“The quickest way to find out who your enemies are is to try doing something new.” Thus begins Innovation and Its Enemies, an ambitious new book by Calestous Juma that will go down as one of the decade’s most important works on innovation policy.

Juma, who is affiliated with the Harvard Kennedy School’s Belfer Center for Science and International Affairs, has written a book that is rich in history and insights about the social and economic forces and factors that have, again and again, lead various groups and individuals to oppose technological change. Juma’s extensive research documents how “technological controversies often arise from tensions between the need to innovate and the pressure to maintain continuity, social order, and stability” (p. 5) and how this tension is “one of today’s biggest policy challenges.” (p. 8)

What Juma does better than any other technology policy scholar to date is that he identifies how these tensions develop out of deep-seated psychological biases that eventually come to affect attitudes about innovations among individuals, groups, corporations, and governments. “Public perceptions about the benefits and risks of new technologies cannot be fully understood without paying attention to intuitive aspects of human psychology,” he correctly observes. (p. 24)

Opposition to Change: It’s All in Your Head

Juma documents, for example, how “status quo bias,” loss aversion, and other psychological tendencies tend to encourage resistance to technological change. [Note: I discussed these and other “root-cause” explanations of opposition to technological change in Chapter 2 of my book, Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom, as well as in my 2012 law review article on “Technopanics, Threat Inflation, and the Danger of an Information Technology Precautionary Principle.”]  Juma notes, for example, that “society is most likely to oppose a new technology if it perceives that the risks are likely to occur in the short run and the benefits will only accrue in the long run.” (p. 5) Moreover, “much of the concern is driven by perception of loss, not necessarily by concrete evidence of loss.” (p. 11)

Juma’s approach to innovation policy studies is strongly influenced by the path-breaking work of Austrian economist Joseph Schumpeter, who long ago documented how entrepreneurial activity and the “perennial gales of creative destruction” were the prime forces that spurred innovation and propelled society forward. But Schumpeter was also one of the first scholars to realize that psychological fears about such turbulent change was what ultimately lead to much of the short-term opposition to new technologies that, in due time, we eventually come to see as life-enriching or even life-essential innovations.  Juma uses Schumpeter’s insight as the launching point for his exploration and he successfully verifies it using meticulously-detailed case studies.

Case Study-Driven Analysis

My favorite case study in the book discusses how the dairy industry fought the creation and spread of margarine (excuse the pun!). I had no idea how ugly that situation got, but Juma provides all the gory details in what I consider one of the very best crony capitalist case studies ever penned.

In particular, in a subsection of that chapter entitled “The Laws against Margarine,” he provides a litany of examples of how effective the dairy industry was in convincing lawmakers to enact ridiculous anti-consumer regulations to stop margarine, even though the product offered the public a much-needed, and much more affordable, substitute for traditional butter. At one point, the daily industry successfully lobbied five states to adopt rules mandating that any imitation butter product had to be dyed pink! Other states enacted labelling laws that required butter substitutes to come in ominous-looking black packaging. Again, all this was done at the request of the incumbent dairy industry and the National Dairy Council, which would resort to almost any sort of deceptive tactic to keep a cheaper competing product out of the hands of consumers.

And so it goes in chapter after chapter of Juma’s book. The amount of detail in each of these unique case studies is absolutely stunning, but they nonetheless remain highly readable accounts of sectoral protectionism, special interest rent-seeking, and regulatory capture. In this way, Juma is plowing some familiar ground already covered by other economic historians and political scientists, such as Joel Mokyr and Mancur Olson, both of whom are mentioned in the book, as well as a long line of public choice scholars who are, somewhat surprisingly, not discussed in the text. Nonetheless, Juma’s approach is still fresh, unique, and highly informative. In fact, I don’t think I’ve ever seen so many distinct and highly detailed case studies assembled in one place by a single scholar.  What Juma has done here is truly impressive.

Related Innovation Policy Paradigms

Beyond Schumpeter’s clear influence, Juma’s approach to studying innovation policy also shares a great deal in common with two other unmentioned innovation policy scholars, Virginia Postrel and Robert D. Atkinson.

Postrel’s 1998 book, The Future and Its Enemies, contrasted the conflicting worldviews of “dynamism” and “stasis” and showed how the tensions between these two visions would affect the course of human affairs. She made the case for embracing dynamism — “a world of constant creation, discovery, and competition” — over the “regulated, engineered world” of the stasis mentality. Similarly, in his 2004 book, The Past and Future of America’s Economy, Atkinson documented how “American history is rife with resistance to change,” and in recounting some of the heated battles over previous technological revolutions he showed how two camps were always evident: “preservationists” and “modernizers.”

When Juma repeatedly recounts the fight between “innovation and incumbency” in his case studies, he is essentially describing the same paradigmatic divide that Postrel and Atkinson highlight in their works when they discuss “dynamist” vs. “stasis” tensions and the “modernizers” vs. “preservationists” battles that we have seen throughout history. [Note: In my 2014 essay on, “Thinking about Innovation Policy Debates: 4 Related Paradigms,” I discussed Postrel and Atkinson’s books and other approaches to understanding tech policy divisions and then related them to the paradigms I contrast in my work: the so-called “precautionary principle” vs. “permissionless Innovation” mindsets.]

Finally, Juma’s book could also be compared to another freshly released book, The Politics of Innovation, by Mark Zachary Taylor. Taylor’s book is also essential reading on this lamentable history of industrial protectionism and the resulting political opposition to change we have seen over time. [Note: Brent Skorup and provided many other high-tech cronyist case studies like these in our 2013 law review article, “A History of Cronyism and Capture in the Information Technology Sector.”]

To counter the prevalence of special interest influence and poor policymaking more generally, Juma stresses the need for evidence-based analysis and a corresponding rejection of fear-mongering and deceptive tactics by public officials and activist groups. He’s particularly concerned with “the use of demonization and false analogies to amplify the perception of risks associated with a new product.”

Accordingly, he would like to see improved educational and risk communication efforts aimed at better informing the public about risk trade-offs and the many potential future benefits of emerging technologies. “Learning how to communicate to the general public is an important aspect of reducing distrust [in new technologies],” Juma argues. (p. 312)

On the Pacing Problem

But Juma never really adequately squares that recommendation with another point he makes throughout the text about how “the pace of technological innovation is discernibly fast,” (p. 5) and how it is accelerating in an exponential fashion. “The implications of exponential growth will continue to elude political leaders if they persist in operating with linear worldviews.” (p. 14) But if it is indeed the case that things are moving that fast, then are we not potentially doomed to live in never-ending cycles of technopanics and misinformation campaigns about new technologies no matter how much education we try to do?

Regardless, Juma’s argument about the speed of modern technological change is quite valid and shared by many other scholars. He is essentially making the same case that Larry Downes did in his excellent 2009 book, The Laws of Disruption: Harnessing the New Forces That Govern Life and Business in the Digital Age. Downes argued that lawmaking in the information age is inexorably governed by the “law of disruption” or the fact that “technology changes exponentially, but social, economic, and legal systems change incrementally.”  This law, Downes said, is “a simple but unavoidable principle of modern life,” and it will have profound implications for the way businesses, government, and culture evolve going forward.  “As the gap between the old world and the new gets wider,” he argued, “conflicts between social, economic, political, and legal systems” will intensify and “nothing can stop the chaos that will follow.”

Again, Juma makes that same point repeatedly throughout the chapters of his book. This is also a restatement of the so-called “pacing problem,” as it is called in the field of the philosophy of technology. I discussed the pacing problem at length in my recent review of Wendell Wallach’s important new book, A Dangerous Master: How to Keep Technology from Slipping beyond Our Control. Wallach nicely defined the pacing problem as “the gap between the introduction of a new technology and the establishment of laws, regulations, and oversight mechanisms for shaping its safe development.” “There has always been a pacing problem,” he noted but, like Juma, Wallach believes that modern technological innovation is occurring at an unprecedented pace, making it harder than ever to “govern” using traditional legal and regulatory mechanisms.

New Approaches to Technological Governance Needed

Both Wallach in A Dangerous Master and Juma in Innovation and Its Enemies struggle with how to solve this problem. Wallach advocates “soft law” mechanisms or even informal “Governance Coordinating Committees,” which would oversee the development of new technology policies and advise existing governmental institutions. Juma is somewhat ambiguous regarding potential solutions, but he does stress the general need for a flexible approach to policy, as he notes on pg. 252:

It is important to make clear distinctions between hazards and risks. It is necessary to find a legal framework for addressing hazards. But such a framework should not take the form of rigid laws whose adoption needs to be guided by evidence of harm. More flexible standards that allow continuous assessment of emerging safety issues related to a new product are another way to address hazards. This approach would allow for evidence-based regulation.

Beyond that Juma wants to see “entrepreneurialism exercised in the public arena” (p. 282) and calls for “decisive leaders to champion the application of new technologies.” (p. 283) He argues such leadership is needed to ensure that life-enriching technologies are not derailed by opponents of change.

On the other hand, Juma sees a broader role for policymakers in helping to counter some of the potential side effects associated with many emerging technologies. He highlights three primary areas of concern. First, he suggests political leaders might need to find ways “to help balance the benefits and risks of automation” due to the rapid rise of robotics and artificial intelligence. Second, he notes that synthetic biology and gene-editing will give rise to many thorny issues that require policymakers to balance “potentially extraordinary benefits and the risk of catastrophic consequences.” (p. 284)  Finally, he points out that medicine and healthcare are set to be radically transformed by emerging technologies, but they are also threatened by archaic policies and practices in many countries.

In each case, Juma hopes that “decisive,” “adaptive” and “flexible” leaders will steer a sensible policy course with an eye toward limiting “the spread of political unrest and resentment toward technological innovation.” (p. 284)  That’s a noble goal, but Juma remains a bit vague on the steps needed to accomplish that balancing act without tipping public policy in favor a full-blown precautionary principle-based regime for new technologies. Juma clearly wants to avoid that result, but it remains unclear how or where he would draw clear lines in the sand to prevent it from occurring while at the same time achieving “decisive leadership” aimed at balancing potential risks and benefits.

Similarly, his repeated calls in the closing chapter for “inclusive innovation” efforts and strategies sounds sensible in theory, but Juma speaks in abstract generalities about what the term means and doesn’t provide a clear vision for how that would translate into concrete actions that would not end up giving vested interests a veto over new forms of technological innovation that they disfavor.

Nothing Ventured, Nothing Gained

Generally speaking, however, Juma wants this balance struck in favor of greater openness to change and an ongoing freedom to experiment with new technological capabilities. As he notes in his concluding chapter:

The biggest risk that society faces by adopting approaches that suppress innovation is that they amplify the activities of those who want to preserve the status quo by silencing those arguing for a more open future. […] Keeping the future open and experimenting in an inclusive and transparent way is more rewarding that imposing the dictum of old patterns. (pgs. 289, 316)

In that regard, the thing I liked most about Innovation and Its Enemies is the way throughout the text that Juma stressed the symbiotic relationship between risk-taking and progress. One of the ways he does so is by kicking off every chapter with a fun quote on that theme from some notable figure. He includes gems like these:

• “Nothing will ever be attempted if all possible objections must be first overcome.” – Samuel Johnson
• “Only those will risk going too far can possibly find out how far one can go.” – T.S. Eliot
• “If you risk nothing, then you risk everything.” – Geena Davis
• “Test fast, fail fast, adjust fast.” – Tom Peters

Of course, I was bound to enjoy his repeated discussion of this theme because that was the central thesis of my latest book, in which I made the argument that, “if we spend all our time living in constant fear of worst-case scenarios—and premising public policy upon such fears—then many best-case scenarios will never come about.” Or more simply, as the old saying goes: “nothing ventured, nothing gained.”

On Pastoral Myths

I also liked the way that Juma used his case studies to remind us how “the topics may have changed, but the tactics have not.” (p. 143) For example, much of the fear-mongering and deceptive tactics we have seen through the years are based on “pastoral ideals,” i.e., appeals to nature, farm life, old traditions, of just the proverbial “good old days,” whenever those supposedly were! “Demonizing innovation is often associated with campaigns to romanticize past products and practices,” Juma notes. “Opponents of innovation hark back to traditions as if traditions themselves were not inventions at some point in the past.” (p. 309)  So very true!

That was especially the case in battles over new farming methods and technologies, when opponents of change were frequently “championing a moral cause to preserve a way of life,” as Juma discusses in several chapters. (p. 129) New products or methods of production were repeatedly but wrongly characterized as dangerous simply because they were not supposedly “natural” or “traditional” enough in character.

Of course, if all farming and other work was to remain frozen in some past “natural” state, we’d all still be hunters and gathers struggling to find the next meal to put in our bellies. Or, if we were all still on the farms of the “good old days,” then we’d still be stuck using an ox and plow in the name of preserving the “traditional” ways of doing things.

Humanity has made amazing strides—including being able to feed more people more easily and cheaply than ever before—precisely because we broke with those old, “natural” traditions. Alas, many vested interests and even quite a few academics today still employ these same pastoral appeals and myths to oppose new forms of technological change. Juma’s case studies powerfully illustrate why that dynamic continues to be a driving force in innovation policy debates and how it has delayed the diffusion of many important new goods and services throughout history. When the opponents of change rest their case on pastoral myths and nostalgic arguments about the good old days we should remind them that the good old days weren’t really that great after all.

