Ladar Levison, founder of encrypted email service Lavabit, discusses recent government action that led him to shut down his firm. When it was suspected that NSA whistleblower Edward Snowden used Lavabit’s email service, the FBI issued a National Security Letter ordering Levison to hand over SSL keys, jeopardizing the privacy of Lavabit’s 410,000 users. Levison discusses his inspiration for founding Lavabit and why he chose to suspend the service; how Lavabit was different from email services like Gmail; developments in his case and how the Fourth Amendment has come into play; and his involvement with the recently-formed Dark Mail Technical Alliance.

Download

Related Links

• Lavabit, Levison
• Dark Mail, Zimmerman, Callas, Janke, Levison
• Lawyers raise civil liberty concerns in Lavabit case, Salon
• Lawyers for Lavabit founder: judges may dismiss civil liberties concerns, The Guardian

Last week on his personal blog, Peter Fleischer, Global Privacy Counsel for Google, posted an interesting essay entitled “We Need a Better, Simpler Narrative of US Privacy Laws.” Fleischer says that Europe has done a better job marketing its privacy regime to the world than the United States and argues that “The US has to figure out how to explain its privacy laws on the global stage” since “Europe is convincing many countries around the world to implement privacy laws that follow the European model.” He notes that “in the last year alone, a dozen countries in Latin America and Asia have adopted euro-style privacy laws [while] not a single country, anywhere, has followed the US model.” Fleischer argues that this has ramifications for long-term trade policy and global Internet regulation more generally.

I found this essay very interesting because I deal with some of these issues in my latest law review article, “The Pursuit of Privacy in a World Where Information Control is Failing” (Harvard Journal of Law & Public Policy, vol. 36, no. 2, Spring 2013). In the article, I suggest that the U.S. does have a unique privacy regime and it is one that is very similar in character to the regime that governs online child safety issues. Whether we are talking about online safety or digital privacy, the defining characteristics of the U.S. regime are that it is bottom-up, evolutionary, education-based, empowerment-focused, and resiliency-centered. It focuses on responding to safety and privacy harms after exhausting other alternatives, including market responses and the evolution of societal norms.

The EU regime, by contrast, is more top-down in character and takes a more static, inflexible view of privacy rights. It tries to impose a one-size-fits-all model on a diverse citizenry and it attempts to do so through heavy-handed data directives and ongoing “agency threats.” It is a regime that makes more sweeping pronouncements about rights and harms and generally recommends a “precautionary principle” approach to technological change in which digital innovation is more “permissioned.”

Put simply, the U.S. regime is reactive in character while the E.U. regime is more preemptive.  The U.S. system focuses on responding to safety and privacy problems using a more diverse toolbox of solutions, some of which are governmental in character while others are based on evolving social and market norms and responses. To be clear, law does enter the picture here in the U.S., but it does so in a very different way than it does in the E.U.  Fleischer actually explains that point quite nicely in his essay:

[W]hat is the US model?  People in the privacy profession know that the US has a dense “patchwork” model of privacy laws: every individual US State has numerous privacy laws, the Federal government has numerous sectoral laws, and numerous other “non-privacy” laws, like consumer protection laws, are regularly invoked in privacy matters.  Regulators in many corners of government, ranging from State attorneys general, to the Federal Trade Commission, and armies of class action lawyers inspect every privacy issue for possible actions.

Indeed, in my new law review article, I summarize the litany of cases the FTC has brought recently on the data security and privacy front using its authority under Section 5 of the Federal Trade Commission Act to police “unfair and deceptive” practices. State AGs are active on this front as well, and there is plenty of class action activity every time there’s a privacy or data security screw-up.

Meanwhile, public officials continue to work collaboratively with privacy advocates, corporations, and educators to develop better education and awareness-building efforts, including “best practices” on safety, security, and privacy issues.

For more details on this U.S. model, please consult pages 436-454 of my article, in which I provide a comprehensive overview of what I refer to as America’s “3-E Approach” to dealing with online safety and digital privacy concerns. The “3-Es” refer to education, empowerment, and targeted enforcement of existing legal standards. As I note in the article:

[America’s “3-E Approach”] does not imagine it is possible to craft a single, universal solution to online safety or privacy concerns. It aims instead to create a flexible framework that can help individuals cope with a world of rapidly evolving technological change and constantly shifting social and market norms as they pertain to information sharing.

But what frustrates Fleischer is that the U.S model still doesn’t translate into a simple narrative for international audiences:

How on earth do you explain US privacy laws to an international audience?  How do you explain the role of class action litigation to people in countries where it doesn’t even exist?  The US privacy law narrative is convoluted. That’s a pity, since almost all of the global privacy professionals with whom I’ve discussed this issue agree with me that the sum of all the individual parts of US privacy laws amounts to a robust legal framework to protect privacy.  (I didn’t say “perfect”, since laws never are, and I’m not grading them either.) By contrast, Europe’s privacy narrative is simple and appealing.  Its laws are very general, aspirational, horizontal and concise.  Critics could say they’re also inevitably vague, as any high-level law would have to be.  But, like the US Bill of Rights, they have a sort of simple and profound universality that has inspired people around the world.  And they are enforced (at least, on paper) by a single, identifiable, specialist regulator.

