parents and kids seek to avoid.
• But the bigger cost is the mental hassle associated with delayed gratification.
  • When people demand certain services, they want them now. And they will get them even when law gets in the way. And sometimes they value the utility / functionality that those services provide more than they value privacy.
  • A 2011 Harvard-Berkeley study pointed out the evasion is already rampant and that many parents are facilitating that result by encouraging their kids to lie about their ages online.
    • This problem will only increase in the Internet of Things era as kids and parents come to expect all their devices to be communicating at all times and retaining data for them.

So, what are we going to do about? How do we prepare for the post-COPPA world that’s coming?

• We shouldn’t just throw up our hands in defeat.
• But we must accept the technological and practical challenges associated with regulation and seek out alternative approaches.
• Best solution, therefore, is: Education, media literacy, and digital citizenship
  • We need to do a much better job educating both kids and adults about sensible online interactions.
  • We need to talk to our kids and each other about being more savvy, sensible, respectful, and resilient media consumers and digital citizens.
  • In encouraging our kids and fellow Netizens to be good “digital citizens,” we must stress smarter online hygiene (sensible personal data use) and better “Netiquette” (proper behavior toward others), which can further both online safety and digital privacy goals.
  • More generally, as part of these digital literacy and citizenship efforts, we must do more  to explain the potential perils of over-sharing information about ourselves and others while simultaneously encouraging consumers to delete unnecessary online information occasionally and cover their digital footprints in other ways.
  • These education and literacy efforts are also important because they help us adapt to new technological changes by employing a variety of coping mechanisms or new social norms. These efforts and lessons should start at a young age and continue on well into adulthood through other means, such as awareness campaigns and public service announcements.

Additional Reading:

• The Unintended Consequences of Well-Intentioned Privacy Regulation
• Thoughts on Latest FTC COPPA Rule Revisions & Online Child Safety / Privacy
• Joint CDT-PFF-EFF Comments on FTC’s COPPA Review & the Dangers of COPPA Expansion
• What We Didn’t Hear at Yesterday’s FTC COPPA Workshop
• COPPA 2.0: The New Battle over Privacy, Age Verification, Online Safety & Free Speech, by Berin Szoka & Adam Thierer

I have always found it strange that the ACLU speaks with two voices when it comes to user empowerment as a response to government regulation of the Internet. That is, when responding to government efforts to regulate the Internet for online safety or speech purposes, the ACLU stresses personal responsibility and user empowerment as the first-order response. But as soon as the conversation switches to online advertising and data collection, the ACLU suggests that people are basically sheep who can’t possibly look out for themselves and, therefore, increased Internet regulation is essential. They’re not the only ones adopting this paradoxical position. In previous essays I’ve highlighted how both EFF and CDT do the same thing. But let me focus here on ACLU.

Writing today on the ACLU “Free Future” blog, ACLU senior policy analyst Jay Stanley cites a new paper that he says proves “the absurdity of the position that individuals who desire privacy must attempt to win a technological arms race with the multi-billion dollar internet-advertising industry.” The new study Stanley cites says that “advertisers are making it impossible to avoid online tracking” and that it isn’t paternalistic for government to intervene and regulate if the goal is to enhance user privacy choices. Stanley wholeheartedly agrees. In this and other posts, he and other ACLU analysts have endorsed greater government action to address this perceived threat on the grounds that, in essence, user empowerment cannot work when it comes to online privacy.

Again, this represents a very different position from the one that ACLU has staked out and brilliantly defended over the past 15 years when it comes to user empowerment as the proper and practical response to government regulation of objectionable online speech and pornography. For those not familiar, beginning in the mid-1990s, lawmakers started pursuing a number of new forms of Internet regulation — direct censorship and mandatory age verification were the primary methods of control — aimed at curbing objectionable online speech. In case after case, the ACLU rose up to rightly defend our online liberties against such government encroachment. (I was proud to have worked closely with many former ACLU officials in these battles.) Most notably, the ACLU pushed back against the Communications Decency Act of 1996 (CDA) and the Child Online Protection Act of 1998 (COPA) and they won landmark decisions for us in the process.