Conclusion

In closing, Innovation and Its Enemies earns my highest recommendation. Even though 2016 is only half done as I write this, Professor Juma’s book is probably already a shoo-in as my choice for best innovation policy book of the year. And I am certain that it will also go down as one of the decade’s most important innovation policy books. Buy the book now and read every word of it. It is well worth your time.

Additional material related to Juma’s book:

• Calestous Juma’s website at the Harvard Kennedy School
• Official book page for Innovation and Its Enemies
• Concise summary of the book from AAAS: “Why important innovations stall; understanding obstacles to change is key to future”
• Steven Overly, “Humans once opposed coffee and refrigeration. Here’s why we often hate new stuff,” Washington Post, July 21, 2016.
• Matt Ridley’s review of the book for The Times of London.

Other Related Books

In addition to the books that I already mentioned throughout this review, readers who find Juma’s book and the issues he discusses in it of interest should also consider reading these other books on innovation policy, technological governance, and regulatory capture.  Although many of them are more squarely focused on the information technology sector or other emerging technology fields, they all relate to the general subject matter and approach found throughout Juma’s book. [NOTE: Links, where provided, are to my reviews of these books.]

• The Inevitable: Understanding the 12 Technological Forces That Will Shape Our Future, by Kevin Kelly (2016)
• Innovative Governance Models for Emerging Technologies, Gary E. Marchant, Kenneth W. Abbott & Braden Allenby (eds.), (2013)
• Consent of the Networked: The Worldwide Struggle for Internet Freedom ,by Rebecca MacKinnon (2012)
• Networks and States: The Global Politics of Internet Governance, by Milton Mueller (2010)
• The Master Switch: The Rise and Fall of Information Empires, by Tim Wu (2010)
• The Rational Optimist: How Prosperity Evolves, by Matt Ridley (2010)
• Blown to Bits: Your Life, Liberty, and Happiness After the Digital Explosion, by Hal Abelson, Ken Ledeen, and Harry Lewis (2008)
• Radical Evolution: The Promise and Peril of Enhancing Our Minds, Our Bodies — and What It Means to Be Human, by Joel Garreau (2005)
• The Creation of Media, by Paul Starr (2005)
• Ruling the Waves: Cycles of Discovery, Chaos, and Wealth from the Compass to the Internet, by Debora Spar (2004)
• Questioning Technology, by Andrew Feenberg (1999)
• Thinking through Technology: The Path between Engineering and Philosophy, by Carl Mitcham (1994)
• Technologies of Freedom: On Free Speech in an Electronic Age, by Ithiel de Sola Pool (1983)

Wallach’s latest book is entitled, A Dangerous Master: How to Keep Technology from Slipping beyond Our Control. And, as I’ve noted here recently, the greatly expanded second edition of my latest book, Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom, has just been released.

Of all the books of technological criticism or skepticism that I’ve read in recent years—and I have read stacks of them!— A Dangerous Master is by far the most thoughtful and interesting. I have grown accustomed to major works of technological criticism being caustic, angry affairs. Most of them are just dripping with dystopian dread and a sense of utter exasperation and outright disgust at the pace of modern technological change.

Although he is certainly concerned about a wide variety of modern technologies—drones, robotics, nanotech, and more—Wallach isn’t a purveyor of the politics of panic. There are some moments in the book when he resorts to some hyperbolic rhetoric, such as when he frets about an impending “techstorm” and the potential, as the book’s title suggests, for technology to become a “dangerous master” of humanity. For the most part, however, his approach is deeper and more dispassionate than what is found in the leading tracts of other modern techno-critics.

Many Questions, Few Clear Answers

Wallach does a particularly good job framing the major questions about emerging technologies and their effect on society. “Navigating the future of technological possibilities is a hazardous venture,” he observes. “It begins with learning to ask the right questions—questions that reveal the pitfalls of inaction, and more importantly, the passageways available for plotting a course to a safe harbor.” (p. 7) Wallach then embarks on a 260+ page inquiry that bombards the reader with an astonishing litany of questions about the wisdom of various forms of technological innovation—both large and small. While I wasn’t about to start an exact count, I would say that the number of questions Wallach poses in the book runs well into the hundreds. In fact, many paragraphs of the book are nothing but an endless string of questions.

Thus, if there is a primary weakness with A Dangerous Master, it’s that Wallach spends so much time formulating such a long list of smart and nuanced questions that some readers may come away disappointed when they do not find equally satisfying answers. On the other hand, the lack of clear answers is also completely understandable because, as Wallach notes, there really are no simple answers to most of these questions.

Just Slow Down!

Moving on to substance, let me make clear where Wallach and I generally see eye-to-eye and where we part ways.

Generally speaking, we agree about the need to come up with better “soft governance” systems for emerging technologies, which might include multistakeholder process, developer codes of conduct, sectoral self-regulation, sensible liability rules, and so on. (More on those strategies in a moment.)

But while we both believe it is wise to consider how we might “bake-in” better ethics and norms into the process of technological development, Wallach seems much more inclined than me to expect that we will be able to pre-ordain (or potentially require?) all this happens before much of this experimentation and innovation actually moves forward. Wallach opens by asking:

Determining when to bow to the judgment of experts and whether to intervene in the deployment of a new technology is certainly not easy. How can government leaders or informed citizens effectively discern which fields of research are truly promising and which pose serious risks? Do we have the intelligence and means to mitigate the serious risks that can be anticipated? How should we prepare for unanticipated risks? (p. 6)

Again, many good questions here! But this really gets to the primary difference between Wallach’s preferred approach and my own: I tend to believe that many of these things can only be worked out through ongoing trial and error, the constant reformulation of the various norms that govern the process of innovation, and the development of sensible ex post solutions to some of the most difficult problems posed by turbulent technological change.

By contrast, Wallach’s generally attitude toward technological evolution is probably best summarized by the phrases: “Slow down!” and, “Let’s have a conversation about it first!” As he puts it in his own words: “Slowing down the accelerating adoption of technology should be done as a responsible means to ensure basic human safety and to support broadly shared values.” (p. 13)

But I tend to believe that it’s not always possible to preemptively determine which innovations to slow down, or even how to determine what those “shared values” are that will help us make this determination. More importantly, I worry that there are very serious potential risks and unintended consequences associated with slowing down many forms of technological innovation, which could improve human welfare in important ways. There can be no prosperity, after all, without a certain degree of risk-taking and disruption.

Getting Out Ahead of the Pacing Problem

Yet, what concerns Wallach most is the much-discussed issue from the field of the philosophy of technology, the so-called “pacing problem.” Wallach concisely defines the pacing problem as “the gap between the introduction of a new technology and the establishment of laws, regulations, and oversight mechanisms for shaping its safe development.” (p. 251) “There has always been a pacing problem,” he notes, but he is concerned that technological innovation—especially highly disruptive and potentially uncontrollable forms of innovation—is now accelerating at an absolutely unprecedented pace.

(Just as an aside for all the philosophy nerds out there…  Such a rigid belief in the “pacing problem” represents a techno-deterministic viewpoint that is, ironically, sometimes shared by technological skeptics like Wallach as well as technological optimists like Larry Downes and even many in the middle of this debate, like Vivek Wadhwa. See, for example, The Laws of Disruption by Downes and “Laws and Ethics Can’t Keep Pace with Technology” by Wadhwa. Although these scholars approach technology ethics and politics quite differently, they all seem to believe that the pace of modern technological change is so relentless as to almost be an unstoppable force of nature. I guess the moral of the story is that, to some extent, we’re all technological determinists now!)

Despite his repeated assertions that modern technologies are accelerating at such a potentially uncontrollable pace, Wallach nonetheless hopes we can achieve some semblance of control over emerging technologies before they reach a critical “inflection point.” In the study of history and science, an inflection point generally represents a moment when a situation and trend suddenly changes in a significant way and things begin moving rapidly in a new direction. These inflections points can sometimes develop quite abruptly, ushering in major changes by creating new social, economic, or political paradigms. As it relates to technology in particular, inflection points can refer to the moment with a particular technology achieves critical mass in terms of adoption or, more generally, to the time when that technology begins to profoundly transform the way individuals and institutions act.

Another related concept that Wallach discusses is the so-called “Collingridge dilemma,” which refers to the notion that it is difficult to put the genie back in the bottle once a given technology has reached a critical mass of public adoption or acceptance. The concept is named after David Collingridge, who wrote about this in his 1980 book, The Social Control of Technology. “The social consequences of a technology cannot be predicated early in the life of the technology,” Collingridge argued. “By the time undesirable consequences are discovered, however, the technology is often so much part of the whole economics and social fabric that its control is extremely difficult.”

On “Having a Discussion” & Coming Up with “a Broad Plan”

These related concepts of inflection points and the Collingridge dilemma constitute the operational baseline of Wallach’s worldview. “In weighing speedy development against long-term risks, speedy development wins,” he worries. “This is particularly true when the risks are uncertain and the perceived benefits great.” (p. 85)

Consequently, throughout his book, Wallach pleads with us to take what I will call Technological Time Outs. He says we need to pause at times so that we can have “a full public discussion” (p. 13) and make sure there is a “broad plan in place to manage our deployment of new technologies” (p. 19) to make sure that innovation happens only at “a humanly manageable pace” (p. 261) “to fortify the safety of people affected by unpredictable disruptions.” (p. 262) Wallach’s call for Technological Time Outs is rooted in his belief that “the accelerating pace [of modern technological innovation] undermines the quality of each of our lives.” (p. 263)

That is Wallach’s weakest assertion in the book and he doesn’t really offer much evidence to prove that the velocity of modern technological is hurting us rather than helping us, as many of us believe. Rather, he treats it as a widely accepted truism that necessitates some sort of collective effort to slow things down if the proverbial genie is about to exit the bottle, or to make sure those genies don’t get out of their bottles without a lot of preemptive planning regarding how they are to be released into the world. In the following passage on pg. 72, Wallach very succinctly summarizes his approach recommended throughout A Dangerous Master:

this book will champion the need for more upstream governance: more control over the way that potentially harmful technologies are developed or introduced into the larger society. Upstream management is certainly better than introducing regulations downstream, after a technology is deeply entrenched or something major has already gone wrong. Yet, even when we can access risks, there remain difficulties in recognizing when or determining how much control should be introduced. When does being precautionary make sense, and when is precaution an over-reaction to the risks? (p. 72)

Those who have read my Permissionless Innovation book will recall that I open by framing innovation policy debates in almost exactly the same way as Wallach suggests in that last line above. I argue in the first lines of my book that:

The central fault line in innovation policy debates today can be thought of as ‘the permission question.’  The permission question asks: Must the creators of new technologies seek the blessing of public officials before they develop and deploy their innovations? How that question is answered depends on the disposition one adopts toward new inventions and risk-taking, more generally.  Two conflicting attitudes are evident. One disposition is known as the ‘precautionary principle.’ Generally speaking, it refers to the belief that new innovations should be curtailed or disallowed until their developers can prove that they will not cause any harm to individuals, groups, specific entities, cultural norms, or various existing laws, norms, or traditions. The other vision can be labeled ‘permissionless innovation.’ It refers to the notion that experimentation with new technologies and business models should generally be permitted by default. Unless a compelling case can be made that a new invention will bring serious harm to society, innovation should be allowed to continue unabated and problems, if any develop, can be addressed later.

So, by contrasting these passages, you can see what I am setting up here is a clash of visions between what appears to be Wallach’s precautionary principle-based approach versus my own permissionless innovation-focused worldview.

How Much Formal Precaution?

But that would be a tad bit too simplistic because just a few paragraphs after Wallach makes the statement just above about “upstream management” being superior to ex post solutions formulated “after a technology is deeply entrenched,” Wallach begins slowly backing away from an overly-rigid approach to precautionary principle-based governance of technological processes and systems.

He admits, for example, that “precautionary measures in the form of regulations and governmental oversight can slow the development of research whose overall society impact will be beneficial,” (p. 26) and that can “be costly” and “slow innovation.” For countries, Wallach admits, this can have real consequences because “Countries with more stringent precautionary policies are at a competitive disadvantage to being the first to introduce a new tool or process.” (p. 74)

So, he’s willing to admit that what we might call a hard precautionary principle usually won’t be sensible or effective in practice, but he is far more open to soft precaution. But this is where real problems begin to develop with Wallach’s approach, and it presents us with a chance to turn the tables on him a bit and begin posing some serious questions about his vision for governing technology.

Much of what follows below are my miscellaneous ramblings about the current state of the intellectual dialogue about tech ethics and technological control efforts. I have discussed these issues at greater length in my new book as well as a series of essays here in past years, most notably: “On the Line between Technology Ethics vs. Technology Policy; “What Does It Mean to “Have a Conversation” about a New Technology?”; and, “Making Sure the “Trolley Problem” Doesn’t Derail Life-Saving Innovation.”

As I’ve argued in those and other essays, my biggest problem with modern technological criticism is that specifics are in scandalously short supply in this field! Indeed, I often find the lack of details in this arena to be utterly exasperating. Most modern technological criticism follows a simple formula:

TECHNOLOGY –>> POTENTIAL PROBLEMS –>> DO SOMETHING!

But almost all the details come in the discussion about the nature of the technology in question and the apparent many problems associated with it. Far, far less thought goes into the “DO SOMETHING!” part of the critics’ work. One reason for that is probably self-evident: There are no easy solutions. Wallach admits as much at many junctures throughout the book. But that doesn’t excuse the need for the critics to give us a more concrete blueprint for identifying and then potentially rectifying the supposed problems.

