Yesterday, the Federal Trade Commission (FTC) released its long-awaited report on “The Internet of Things: Privacy and Security in a Connected World.” The 55-page report is the result of a lengthy staff exploration of the issue, which kicked off with an FTC workshop on the issue that was held on November 19, 2013.
I’m still digesting all the details in the report, but I thought I’d offer a few quick thoughts on some of the major findings and recommendations from it. As I’ve noted here before, I’ve made the Internet of Things my top priority over the past year and have penned several essays about it here, as well as in a big new white paper (“The Internet of Things and Wearable Technology: Addressing Privacy and Security Concerns without Derailing Innovation”) that will be published in the Richmond Journal of Law & Technology shortly. (Also, here’s a compendium of most of what I’ve done on the issue thus far.)
I’ll begin with a few general thoughts on the FTC’s report and its overall approach to the Internet of Things and then discuss a few specific issues that I believe deserve attention. Continue reading →
I’m pleased to announce the release of my latest law review article, “A Framework for Benefit-Cost Analysis in Digital Privacy Debates.” It appears in the new edition of the George Mason University Law Review. (Vol. 20, No. 4, Summer 2013)
This is the second of two complimentary law review articles I am releasing this year dealing with privacy policy. The first, “The Pursuit of Privacy in a World Where Information Control is Failing,” was published in Vol. 36 of the Harvard Journal of Law & Public Policy
this Spring. (FYI: Both articles focus on privacy claims made against private actors — namely, efforts to limit private data collection — and not on privacy rights against governments.)
My new article on benefit-cost analysis in privacy debates makes a seemingly contradictory argument: benefit-cost analysis (“BCA”) is extremely challenging in online child safety and digital privacy debates, yet it remains essential that analysts and policymakers attempt to conduct such reviews. While we will never be able to perfectly determine either the benefits or costs of online safety or privacy controls, the very act of conducting a regulatory impact analysis (“RIA”) will help us to better understand the trade-offs associated with various regulatory proposals. Continue reading →
I’m excited to announce the release of my latest law review article, “The Pursuit of Privacy in a World Where Information Control is Failing,” which appears in the next edition (vol. 36) of the Harvard Journal of Law & Public Policy. This is the first of two complimentary law review articles that I will be releasing this year dealing with privacy policy. The second, which will be published later this summer by the George Mason University Law Review, is entitled, “A Framework for Benefit-Cost Analysis in Digital Privacy Debates.” (FYI: Both articles focus on privacy claims made against private actors — namely, efforts to limit private data collection — and not on privacy rights against governments.)
The new
Harvard Journal article is divided into three major sections. Part I focuses on some of normative challenges we face when discussing privacy and argues that there may never be a widely accepted, coherent legal standard for privacy rights or harms here in the United States. It also explores the tensions between expanded privacy regulation and online free speech. Part II turns to the many enforcement challenges that are often ignored when privacy policies are being proposed or formulated and argues that legislative and regulatory efforts aimed at protecting privacy must now be seen as an increasingly intractable information control problem. Most of the problems policymakers and average individuals face when it comes to controlling the flow of private information online are similar to the challenges they face when trying to control the free flow of digitalized bits in other information policy contexts, such as online safety, cybersecurity, and digital copyright.
If the effectiveness of law and regulation is limited by the normative considerations discussed in Part I and the practical enforcement complications discussed in Part II, what alternatives remain to assist privacy-sensitive individuals? I address that question in Part III of the paper and argue that the approach America has adopted to deal with concerns about objectionable online speech and child safety offers a path forward on the privacy front as well. Continue reading →
by Adam Thierer & Berin Szoka, Progress Snaphot 6.1
Stephanie Clifford of the
New York Times posted a very interesting article this week summarizing a recent “on-the-record chat” the Times staff had with Federal Trade Commission (FTC) chairman Jon Leibowitz and FTC Bureau of Consumer Protection chief David Vladeck. The interview [discussed by Braden here] is profoundly important in that it reveals an alarming disconnect regarding the relationship between “privacy” regulation and the future of media, which were the subjects of their discussion with Times staff. Namely, Leibowitz and Vladeck apparently fail to appreciate how the delicate balance between commercial advertising and journalism is at risk precisely because of the sort of regulations they apparently are ready to adopt. Because the value of online advertising depends on data about its effectiveness and consumers’ likely interests, and because advertising is indispensable to funding media, what’s ultimately at stake here is nothing short of the future of press freedom.
The “Day of Reckoning” Is Upon Us
Leibowitz and Vladeck spend the first half of
The Times interview wringing their hands about “privacy policies,” the declarations made by websites and advertising networks about their data collection and use practices (for which the FTC can and must hold them accountable). But the two feel that privacy policies don’t adequately inform consumers. Chairman Leibowitz claims that online companies “haven’t given consumers effective notice, so they can make effective choices.” And Mr. Vladeck states that advise-and-consent models “depended on the fiction that people were meaningfully giving consent.” But he and the FTC seem ready to abandon the notice and choice model because the “literature is clear” that few people read privacy policies, Vladeck told the Times. He and Leibowitz continue:
“Philosophically, we wonder if we’re moving to a post-disclosure era and what that would look like,” Mr. Vladeck said. “What’s the substitute for it?” He said the commission was still looking into the issue, but it hoped to have an answer by June or July, when it plans to publish a report on the subject. Mr. Leibowitz gave a hint as to what might be included: “I have a sense, and it’s still amorphous, that we might head toward opt-in,” Mr. Leibowitz said.