In those and other cases, the ACLU playbook wasn’t just solely focused on a pure First Amendment defense. In other words, they didn’t just say ‘Well, First Amendment values are at stake here, and so all you parents, prudes, and policymakers should just get over your obsession with eradicating online porn.” No, what really won the day for us in these cases was the user empowerment angle. The ACLU rightly noted (and proved in court) that many “less-restrictive means” — filters, monitoring tools, ratings, labels, user education, media literacy, etc. — were available to the public and that those tools and strategies provided compelling alternatives to government regulation. Thus, paternalistic government regulation should yield to those alternatives and the public (namely, parents) should be expected to take responsibility and use those less-restrictive means to protect themselves and their kids. That is the proper approach for a society that cherishes free speech, personal responsibility, and a citizenry with diverse tastes and values.

Not only did the ACLU get courts to agree with this, but the logic of user empowerment as a trump to speech controls became so compelling to justices that in some cases they actually went beyond what free speech advocates had asked or expected, even in non-Internet related decisions. For example, in United States v. Playboy Entertainment Group  (2000), the Court struck down a law that required cable companies to “fully scramble” video signals transmitted over their networks if those signals included any sexually explicit content. Echoing its earlier holding in Reno v. ACLU , the Court found that less restrictive means were available to parents looking to block those potentially objectionable signals in the home. Specifically, the Court argued that:

[T]argeted blocking [by parents] enables the government to support parental authority without affecting the First Amendment interests of speakers and willing listeners—listeners for whom, if the speech is unpopular or indecent, the privacy of their own homes may be the optimal place of receipt. Simply put, targeted blocking is less restrictive than banning, and the Government cannot ban speech if targeted blocking is a feasible and effective means of furthering its compelling interests.

More importantly, the Court held that:

It is no response that voluntary blocking requires a consumer to take action, or may be inconvenient, or may not go perfectly every time. A court should not assume a plausible, less restrictive alternative would be ineffective; and a court should not presume parents, given full information, will fail to act.

The Court endorsed that same logic for video games in the landmark 2011 decision in Brown v. EMA, which struck down a California that prohibited the sale or rental of “violent video games” to minors.

As I noted in my old book on Parental Controls & Online Child Protection , this is an extraordinarily high bar that the Supreme Court has set for policymakers wishing to regulate modern media content or online expression. Not only is it clear that the Court is increasingly unlikely to allow the extension of analog-era content regulations to new media outlets and technologies, but it appears likely that judges will apply much stricter constitutional scrutiny to all efforts to regulate speech and media providers in the future. And we really have to thank the ACLU for getting this user empowerment revolution started because, make no doubt about it, it was that hook that ushered in this amazing jurisprudential revolution — for the Internet, for video games, for new media, for everything.

Sadly, however, the ACLU is now abandoning the user empowerment approach, at least as it pertains to digital privacy regulation.

In Stanley’s latest piece as well as many other ACLU statements on privacy issues, we hear almost nothing about the importance of keeping the Net free of unnecessary regulation or that government regulation should yield to user empowerment. Instead, we are told that citizens cannot be expected to look out for themselves in this way, or that they can’t possibly hope to “win the arms race” against online advertisers. I think that is utter nonsense. The fact of the matter is that it is far, far harder to win “the arms race” against online porn and objectionable speech using user empowerment tools than it is to defeat online advertising or “tracking.”   There exists a very broad array of privacy-enhancing user empowerment tools and strategies today that can help privacy-sensitive individuals attain greater protection. Here’s a big filing I submitted to the Federal Trade Commission documenting just some of what is on the market today. (See Sec. VI). But here’s just a short list of things users can do or install to better enhance their online privacy:

• adjust your browser’s privacy settings to clear out and block the cookies most online ad networks use and utilize private browsing or “incognito” modes to surf the Web more privately;
• download tools to help you manage cookies, blocking web scripts, and so on.  Some of the more notable ones include: Ghostery, NoScript, Cookie Monster, Better Privacy, Track Me Not, and the Targeted Advertising Cookie Opt-Out or “TACO” (all for Firefox); No More Cookies (for Internet Explorer); Disconnect (for Chrome); AdSweep (for Chrome and Opera); CCleaner (for PCs); and Flush (for Mac).
• download AdBlockPlus and block almost all online advertising on most websites, and thus the data collection performed by online cookies. (It remains the most-downloaded add-on for both the Firefox and Chrome web browsers)
• use “ad preference managers” from major search companies. Google, Microsoft and Yahoo! all offer easy to use opt-out tools and educational webpages that clearly explain to consumers how digital advertising works. Meanwhile, DuckDuckGo offers as alternative search experience that blocks data collection altogether.

Again, this list just scratches the surface. New empowerment solutions like these are are constantly turning up. And many other tools and strategies exist that users can tap. See this excellent recent article by Kashmir Hill of Forbes, “10 Incredibly Simple Things You Should Be Doing To Protect Your Privacy.”

Now, let me be clear: These solutions aren’t perfect. There are no silver bullets or simple fixes when it comes protecting our privacy online. But the exact same thing has always been true for objectionable online content. I find that by using tools and strategies such as those listed above, however, you can eliminate most online advertising and data collection from your digital life. By contrast, as good as online safety tools are, a lot more gets through. That’s because what counts as “objectionable content” is notoriously subjective and, therefore, no tool or strategy can ever work perfectly. “Good enough” seems to be the standard we have to accept here. Again, the same can be said for privacy controls, but it is my contention that, relatively speaking, they actually do a better job if you are willing to live with some inconveniences (as can be the case if you are constantly clearing out your cookies and blocking all scripts, some of which may be important for site functionality). But those are trade-offs you need to accept if you want to ensure all ads are blocked or no data is collected. (Of course, once again, the exact same thing is has always been true for objectionable online content. It can be a huge inconvenience for parents and guardians to try to deal with online porn and objectionable content using all those user empowerment tools and strategies, no matter how good they are). Regardless, my argument here is that, contrary to what many advocates of privacy regulation claim, privacy empowerment tools and strategies can be remarkably effective at screening out almost all online advertising and greatly limiting any collection of personal data.

I can imagine that one response to what I have said here is that, regardless of how well the respective classes of user empowerment tools work, privacy “harms” are more serious and deserve greater government scrutiny and regulation than objectionable online speech/content. But that’s a subjective squabble we’ll never be able to definitively answer. Plenty of people would argue the opposite: that exposure to online porn and objectionable speech will do more harm to minors and society than any amount of online advertising or data collection ever would. Personally, I think both harms are grotesquely inflated “technopanics,” as I noted in this 80-page paper on the topic.

I can anticipate another response that goes like this: “Well, what’s wrong with the government doing a little paternalistic nudging if it’s focused on better empowering users?” First, let’s be clear that groups like ACLU, EFF, and CDT did not adopt that position for objectionable online speech/content. And with good reason. They understood that if we invite the government to come in and create and/or mandate the empowerment tools to be used to address the problem, it could serve as a Trojan Horse that policymakers could later use to expand their influence over speech and speech platforms. But why, then, would the same concern not apply to efforts by the government to mandate certain privacy tools or controls? Such a move would serve as the same sort of open-ended invite to the government to come in and meddle more with online networks.

I suspect what this all comes down to is the artificial distinction between speech rights and economic liberties that the ACLU and other groups have made through the years.  If the regulatory proposals are more about speech regulation, then the ACLU and others will say that personal responsibility and user empowerment represent the proper first-order response. But if we are talking about something perceived to be economic regulation (like advertising regulation), then the standard seems to change and all the talk of personal responsibility and user empowerment go right out the window. (Of course, this is just the classic distinction between “civil libertarians” and actual libertarians manifesting itself in a different way. While the two groups share a mutual distrust of government regulation of speech and social affairs, the civil libertarians distrust free markets and invite regulation of them there whereas the actual libertarians do not.)