Of course, the other reason that many critics are short of specifics is because what they really mean when they quip how much we need to “have a conversation” about a new disruptive technology is that we need to have a conversation about stopping that technology.

Where Shall We Draw the Line between Hard and Soft Law?

But this is what I found most peculiar about Wallach’s book: He never really gives us a good standard by which to determine when we should look to hard governance (traditional top-down regulation) versus soft governance (more informal, bottom-up and non-regulatory approaches).

On one hand, he very much wants society to exercise greatly restraint and precaution when it comes to many of the technologies he and others worry about today. Again, he’s particularly concerned about the potential runaway development and use of drones, genetic editing, nanotech, robotics, and artificial intelligence. For at least one class of robotics—autonomous military robots—Wallach does call for immediate policy action in the form of an Executive Order to ban “killer” autonomous systems. (Incidentally, there’s also a major effort underway called the “Campaign to Stop Killer Robots” that aims to make such a ban part of international law through a multinational treaty.)

But Wallach also acknowledges the many trade-offs associated with efforts to preemptively controls on robotics and other technology. Perhaps for that reason, Wallach doesn’t develop a clear test for when the Precautionary Principle should be applied to new forms of innovation.

Clearly there are times when it is appropriate, although I believe it is only in an extremely narrow subset of cases. In the 2 ^nd Edition of my Permissionless Innovation book, I tried to offer a rough framework for when formal precautionary regulation (i.e., highly-restrictive policy defaults are necessary, such as operational restrictions, licensing requirements, research limitations, or even formal bans) might be necessary. I do not want to interrupt the flow of this review of Wallach’s book too much, so I have decided to just cut-and-paste that portion of Chapter 3 of my book (“When Does Precaution Make Sense?”) down below as an appendix to this essay.

The key takeaway of that passage from my book is that all of us who study innovation policy and the philosophy of technology—Wallach, myself, the whole darn movement—have done a remarkably poor job being specific about precisely when formal policy precaution is warranted. What is the test? All too often, we get lazy and apply what we might call an “I-Know-It-When-I-See-It” standard. Consider the possession of bazookas, tanks, and uranium. Almost all of us would agree that citizens should not be allowed to possess or use such things. Why? Well, it seems obvious, right? They just shouldn’t! But what is the exact standard we use to make that determination.

In coming years, I plan on spending a lot more time articulating a better test by which Precautionary Principle-based policies could be reasonably applied. Those who know me may be taken aback by what I just said. After all, I’ve spend many years explaining why Precautionary Principle-based thinking threatens human prosperity and should be rejected in the vast majority of cases. But that doesn’t excuse the lack of a serious and detailed exploration of the exact standard by which we determine when we should impose some limits on technological innovation.

Generally speaking, while I strongly believe that “permissionless innovation” should remain the policy default for most technologies, there certainly exists some scenarios where the threat of harm associated with a new innovation might be highly probable, tangible, immediate, irreversible, and catastrophic in nature. If so, that could qualify it for at least a light version of the Precautionary Principle. In a future paper or book chapter I’m just now starting to research, I hope to fuller develop those qualifiers and formulate a more robust test around them.

I would have very much liked to see Wallach articulate and defend a test of his own for when formal precaution would make sense. And, by extension, when should we default to soft precaution, or soft law and informal governance mechanisms for emerging technologies.

We turn to that issue next.

Toward Soft Governance & the Engineering of Better Technological Ethics

Even though Wallach doesn’t provide us with a test for determining when precaution makes sense or when we should instead default to soft governance, he does a much better job explaining the various models of soft law or informal governance that might help us deal with the potential negative ramifications of highly disruptive forms of technological change.

What Wallach proposes, in essence, is that we bake a dose of precautionary directly into the innovation process through a wide variety of informal governance/oversight mechanisms. “By embedding shared values in the very design of new tools and techniques, engineers improve the prospect of a positive outcome,” he claims. “The upstream embedding of shared values during the design process can ease the need for major course adjustments when it’s often too late.” (p. 261)

Wallach’s favored instrument of soft governance is what he refers to as “Governance Coordinating Committees” (GCCs). These Committees would coordinate “the separate initiatives by the various government agencies, advocacy groups, and representatives of industry” who would serve as “issue managers for the comprehensive oversight of each field of research.” (p. 250) He elaborates and details the function of GCCs as follows:

These committees, led by accomplished elders who have already achieved wide respect, are meant to work together with all the interested stakeholders to monitor technological development and formulate solutions to perceived problems. Rather than overlap with or function as a regulatory body, the committee would work together with existing institutions. (p. 250-51)

Wallach discussed the GCC idea in much greater detail in a 2013 book chapter he penned with Gary E. Marchant for a collected volume of essays on Innovative Governance Models for Emerging Technologies. (I highly recommend you pick up that book if you can afford it! Many terrific essays in that book on these issues.) In their chapter, Marchant and Wallach specify some of the soft law mechanisms we might use to instill a bit of precaution preemptively. These mechanisms include: “codes of conduct, statements of principles, partnership programs, voluntary programs and standards, certification programs and private industry initiatives.”

If done properly, GCCs could provide exactly the sort of wise counsel and smart recommendations that Wallach desires. In my book and many law review articles on various disruptive technologies, I have endorsed many of the ideas and strategies Wallach identifies. I’ve also stressed the importance of many other mechanisms, such as education and empowerment-based strategies that could help the public learn to cope with new innovations or use them appropriately. In addition, I’ve highlighted the many flexible, adaptive ex post remedies that can help when things go wrong. Those mechanisms include common law remedies such as product defects law, various torts, contract law, property law, and even class action lawsuits. Finally, I have written extensively about the very active role played by the Federal Trade Commission (FTC) and other consumer protection agencies, which have broad discretion to police “unfair and deceptive practices” by innovators.

Moreover, we already have a quasi-GCC model developing today with the so-called “multistakeholder governance” model that is often used in both informal and formal ways to handle many emerging technology policy issues.  The Department of Commerce (the National Telecommunications and Information Administration in particular) and the FTC have already developed many industry codes of conduct and best practices for technologies such as biometrics, big data, the Internet of Things, online advertising, and much more. Those agencies and others (such as the FDA and FAA) are continuing to investigate other codes or guidelines for things like advanced medical devices and drones, respectively. Meanwhile, I’ve heard other policymakers and academics float the idea of “digital ombudsmen,” “data ethicists,” and “private IRBs” (institutional review boards) as other potential soft law solutions that technology companies might consider. Perhaps going forward, many tech firms will have Chief Ethical Officers just as many of them today have Chief Privacy Officers or Chief Security Officers.

In other words, there’s already a lot of “soft law” activities going on in this space. And I haven’t even begun an inventory of the many other bodies or groups that already exist in each sector today that has set forth their own industry self-regulatory codes, but they exist in almost every field that Wallach worries about.

So, I’m not sure how much his GCC idea will add to this existing mix, but I would not be opposed to them playing the sort of coordinating “issue manager” role he describes. But I still have many questions about GCC’s, including:

• How many of them are needed and how we will know which one is the definitive GCC for each sector or technology?
• If they are overly formal in character and dominated by the most vociferous opponents of any particular technology, a real danger exists that a GCC could end up granting a small cabal a “heckler’s veto” over particular forms of innovation.
• Alternatively, the possibility of “regulatory capture” could be a problem for some GCCs if incumbent companies come to dominate their membership.
• Even if everything went fairly smoothly and the GCCs produced balanced reports and recommendations, future developers might wonder if and why they are to be bound by older guidelines.
• And if those future developers choose not to play by the same set of guidelines, what’s the penalty for non-compliance?
• And how are such guidelines enforced in a world where what I’ve called “global innovation arbitrage” is an increasing reality?

Challenging Questions for Both Hard and Soft Law

To summarize, whether we are speaking of “hard” or “soft” law approaches to technological governance, I am just not nearly as optimistic as Wallach seems to be that we will be able to find consensus on these three things:

(1) what constitutes “harm” in many of these circumstances;

(2) which “shared values” should prevail when “society” debates the shaping of ethics or guiding norms for emerging technologies but has highly contradictory opinions about those values (consider online privacy as a good example, where many people enjoy hyper-sharing while other demand hyper-privacy); and,

(3) that we can create a legitimate “governing body” (or bodies) that will be responsible for formulating these guidelines in a fair way without completely derailing the benefits of innovation in new fields and also remaining relevant for very long.

Nonetheless, as he and others have suggested, the benefit of adopting a soft law/informal governance approach to these issues is that it at least seeks to address these questions in more flexible and adaptive fashion. As I noted in my book, traditional regulatory systems “tend to be overly rigid, bureaucratic, inflexible, and slow to adapt to new realities. They focus on preemptive remedies that aim to predict the future, and future hypothetical problems that may not ever come about. Worse yet, administrative regulation generally preempts or prohibits the beneficial experiments that yield new and better ways of doing things.” ( Permissionless Innovation, p. 120)

So, despite the questions I have raised here, I welcome the more flexible soft law approach that Wallach sets forth in his book. I think it represents a far more constructive way forward when compared to the opposite “top-down” or “command-and-control” regulatory systems of the past. But I very much want to make sure that even these new and more flexible soft law approaches leave plenty of breathing room for ongoing trial-and-error experimentation with new technologies and systems.

Conclusion

In closing, I want to reiterate that not only did I appreciate the excellent questions raised by Wendell Wallach in A Dangerous Master, but I take them very seriously. When I sat down to revise and expand my Permissionless Innovation book last year, I decided to include this warning from Wallach in my revised preface: “The promoters of new technologies need to speak directly to the disquiet over the trajectory of emerging fields of research. They should not ignore, avoid, or superficially dampen criticism to protect scientific research.” (p. 28–9)

As I noted, in response to Wallach: “I take this charge seriously, as should others who herald the benefits of permissionless innovation as the optimal default for technology policy. We must be willing to take on the hard questions raised by critics and then also offer constructive strategies for dealing with a world of turbulent technological change.”

Serious questions deserve serious answers. Of course, sometimes those posing those questions fail to provide many answers of their own! Perhaps it is because they believe the questions answer themselves. Other times, it’s because they are willing to admit that easy answers to these questions typically prove quite elusive. In Wallach’s case, I believe it’s more the latter.

To wrap up, I’ll just reiterated that both Wallach and I share a common desire to find solutions to the hard questions about technological innovation. But the crucial question that probably separates his worldview and my own is this: Whether we are talking about hard or soft governance, how much faith should we place in preemptive planning vs. ongoing trial and error experimentation to solve technological challenges? Wallach is more inclined to believe we can divine these things with the sagacious foresight of “accomplished elders” and technocratic “issue managers,” who will help us slow things down until we figure out how to properly ease a new technology into society (if at all). But I believe that the only way we will find many of the answers we are searching for is by allowing still more experimentation with the very technologies that he and others seek to control the development of. We humans are outstanding problem-solvers and have the uncanny ability among all mammals to adapt to changing circumstances. We roll with the punches, learn from them, and become more resilient in the process. As I noted in my 2014 essay, “Muddling Through: How We Learn to Cope with Technological Change”:

we modern pragmatic optimists must continuously point to the unappreciated but unambiguous benefits of technological innovation and dynamic change. But we should also continue to remind the skeptics of the amazing adaptability of the human species in the face of adversity. [. . .] Humans have consistently responded to technological change in creative, and sometimes completely unexpected ways. There’s no reason to think we can’t get through modern technological disruptions using similar coping and adaptation strategies.

Will the technologies that Wallach fears bring about a “techstorm” that overwhelms our culture, our economy, and even our very humanity? It’s certainly possible, and we should continue to seriously discuss the issues that he and other skeptics raise about our expanding technological capabilities and the potential for many of them to do great harm. Because some of them truly could.

But it is equally plausible—in fact, some of us would say, highly probable—that instead of overwhelming us, we learn how to bend these new technological capabilities to our will and make them work for our collective benefit. Instead of technology becoming “a dangerous master,” we will instead make it our helpful servant, just as we have so many times before.

APPENDIX: When Does Precaution Make Sense?

[excerpt from chapter 3 of Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom. Footnotes omitted. See book for all references.]

But aren’t there times when a certain degree of precautionary policymaking makes good sense? Indeed, there are, and it is important to not dismiss every argument in favor of precautionary principle–based policymaking, even though it should not be the default policy rule in debates over technological innovation.

The challenge of determining when precautionary policies make sense comes down to weighing the (often limited) evidence about any given technology and its impact and then deciding whether the potential downsides of unrestricted use are so potentially catastrophic that trial-and-error experimentation simply cannot be allowed to continue. There certainly are some circumstances when such a precautionary rule might make sense. Governments restrict the possession of uranium and bazookas, to name just two obvious examples.

Generally speaking, permissionless innovation should remain the norm in the vast majority of cases, but there will be some scenarios where the threat of tangible, immediate, irreversible, catastrophic harm associated with new innovations could require at least a light version of the precautionary principle to be applied.  In these cases, we might be better suited to think about when an “anti-catastrophe principle” is needed, which narrows the scope of the precautionary principle and focuses it more appropriately on the most unambiguously worst-case scenarios that meet those criteria.