I understand the frustration Fleischer is expressing here regarding how to frame the U.S. model for broader audiences. But the crucial point here is that, as he correctly notes, “the sum of all the individual parts of US privacy laws amounts to a robust legal framework to protect privacy,” even if it is the case that we will never achieve anything near perfection when it comes to online privacy (or online safety for that matter). But it is unfortunate that Fleischer ignores the many other moving pieces at work here that are important to the U.S. system, especially the diverse array of educational and awareness-building efforts as well as the astonishing array of empowerment tools that currently exist to help user protect their privacy to the degree they desire.

Of course, it should also be obvious that the U.S. regime is never going to appeal to a global audience as much as Europe’s privacy regime for the same reason that many other U.S. policy regimes don’t appeal to certain countries or their leaders: Our systems aren’t regulatory enough in character for them! But while those top-down, centralized, preemptive regulatory regimes will almost always be more “aspirational, horizontal and concise” — and, therefore, have greater appeal to activist-minded lawmakers and regulators — that also means those regimes will likely leave less breathing room for social evolution (i.e., evolving norms about safety and privacy) and economic innovation (new digital goods and services that potentially disrupt those regulatory expectations). That has real consequences for long-term growth and overall consumer welfare.

Regardless, to the extent we need “a better, simpler narrative for U.S. privacy policy” as Fleischer suggests, I believe we can boil it down to a few words: bottom-up, evolutionary, flexible, and reactive. What this means for public policy is clear: We need diverse tools and solutions for a diverse citizenry, while leaving plenty of breathing room for ongoing innovation and the evolution of social norms and market responses. Whether it’s online safety or digital privacy, public policy should take into account the extraordinary diversity of citizen needs and tastes and leave the ultimate decision about acceptable online content and interactions to them. We should look to educate and empower citizens so that they can make decisions about their online safety and privacy for themselves so that policymakers are not constantly trying to make decisions on their behalf.

This is a model worth defending, even if it is sometimes hard to delineate its contours.  Please read my HJLPP article for a fuller exploration of that model and a defense of it.

I have always found it strange that the ACLU speaks with two voices when it comes to user empowerment as a response to government regulation of the Internet. That is, when responding to government efforts to regulate the Internet for online safety or speech purposes, the ACLU stresses personal responsibility and user empowerment as the first-order response. But as soon as the conversation switches to online advertising and data collection, the ACLU suggests that people are basically sheep who can’t possibly look out for themselves and, therefore, increased Internet regulation is essential. They’re not the only ones adopting this paradoxical position. In previous essays I’ve highlighted how both EFF and CDT do the same thing. But let me focus here on ACLU.

Writing today on the ACLU “Free Future” blog, ACLU senior policy analyst Jay Stanley cites a new paper that he says proves “the absurdity of the position that individuals who desire privacy must attempt to win a technological arms race with the multi-billion dollar internet-advertising industry.” The new study Stanley cites says that “advertisers are making it impossible to avoid online tracking” and that it isn’t paternalistic for government to intervene and regulate if the goal is to enhance user privacy choices. Stanley wholeheartedly agrees. In this and other posts, he and other ACLU analysts have endorsed greater government action to address this perceived threat on the grounds that, in essence, user empowerment cannot work when it comes to online privacy.

Again, this represents a very different position from the one that ACLU has staked out and brilliantly defended over the past 15 years when it comes to user empowerment as the proper and practical response to government regulation of objectionable online speech and pornography. For those not familiar, beginning in the mid-1990s, lawmakers started pursuing a number of new forms of Internet regulation — direct censorship and mandatory age verification were the primary methods of control — aimed at curbing objectionable online speech. In case after case, the ACLU rose up to rightly defend our online liberties against such government encroachment. (I was proud to have worked closely with many former ACLU officials in these battles.) Most notably, the ACLU pushed back against the Communications Decency Act of 1996 (CDA) and the Child Online Protection Act of 1998 (COPA) and they won landmark decisions for us in the process.

In those and other cases, the ACLU playbook wasn’t just solely focused on a pure First Amendment defense. In other words, they didn’t just say ‘Well, First Amendment values are at stake here, and so all you parents, prudes, and policymakers should just get over your obsession with eradicating online porn.” No, what really won the day for us in these cases was the user empowerment angle. The ACLU rightly noted (and proved in court) that many “less-restrictive means” — filters, monitoring tools, ratings, labels, user education, media literacy, etc. — were available to the public and that those tools and strategies provided compelling alternatives to government regulation. Thus, paternalistic government regulation should yield to those alternatives and the public (namely, parents) should be expected to take responsibility and use those less-restrictive means to protect themselves and their kids. That is the proper approach for a society that cherishes free speech, personal responsibility, and a citizenry with diverse tastes and values.