But let’s ignore all these other issues and ask a different question: What about the precedent ACLU is setting here by saying user empowerment is hopeless when it comes to privacy? It goes without saying that more than a few social conservatives and regulatory-minded child safety organizations may be listening! Don’t be surprised if those folks throw the ACLU’s words back at them next time controls on speech and expression are being contemplated. They will argue that if people are sheep when it comes to protecting their privacy, then they must also be sheep when it comes to protecting themselves and their families from porn and other objectionable things online.

To me, the consistent and principled position here is this: Personal responsibility and user empowerment should be the first-order solution for all these issues. Governments should only intervene when clear harm can be demonstrated and user empowerment truly proves ineffective as a solution. Conjectural fears must not drive Internet regulation. While there are many legitimate online safety privacy concerns out there, we can find better, less-restrictive ways of dealing with them than by inviting greater government controls for cyberspace.

Today I was invited to the Federal Communications Commission (FCC) to testify at one of the agency’s Broadband Working Group workshops. This particular workshop was on “Broadband Consumer Context,” which focused on “a range of challenges and opportunities as the internet becomes a focal point for commercial transactions, social networking, and a host of activities pertaining to information gathering and exchange.”

I was asked to address the issue of whether there is a relationship between online safety concerns and broadband uptake. In my testimony, I noted that, in my 15 years of research in this area, I have never unearthed any substantive empirical evidence suggesting a correlation between parental concerns about online activity and overall household broadband uptake. I have seen occasional anecdotal news stories discussing the concerns some parents have had about their kids online that led them to reject online connectivity, but these stories have been exceedingly rare (and I haven’t seen any in recent memory).

I also argued that I did not think it at all surprising that such anecdotes are harder to find, or that empirical evidence on this front seems non-existent. I argued that there were four logical explanations for why parental concerns about online safety haven’t “moved the broadband needle” much in the negative direction:

1. Not every home has children present
2. Parents use a variety of household media rules to control media & Internet usage
3. A vibrant marketplace of parental control technologies exists
4. Likely that most parents believe that the benefits of broadband outweigh the potential downsides

For all the details on each of those, read my entire testimony or check out the presentation embedded below that I made to the FCC today.

Is There a Relationship Between Online Safety Concerns and Broadband Uptake? (Adam Thierer – PFF) http://d.scribd.com/ScribdViewer.swf?document_id=19575851&access_key=key-1igiha619z8f15dm6hg5&page=1&version=1&viewMode=

The latest edition (Version 4.0) of my PFF special report on “Parental Controls and Online Child Protection: A Survey of Tools & Methods” is now up.  For those not familiar with the report, it explores the market for parental control tools, rating schemes, education and media literacy efforts, and various other tools, methods, and initiatives aimed at promoting online child safety.  After evaluating that state of this market, I conclude: “There has never been a time in our nation’s history when parents have had more tools and methods at their disposal to help them decide what constitutes acceptable media content in their homes and in the lives of their children.”  Moreover, I believe that the parental controls and content management tools cataloged in the report represent a better, less restrictive alternative to government regulation.

Version 4.0 of the report is now over 250 pages long (up from 200 pages in Version 3.0) and it contains almost 70 exhibits (up from 50), 725 references (up from roughly 500), and numerous updates in all five sections of the book. Major updates have been made to the Internet, social networking, and mobile media sections, reflecting the growing importance of those sectors and issues. Other new sections or appendices have also been added to the report, including:

• a new section examining how many households really need parental control tools;
• a new appendix on the downsides of mandatory parental controls and restrictive default settings;
• a new section on the dangers of “deputizing the online middleman” solution as an approach to solving child safety concerns;
• a new appendix reviewing the findings of 5 past online safety task forces;
• … and much more.