But most cases don’t fall into this category. Instead, we generally allow innovators and consumers to freely experiment with technologies, and even engage in risky behaviors, unless a compelling case can be made that precautionary regulation is absolutely necessary.  How is the determination made regarding when precaution makes sense? This is where the role of benefit-cost analysis (BCA) and regulatory impact analysis is essential to getting policy right.  BCA represents an effort to formally identify the tradeoffs associated with regulatory proposals and, to the maximum extent feasible, quantify those benefits and costs.  BCA generally cautions against preemptive, precautionary regulation unless all other options have been exhausted—thus allowing trial-and-error experimentation and “learning by doing” to continue. (The mechanics of BCA are discussed in more detail in section VII.)

This is not the end of the evaluation, however. Policymakers also need to consider the complexities associated with traditional regulatory remedies in a world where technological control is increasingly challenging and quite costly. It is not feasible to throw unlimited resources at every problem, because society’s resources are finite.  We must balance risk probabilities and carefully weigh the likelihood that any given intervention has a chance of creating positive change in a cost-effective fashion.  And it is also essential to take into account the potential unintended consequences and long-term costs of any given solution because, as Harvard law professor Cass Sunstein notes, “it makes no sense to take steps to avert catastrophe if those very steps would create catastrophic risks of their own.”  “The precautionary principle rests upon an illusion that actions have no consequences beyond their intended ends,” observes Frank B. Cross of the University of Texas. But “there is no such thing as a risk-free lunch. Efforts to eliminate any given risk will create some new risks,” he says.

Oftentimes, after working through all these considerations about whether to regulate new technologies or technological processes, the best solution will be to do nothing because, as noted throughout this book, we should never underestimate the amazing ingenuity and resiliency of humans to find creative solutions to the problems posed by technological change.  (Section V discusses the importance of individual and social adaptation and resiliency in greater detail.) Other times we might find that, while some solutions are needed to address the potential risks associated with new technologies, nonregulatory alternatives are also available and should be given a chance before top-down precautionary regulations are imposed. (Section VII considers those alternative solutions in more detail.)

Finally, it is again essential to reiterate that we are talking here about the dangers of precautionary thinking as a public policy prerogative—that is, precautionary regulations that are mandated and enforced by government officials. By contrast, precautionary steps may be far more wise when undertaken in a more decentralized manner by individuals, families, businesses, groups, and other organizations. In other words, as I have noted elsewhere in much longer articles on the topic, “there is a different choice architecture at work when risk is managed in a localized manner as opposed to a society-wide fashion,” and risk-mitigation strategies that might make a great deal of sense for individuals, households, or organizations, might not be nearly as effective if imposed on the entire population as a legal or regulatory directive.

Finally, at times, more morally significant issues may exist that demand an even more exhaustive exploration of the impact of technological change on humanity. Perhaps the most notable examples arise in the field of advance medical treatments and biotechnology. Genetic experimentation and human cloning, for example, raise profound questions about altering human nature or abilities as well as the relationship between generations.

The case for policy prudence in these matters is easier to make because we are quite literally talking about the future of what it means to be human.  Controversies have raged for decades over the question of when life begins and how it should end. But these debates will be greatly magnified and extended in coming years to include equally thorny philosophical questions.  Should parents be allowed to use advanced genetic technologies to select the specific attributes they desire in their children? Or should parents at least be able to take advantage of genetic screening and genome modification technologies that ensure their children won’t suffer from specific diseases or ailments once born?

Outside the realm of technologically enhanced procreation, profound questions are already being raised about the sort of technological enhancements adults might make to their own bodies. How much of the human body can be replaced with robotic or bionic technologies before we cease to be human and become cyborgs?  As another example, “biohacking”—efforts by average citizens working together to enhance various human capabilities, typically by experimenting on their own bodies —could become more prevalent in coming years.  Collaborative forums, such as Biohack.Me, already exist where individuals can share information and collaborate on various projects of this sort.  Advocates of such amateur biohacking sometimes refer to themselves as “grinders,” which Ben Popper of the Verge defines as “homebrew biohackers [who are] obsessed with the idea of human enhancement [and] who are looking for new ways to put machines into their bodies.”

These technologies and capabilities will raise thorny ethical and legal issues as they advance. Ethically, they will raise questions of what it means to be human and the limits of what people should be allowed to do to their own bodies. In the field of law, they will challenge existing health and safety regulations imposed by the FDA and other government bodies.

Again, most innovation policy debates—including most of the technologies discussed throughout this book—do not involve such morally weighty questions. In the abstract, of course, philosophers might argue that every debate about technological innovation has an impact on the future of humanity and “what it means to be human.” But few have much of a direct influence on that question, and even fewer involve the sort of potentially immediate, irreversible, or catastrophic outcomes that should concern policymakers.

In most cases, therefore, we should let trial-and-error experimentation continue because “experimentation is part and parcel of innovation” and the key to social learning and economic prosperity.  If we froze all forms of technological innovation in place while we sorted through every possible outcome, no progress would ever occur. “Experimentation matters,” notes Harvard Business School professor Stefan H. Thomke, “because it fuels the discovery and creation of knowledge and thereby leads to the development and improvement of products, processes, systems, and organizations.”

Of course, ongoing experimentation with new technologies always entails certain risks and potential downsides, but the central argument of this book is that (a) the upsides of technological innovation almost always outweigh those downsides and that (b) humans have proven remarkably resilient in the face of uncertain, ever-changing futures.

In sum, when it comes to managing or coping with the risks associated with technological change, flexibility and patience is essential. One size most certainly does not fit all. And one-size-fits-all approaches to regulating technological risk are particularly misguided when the benefits associated with technological change are so profound. Indeed, “[t]echnology is widely considered the main source of economic progress”; therefore, nothing could be more important for raising long-term living standards than creating a policy environment conducive to ongoing technological change and the freedom to innovate.

The Mercatus Center at George Mason University has just released my latest working paper, “The Internet of Things and Wearable Technology: Addressing Privacy and Security Concerns without Derailing Innovation.” The “Internet of Things” (IoT) generally refers to “smart” devices that are connected to both the Internet and other devices. Wearable technologies are IoT devices that are worn somewhere on the body and which gather data about us for various purposes. These technologies promise to usher in the next wave of Internet-enabled services and data-driven innovation. Basically, the Internet will be “baked in” to almost everything that consumers own and come into contact with.

Some critics are worried about the privacy and security implications of the Internet of Things and wearable technology, however, and are proposing regulation to address these concerns. In my new 93-page article, I explain why preemptive, top-down regulation would derail the many life-enriching innovations that could come from these new IoT technologies. Building on a recent book of mine, I argue that “permissionless innovation,” which allows new technology to flourish and develop in a relatively unabated fashion, is the superior approach to the Internet of Things.

As I note in the paper and my earlier book, if we spend all our time living in fear of the worst-case scenarios — and basing public policies on them — then best-case scenarios can never come about. As the old saying goes: nothing ventured, nothing gained. Precautionary principle-based regulation paralyzes progress and must be avoided.  We instead need to find constructive, “bottom-up” solutions to the privacy and security risks accompanying these new IoT technologies instead of top-down controls that would limit the development of life-enriching IoT innovations.

The better alternative is to deal with concerns creatively as they develop, using a balanced, layered approach  involving many different solutions, including: educational efforts, technological empowerment tools, social norms, public and watchdog pressure, industry best practices and self-regulation, transparency, torts and products liability law, and targeted enforcement of existing legal standards as needed.

Generally speaking, patience, humility, and forbearance by policymakers is crucial to allowing greater innovation and consumer choice in this arena. Importantly, policymakers should not forget that societal and individual adaptation will play a role here, just as it has during so many other turbulent technological transformations.

This article can be downloaded on my Mercatus Center page, on SSRN, or at Research Gate. I am hoping to find a law or policy journal interested in publishing this paper soon. If you with a journal and are interested, please contact me. [UPDATE 12/3/14: This paper has been accepted for publication in the Richmond Journal of Law & Technology, Vol. 21, Issue 6 (2015).]

Finally, if you are interested in this topic, you might want to flip through these slides I prepared for a presentation on this topic that I made at the Federal Communications Commission in September:

On Thursday, it was my great pleasure to present a draft of my forthcoming paper, “The Internet of Things & Wearable Technology: Addressing Privacy & Security Concerns without Derailing Innovation,” at a conference that took place at the Federal Communications Commission on “Regulating the Evolving Broadband Ecosystem.” The 3-day event was co-sponsored by the American Enterprise Institute and the University of Nebraska College of Law.

The 65-page working paper I presented is still going through final peer review and copyediting, but I posted a very rough first draft on SSRN for conference participants. I expect the paper to be released as a Mercatus Center working paper in October and then I hope to find a home for it in a law review. I will post the final version once it is released. [UPDATE:The final version of this working paper was released on November 19, 2014.]

In the meantime, however, I thought I would post the 46 slides I presented at the conference, which offer an overview of the nature of the Internet of Things and wearable technology, the potential economic opportunities that exist in this space, and the various privacy and security challenges that could hold this technological revolution back. I also outlined some constructive solutions to those concerns. I plan to be very active on these issues in coming months.

Additional Reading

• “The Growing Conflict of Visions over the Internet of Things & Privacy,” January 14, 2012
• “Can We Adapt to the Internet of Things?” IAPP Privacy Perspectives, June 19, 2013
• My Filing to the FTC in its ‘Internet of Things’ Proceeding, May 31, 2013
• Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom (2014)
• [Video] Cap Hill Briefing on Emerging Tech Policy Issues (June 2014)

I’m pleased to announce the release of my latest law review article, “A Framework for Benefit-Cost Analysis in Digital Privacy Debates.” It appears in the new edition of the George Mason University Law Review. (Vol. 20, No. 4, Summer 2013)

This is the second of two complimentary law review articles I am releasing this year dealing with privacy policy. The first, “The Pursuit of Privacy in a World Where Information Control is Failing,” was published in Vol. 36 of the Harvard Journal of Law & Public Policy this Spring. (FYI: Both articles focus on privacy claims made against private actors — namely, efforts to limit private data collection — and not on privacy rights against governments.)

My new article on benefit-cost analysis in privacy debates makes a seemingly contradictory argument: benefit-cost analysis (“BCA”) is extremely challenging in online child safety and digital privacy debates, yet it remains essential that analysts and policymakers attempt to conduct such reviews. While we will never be able to perfectly determine either the benefits or costs of online safety or privacy controls, the very act of conducting a regulatory impact analysis (“RIA”) will help us to better understand the trade-offs associated with various regulatory proposals.

However, precisely because those benefits and costs remain so remarkably subjective and contentious, I argue that we should look to employ less-restrictive solutions — education and awareness efforts, empowerment tools, alternative enforcement mechanisms, etc. — before resorting to potentially costly and cumbersome legal and regulatory regimes that could disrupt the digital economy and the efficient provision of services that consumers desire. This model has worked fairly effectively in the online safety context and can be applied to digital privacy concerns as well.

The article is organized as follows. Part I examines the use of BCA by federal agencies to assess the utility of government regulations. Part II considers how BCA can be applied to online privacy regulation and the challenges federal officials face when determining the potential benefits of regulation. Part III then elaborates on the cost considerations and other trade-offs that regulators face when evaluating the impact of privacy-related regulations. Part IV discusses alternative measures that can be taken by government regulators when attempting to address online safety and privacy concerns. This article concludes that policymakers must consider BCA when proposing new rules but also recognize the utility of alternative remedies such as education and awareness campaigns, to address consumer concerns about online safety and privacy.

I’ve embedded the full article down below in a Scribd reader, but you can also download it from my SSRN page and my Mercatus author page.

A Framework for Benefit-Cost Analysis in Digital Privacy Debates by Adam Thierer

Ajit Pai, a Republican commissioner at the Federal Communications Commission (FCC), had an outstanding op-ed in the L.A. Times yesterday about state and local efforts to regulate private taxi or ride-sharing services such as Uber, Lyft, and Sidecar. “Ever since Uber came to California,” Pai notes, “regulators have seemed determined to send Uber and companies like it on a one-way ride out of the Golden State.” Regulators have thrown numerous impediments in their way in California as well as in other states and localities (including here in Washington, D.C.). Pai continues on to discuss how, sadly, “tech start-ups in other industries face similar burdens”:

For example, Square has created a credit card reader for mobile devices. Small businesses love Square because it reduces costs and is convenient for customers. But some states want a piece of the action. Illinois, for example, has ordered Square to stop doing business in the Land of Lincoln until it gets a money transmitter license, even though the money flows through existing payment networks when Square processes credit cards. If Square had to get licenses in the 47 states with such laws, it could cost nearly half a million dollars, an extraordinary expense for a fledgling company.

He also notes that “Obstacles to entrepreneurship aren’t limited to the tech world”:

Across the country, restaurant associations have tried to kick food trucks off the streets. Auto dealers have used franchise laws to prevent car company Tesla from cutting out the middleman and selling directly to customers. Professional boards, too, often fiercely defend the status quo, impeding telemedicine by requiring state-by-state licensing or in-person consultations and even restricting who can sell tooth-whitening services.

What’s going on here? It’s an old and lamentable tale of incumbent protectionism and outright cronyism, Pai notes:

These are just the latest chapters in an old economic story. Incumbents have long promoted regulation in the name of protecting consumers when their actual goal is to block new entrants and stifle competition. As Milton Friedman observed, “The pressure on the legislature to license an occupation rarely comes from the members of the public … the pressure invariably comes from members of the occupation itself.”