Not only did the ACLU get courts to agree with this, but the logic of user empowerment as a trump to speech controls became so compelling to justices that in some cases they actually went beyond what free speech advocates had asked or expected, even in non-Internet related decisions. For example, in United States v. Playboy Entertainment Group  (2000), the Court struck down a law that required cable companies to “fully scramble” video signals transmitted over their networks if those signals included any sexually explicit content. Echoing its earlier holding in Reno v. ACLU , the Court found that less restrictive means were available to parents looking to block those potentially objectionable signals in the home. Specifically, the Court argued that:

[T]argeted blocking [by parents] enables the government to support parental authority without affecting the First Amendment interests of speakers and willing listeners—listeners for whom, if the speech is unpopular or indecent, the privacy of their own homes may be the optimal place of receipt. Simply put, targeted blocking is less restrictive than banning, and the Government cannot ban speech if targeted blocking is a feasible and effective means of furthering its compelling interests.

More importantly, the Court held that:

It is no response that voluntary blocking requires a consumer to take action, or may be inconvenient, or may not go perfectly every time. A court should not assume a plausible, less restrictive alternative would be ineffective; and a court should not presume parents, given full information, will fail to act.

The Court endorsed that same logic for video games in the landmark 2011 decision in Brown v. EMA, which struck down a California that prohibited the sale or rental of “violent video games” to minors.

As I noted in my old book on Parental Controls & Online Child Protection , this is an extraordinarily high bar that the Supreme Court has set for policymakers wishing to regulate modern media content or online expression. Not only is it clear that the Court is increasingly unlikely to allow the extension of analog-era content regulations to new media outlets and technologies, but it appears likely that judges will apply much stricter constitutional scrutiny to all efforts to regulate speech and media providers in the future. And we really have to thank the ACLU for getting this user empowerment revolution started because, make no doubt about it, it was that hook that ushered in this amazing jurisprudential revolution — for the Internet, for video games, for new media, for everything.

Sadly, however, the ACLU is now abandoning the user empowerment approach, at least as it pertains to digital privacy regulation.

In Stanley’s latest piece as well as many other ACLU statements on privacy issues, we hear almost nothing about the importance of keeping the Net free of unnecessary regulation or that government regulation should yield to user empowerment. Instead, we are told that citizens cannot be expected to look out for themselves in this way, or that they can’t possibly hope to “win the arms race” against online advertisers. I think that is utter nonsense. The fact of the matter is that it is far, far harder to win “the arms race” against online porn and objectionable speech using user empowerment tools than it is to defeat online advertising or “tracking.”   There exists a very broad array of privacy-enhancing user empowerment tools and strategies today that can help privacy-sensitive individuals attain greater protection. Here’s a big filing I submitted to the Federal Trade Commission documenting just some of what is on the market today. (See Sec. VI). But here’s just a short list of things users can do or install to better enhance their online privacy:

• adjust your browser’s privacy settings to clear out and block the cookies most online ad networks use and utilize private browsing or “incognito” modes to surf the Web more privately;
• download tools to help you manage cookies, blocking web scripts, and so on.  Some of the more notable ones include: Ghostery, NoScript, Cookie Monster, Better Privacy, Track Me Not, and the Targeted Advertising Cookie Opt-Out or “TACO” (all for Firefox); No More Cookies (for Internet Explorer); Disconnect (for Chrome); AdSweep (for Chrome and Opera); CCleaner (for PCs); and Flush (for Mac).
• download AdBlockPlus and block almost all online advertising on most websites, and thus the data collection performed by online cookies. (It remains the most-downloaded add-on for both the Firefox and Chrome web browsers)
• use “ad preference managers” from major search companies. Google, Microsoft and Yahoo! all offer easy to use opt-out tools and educational webpages that clearly explain to consumers how digital advertising works. Meanwhile, DuckDuckGo offers as alternative search experience that blocks data collection altogether.

Again, this list just scratches the surface. New empowerment solutions like these are are constantly turning up. And many other tools and strategies exist that users can tap. See this excellent recent article by Kashmir Hill of Forbes, “10 Incredibly Simple Things You Should Be Doing To Protect Your Privacy.”

Now, let me be clear: These solutions aren’t perfect. There are no silver bullets or simple fixes when it comes protecting our privacy online. But the exact same thing has always been true for objectionable online content. I find that by using tools and strategies such as those listed above, however, you can eliminate most online advertising and data collection from your digital life. By contrast, as good as online safety tools are, a lot more gets through. That’s because what counts as “objectionable content” is notoriously subjective and, therefore, no tool or strategy can ever work perfectly. “Good enough” seems to be the standard we have to accept here. Again, the same can be said for privacy controls, but it is my contention that, relatively speaking, they actually do a better job if you are willing to live with some inconveniences (as can be the case if you are constantly clearing out your cookies and blocking all scripts, some of which may be important for site functionality). But those are trade-offs you need to accept if you want to ensure all ads are blocked or no data is collected. (Of course, once again, the exact same thing is has always been true for objectionable online content. It can be a huge inconvenience for parents and guardians to try to deal with online porn and objectionable content using all those user empowerment tools and strategies, no matter how good they are). Regardless, my argument here is that, contrary to what many advocates of privacy regulation claim, privacy empowerment tools and strategies can be remarkably effective at screening out almost all online advertising and greatly limiting any collection of personal data.