This clearly foreshadows the regulatory endgame we have long suspected was coming. When the FTC released its “Self-Regulatory Principles for Online Behavioral Advertising” eleven months ago, we asked: “What’s the Harm & Where Are We Heading?” Their answers to both questions have become clearer with each new calculated comment—all apparently intended to slowly “turn up the heat” on the advertising industry so that the proverbial frog will stay in the pot until the water finally boils. Leibowitz’s FTC has simply dodged the “harm” question with a four-part strategy: Continue reading →
I have ranted once or twice before about the regulatory requirement that Google—a search engine—post a link to a privacy notice on its home page.
Not all computers all places may see it, but Google appears to be experimenting with a bit of javascript that leaves the page blank but for the Google image and the search field until you roll your cursor over it. But they’re leaving the privacy notice (and a copyright notice) there, probably for fear that privacy advocates will yelp about a modern-day paperwork violation.
This provides an opportunity to see the difference between a world with privacy notice regulation and one without. One is cluttered and overlawyered. The other is pure and clean and fresh.
Take a look for yourself. Which do you prefer?
This?
Or this?
I think the answer is obvious. The
only difference, mind you, is aesthetic. If Google were permitted to have a truly good looking Web site, users’ privacy would be no worse off for it because they don’t read privacy notices.
As I mentioned in a post last month, dozens of comments were filed with the Federal Communications Commission (FCC) as part of the agency’s “Child Safe Viewing Act” Notice of Inquiry. Again, this proceeding was required under the “Child Safe Viewing Act of 2007,” which Congress passed last year and President Bush signed last December. The goal of the bill and the FCC’s proceeding (MB 09-26) is to study “advanced blocking technologies” that “may be appropriate across a wide variety of distribution platforms, including wired, wireless, and Internet platforms.” I filed 150+ pages worth of comments in this matter, and here’s my analysis of why this bill and the FCC’s proceeding are worth monitoring closely.
Anyway, this week saw many of the same groups that filed before (and some new ones) file reply comments about those earlier submissions. To make things simple, I have collected most of the notable reply comments down below in case anyone is interested.
Continue reading →
Google’s new “Interest Based Advertising” (IBA) program represents the company’s first foray into what is generally called “Online Behavioral Advertising” (OBA): In order to deliver more relevant advertising, Google will begin tailoring ads delivered through AdSense on the Google Content Network (GCN) and YouTube.com (but not Google.com). This tailoring will be based on a profile of each user’s interests created by tracking their browsing activity across sites that use AdSense-but not search queries or other user information. Until now, (i) AdSense has delivered essentially “contextual” advertising by choosing which ad to display on a page based on an algorithmic analysis of keywords on that page; and (ii) Google has tracked users’ browsing only for analytics purposes-to limit the number of times a user sees a particular ad (to prevent overexposure) and to allow sequencing of ads in campaigns where one ad must follow another.
Google is sure to be attacked for crossing a “line in the sand” drawn by some privacy advocates between contextual and behavioral advertising-even though Google’s closest competitor, Yahoo!, already offers a similar program, and the concept in general is hardly new. Google’s position as the leading search engine and third party ad-delivery network will no doubt cause paroxysms of privacy hysteria among those who consider targeted advertising inherently invasive, unfair or manipulative.
But those whose first priority is advancing consumer privacy, not advancing a political or regulatory agenda, should applaud Google for excluding sensitive categories and for putting the new Ad Preference Manager at the core of the company’s new IBA program. The Ad Preference Manager sets a new “gold standard” for implementing the principles of Notice and Choice, which have formed the core of both OBA industry self-regulation and the various regulatory proposals made in recent years. Indeed, Google has done precisely what Adam Thierer and I have called for: giving consumers more granular control over their own privacy preferences by developing better tools.
Continue reading →
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.
Reply Comments in FCC’s “Child Safe Viewing Act” Notice of Inquiry
by Adam Thierer on May 20, 2009 · 17 comments
As I mentioned in a post last month, dozens of comments were filed with the Federal Communications Commission (FCC) as part of the agency’s “Child Safe Viewing Act” Notice of Inquiry. Again, this proceeding was required under the “Child Safe Viewing Act of 2007,” which Congress passed last year and President Bush signed last December. The goal of the bill and the FCC’s proceeding (MB 09-26) is to study “advanced blocking technologies” that “may be appropriate across a wide variety of distribution platforms, including wired, wireless, and Internet platforms.” I filed 150+ pages worth of comments in this matter, and here’s my analysis of why this bill and the FCC’s proceeding are worth monitoring closely.
Anyway, this week saw many of the same groups that filed before (and some new ones) file reply comments about those earlier submissions. To make things simple, I have collected most of the notable reply comments down below in case anyone is interested. Continue reading →