Indeed, this is exactly the sort of cronyist nightmare that Brent Skorup and I documented in our new Mercatus Center report, “A History of Cronyism and Capture in the Information Technology Sector.” Our 73-page working paper outlines the evolution of government-granted privileges in America’s information and communications technology marketplace and in the media-producing sectors. Sadly, there are all too many examples of special interests seeking to commandeer the levers of government power to distort market outcomes and head off disruptive forms of innovation or new competition.

“Consumer protection is important,” Pai notes, “and rules to ensure safety and to deter fraud are necessary. But many regulations aren’t about safeguarding consumers; they’re about entrenching incumbents (at consumers’ expense), and they’re typically created by the very agencies that are supposed to oversee those incumbents.” he correctly observes.

The costs of cronyism can be significant. In our paper, Skorup and I note that when companies seek and receive favors from government, it can dull entrepreneurialism and competition in this highly innovative sector since time and resources spent on influencing politicians and capturing regulators cannot be spent competing and innovating in the marketplace. Every dollar spent trying to influence government is a dollar that could have been better spent trying to develop the next iPhone or other innovative gadget or service. Thus, cronyism can negatively impact consumer welfare by denying consumers more and better products and services. Additionally, consumers might end up paying higher prices or higher taxes due to government privileges for industry.

Worse yet, cronyism also raises the specter of greater government control of the Internet and of the digital economy. When policymakers dispense favors, they usually expect something in return. Just ask the agriculture and transportation sectors how their experience with favor-seeking has worked out. Yes, they have often received the special favors and benefits they sought, but along with the goodies came a litany of demands from lawmakers and regulators about how to run their businesses.

At the end of the day, it all goes back to the consumer and how they get screwed in this process. As Pai eloquently puts it:

Heavy-handed regulations hurt the very consumers they’re supposed to help. Consumers fare best when the barriers to business entry are low, which helps ensure that the market — any market — becomes competitive and stays that way. …  Governments at all levels should guard against this tendency by prioritizing innovation and removing unnecessary regulations that burden risk-taking entrepreneurs.

Amen, brother! If only all government officials thought this way. I hope some of them at least take the time to read Commissioner Pai’s excellent essay.

I’m excited to announce the release of my latest law review article, “The Pursuit of Privacy in a World Where Information Control is Failing,” which appears in the next edition (vol. 36) of the Harvard Journal of Law & Public Policy. This is the first of two complimentary law review articles that I will be releasing this year dealing with privacy policy. The second, which will be published later this summer by the George Mason University Law Review, is entitled, “A Framework for Benefit-Cost Analysis in Digital Privacy Debates.” (FYI: Both articles focus on privacy claims made against private actors — namely, efforts to limit private data collection — and not on privacy rights against governments.)

The new Harvard Journal article is divided into three major sections. Part I focuses on some of normative challenges we face when discussing privacy and argues that there may never be a widely accepted, coherent legal standard for privacy rights or harms here in the United States. It also explores the tensions between expanded privacy regulation and online free speech. Part II turns to the many enforcement challenges that are often ignored when privacy policies are being proposed or formulated and argues that legislative and regulatory efforts aimed at protecting privacy must now be seen as an increasingly intractable information control problem. Most of the problems policymakers and average individuals face when it comes to controlling the flow of private information online are similar to the challenges they face when trying to control the free flow of digitalized bits in other information policy contexts, such as online safety, cybersecurity, and digital copyright.

If the effectiveness of law and regulation is limited by the normative considerations discussed in Part I and the practical enforcement complications discussed in Part II, what alternatives remain to assist privacy-sensitive individuals? I address that question in Part III of the paper and argue that the approach America has adopted to deal with concerns about objectionable online speech and child safety offers a path forward on the privacy front as well. A so-called “3-E” solution that combines consumer education, user empowerment, and selective enforcement of existing targeted laws and other legal standards (torts, anti-fraud laws, contract law, and so on), has helped society achieve a reasonable balance in terms of addressing online safety while also safeguarding other important values, especially freedom of expression.  That does not mean perfect online safety exists, not only because the term means very different things to different people, but because it would be impossible to achieve in the first instance as a result of information control complications. But the “3-E” approach has the advantage of enhancing online safety without sweeping regulations being imposed that could undermine the many benefits information networks and online services offer individuals and society.  This same framework can guide online privacy decisions—both at the individual household level and the public policy level.

I’ve embedded the full article down below in a Scribd reader, but you can also download it from my SSRN page and it should be available on the HJLPP website shortly. [Update 4/16: It is now live on the site.] In coming weeks, I hope to do some blogging that builds on the themes and arguments I develop in this article.

The Pursuit of Privacy in a World Where Information Control is Failing

by Adam Thierer & Berin Szoka, Progress Snaphot 6.1

Stephanie Clifford of the  New York Times posted a very interesting article this week summarizing a recent “on-the-record chat” the Times staff had with Federal Trade Commission (FTC) chairman Jon Leibowitz and FTC Bureau of Consumer Protection chief David Vladeck.  The interview [discussed by Braden here] is profoundly important in that it reveals an alarming disconnect regarding the relationship between “privacy” regulation and the future of media, which were the subjects of their discussion with Times staff.  Namely, Leibowitz and Vladeck apparently fail to appreciate how the delicate balance between commercial advertising and journalism is at risk precisely because of the sort of regulations they apparently are ready to adopt.  Because the value of online advertising depends on data about its effectiveness and consumers’ likely interests, and because advertising is indispensable to funding media, what’s ultimately at stake here is nothing short of the future of press freedom.

The “Day of Reckoning” Is Upon Us

Leibowitz and Vladeck spend the first half of The Times interview wringing their hands about “privacy policies,” the declarations made by websites and advertising networks about their data collection and use practices (for which the FTC can and must hold them accountable).  But the two feel that privacy policies don’t adequately inform consumers.  Chairman Leibowitz claims that online companies “haven’t given consumers effective notice, so they can make effective choices.”  And Mr. Vladeck states that advise-and-consent models “depended on the fiction that people were meaningfully giving consent.” But he and the FTC seem ready to abandon the notice and choice model because the “literature is clear” that few people read privacy policies, Vladeck told the Times.  He and Leibowitz continue:

“Philosophically, we wonder if we’re moving to a post-disclosure era and what that would look like,” Mr. Vladeck said. “What’s the substitute for it?” He said the commission was still looking into the issue, but it hoped to have an answer by June or July, when it plans to publish a report on the subject. Mr. Leibowitz gave a hint as to what might be included: “I have a sense, and it’s still amorphous, that we might head toward opt-in,” Mr. Leibowitz said.

This clearly foreshadows the regulatory endgame we have long suspected was coming.  When the FTC released its “Self-Regulatory Principles for Online Behavioral Advertising” eleven months ago, we asked: “What’s the Harm & Where Are We Heading?”  Their answers to both questions have become clearer with each new calculated comment—all apparently intended to slowly “turn up the heat” on the advertising industry so that the proverbial frog will stay in the pot until the water finally boils.  Leibowitz’s FTC has simply dodged the “harm” question with a four-part strategy:

1. Cobble together a “record” full of sympathy-evoking anecdotes submitted by advocates of regulation in comments and the FTC’s ongoing “Exploring Privacy” Roundtables;
2. Let the most extreme Chicken Littles fulminate about the grand conspiracy of “neuromarketing manipulation” and the like (and sometimes even shout down FTC staff in panel discussions) in order to redefine the “reasonable center” of the debate;
3. Define-down “harm” as purely a matter of “consumer expectations” or consumers’ “dignity interests” (whatever that vague and infinitely elastic term means); and
4. Attack the effectiveness of “consent” itself by suggesting that consumers cannot be trusted to understand privacy policies or be expected to make any effort to protect their own privacy.

Conveniently, this strategy leads right back to the “day of reckoning” Chairman Leibowitz threatened was coming last February: We are heading precisely where he told us we would be—to full-on, opt-in regulation.  The writing on the wall becomes more apparent every day: Leibowitz set out to bring online advertising to heel even before becoming Chairman, and his Commission is reprising almost precisely the same approach that led to the passage of the Children’s Online Privacy Protection Act (COPPA) of 1998: building a case for new authority, dismissing industry self-regulation as ineffective, and finally presenting a report to Congress intended to produce a rapid legislative response.  After the FTC presented its report on the need for regulation in congressional testimony in June 1998, it took Congress just four months to pass COPPA—and much of that time was consumed by the summer recess.  In short, Leibowitz is mounting a carefully choreographed campaign for increased regulation.

The only real question is whether Leibowitz will somehow try to use the FTC’s existing authority over “unfair or deceptive” trade practices or wait for expanded authority from Congress.  While most observers typically assume that such expanded authority would come in the form of a privacy-specific bill—be it a broad “baseline” privacy bill or one specifically focused on online data collection for advertising purposes—the authority Leibowitz yearns for could just as easily come in the form of increased rulemaking authority as part of a broader bill that allows the FTC to preemptively regulate practices that are not deceptive but merely deemed “unfair.”

This would take the agency “ Back to the Future”—to the late 1970s, when the agency reached the height of its efforts to regulate purely on “unfairness” grounds by trying to ban advertising to children.  The agency’s behavior earned it the moniker “National Nanny” from the Washington Post, hardly a bastion of regulatory skepticism.[1] That outpouring of popular resentment caused a heavily Democratic Congress to cut-off the Democratic-led agency’s regular funding and prohibit it from regulating advertising merely on the grounds of “unfairness.”  In essence, they told the agency to “go back to its knitting” and focus on protecting consumers from demonstrated harms.^[2] Duly chastened (and actually shut down for several days), the FTC formulated a meaningful legal standard for “unfairness,” which Congress codified in 1994: for a practice to be unfair, the injury it causes must be (1) substantial, (2) without offsetting benefits, and (3) one that consumers cannot reasonably avoid.

Under this statutory standard, as FTC Commissioner Thomas Rosch has argued, the commission must carefully consider:

[the] legitimate pro-consumer and pro-competitive benefits that result from [targeted advertising]. Absent hard data weighing these benefits against the limited “invasion of privacy interests” involved, it would seem difficult to conclude that treating that practice as an actionable violation of the “unfairness” prong of Section 5 will pass muster.[3]

So Leibowitz and Vladeck either need to get serious about weighing the costs and benefits of targeted advertising—or, in the absence of such actually measuring these trade-offs, get Congress to give them the authority to regulate.  But one thing is clear from their past statements: they are in a hurry to do  something. As Vladeck told The Times last August, “There is a sense of urgency around here… Consumers, I don’t think are sufficiently protected under the current regime.”  Apparently, the case is closed in their minds.

“Left Hand, Meet Right Hand”

The second half of the  Times interview concerns the future of news. Chairman Leibowitz is not optimistic:

“There are some areas where you clearly see positive creative destruction,” Mr. Leibowitz said, giving the example of travel agents who were replaced by Orbitz and other online-booking systems. The news, he said, was not one of those. “When you’re dealing with something as critical as news is to a democracy, you need to ensure, certainly, that it’s independent, but also that it’s vibrant going forward,” he said. Areas like investigative reporting, foreign and domestic bureaus, and state-house reporting, he said, would likely falter under blog operations because of “economies of scale.”

He said he wasn’t sure what the solution was, but threw out a few ideas discussed at the conference: maybe special tax treatment for newspapers, a Corporation for Public Broadcasting-like fund, or for the newspaper industry to charge fees for the re-use of its content, similar to the model that the American Society of Composers, Authors and Publishers uses. [emphasis added]

Mr. Chairman, with all due respect, haven’t you forgotten about the solution that has powered private media for a few centuries in this country?  You know— advertising!  Indeed, what’s stunning about these comments is the complete disconnect with what Leibowitz and Vladeck said earlier in the interview.  It certainly may be the case that they said more on the subject than what The Times has reported, but given their escalating rhetoric, it seems likely that significantly increased FTC regulation is on the horizon.  And, yet, as Chairman Leibowitz marches us into this brave new world of regulating Internet media through their key funding source, he and Mr. Vladeck seem to have little appreciation of the vital role played by advertising in sustaining a truly free and vibrant press.

An Attack on Advertising Is an Attack on Media Itself

Let’s step back and revisit Media Economics 101.  Almost every serious scholar in the field acknowledges this truism: Advertising cross-subsidizes media platforms and the creation of valuable information—especially news.  “Advertising is the mother’s milk of all the mass media,”  Wall Street Journal technology columnist Walt Mossberg has noted.  Similarly, Harold L. Vogel, author of Entertainment Industry Economics, the leading text in the field, has noted, “Advertising is the key common ingredient in the tactics and strategies of all entertainment and media company business models.  Indeed, it might further be said that advertising has substantively subsidized the production and delivery of news and entertainment throughout the last century.”[4] Mossberg agrees and notes, “Without ads, most editorial products and other programming would be either unavailable or prohibitively expensive.”

The reason for the indispensability of advertising is simple: Information (including news and other forms of “content”) has “public good” characteristics that make it is very difficult (and occasionally impossible) for information-publishers to recoup their investments.  Simply put, they quite literally lack pricing power: Whatever they charge, someone else will charge less for a close substitute, inevitably leading to “free” distribution of the content, even though the content is anything but free to produce.  Advertising is the one business model that has traditionally saved the day by rewarding publishers for attracting the attention of an audience.