I can imagine that one response to what I have said here is that, regardless of how well the respective classes of user empowerment tools work, privacy “harms” are more serious and deserve greater government scrutiny and regulation than objectionable online speech/content. But that’s a subjective squabble we’ll never be able to definitively answer. Plenty of people would argue the opposite: that exposure to online porn and objectionable speech will do more harm to minors and society than any amount of online advertising or data collection ever would. Personally, I think both harms are grotesquely inflated “technopanics,” as I noted in this 80-page paper on the topic.

I can anticipate another response that goes like this: “Well, what’s wrong with the government doing a little paternalistic nudging if it’s focused on better empowering users?” First, let’s be clear that groups like ACLU, EFF, and CDT did not adopt that position for objectionable online speech/content. And with good reason. They understood that if we invite the government to come in and create and/or mandate the empowerment tools to be used to address the problem, it could serve as a Trojan Horse that policymakers could later use to expand their influence over speech and speech platforms. But why, then, would the same concern not apply to efforts by the government to mandate certain privacy tools or controls? Such a move would serve as the same sort of open-ended invite to the government to come in and meddle more with online networks.

I suspect what this all comes down to is the artificial distinction between speech rights and economic liberties that the ACLU and other groups have made through the years.  If the regulatory proposals are more about speech regulation, then the ACLU and others will say that personal responsibility and user empowerment represent the proper first-order response. But if we are talking about something perceived to be economic regulation (like advertising regulation), then the standard seems to change and all the talk of personal responsibility and user empowerment go right out the window. (Of course, this is just the classic distinction between “civil libertarians” and actual libertarians manifesting itself in a different way. While the two groups share a mutual distrust of government regulation of speech and social affairs, the civil libertarians distrust free markets and invite regulation of them there whereas the actual libertarians do not.)

But let’s ignore all these other issues and ask a different question: What about the precedent ACLU is setting here by saying user empowerment is hopeless when it comes to privacy? It goes without saying that more than a few social conservatives and regulatory-minded child safety organizations may be listening! Don’t be surprised if those folks throw the ACLU’s words back at them next time controls on speech and expression are being contemplated. They will argue that if people are sheep when it comes to protecting their privacy, then they must also be sheep when it comes to protecting themselves and their families from porn and other objectionable things online.

To me, the consistent and principled position here is this: Personal responsibility and user empowerment should be the first-order solution for all these issues. Governments should only intervene when clear harm can be demonstrated and user empowerment truly proves ineffective as a solution. Conjectural fears must not drive Internet regulation. While there are many legitimate online safety privacy concerns out there, we can find better, less-restrictive ways of dealing with them than by inviting greater government controls for cyberspace.

The Parents Television Council (PTC) released a new report today entitled Women in Peril: A Look at TV’s Disturbing New Storyline Trend. The report argues that “by depicting violence against women with increasing frequency, or as a trivial, even humorous matter, the broadcast networks may ultimately be contributing to a desensitized atmosphere in which people view aggression and violence directed at women as normative, even acceptable,” said PTC President Tim Winter.  As evidence the report cites… Nicole Kidman.  OK, it cites more than Nicole Kidman, but the 7-page report and accompanying press release does seem to place a lot of stock in the fact that, while being questioning by a House Foreign Affairs subcommittee hearing about violence against women overseas, “Ms. Kidman conceded that Hollywood has probably contributed to violence against women by portraying them as weak sex objects, according to the Associated Press.”  I’m not sure what Ms. Kidman was doing testifying before Congress on the matter of violence against women overseas — dare I suggest some congressmen were out for another photo-op with a Hollywood celeb? — but the better question is whether Ms. Kidman’s opinion has any bearing on the question of what relationship, if any, there is between televised violence and real-world violence against women. (Incidentally, if she really feels passionately about all this, is she prepared to go back and recut some of her old scenes in “Dead Calm,” “To Die For,” and “Eyes Wide Shut“?)

But let’s not nitpick about the credentials Ms. Kidman brings to the table or whether it makes any sense for PTC to elevate her opinions to proof of theory when it comes to a supposed connection between depictions of violence against women in film or television and real world acts of violence against women. PTC, however, suggests that’s exactly what is going on today. They allude to a few lab studies which are of the “monkey see, monkey do” variety — where the results of artificial lab experiments are used to claim that watching depictions of violence will turn us all into killing machines, rapists, robbers, or just plain ol’ desensitized thugs.