I issue major updates once a year and 1 or 2 minor tweaks during the course of the year to reflect the evolution of the parental control and online child safety marketplace and debate. The report is available free-of-charge on the PFF website, and the previous editions of the report are housed there too in case you want to see how it has evolved over the past couple of years. For those interested in taking a quick look at the report, I have embedded it down below the fold as a Scribd file. Finally, as is always the case, I encourage readers to send me updates and suggestions for how to improve the report and I will incorporate them into future versions.

In an earlier post, I mentioned an important new online child safety task force report that has just been released from the “Point Smart. Click Safe.” Blue Ribbon Working Group. It’s a great report and I encourage you to read the whole thing. It was my great pleasure to serve on this task force, and as we started finalizing our conclusions and recommendations, I started thinking about how much of what we were finding and recommending was consistent with what past online safety task forces had also concluded.

By way of background, over the past decade, five major online safety task forces or blue ribbon commissions have been convened to study online safety issues. Two of these task forces were convened in the United States and issued reports in 2000 (“COPA Commission”) and 2002 (“Thornburgh Commission“). Another was commissioned by the British government in 2007 and issued in a major report in March 2008 (“Byron Review“). Finally, two additional online safety task forces were formed in the U.S. in 2008 and concluded their work, respectively, in January (“Internet Safety Technical Task Force“) and July (“Point Smart. Click Safe.“) of 2009. [And yet another task force — the Online Safety Technology Working Group — was recently formed and has now gotten underway.]

In a new PFF white paper, ” Five Online Safety Task Forces Agree: Education, Empowerment & Self-Regulation Are the Answer,” I walk through a chronological summary of each of these past task forces [click on covers of each report below to read them in their entirety] and highlight some of the similar themes and recommendations from them.

Altogether, these five task forces heard from hundreds of experts and produced thousands of pages of testimony and reports on a wide variety of issues related to online child safety. While each of these task forces had different origins and unique membership, what is striking about them is the general unanimity of their conclusions. Among the common themes or recommendations of these five task forces:

• Education is the primary solution to most online child safety concerns. These task forces consistently stressed the importance of media literacy, awareness-building efforts, public service announcements, targeted intervention techniques, and better mentoring and parenting strategies.
• There is no single “silver-bullet” solution or technological “quick-fix” to child safety concerns. That is especially the case in light of the rapid pace of change in the digital world.
• Empowering parents and guardians with a diverse array of tools, however, can help families, caretakers, and schools to exercise more control over online content and communications.
• Technological tools and parental controls are most effective as part of a “layered” approach to child safety that views them as one of many strategies or solutions.
• The best technical control measures are those that work in tandem with educational strategies and approaches to better guide and mentor children to make wise choices. Thus, technical solutions can supplement, but can never supplant, the educational and mentoring role.
• Industry should formulate best practices and self-regulatory systems to empower users with more information and tools so they can make appropriate decisions for themselves and their families. And those best practices, which often take the form of an industry code of conduct or default control settings, should constantly be refined to take into account new social concerns, cultural norms, and technological developments.
• Government should avoid inflexible, top-down technological mandates. Instead, policymakers should focus on encouraging collaborative, multifaceted, multi-stakeholder initiatives and approaches to enhance online safety. Additional resources for education and awareness-building efforts are also crucial. Finally, governments should ensure appropriate penalties are in place to punish serious crimes against children and also make sure law enforcement agencies have adequate resources to police crimes and punish wrong-doers.

The consistency of these findings from those five previous task forces is important and it should guide future discussions among policymakers, the press, and the general public regarding online child safety.  As I note in the paper, the findings are particularly relevant today since Congress and the Obama Administration — including 3 federal agencies (NTIA, FCC, & FTC) are actively studying these issues. So, in light of all that, I hope this short paper can shed some light on the collective wisdom of the past task forces. While more study of online child safety issues is always welcome — including additional task forces or working groups if policymakers deem them necessary — thanks to the work of these five task forces, we now have better vision of what is needed to address online safety concerns.