Which raises another under-appreciated point: Private advertising promotes press independence.  “Newspapers, magazines, radio, television, and many websites all receive their primary income from advertising,” notes William F. Arens, author of  Contemporary Advertising, another leading textbook in the field. “This facilitates freedom of the press and promotes more complete information” he concludes.[5] Why?  Because, contrary to what some critics claim, advertising and marketing help keep private media providers independent of the need for taxpayer subsidies or private patrons.  This begs an even more profound question: If not advertising, then what else?

A “Public Option” for the Press?

What’s most troubling about Chairman Leibowitz’s comments to the Times is that he has apparently found his alternative to advertising: a “public option” for the press! He mentions special tax treatment for newspapers or a new CPB-like fund (don’t we already have one?) as two possibilities.  That certainly will be music to the ears of radical, pro-regulatory activist groups like the ironically-named “Free Press,” which wants to see a massive “public works” program for the media sector.

Free Press recently filed comments with the FTC in the agency’s recent workshop, “Can Journalism Survive the Internet Age?” and proposed a far-reaching industrial policy for “saving the news.”  They call for over $50 billion in subsidies for the Corporation for Public Broadcasting and other bureaucracies, a “journalism jobs program” for that would be part of AmeriCorps, a variety of new tax incentives for struggling media operations or individuals who support favored institutions, and an assortment of government incentives to encourage local ownership and media divestiture (by handing over control to smaller operators or minority-owned groups).  Ironically, “Free Press” has also floated the concept of “a small tax on advertising” as one way to pay for a press bailout.

The organization’s founder Robert W. McChesney, the prolific neo-Marxist media scholar, penned an essay with John Nichols of The Nation last year, claiming that saving journalism essentially requires that media become an appendage of the State.  Although advertising has supported journalism as a “public good” for centuries, the only way they can conceive to provide a public good is to socialize its means of production.  Thus, journalism, like education and national defense, requires constant government oversight and support: “A moment has arrived at which we must recognize the need to invest tax dollars to create and maintain news gathering, reporting and writing with the purpose of informing all our citizens.”  They ask us to consider the $60 billion in government spending they propose as a “free press ‘infrastructure project,’” which would “keep the press system alive.”

Some in Congress seem willing to listen.  The Senate has already held hearings about the future of journalism.  And Senator Benjamin L. Cardin (D-MD) recently introduced what he has called the “Newspaper Revitalization Act,” which would allow newspapers to become nonprofit organizations in an effort to help them stay afloat.  Importantly, however, the bill would also disallow political endorsements on newspaper editorial pages—which, like campaign finance restrictions, would be a boon for incumbent politicians.  That bill should serve as fair warning to journalists about the sort of strings lawmakers will attach to press-welfare efforts going forward.  What other “golden shackles” might come with media subsidies?

To be clear, Chairman Leibowitz hasn’t called for a complete press takeover along the lines of the Free Press plan.  Yet, he hasn’t answered a key question in this debate: Who pays for news?  He appears ready to endorse a bold new regulatory scheme for the Internet and online media that, in the name of “protecting privacy” would put at risk the one traditionally successful method of supporting private media operations—advertising.  As the Pew Research Center’s Project for Excellence in Journalism noted in its latest State of the News Media report, “The problem facing American journalism is not fundamentally an audience problem or a credibility problem.  It is a revenue problem—the decoupling… of advertising from news.”  There’s probably no way policymakers can stop this process, nor should they try.  But they shouldn’t be creating new obstacles to the survival of traditional media creators, either.

Unfortunately, that’s exactly what Chairman Leibowitz’s new regulatory scheme would do.  The revenue “delta” between “smart” advertising (tailored to consumers’ likely interests and measured for effectiveness in producing clicks, purchases, etc.) and “dumb advertising” (based purely on surrounding keywords or demographics of users presumed to visit the site) is difficult to measure but potentially enormous—even 10 times as great for some sites.[6] The difference between opt-in and opt-out could be nearly as dramatic, because it’s difficult to get consumers to opt-in for anything, especially for small players—which means that opt-in regulation could, perversely, force consolidation in the online advertising and content markets.  If the FTC cares about its statutory responsibility to safeguard competition, they should take this dynamic seriously and be hyper-cautious about heavy-handed mandates that could derail smarter advertising.

Finally, to be fair, in his interview, the Chairman also suggests the newspaper industry might want to find new way “to charge fees for the re-use of its content.”  We’re certainly not opposed to the notion and think that, if it could somehow be made to work (especially by removing antitrust obstacles), it could part of a diverse revenue mix for digital journalism.  But, there’s the rub.  Micropayments inevitably face the problem of “mental transaction costs”  that likely swamp the perceived value of most content and, like pay-walls, have generally worked only in media environments characterized by a scarcity of providers and a uniqueness of a sufficiently valuable product.  These cold, hard economic realities are why advertising remains indispensable.

The Principled Alternative to Regulation

Convinced that privacy policies simply don’t work, Leibowitz and Vladeck are asking what a “post-disclosure era” would look like.  We appreciate the continued sensitivities expressed by certain groups and individuals about online privacy and data use more generally.  But there is another way forward.  We have proposed the following “5-E” layered approach to concerns about online privacy, focusing on restraining government access to data as a clear harm, rather than crippling the private sector uses of data that directly benefit consumers:

1. Erect a higher “Wall of Separation between Web and State” by increasing Americans’ protection from government access to their personal data—thus bringing the Fourth Amendment into the Digital Age.
2. Educate users about privacy risks and data management in general as well as specific practices and policies for safer computing.
3. Empower users to implement their privacy preferences in specific contexts as easily as possible.
4. Enhance self-regulation by industry sectors and companies to integrate with user education and empowerment.
5. Enforce existing laws against unfair and deceptive trade practices as well as state privacy tort laws.

Such a layered approach would not only be a “less restrictive” alternative to top-down, one-size-fits-all government regulation, but also potentially more effective in key respects than government data use/collection mandates.  In an ideal world, adults would be fully empowered to tailor privacy decisions, like speech decisions, to their own values and preferences (“household standards”).  Consumers would have (1) the information necessary to make informed decisions and (2) the tools and methods necessary to act upon that information. Importantly, those tools and methods would give them the ability to block the things they don’t like—annoying ads or the collection of data about them, as well as objectionable content—while also helping them find the information and content they desire.

But of course, the devil’s in the details.  Leibowitz and Vladeck would set the bar so high as to what constitutes “effective” consumer choice that current privacy policies necessarily fail their test—if only because most users don’t care enough to make the “right” privacy choices.  Privacy policies, even if read by relatively few consumers, nonetheless allow privacy advocates, journalists and watchdog-bloggers to scrutinize what companies say they’re doing—promises to which the FTC should hold companies stringently.  That’s clearly not good enough for Leibowitz and Vladeck, who want to give up on “notice and choice” and move on to “opt-in” mandates.  But why not first try to make “notice” more effective?  The advertising industry is currently developing standardized interfaces that could communicate key information about privacy practices in a single icon, label or other easily-digested “consumer touch point.”

More radically, why focus on tinkering with consumer interfaces, when standardized data disclosure formats like the Protocol for Privacy Preferences (P3P) could distill legalistic privacy policies into “machine-readable” code?  Such disclosures could provide a powerful form of “notice” that the ordinary consumer could “use”: simply setting their own privacy preferences in a browser tool that automatically implements those preferences by blocking tracking that users object to.  Such a privacy disclosure format could also allow the FTC to automate enforcement of its existing authority to punish unfair or deceptive trade practices.

Conclusion

And so we return to the question the FTC asked in its recent workshop, “Can Journalism Survive the Internet Age?”  Answer: Not if the FTC kills the golden goose that lays the golden eggs through onerous advertising regulations and data controls in the name of “privacy.”  Chairman Leibowitz and Bureau Chief Vladeck shouldn’t foreclose the possibility that advertising can play a central role in the future of a free press in the Digital Age—just as it has done historically in the United States.  Indeed, they would be wise to remember that advertising has always been with us.  As the Supreme Court noted in its 1996 decision, 44 Liquormart, Inc. v. Rhode Island.

Advertising has been a part of our culture throughout our history. Even in colonial days, the public relied on “commercial speech” for vital information about the market. Early newspapers displayed advertisements for goods and services on their front pages, and town criers called out prices in public squares. Indeed, commercial messages played such a central role in public life prior to the founding that Benjamin Franklin authored his early defense of a free press in support of his decision to print, of all things, an advertisement for voyages to Barbados.[7]

Of course, for advertising to continue to play the role as sustainer of the press, it must be allowed to evolve.  Media operators—large and small alike—must be allowed to craft new strategies, some of which may require data collection and marketing practices that will make some privacy-sensitive users uncomfortable, but will also ensure that the goose keeps on laying golden eggs for them and everyone else.

While Chairman Leibowitz may decry the creative destruction at work in the news sector and information industries today, that shakeup will continue and, no doubt, be painful for incumbent players.  Advertising alone may not “save the day” for media as it has in the past, but it will likely remain essential to sustaining private media platforms and providers going forward— if federal policymakers allow it.  The alternative—massive government intervention into the news and media sectors—is too horrifying to think about.

[1] Washington Post, March 1, 1978.

[2] Congress terminated the FTC’s efforts to prohibit advertising to children, and barred the agency from issuing any advertising regulation predicated solely on unfairness for three years.  FTC Improvements Act, Pub. L. No. 96-252, § 11 (May 1980).  See generally J. Howard Beales, Director of the Bureau of Consumer Protection, Federal Trade Commission, The FTC’s Use of Unfairness Authority: Its Rise, Fall, and Resurrection, www.ftc.gov/speeches/beales/unfair0603.shtm.

[3] Thomas Rosch, Some Reflections on the Future of the Internet: Net Neutrality, Online Behavioral Advertising, and Health Information Technology, Remarks at U.S. Chamber of Commerce Telecommunications & E-Commerce Committee Fall Meeting, October 26, 2009, 13, www.ftc.gov/speeches/rosch/091026chamber.pdf.

[4] Harold L. Vogel, Entertainment Industry Economics (Cambridge, MA: Cambridge University Press, 7th Edition, 2007), at 46.

[5] William F. Arens, Contemporary Advertising (McGraw-Hill Irwin, 10^th Ed., 2006) at 50.

[6] See Berin Szoka & Mark Adams, The Benefits of Online Advertising & Costs of Privacy Regulation, PFF Working Paper, Nov. 8, 2009, www.scribd.com/doc/22445754/Benefits-of-Online-Advertising-Paper.

[7] 517 U.S. 484, 495 (1996), http://www.law.cornell.edu/supct/html/94-1140.ZO.html

______________________________

Related PFF Publications

• Privacy Trade-Offs: How Further Regulation Could Diminish Consumer Choice, Raise Prices, Quash Digital Innovation & Curtail Free Speech, Berin Szoka, Comments to the Federal Trade Commission “Exploring Privacy” Roundtable, November 10, 2009.
• Online Advertising & User Privacy: Principles to Guide the Debate, Berin Szoka & Adam Thierer, Progress Snapshot 4.19, Sept. 2008.
• Targeted Online Advertising: What’s the Harm & Where Are We Heading?, Berin Szoka & Adam Thierer, Progress on Point 16.2, April 2009.
• Privacy Polls v. Real-World Trade-Offs, Berin Szoka, Progress Snapshot 5.10, Oct. 2009.
• The Benefits of Online Advertising & Costs of Privacy Regulation, Berin Szoka & Mark Adams, PFF Working Paper, Nov. 8, 2009.
• Benefits of Online Advertising, Berin Szoka, Mark Adams, Howard Beales, Thomas Lenard & Jules Polonetsky, PFF Capitol Briefing, July 2009.
• Public Option for Press Should Get the Red Pen, Adam Thierer, The Daily Caller, Jan. 12, 2010.

“Schools in Beijing are quietly removing the Green Dam filter, which was required for all school computers in July, due to complaints over problems with the software,” notes this Reuters report. Even though China backed down on their earlier requirement to have the Green Dam filter installed on all computers, according to Reuters “schools were still ordered by the Ministry of Industry and Information Technology to install the web filter, which Chinese officials said would block pornography and other unhealthy content.”  The Reuters article mentions a notice carried on the home page of one Beijing high school that reads: “We will remove all Green Dam software from computers in the school as it has strong conflicts with teaching software we need for normal work.”  The article also cites a school technology director, who confirmed that the software had been taken off most computers, as saying “It has seriously influenced our normal work.”

Ironically, many educators and librarians in the United States can sympathize since they currently live under similar requirements.  Under the Children’s Internet Protection Act (CIPA) of 2000, publicly funded schools and libraries must implement a mandatory filtering scheme or run the risk of losing their funding. As the Federal Communications Commission summarizes:

[CIPA] imposes certain types of requirements on any school or library that receives funding for Internet access or internal connections from the E-rate program… Schools and libraries subject to CIPA may not receive the discounts offered by the E-rate program unless they certify that they have an Internet safety policy and technology protection measures in place. An Internet safety policy must include technology protection measures to block or filter Internet access to pictures that are: (a) are obscene, (b) child pornography, or (c) harmful to minors (for computers that are accessed by minors).