There’s just one problem with such studies, and the PTC report:  Reality.  Whatever lab experiments might suggest, the evidence of a link between televised media violence and the real-world equivalent just does not show up in the data. The FBI produces ongoing Crime in the United States reports that document violent crimes trends. Here’s what the data tells us about overall violent crime, forcible rape, and juvenile violent crime rates over the past two decades: They have all fallen.  Perhaps most impressively, the juvenile crime rate has fallen an astonishing 36% since 1995.

Now, let me be perfectly clear about something.  When analyzing such things it is vitally important to recall one of the first rules of statistical analysis: correlation does not necessarily equal causation. This works in both directions. Even if an increase in real-world violence was closely tracking depictions of violence on television or in video games, it wouldn’t necessarily mean there is a connection. But it would also be wrong to state that, on its own, an inverse correlation (with the trends moving in opposite directions) meant that there was absolutely no connection between these things.

At the margin, I believe that some media can have negative impacts on some people. Certainly, in heavy enough doses, watching non-stop depictions of sex or violence probably would have some sort of negative effect on some people — loss of sleep, if nothing else. Perhaps more.

Then again, I just cannot entirely dismiss the real-world evidence being so starkly at odds with the “monkey see, monkey do” theories bandied about by PTC and some researchers or regulatory proponents. At a minimum, the real-world evidence should at least call into question the “world-is-going-to-hell” sort of generalizations made by proponents of increased media regulation, who all too often make casual inferences about the relationship between media exposure and various social indicators. Such a causal relationship is even more dubious today since all Americans, especially youngsters, are surrounded by a much wider variety of media than ever before. Even though television viewing has gone down slightly in recent years, it has been due to the rise of other media substitutes that command the attention of children, including the Internet, cell phones and video games. Overall, therefore, it appears that children are “consuming” as much, if not more, media than ever before. One would think that if depictions of violence in media really were leading to increased aggression among youth it would start showing up in some of these indicators at some point. But that’s just not occurring. [If you’re interested, I’ve discussed all these issues at much greater detail here, here, here, and here.]

Another argument I often here is: ‘Well, the numbers would be even better if not for media violence!’  But there’s just no way to prove that one way or the other. Would the juvenile crime rate be down 46% instead of the 36% decrease we’ve actually since 1995?  I don’t know. Nobody can know. But I certainly hope that media critics and regulatory proponents aren’t so foolish as to suggest that the crime rate would drop to zero if we just forced everybody to watch “Mary Poppins” all day long.

Finally, let’s assume that the PTC is right and that depictions of violence against women are on the rise on TV. I can actually accept that statement. With all the forensic science shows and crime dramas on TV today, it’s clear that some of the plot lines are going to involve people dying in some fashion and many of those people will be women. And yes, some of the depictions will get pretty gritty. “Fringe” and the various “CSI” shows are clearly showing things we didn’t see on “Quincy” back in the day. (Bring back Jack Klugman! He was awesome.)

But, hey, culture has changed.  Envelopes have been pushed a bit.  A little less is left to the imagination.  But most of us can live with that fact.  Indeed, many of us actually enjoy that fact!  And for those who do not share that worldview or who have heightened sensitivities about depictions of violence in TV shows, movies, or games, I would like to tell them that I really do understand and appreciate where they are coming from.

Yet, there are many other ways you can deal with that without forcing us all to forgo content we might enjoy consuming. And, you guessed it, this is where I remind the world for the umpteenth time that I have written a whole book about parental control tools and methods! [The shameless self-promotion never ends here, folks!]  In fact, part of the reason I have invested so much time in that project — and my ongoing efforts to get companies and other third parties to expand the range of tools, ratings, and other information that we have access to — is because I genuinely want to make sure that those individuals and families who have different needs and values than I have the ability to craft their own “household media standard.”   I want each family to be empowered to make media content decisions for themselves such that they can find the media content they want and discard all the rest. Luckily, that is the world we increasingly live in today. Parents have more tools and methods at their disposal to help them decide what constitutes acceptable media content in their homes and in the lives of their children.

I know that some critics including the PTC feel that the tools aren’t good enough, but I just don’t buy it. Sure, there’s always some room for improvement regarding parental control tools and rating systems, but the existing panoply of tools and methods offer families unprecedented control over their media consumption habits. And that includes tools and methods which enable them to find enriching and educational content, which we have more of than ever before.

I understand PTC doesn’t share my worldview on these matters.  But the difference between us is that they want to take something away from me (the right to watch certain types of content) while I want to give something to them (the ability to block that which they find distasteful).  To be fair, however, their report did not rush to the regulatory solution, even though they did call for more hearings and they warn that:

if the television industry is unwilling or unable to take serious steps to reduce or tone down such graphic images, then we will urge the Congress and the FCC, by virtue of their regulatory authority over the public airwaves, to step in and take action.

The problem is, I don’t think PTC will ever rest until all this content is removed from the airwaves altogether, even if millions of Americans actually enjoy that programming.  Again, the better solution is for PTC to work with others to improve the tools and methods available to families to more effectively make this decision for themselves.  I certainly don’t want others making these determinations for my wife and me and our two kids.  We’ve got the job handled, thank you very much.