Five Online Safety Task Forces Agree [PFF – Adam Thierer] http://d.scribd.com/ScribdViewer.swf?document_id=17181137&access_key=key-z6cxfgrjkqaqtxbix&page=1&version=1&viewMode=

Just FYI, the latest update of my booklet on “Parental Controls and Online Child Protection: A Survey of Tools & Methods” is now live. The new version, Version 3.1, provides minor updates to all sections of the book and a new appendix of relevant research in the field. I issue major updates early each year and 1 or 2 tweaks during the course of the year to reflect the evolution of the parental control and online child safety market and debate.

For those not familiar with the report, it explores the market for parental control tools, rating schemes, education efforts, and initiatives aimed at promoting online child safety. I believe that the parental controls and content management tools cataloged in the report represent a better, less restrictive alternative to government regulation. As I conclude after evaluating that state of the market: “There has never been a time in our nation’s history when parents have had more tools and methods at their disposal to help them decide what constitutes acceptable media content in their homes and in the lives of their children.”

The report is available free-of-charge on the PFF website, and the previous editions of the report are housed there too in case you want to see how it has evolved over the past two years. For those interested in taking a quick look at the report, I have embedded it down below the fold as a Scribd file. Finally, as is always the case, I encourage readers to send me updates and suggestions for how to improve the report and I will incorporate them into future versions.

PFF has just releasing an updated edition of my booklet on “Parental Controls and Online Child Protection: A Survey of Tools & Methods.” The new version, Version 3.0, includes two new appendixes and updates to each section to reflect new parental control tools and programs developed in the last nine months.

The updated report is timely as it comes on the heels of the recently-announced Internet Safety Technical Task Force, which is being chaired by the Berkman Center for Internet & Society at Harvard Law School. I am privileged to serve as a member of the Task Force, which is evaluating various online safety technologies and strategies and then reporting back to state attorneys general with our findings.

Those issues and much more are covered in the latest edition of my report. The report explores the market for parental control tools, rating schemes, education efforts, and initiatives aimed at promoting online child safety. I believe that the parental controls and content management tools cataloged in the report represent a better, less restrictive alternative to government regulation. As I conclude after evaluating that state of the market: “There has never been a time in our nation’s history when parents have had more tools and methods at their disposal to help them decide what constitutes acceptable media content in their homes and in the lives of their children.”

Version 3.0 of the special report, now over 200 pages, contains over fifty exhibits and numerous updates in all five sections of the book. Major updates have been made to the Internet, social networking, and mobile media sections, reflecting the growing importance of those sectors and issues. A greatly expanded section on video empowerment technologies has also been included. Finally, two appendices have also been added: a comprehensive legislative index cataloging over thirty bills introduced in Congress on these issues (complied with John Morris of Center for Democracy & Technology), and a glossary of 35 relevant terms and cases.

The report is available free-of-charge on the PFF website, as are the previous editions. And I am happy to provide hard copies to those who are interested.

PFF has just released my latest paper entitled “Parental Control Perfection? The Impact of the DVR and VOD Boom on the Debate over TV Content Regulation.” In the report, I focus on the extent to which new video technologies, such as digital video recorders (DVRs) and video on demand (VOD) services, are changing the way households consume media and are helping parents better tailor viewing experiences to their tastes and values. I provide evidence showing the rapid spread of these technologies and discuss how parents are using these tools in their homes. Finally, I argue that these developments will have profound implications for debates over the regulation of video programming. As parents are given the ability to more effectively manage their family’s viewing habits and experiences, it will lessen—if not completely undercut—the need for government intervention on their behalf.

This 16-page report can be found at: http://www.pff.org/issues-pubs/pops/pop14.20DVRboomcontentreg.pdf