Of course, nobody wants kids viewing porn in schools, but CIPA has been know the block far more than that and has become a real pain for many educators, librarians, and school administrators who have to occasionally get around these filters to teach their students about legitimate subjects. Anyway, I just find it ironic that some American lawmakers have been making a beef about mandatory Internet filtering by the Chinese when we have our own mandatory filtering regime right here in the states. For example, back in late June, U.S. Secretary of Commerce Gary Locke and U.S. Trade Representative Ron Kirk sent a joint letter to their Chinese counterparts “urging China to revoke a proposed rule (Circular 226) that would mandate that all computers produced and sold in China pre-install a widely-criticized Chinese Internet filtering program called Green Dam.”  Meanwhile, a congressional resolution was introduced by Rep. David Wu (H.Res. 590) “expressing grave concerns about the sweeping censorship, privacy, and cybersecurity implications of China’s Green Dam filtering software, and urging U.S. high-tech companies to promote the Internet as a tool for transparency, freedom of expression, and citizen empowerment around the world.”

These policymakers are correct to fear government-directed filtering schemes, but why isn’t anyone mentioning the filtering mandates we already have on the books right here in the United States?

Last year, my PFF colleague Adam Thierer asked whether State AGs + NCMEC = The Net’s New Regulators? Adam noted that NCMEC, the National Center for Missing and Exploited Children, a private non-profit organization, was playing a law enforcement role in regulating child pornography—but without any clear mechanisms for ensuring its accountability and effectiveness. Adam’s point wasn’t just that transparency is a good thing, but that when it comes to a cause as important as protecting children from exploitation, it’s vital to ensuring that we’re that we’re actually doing a good job at it!

Yesterday, Emmanuel Lazaridis commented on that post:

Given the increasing regulatory and investigative powers of the NCMEC, it is no longer clear whether or not the [Freedom of Information Act] applies to NCMEC records. We are about to find out. I am right now bringing a case against the NCMEC in federal court for access to records under the FOIA and, failing that, for discovery under 28 U.S.C. § 1782(a).

Mr. Lazaridis’s complaint in the D.C. District Court claims that Lazaridis (a Greek national) has been unfairly deemed a fugitive from U.S. justice for having taken his daughter to Greece over the objections of the girl’s American mother, Lazaridis’s ex-wife. NCMEC got involved by placing the girl on their MissingKids.com registry of abducted children. Lazaridis wants the court to recognize his custody, deem him not to be a fugitive, and to order NCMEC to turn over all their records on the girl.

This is, of course, just one side of the story (and such cases are usually so complicated as to be indecipherable to outsiders). But even if Lazaridis’s case were wholly without merit, his basic argument would be a sound one: Why shouldn’t NCMEC, in exercising any of its essentially governmental functions, be subject to the same accountability requirements through FOIA as the FBI would be?

When the issue is the Lazaridis family’s trans-Atlantic custody battle, it may seem easy to ignore this question. But when NCMEC is essentially making policy regarding filtering Internet content, blacklisting websites, turning over user logs to law enforcement, or “cleaning up” Craigslist, the question of NCMEC’s accountability under FOIA cannot be avoided as a critical decision about the future of Internet governance.

On heels of Adam’s piece last year, controversialist Chris Soghoian suggested one answer: Given its status as a sacred cow, we cannot expect any politician pay heed to calls to overhaul NCMEC or subject it to oversight. However, what we can do, is call for the nationalization of the National Center for Missing and Exploited Children.

Think of it this way: We have a drug czar, a war czar, a copyright czar, and will likely have a cybersecurity czar and car czar under the next administration. Why not throw a child porn czar into the mix? Nationalize NCMEC, make all of its workers federal employees, with good health care and job security, and perhaps even expand its budget–after all, it does good work, right? NCMEC’s job is simply too important to be entrusted to a nonprofit group–such a task can only be performed by a fully trained and funded law enforcement agency (one, which conveniently enough, is subject to the Freedom of Information Act, congressional oversight, and constitutional requirements for due process.)

Despite my differences with Chris, he’s often right and may be here, too. He’s certainly right that Congress is unlikely to address the problem of NCMEC’s accountability given the sensitivity of the issue of child protection.

But, fortunately, we live in a republic, not a pure democracy: Our third branch of government, the courts, exists to enforce the rule of law; being somewhat insulated from political pressure, the courts provide a final check on the authority even of the almighty NCMEC. So while Chris’s nationalization proposal might well be the ideal solution, it hasn’t happened yet—nine months later to the day, and it’s probably not high on the Obama administration’s list of czarist reforms.

But simply by ordering NCMEC to comply with FOIA, the Lazaridis court could, with the stroke of a pen, bring accountability to NCMEC’s law enforcement functions. The legal question is simple: Does NCMEC qualify as an “agency,” which FOIA defines as an “authority of the Government of the United States?”

If so, NCMEC must not only respond to requests for certain of its “records,” but it must also follow a rule-making process akin to that required of federal agencies when they make policy decisions, offering the public appropriate notice and the opportunity to comment on proposed regulations—instead of, say, threatening Internet companies behind closed doors (sometimes the same companies that later make generous donations to NCMEC) or cutting deals with state attorneys general.

It turns out that this is not a new issue. Federal courts have had to decide whether a number of quasi-governmental entities qualify as “agencies” over the years, especially given the trend towards privatization over the last three decades. Some organizations, like the Smithsonian Institution, have decided to comply with FOIA even though courts have held that they’re not required to do so. NCMEC could have allayed all these concerns years ago by doing the same thing, but absent a change in management at the organization, it seems only a court order will force the organization to open its “black box” of decision-making to public inquiry.

In a number of other circumstances, courts have required nominally private organizations to comply with the federal FOIA or its state equivalents. A thorough (if dated) treatment of this issue can be found in the 1999 law review article, Privatization and the Freedom of Information Act: An Analysis of Public Access to Private Entities Under Federal Law by Craig Feiser, Florida’s deputy solicitor general and an adjunct at FSU Law. Feiser explains:

When Congress amended FOIA in 1974, it added section 552(f)(1) and broadened the definition of “agency” to include entities not explicitly mentioned under the APA, but which “perform governmental functions and control information of interest to the public.”

In deciding whether a private organization qualifies as an agency subject to FOIA, courts have considered two factors.

One factor asks whether the entity has substantial independent authority in performing a function of the government, making it the functional equivalent of the government. The other factor asks whether the government substantially controls the entity’s day-to-day operations or organizational framework. In using either factor, the court is essentially asking to what degree the entity is performing a government function. In one case, the government is pulling nearly all of the strings; in the other case, the entity is making decisions independently for the government.

Financially, NCMEC is largely a creature of government: 70% of NCMEC’s $42 million budget in 2007 came from the government. But as Feiser notes, funding does not always mean control. Government control over NCMEC’s internal decisions is unclear. Indeed, the very lack of government control over an organization essentially regulating the Internet and imposing criminal sanctions that could follow convicted “sex offenders” for life would by itself be an enormous problem.

But given what NCMEC actually does, it obviously qualifies as an “agency” subject to FOIA under the “functional equivalence factor,” which as Feiser explains,

basically represents the opposite situation from the control factor. Here, the entity is functioning independently, but making decisions for the government, as opposed to having its decisions made by the government. In effect, it is the functional equivalent of the federal government, and, therefore, it should be an “agency” under the FOIA.

I’ll be watching the Lazaridis case closely, hoping that the court sees NCMEC for what it is: a private organization tasked with implementing not just any government function, but the enforcement of laws against the most vulnerable victims in society. Absent such a recognition, NCMEC will continue to grow into an unaccountable regulator for the Internet.

Today, the only public oversight of NCMEC required by law is the requirement that NCMEC (like any non-profit with federal tax-exempt 501(c)(3) non-profit status) file a Form 990 each year disclosing basic information about its finances. That report does not list NCMEC’s donors, because donors have a First Amendment right to remain anonymous, but a more transparent organization would, like my own think tank, at least identify its major donors. The 2006 and 2007 Form 990s do reveal a few interesting things, though, about what NCMEC does with its budget (70% of which comes from the taxpayer):

• NCMEC’s CEO, Ernie Allen, was paid $359,191 plus $411,636 in benefits in 2006 (PDF p. 46) and $409,821 plus $426,540 in benefits in 2007 (PDF p. 19), for a total of $1.6 million in two years (roughly $800,000/year);
• Not counting Allen, NCMEC spent $778,564 on its top five highest-paid employees in 2006 ($155,713/employee), and $875,657 in 2007 ($175,131/employee) (PDF p. 10 in both);
• 31% of NCMEC’s 2006 revenues and 35% of its 2007 revenues went to salaries (PDF pp. 1 & 2 in both); and
• NCMEC had 104 employees paid over $50,000 in 2006 (PDF p. 10) and 116 in 2007 (PDF p. 10).

I’d be reluctant to suggest that anyone at NCMEC was more interested in money than in protecting children, but if given the choice, we’d all prefer to do well while doing good. So if Allen were smart, he’d realize that a court order subjecting NCMEC to FOIA might be the best of all possible worlds: Requiring real accountability would neutralize calls for nationalizing NCMEC, allowing the organization to continue operating as a non-profit that can pay quite a bit better than the Federal civil service. Even the Senior Executive Service, for agency heads, maxes out at a measly $177,000/year.

Of course, if NCMEC’s records and decisions to regulate the Internet were subject to FOIA, the organization might not be able to… “convince” the Internet companies it essentially regulates to write large checks to NCMEC. But even this tax-hating libertarian would be hard-pressed to argue against funding the enforcement of laws against child pornography, abduction and exploitation with taxpayer dollars.

As the grandson of an FBI agent, whose framed credentials hang in a place of pride in my office (stamped “RETIRED” after his 25 years of loyal service), I can’t help but wonder how many more agents the FBI could employ to combat child porn with an extra $1.6 million/year in funding (the salary of Allen and NCMEC’s top-five highest paid employees). It seems that FBI agents today make roughly $48,000-87,000/year. Let’s call it an average of $67,500 and throw in 20% for overhead. That works out to $81,000/year—or:

• 20 new agents for what NCMEC is paying its top six employees; or
• 368 new agents for the $29.82 million NCMEC received in government support in 2007.

I’m sure the solution is far more complicated than simply hiring more FBI agents, and that NCMEC does much good work in the service of a noble cause. But until NCMEC is either nationalized as a direct arm of law enforcement or made significantly more accountable as a private organization, we won’t really have any way of knowing whether the money being spent on NCMEC is being spent in the most effective manner possible to deal with the problems of child pornography, abduction and exploitation. We also won’t know whether draconian alternatives to direct enforcement ( e.g., hiring more FBI agents) like network-level filtering mandates are truly necessary, despite their unintended consequences for the free speech and privacy rights of law-abiding Internet users.

As Berin mentioned last week, we have a new paper out on proposals to expand the Children’s Online Privacy Protection Act (COPPA) of 1998.   We generically refer to those COPPA-expansion efforts as “COPPA 2.0.” Hence, the title of our paper: “COPPA 2.0: The New Battle over Privacy, Age Verification, Online Safety & Free Speech.”  To recap what Berin already noted, in the name of improving online child safety, some legislators and state attorneys general (AGs) are advocating the expansion of COPPA’s “verifiable parental consent” model of age verification before certain sites or services may collect, or enable the sharing of, personal information for children.

Unlike “COPPA 1.0,” however, which only applied to children under the age of 13, “COPPA 2.0” would apply to all minors up to age 17.  Moreover, the range of sites covered by the new law would generally be expanded to include just about any site or service with social networking functionality.

Since Berin has already summarized our general concerns with efforts to expand COPPA’s “verifiable parental consent” online age verification system to cover more online users and sites, I thought I would focus here on what I believe will be the most controversial (and important) part of our paper — our discussion about how COPPA 2.0 affects the speech rights of both adults and adolescents.

Remember COPA?

To understand why COPPA expansion will raise serious First Amendment issues, we first need to step back and recall the legal battle over the Children’s Online Protection Act (COPA), another 1998 law sometimes confused with COPPA.  Both COPPA and COPA rest on a stratification of users by age, but the approach of the two laws is very different: While COPPA requires age verification if content is “directed at” minors under age 13, COPA would have required that all website operators restrict access to material deemed “harmful to minors” by minors under the age of 17 and therefore requires age verification of all users who attempt to access such content (in order to identify minors). COPPA is focused on certain kinds of potentially harmful contacts while COPA is focused on potentially harmful content.

But by expanding the age range of COPPA to include adolescents, COPPA 2.0 proposals essentially converge with COPA, reaching the same practical consequence: age verification mandates for large numbers of adults as users (not as parents). Only the scope of sites covered by the laws is different: under COPA, sites deemed “harmful to minors,” and, under COPPA 2.0, adolescent-oriented or certain social networking sites. Thus, to the extent that COPPA 2.0 proposals require age verification of adults, they would be subject to constitutional attacks similar to those against COPA.  But COPPA 2.0 proposals would also burden the rights of adults to communicate with adolescents and the free speech rights of adolescents.

Finally, the fact that COPPA (like COPA) applies only to commercial sites would do little to protect it from constitutional attack, because in a world of user-generated content, the commercial nature of a site has little to do with the commercial/non-commercial nature of the speech carried on it. For example, obviously commercial sites like MySpace and Facebook serve as platforms for a wide variety of not-for-profit and political communications.

How COPPA 2.0 Would Impact the Free Speech Rights of Adults

After a decade-long court battle over the constitutionality of COPA, the U.S. Supreme Court in January 2009 rejected the government’s latest request to revive the law, meaning it is likely dead. Three of the key reasons the courts struck down COPA would also apply to COPPA 2.0 proposals.