I’ll be heading to Oxford University this week to participate in an Oxford Internet Institute (OII) forum on the subject of “Child Protection, Free Speech and the Internet: Mapping the Territory and Limitations of Common Ground.”  It’s being led by several experts from the OII as well as my good friends John Morris and Leslie Harris of the Center for Democracy & Technology (CDT).  The aims of this forum are:

• To facilitate a dialogue between NGOs campaigning to protect respectively, child protection and children’s rights online, and freedom of speech and other civil liberties online.
• To promote a better understanding of each others’ positions, to share perspectives and information with a view to identifying areas of common ground and areas of disagreement.
• To identify any shared policy goals, and possible tools to support the achievement of those goals.
• To publicize the findings of the forum in international policy debates about Internet governance and regulation.

Conference participants were asked to submit a 2-3 pg summary of their views on a couple of questions that will be discussed at this event.  I have listed those questions, and my answers, down below the fold.  It’s my best attempt to date to succinctly outline my views about how to balance content concerns and free speech issues going forward. 

What is the nature of your interest or experience in this field?

I have spent the last 18 years covering the intersection of child safety concerns and free speech issues at four different think tanks.  In recent years, I have tied together all my research in a constantly updated Progress & Freedom Foundation special report entitled, “Parental Controls & Online Child Protection: A Survey of Tools & Methods.” The 4^th edition of this 250-page report was released in August.

Are there particular values or principles which underlie your work?

The goal of my research has been to explore the tension between free speech and child protection and to identify methods of striking a sensible balance between these two important values.   It is my hope and belief that we are now in a position to more fully empower parents such that government regulation of content and communications will be increasingly unnecessary.

In the past, it was thought to be too difficult for families to enforce their own “household standard” for acceptable content. Thus, many believed government needed to step in and create a baseline “community standard” for the entire citizenry.  Unfortunately, those “community standards” were quite amorphous and sometimes completely arbitrary when enforced through regulatory edicts.  Worse yet, those regulatory standards treated all households as if they had the same tastes or values—which is clearly not the case in most pluralistic societies.

If it is the case that families now have the ability to effectively tailor media consumption and communications choices to their own preferences—that is, to craft their own “household standard”—then the regulatory equation can and should change.  Regulation can no longer be premised on the supposed helplessness of households to deal with content flows if families have been empowered and educated to make content determinations for themselves.  Luckily, that is the world we increasingly live in today. Parents have more tools and methods at their disposal to help them decide what constitutes acceptable media content in their homes and in the lives of their children.

Going forward, our goal should be to ensure that parents or guardians have (1) the information necessary to make informed decisions and (2) the tools and methods necessary to act upon that information.  Optimally, those tools and methods would give them the ability to not only block objectionable materials, but also to more easily find content they feel is appropriate for their families. In my work, I refer to this as the “household empowerment vision.”

Will we ever be able to achieve a world of perfect parental control over all online content and communications?  That is unlikely since both content and technology will continuously evolve and make that goal elusive. But government regulation of speech should yield where less restrictive alternatives such as household-based controls and strategies exist.  Given the value associated with free speech and the danger of government censorship, these alternatives need not be perfect to be preferable to government regulation.

What are the issues/policies or laws which you see as most problematic in terms of creating or illustrating a conflict between online child protection and free speech?

It is essential that policymakers resist the temptation to extend traditional broadcast industry regulatory statutes and standards to new media outlets and digital technologies.  In a world of media convergence and increasing user empowerment, traditional regulatory rationales make increasingly less sense.  Nonetheless, many ongoing social problems and challenges remain to achieving the “household empowerment vision” I outlined above, including:

• The “lack of awareness” problem: Some parents remain unaware of empowerment tools.
• The “bad parent” problem: Some parents don’t use tools even when aware of them.
• The “bad neighbor” problem: “Good” parents fear what happens when their kids visit other kids with more permissive parents.
• The “generation gap” problem: Kids sometimes know more about new digital technologies than their parents.
• The “technological surprise” problem: Rapid emergence and diffusion of new digital technologies can catch some parents by surprise.
• The “bad corporate actor” problem: Most companies self-regulate, but a handful push the boundaries of good taste in ways that create social concerns that reflect on industry generally.
• The “user-generated content” problem: Even when “professional” content can be managed, it is difficult to control “amateur” expression and creations.
• The “peer-on-peer bullying” problem: While many are concerned about predators, the real online safety problem turns out to be cyber-bullying among peers.

Because of these ongoing social challenges or concerns, legal and regulatory proposals will continue to be put forward. But each has serious downsides:

• Future of filtering: Centralized, network-based or decentralized, user-based?  The former creates serious censorship threats, as we see in China and other repressive states. The latter is more consistent with the household empowerment vision.
• Middleman deputization: Should online intermediaries be required to police the Net for various social ills?  If so, as hand-maidens of the state, they could become over-zealous speech regulators.
• Universal content ratings: Can policymakers mandate unified (or “scientific”) content media ratings?  Doing so puts regulators in a position to dictate content standards—for better or worse.  Moreover, this does nothing to address user-generated “amateur” content.
• Mandatory online age / identity verification: Potentially threatens anonymity, privacy, and free speech rights.  Moreover, to the extent “bad guys” continue to get into “secured” environments it creates a false sense of security for parents and kids.
• Expanded data retention: Although it would help facilitate some law enforcement goals, it also gives rise to new privacy and data breach risks.

