Rebecca MacKinnon has an important piece in the Wall Street Journal today about China’s “Green Dam Youth Escort” filtering mandate and the danger of this model catching on with other governments. “More and more governments — including democracies like Britain, Australia and Germany — are trying to control public behavior online, especially by exerting pressure on Internet service providers,” she notes. “Green Dam has only exposed the next frontier in these efforts: the personal computer.”
She’s right, and that’s cause for serious concern. Moreover, there’s the question of how corporations doing business in China should respond to demands and threats related to installing such filters. She notes:
In a world that includes child pornographers and violent hate groups, it is probably not reasonable to oppose all censorship in all situations. But if technical censorship systems are to be put in place, they must be sufficiently transparent and accountable so that they do not become opaque extensions of incumbent power — or get hijacked by politically influential interest groups without the public knowing exactly what is going on.
Which brings us back to companies: the ones that build and run Internet and telecoms networks, host and publish speech, and that now make devices via which citizens can go online and create more speech. Companies have a duty as global citizens to do all they can to protect users’ universally recognized right to free expression, and to avoid becoming opaque extensions of incumbent power — be it in China or Britain.
I generally agree with all that but this is a difficult issue and one that I have struggled with personally. (See this “Friendly Conversation about Corporate High-Tech Engagement with China” that Jim Harper and I had three years ago). But I do hope that more companies take a hard line with the Chinese as well as there own governemnts when it comes to filtering mandates or even restricitve parental control defaults and settings [an issue I wrote more about in this paper: “The Perils of Mandatory Parental Controls and Restrictive Defaults.”] On that note, kudos to the business groups that already signed on to a joint letter oppossing China’s new filtering mandate.
Whenever I pen anything about the dangers of age verification mandates for the Internet and social networking sites, I always point to Federal Trade Commission (FTC) reports about rising identity theft complaints. For the ninth year in a row, identity theft was the number one consumer complaint to the agency.
Now, imagine how much worse this problem could get if government mandated that everyone had to be “verified” before they were allowed to visit a social networking site, however that ends up being defined. Such a mandate would exponentially increase the amount of personal information — especially credit card information — that was available to identity thieves. Age verification advocates often ignore this problem when making the case for regulation.
Worse yet, much of the information that would be made available via such mandates would be personal information about children, which makes for a very attractive target for identity thieves since those records are rarely checked until the kids get much older and start applying for things. At least most adults typically learn they have been the victim of ID theft shortly after it occurs, allowing them to take steps to deal with the situation. With kids, their records could be milked for years by bad guys without them or their parents ever knowing it.
Over at Computerworld, Ben Rothke makes the case for “Why Information Must Be Destroyed.” “Given the vast amount of paper and digital media that amasses over time,” he argues, “effective information destruction policies and practices are now a necessary part of doing business and will likely save organizations time, effort and heartache, legal costs as well as embarrassment and more.” He continues:
Every organization has data that needs to be destroyed. Besides taxes, what unites every business is that they possess highly sensitive information that should not be seen by unauthorized persons. While some documents can be destroyed minutes after printing, regulations may require others to be archived from a few years to permanently. But between these two ends of the scale, your organization can potentially have a large volume of hard copy data occupying space as a liability, both from a legal and information security perspective. Depending on how long you’ve been in business, the number of physical sites and the number of people you employ, it’s possible to have hundreds of thousands, if not millions, of pages of hard copy stored throughout your company — much of which is confidential data that can be destroyed.
He’s no doubt correct that it makes good business sense to routinely purge data — both physical and digital — to guard against theft, misplacement, leaks, abuse, or whatever else. Of course, in the context of digital information, there are many folks who would like to see digital records purged more frequently to avoid growing concerns about online privacy. I think most of those concerns are over-stated, but it can’t hurt to destroy most collected information after a certain period to play it safe and keep customers happy.
Problem is, as we discussed here last week, if some lawmakers in Washington get their way, it might be illegal to do that! Quite obviously, data retention mandates are at odds with data destruction efforts. [Mitch Wagner has more coverage of the data retention debate over at Information Week and he quotes my PFF colleague Sid Rosenzweig.]
And so begins another fight over data retention. As Declan summarizes:
Republican politicians on Thursday called for a sweeping new federal law that would require all Internet providers and operators of millions of Wi-Fi access points, even hotels, local coffee shops, and home users, to keep records about users for two years to aid police investigations. The legislation, which echoes a measure proposed by one of their Democratic colleagues three years ago, would impose unprecedented data retention requirements on a broad swath of Internet access providers and is certain to draw fire from businesses and privacy advocates. […] Two bills have been introduced so far — S.436 in the Senate and H.R.1076 in the House. Each of the companion bills is titled “Internet Stopping Adults Facilitating the Exploitation of Today’s Youth Act,” or Internet Safety Act.
Julian also has coverage over at Ars and quotes CDT’s Greg Nojeim who says the data retention language is “invasive, risky, unnecessary, and likely to be ineffective.” I think that’s generally correct. Moreover, I find it ironic that at a time when so many in Congress seemingly want online providers to collect and retain LESS data about users, this bill proposes that ISPs be required to collect and retain MORE data. One wonders how those two legislative priorities will be reconciled!!
Don’t get me wrong. It’s good that Congress is taking steps to address the scourge of child pornography — especially with stiffer sentences for offenders and greater resources for law enforcement officials. Extensive data retention mandates, however, would be unlikely to help much given the ease with which bad guys will likely circumvent those requirements using alternative access points or proxies. Finally, retention mandates pose a threat to the privacy of average law-abiding citizens and impose expensive burdens of online intermediaries.
We’ve had more to say about data retention here at the TLF over the years. Here’s a few things to read: Continue reading →
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.