(1) First, like COPA, COPPA  2.0 would raise burden the speech rights of adults to access information subject to age verification requirements, both by making speech more difficult and by stigmatizing it.  In 2003, the Third Circuit noted that age verification requirements “will likely deter many adults from accessing restricted content, because many Web users are simply unwilling to provide identification information in order to gain access to content, especially where the information they wish to access is sensitive or controversial.” In 2008, in striking down COPA for the third and final time, the Third Circuit approvingly quoted the district court, which had noted that part of the reason age verification requirements deterred users from accessing restricted content was “because Internet users are concerned about security on the Internet and because Internet users are afraid of fraud and identity theft on the Internet.” The district court had held that: “Requiring users to go through an age verification process would lead to a distinct loss of personal privacy” by threatening their anonymity.

By imposing broad age verification requirements, COPPA 2.0 would restrict the rights of adults to send and receive information anonymously just as COPA did. If anything, the speech burdened by COPPA 2.0 deserves more protection, not less, than the speech burdened by COPA: Where COPA merely burdened access to content deemed “harmful to minors” (viz., pornography), COPPA 2.0 would burden access to material by adults as well as minors not because that material is harmful or obscene but merely because it is “directed at” minors! Thus, the content covered by COPPA 2.0 proposals could include not merely pornography, but communications about political nature, which deserved the highest degree of First Amendment protection.

(2) Second, like COPA, COPPA expansion threatens the speech rights of website operators. The necessary corollary of blocking adults from accessing certain content anonymously — and thereby deterring some users from accessing that content — is that COPPA 2.0, like COPA, would necessarily reduce the audience size of websites subject to age verification mandates. Furthermore, such mandates would encourage websites to self-censor themselves to avoid offering content they fear could be considered “directed at” adolescents because doing so might subject them to an age verification mandate — or to legal liability if they fail to implement age verification. The substantial cost of age verification could significantly impact, if not make impossible, the business models of many personal information-collecting (PI) sites, which generally do not charge for content and rely instead on advertising revenues. The Third Circuit cited all of these burdens on the free speech rights of website operators in striking down COPA.

(3) Third, less restrictive alternatives are available to COPPA 2.0, just as they were for COPA.

The Third Circuit drew on the Supreme Court’s 2004 decision striking down COPA on the grounds that “blocking and filtering software is an alternative that is less restrictive than COPA, and, in addition, likely more effective as a means of restricting children’s access to materials harmful to them.” Similarly, parental control software already empowers parents to restrict their kids’ access to PI-collecting sites. (It’s particularly easy for parents to restrict access to the leading social networking sites that seem to be driving so much of the push for COPPA 2.0, so that their kids.)

Thus, the free speech rights burdened COPPA 2.0 proposals are at least as important as those burdened by COPA, and blocking software already empowers parents to restrict their kids’ access to PI-collecting sites, just as it allows parents to restrict access to pornography. Of course, if COPPA 2.0 laws were actually enacted and subject to legal challenge, the outcome of the case would depend largely on the level of constitutional scrutiny involved. COPPA 2.0 advocates might argue that, whatever the rights at stake, a lower level of constitutional scrutiny should apply because COPPA 2.0 does not target a special category of content. If true, this could mean that, although age verification mandates to restrict access to “harmful” material are unconstitutional, far more sweeping mandates restricting access to non-harmful information could be constitutional. Such inconsistency is indeed a perverse consequence of the fact that our First Amendment jurisprudence focuses not on the rights at stake, but on whether a regulation is “content-neutral” in deciding what level of scrutiny to apply—which, in turn, often determines the outcome of the case. But in this case, COPPA 2.0 proposals likely would be subject to strict scrutiny to the extent that they are, like COPA, focused on a certain category of content: that “directed at” adolescents (rather than “harmful to minors”).

Legislators who attempt to escape strict scrutiny by defining the scope of their bill not by its targeted audience but by reference to specific functional capabilities (in the definition of “social networking site”) will likely find that a court will see through such window-dressing: If they recognize that such bills are nonetheless aimed at a certain category of adolescent-oriented content, they will apply strict scrutiny anyway. But even under intermediate scrutiny, COPPA 2.0 proposals would be subject to serious attack.

Minors Have Speech Rights, Too!

In addition, in COPPA 2.0 approaches, the government would restrict the ability of adolescents to access content, not because it could be harmful to them or because it is obscene, but merely because it is “directed to” them. While the First Amendment rights of minors may not be on par with those of adults, adolescents do have the right to access certain types of information and express themselves in certain ways. The Supreme Court has held (in Planned Parenthood of Cent. Mo. v. Danforth) that “constitutional rights do not mature and come into being magically only when one attains the state-defined age of majority.” It remains unclear how an expanded COPPA model might interfere with the First Amendment rights of adolescents, but it is clear that privacy and speech rights would come into conflict under COPPA 2.0, as they do in other contexts.

For example, how might the parental-consent based model limit the ability of adolescents to obtain information about “safer sex” or how to deal with trauma, depression, family abuse, or addiction. Would an abusive father authorize a teen to visit a website about how to report child abuse? Would a parent of an adolescent struggling with their sexual identity let their kid participate in a self-help social networking page for gay and lesbian youth? What rights are at play here and how do we reconcile them?

Maintaining the ability of kids to participate online interactions goes beyond content that most people would recognize as “serious”—from the perspective of both First Amendment values and the education of children. As a recent MacArthur Foundation study of the online youth Internet use concluded:

Contrary to adult perceptions, while hanging out online, youth are picking up basic social and technological skills they need to fully participate in contemporary society. Erecting barriers to participation deprives teens of access to these forms of learning. Participation in the digital age means more than being able to access “serious” online information and culture.

It was at least in part in recognition of such difficult First Amendment questions that Congress removed the requirement in the initial legislative draft of COPPA that would have required PI-based sites to “use reasonable efforts to provide the parents with notice and an opportunity to prevent or curtail the collection or use of personal information collected from children over the age of 12 and under the age of 17.”

Even if parents have an absolute right to block their adolescents’ access to such data, they can already exercise that right by applying strict controls on the computers in their home. COPPA 2.0 proposals go well beyond recognizing this right by setting the default to “parental consent required” for adolescents to access a wide range of content—meaning that parents must “opt-in” on behalf of their children before their children can participate in PI-collecting sites. This, in turn, burdens the ability of adolescents to communicate, because their parents might censor (rightly or wrongly) certain information, or simply fail to understand the technologies involved or to be actively engaged. But whatever the free speech rights of adolescents, if anyone should be interfering with those rights, it should be their parents — not the government.

Some parents may object that, however effective parental control software may be in the home, it does not allow parents to control what their kids’ access outside the home. This argument is understandable on some level, but in the end, it amounts to a demand that roadblocks be put up everywhere for the sake of particularly sensitive parents at the expense of everyone else in society, including potentially huge numbers of adult users — and of online anonymity in general.

But Illinois’s COPPA 2.0 proposal goes even further, not merely expanding COPPA to cover a particular variety of social networking sites, but requiring that such sites “allow the parent or guardian of the minor unrestricted access to the profile webpage of the minor at all times.” Congress considered just such a parental access mandate in the initial draft of COPPA legislation back in 1998, but ultimately removed it from the final version of the legislation, apparently because even some of COPPA’s supporters worried, given the bill’s initial application to the 13-16 age bracket, that “The establishment of a parental right to access all personal information about a teenager may intrude on older minors’ privacy, rather than protect.”

What about Communication between Adolescents & Adults?

Finally, COPPA 2.0 could infringe on the free speech rights of adults to communicate with adolescents online by driving PI-collecting sites to segregate users by age or to attempt to block access by adolescents. The vast majority of adult-minor interactions online are not of a harassing or predatory nature—indeed, they generally involve adults looking to help or assist minors in various ways. As the MacArthur Foundation study cited above concluded:

In contexts of peer-based learning, adults … have an important role to play, though it is not the conventionally authoritative one. In friendship-driven practices, direct adult participation is often unwelcome, but in interest-driven groups we found a much stronger role for more experiences participants to play. Unlike instructors in formal educational settings, however, these adults are passionate hobbyists and creators, and youth see them as experienced peers, not as people who have authority over them. These adults exert tremendous influence in setting communal norms and what educators might call “learning goals,” though they do not have direct authority over newcomers.

A substantial portion of those interactions involve parents talking to their own kids, older and younger siblings communicating with one another, teachers and mentors talking to their students, or even co-workers of different ages communicating. Even when adult-minor communications involve complete strangers, there is typically a socially-beneficial purpose. Think of two people — one an adult and one a minor — debating politics on a discussion board, or creating a Wikipedia entry together. What about a presidential campaign website that involves millions of volunteers of all ages communicating and collaborating to a common purpose? There are countless other examples. How would such interactions be affected by COPPA 2.0? Restricting such interactions would raise profound First Amendment concerns about freedom of speech as well as of association.

In any First Amendment analysis, a court must consider not only the free speech rights at stake and the availability of less restrictive alternatives to regulation, but the governmental interest being advanced. Again, neither COPPA nor the COPPA 2.0 proposals discussed herein (e.g., the New Jersey and Illinois proposals) requires exclusion of older users from a website, nor directly governs the sharing of personal information among users (where that sharing does not also constitute collection by the site itself). But separation of adolescents from adults is likely to be an indirect effect of COPPA 2.0 requirements—as COPPA 2.0 advocates probably realize—because, once PI-collecting sites are required to age-verify users, they will face reputational, political and potentially legal pressure to make interactions between adolescents and children more difficult in the name of “child safety.” More subtly, if PI-collecting site operators have an incentive to avoid being considered “directed at” adolescents, they will also have an incentive to discourage adolescent participation on their site—which achieves a similar result.

Here, one must further ask if attempting to quarantine children from adults (however indirectly) actually advances, on net, a strong governmental interest in child protection. Such a quarantine is unlikely to stop adults with truly nefarious intentions from communicating with minors, as systems designed to exclude participation by adults in a “kids-only” or “adolescents-only” area can be easily circumvented. Given the lack of strong identity records for minors, it’s much easier for an adult to pretend to be a minor than vice versa. The effect of age stratification on truly bad actors is likely to be marginal at best—or harmful at worst: Building walls around adolescents through age-verification might actually make it easier for predators to target teens, since a predator who gains access to a supposedly teen-only site will be less likely to be exposed as a predator by targeting an adult they think is a teen. So for the sake of marginal (if any) gains in child protection, would we not be excluding beneficial interaction between adults and minors?

To hear some of the advocates of COPPA 2.0 talk about how teens currently behave online, one might think that online environments in which adolescents were left to their own devices—imagine a “Teen MySpace” for the 13-17 crowd, walled off from the rest of MySpace—would be far worse, perhaps an online version of Lord of the Flies. These concerns are clearly exaggerated: The critics frequently complain about “the way kids talk to each other these days” while looking at their own past adolescent banter with rose-colored lenses. What is clear is that adolescents (and young adults) behave better in online environments where adults are present, too. Perhaps the best demonstration of this fact has been the uproar from adolescents and young adults that has accompanied Facebook’s explosive growth in popularity among older users in recent months. Many kids hate the idea of adults joining Facebook precisely because the presence of adults encourages kids to “self-regulate” by exercising better judgment and following better netiquette.

Anne Collier, founder and executive director of the child safety advocacy organization Net Family News, Inc. and editor of NetFamilyNews.org and ConnectSafely.org, suggests that the push for “segregation” by age (e.g., creating a teen-only version of Second Life) for safety’s sake is “losing steam” because:

it’s a response to the predator panic teens and parents have been subjected to in U.S. society, not to the realities of youth on the social Web. What nearly a decade of peer-reviewed academic research shows is that peer-to-peer behavior is the online risk that affects many more youth, the vast majority of online kids who are not already at-risk youth offline. Segregating teens from adults online doesn’t address harassment, defamation, imposter profiles, cyberbullying, etc. It may help keep online predators away from kids (even though online predation, or abuse resulting from online communication, constitutes only 1% of overall child sexual exploitation…), which is a great outcome, but it’s not enough unless all that parents are worried about is predators.

Collier discusses the particularly acute problem of “actual or perceived sexual orientation and gender expression,” which the Salt Lake Tribune has noted are “two of the top three reasons secondary school students said their peers were most often bullied at school.” This kind of harassment recently attracted widespread public attention after two 11-year-old boys committed suicide after experiencing anti-gay harassment and bullying at school. Nationwide, “Lesbian, gay, bisexual, transgender and questioning youth are up to four times more likely to attempt suicide than their heterosexual peers.” This child safety risk is painfully real, with anti-gay harassment being only its most obvious form. But “segregating” teens from adults seems likely to aggravate this problem by removing adults from the mix as a potential source of discipline.

Of course, adults play a critical role in disciplining interaction among the 0-12 age bracket, but not as direct participants in on-site interaction. Again, how many adults actually want to use Club Penguin? Instead, parents can supervise what their kids do online through parental control software. Parents could, of course, use that same software to monitor what their adolescent kids do, too. But as kids get older, most parents realize that the training wheels have to come off at some point. Few parents will want to spy on their 17-year old until the day before the kid starts college (or enlists in the military or gets married). But most parents probably would prefer that, if their kids are interacting in an online environment, they think twice about what they do and say online. It is by no means clear that restricting online interaction between teens and adults will serve that end.