Might any of these conflicts be avoidable, e.g. through the use of improved legislative instruments or greater clarity and accountability in processes of self-regulation?

For the above reasons, it makes more sense to put our energies into finding new self-regulatory mechanisms, social norms, and user empowerment strategies to solve ongoing social problems instead of focusing on regulatory solutions or mandates.  Instead of providing greater clarity, legislative instruments are more likely to instead create greater ambiguity, or at least uncertainty, for content creators and consumers alike. This is because, as was noted above, “community standards” are notoriously subjective; they are ham-handed attempts to gloss over the diverse needs and values of a diverse citizenry. By contrast, self-regulation, social norms, and empowerment strategies are evolutionary in character and more responsive to differences among cultures and households.

What are the issues where you think there might be most scope for finding some common ground?

In two words: empowerment and education. Because reliance on legislation is perilously difficult and enforcement of regulatory mandates is complicated (and sometimes impossible in an increasingly borderless world), efforts to better empower families and educate both kids and parents offer the most sensible path forward.  All stakeholders involved in child safety and free speech debates can generally agree that empowerment efforts, media literacy programs, awareness-building programs, and so on, are both effective and unobjectionable.

At the international level, are there certain key principles which we ought to be defending above all others?

Because of the “values clash” at the international level, it’s hard to imagine we’ll ever achieve consensus on some of these issues.  Countries vary widely in their sensitivities about speech, making any attempt to devise “universal principles” complicated.  For example, Europeans generally deride America’s prudish ways when it comes to matters of sexuality or “indecency.”  By contrast, most Americans cannot understand European concerns about “hate speech” or violently-themed media.  Meanwhile, governments in many other parts of the world are still busy trying to quell political or religious dissent.  “Harmonization” among those competing cultural norms remains complicated, therefore, and it would be a mistake if international harmonization was accomplished by sacrificing free speech rights for countries and cultures who cherish them.

Today I was invited to the Federal Communications Commission (FCC) to testify at one of the agency’s Broadband Working Group workshops. This particular workshop was on “Broadband Consumer Context,” which focused on “a range of challenges and opportunities as the internet becomes a focal point for commercial transactions, social networking, and a host of activities pertaining to information gathering and exchange.”

I was asked to address the issue of whether there is a relationship between online safety concerns and broadband uptake. In my testimony, I noted that, in my 15 years of research in this area, I have never unearthed any substantive empirical evidence suggesting a correlation between parental concerns about online activity and overall household broadband uptake. I have seen occasional anecdotal news stories discussing the concerns some parents have had about their kids online that led them to reject online connectivity, but these stories have been exceedingly rare (and I haven’t seen any in recent memory).

I also argued that I did not think it at all surprising that such anecdotes are harder to find, or that empirical evidence on this front seems non-existent. I argued that there were four logical explanations for why parental concerns about online safety haven’t “moved the broadband needle” much in the negative direction:

1. Not every home has children present
2. Parents use a variety of household media rules to control media & Internet usage
3. A vibrant marketplace of parental control technologies exists
4. Likely that most parents believe that the benefits of broadband outweigh the potential downsides

For all the details on each of those, read my entire testimony or check out the presentation embedded below that I made to the FCC today.

Is There a Relationship Between Online Safety Concerns and Broadband Uptake? (Adam Thierer – PFF) http://d.scribd.com/ScribdViewer.swf?document_id=19575851&access_key=key-1igiha619z8f15dm6hg5&page=1&version=1&viewMode=

As anyone who has spent time searching for comments on the FCC’s website can tell you, the agency doesn’t exactly have the most user-friendly website.  In the interest of making it easier for others to read the comments that came in last week in the agency’s “Child Safe Viewing Act” Notice of Inquiry, I have compiled all the major comments (those over 3 or 4 pages) and provided links to them below the fold.

Again, this proceeding was required under the “Child Safe Viewing Act of 2007,” which Congress passed last year and President Bush signed last December. The goal of the bill and the FCC’s proceeding (MB 09-26) is to study “advanced blocking technologies” that “may be appropriate across a wide variety of distribution platforms, including wired, wireless, and Internet platforms.”  I filed 150+ pages worth of comments in this matter last week, and here’s my analysis of why this bill and the FCC’s proceeding are worth monitoring closely.

• Association of National Advertisers (ANA)
• AT&T
• Center for Democracy & Technology (Individual Comments)
• CDT (Joint Comments with other Public Interest Groups)
• Children’s Media Policy Coalition
• Coalition for Independent Ratings
• Comcast
• Common Sense Media
• Consumer Electronic Association (CEA)
• CTIA – The Wireless Association
• Cox Communications
• CustomPlay
• Digimarc Corp
• Digital Watermarking Alliance
• Digital Media Association
• Dish Network
• DirecTV
• Entertainment Software Association (ESA)
• Family Online Safety Institute (FOSI)
• Google (+ attachments A, B, C)
• Motion Picture Association of America (MPAA)
• Microsoft
• NAB + NCTA + MPAA (0n TV Guidelines)
• National Cable & Telecommunications Association (NCTA)
• Progress & Freedom Foundation (PFF)
• Sanyo
• Smart Television Alliance
• Sprint-Nextel
• TiVo
• TV Guardian
• TV Watch
• U.S. Telecom Association
• Verizon & Verizon Wireless
• Wi-LAN V-Chip Corp

Today I filed comments with the Federal Communications Commission (FCC) in its proceeding examining the marketplace for “advanced blocking technologies.”  This proceeding was required under the “Child Safe Viewing Act of 2007,” which Congress passed last year and President Bush signed last December. The goal of the bill and the FCC’s proceeding (MB 09-26) is to study “advanced blocking technologies” that “may be appropriate across a wide variety of distribution platforms, including wired, wireless, and Internet platforms.”  My colleagues will no doubt laugh about the fact that I have dropped an absurd 150 pages worth of comments on the FCC in this matter, but I had a lot to say on this topic!  Parental controls, child safety, and free speech issues have been the focus of much of my research agenda over the past 10 years.

In my filing, I argue that the FCC should tread carefully in this matter since the agency has no authority over most of the media platforms and technologies described in the Commission’s recent Notice of Inquiry.  Moreover, any related mandates or regulatory actions in in this area could diminish future innovation in this field and would violate the First Amendment rights of media creators and consumers alike.  The other major conclusions of my filing are as follows:

• There exists an unprecedented abundance of parental control tools to help parents decide what constitutes acceptable media content in their homes and in the lives of their children.
• There is a trade-off between complexity and convenience for both tools and ratings, and no parental control tool is completely foolproof.
• Most homes have no need for parental control technologies because parents rely on other methods or there are no children in the home.
• The role of household media rules and methods is underappreciated and those rules have an important bearing on this debate.
• Parental control technologies work best in combination with educational efforts and parental involvement.
• The search for technological silver-bullets and “universal” solutions represent a quixotic, Holy Grail-like quest and it will destroy innovation in this marketplace.
• Enforcement of “household standards” made possible through use of parental controls and other methods negates the need for “community standards”-based content regulation.

My entire filing can be found here and down below in a Scribd reader.  All comments in the matter are due tomorrow and then reply comments are due on May 18th.

[FCC FILING] Adam Thierer-PFF Re Child Safe Viewing Act NOI (MB 09-26) http://d.scribd.com/ScribdViewer.swf?document_id=14264143&access_key=key-2nrvjm96q9cl5vep567l&page=1&version=1&viewMode=

Google’s latest major launch is “Latitude,” a geo-location service that lets users find friends on a digital map and then network with them. These services are often referred to as “LBS,” which stands for “location-based services.” I wrote about LBS here before in my essay on “The Next Great Technopanic: Wireless Geo-Location / Social Mapping.” As I pointed out in that piece, LBS raise privacy concerns with some people because, by their nature, these technologies involve the tracking of users.

But I’ve argued that those concerns are generally over-blown, especially because you have to download and opt-in to these services. In other words, you know what you’re getting into. Moreover, companies who offer these services, like Loopt and now Google, go out of their way to offer privacy safeguards. Indeed, even some privacy activists agree.

For example, Michael Zimmer of the School of Information Studies at the University of Wisconsin-Milwaukee, is someone who pays close attention to privacy issues and is often critical of Google and other companies for supposedly not paying enough attention to privacy concerns. In the case of Latitude, however, he argues that “Google Actually Got it (Mostly) Right.”  Here’s his snapshot of “what Google’s done to help give users control of their information flows in Latitude”:

• Only friends you have explicitly invited or accepted can see your location
• You can hide your location to everyone so no friends can see where you are (and neither will Google)
• You can hide your location to select friends
• You can share only city-level data with select friends
• You can manually select a location on the map that will be shared with friends (which means you can send the wrong location to obfuscate your location)
• And, perhaps most importantly, Google is not logging your pings to servers; they only keep you latest location on file

Google’s complete privacy policy for Latitude can be found here.

Frankly, I think Google–like Loopt before them–has gone above and beyond the call of duty to appease privacy-sensitive users and privacy activists. In my opinion, the privacy concerns about LBS services are really much ado about nothing.  Although they’ll never do it, what I’d like to hear Google say to the extremely privacy-sensitive users and activists is:  “Look, we’re giving you a great new free service that you can choose to use and we’re including plenty of privacy safeguards if you are sensitive about your personal information. So, we’ve done our part, now it’s your choice–and responsibility–about how to use it from here.”  I mean, really, what more is it that people want!