The “Cyber Privacy Act”? No it ain’t!
Michigan Representative Thaddeus McCotter (R) has introduced a bill to create a take-down regime for personal information akin to the widely abused DMCA process. The Digital Millennium Copyright Act established a system where copyright holders could as a practical matter force content off the Internet simply by requesting it.
McCotter’s proposal would similarly regulate every Internet site that has a comment section. He thinks it’s going to protect privacy, but he’s sorely mistaken. Its passage would undermine privacy and limit free speech.
I’ll take you through how McCotter’s gotten it wrong.
The operative language of H.R. 5108 is:
Any Internet website that makes available to the public personal information of individuals shall–
(1) provide, in a clear and conspicuous location on the Internet website, a means for individuals whose personal information it contains to request the removal of such information; and
(2) promptly remove the personal information of any individual who requests its removal.
The Federal Trade Commission would enforce the failure to abide by requests as it does unfair and deceptive trade practices. (Meaning: penalties.)
So if someone posts his or her name in a comment section and later regrets it, the operator of that web site would have to take it down. Sounds nice—and that is the right thing for webmasters to do when the circumstances warrant. But what about when they don’t?
Let’s say you run a site that receives hundreds or thousands of comments per day, many of them from anonymous visitors. Let’s say the site deals with controversial issues, and some visitors are angry at each other—they’re even angry at the site for hosting the discussion. Those visitors start working to undermine the conversation. They personally attack others, adopt false names, tell lies, and use vulgarities. This kind of person is well known on the web. They’re called “trolls.”
What would trolls do if federal law required webmasters to take down personal information by request? Simple: They would post the personal information of others. They would pose as others and falsely ask to have information taken down.
It’s a great way to attack a site: require it to consider hundreds or thousands of personal information take-down requests, each one backed by the threat of federal penalties.
What do you do as a webmaster to counter that? You require all comments to be tied to a fixed identity. Require a log-in before site visitors can comment. Then you can figure out later if the person requesting a take-down of personal information is the person who it pertains to.
What’s the result of that? Web sites collect and store more information about visitors. Then they turn around and use it for tracking and marketing. The information is available to litigators and government investigators, of course, through subpoenas and warrants.
Are you doing the math? McCotter’s “Cyber Privacy” bill is a proposal to increase Internet surveillance. Maybe he intends to improve Internet courtesy and decency. But decency is not a federal government project. It’s bottom-up, not top-down.
I write, of course, as a spare-time webmaster myself. The bills on WashingtonWatch.com get hundreds of comments per day. Many bills get lots of comments, but one in particular—subject of dispute, controversy, and trolling, along with productive political organizing—has over 130,000 comments.
I do a lot to foster a good visitor experience, consistent with maintaining the space available for free speech. I advise people about how to deal with trolls, I allow people to register so their stable identities can build trustworthy reputations, I proctor commenters about controlling vulgarities—sometimes strongly editing comments when they don’t, and I allow users to block commenters and words they don’t want to see.
When the context warrants it, I do remove personal information at the request of people that I believe are making honest, good faith requests. I think it’s part of what builds allegiance to the site.
But if I were required by law to do this, it would be an entirely different calculation. Each request would present me with a veiled legal threat, not a small customer service opportunity.
As trolls figured out how to exploit the law—the way some copyright holders exploit the DMCA—they could inundate small sites with requests. Webmasters would be right to treat all requests with suspicion. Confirming requests would require them to convert to greater surveillance. A percentage of the small sites and blogs that are hobbies or money-losers would just shut down comments rather than deal with the nonsense.
Representative McCotter’s plan to regulate Internet communications this way is no “Cyber Privacy” act. It’s anti-privacy, and it’s anti-free-speech.
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.
McCotter’s Plan to Expand DMCA-Style Take-Downs
by Jim Harper on April 25, 2010 · 10 comments
The “Cyber Privacy Act”? No it ain’t!
Michigan Representative Thaddeus McCotter (R) has introduced a bill to create a take-down regime for personal information akin to the widely abused DMCA process. The Digital Millennium Copyright Act established a system where copyright holders could as a practical matter force content off the Internet simply by requesting it.
McCotter’s proposal would similarly regulate every Internet site that has a comment section. He thinks it’s going to protect privacy, but he’s sorely mistaken. Its passage would undermine privacy and limit free speech.
I’ll take you through how McCotter’s gotten it wrong.
The operative language of H.R. 5108 is:
The Federal Trade Commission would enforce the failure to abide by requests as it does unfair and deceptive trade practices. (Meaning: penalties.)
So if someone posts his or her name in a comment section and later regrets it, the operator of that web site would have to take it down. Sounds nice—and that is the right thing for webmasters to do when the circumstances warrant. But what about when they don’t?
Let’s say you run a site that receives hundreds or thousands of comments per day, many of them from anonymous visitors. Let’s say the site deals with controversial issues, and some visitors are angry at each other—they’re even angry at the site for hosting the discussion. Those visitors start working to undermine the conversation. They personally attack others, adopt false names, tell lies, and use vulgarities. This kind of person is well known on the web. They’re called “trolls.”
What would trolls do if federal law required webmasters to take down personal information by request? Simple: They would post the personal information of others. They would pose as others and falsely ask to have information taken down.
It’s a great way to attack a site: require it to consider hundreds or thousands of personal information take-down requests, each one backed by the threat of federal penalties.
What do you do as a webmaster to counter that? You require all comments to be tied to a fixed identity. Require a log-in before site visitors can comment. Then you can figure out later if the person requesting a take-down of personal information is the person who it pertains to.
What’s the result of that? Web sites collect and store more information about visitors. Then they turn around and use it for tracking and marketing. The information is available to litigators and government investigators, of course, through subpoenas and warrants.
Are you doing the math? McCotter’s “Cyber Privacy” bill is a proposal to increase Internet surveillance. Maybe he intends to improve Internet courtesy and decency. But decency is not a federal government project. It’s bottom-up, not top-down.
I write, of course, as a spare-time webmaster myself. The bills on WashingtonWatch.com get hundreds of comments per day. Many bills get lots of comments, but one in particular—subject of dispute, controversy, and trolling, along with productive political organizing—has over 130,000 comments.
I do a lot to foster a good visitor experience, consistent with maintaining the space available for free speech. I advise people about how to deal with trolls, I allow people to register so their stable identities can build trustworthy reputations, I proctor commenters about controlling vulgarities—sometimes strongly editing comments when they don’t, and I allow users to block commenters and words they don’t want to see.
When the context warrants it, I do remove personal information at the request of people that I believe are making honest, good faith requests. I think it’s part of what builds allegiance to the site.
But if I were required by law to do this, it would be an entirely different calculation. Each request would present me with a veiled legal threat, not a small customer service opportunity.
As trolls figured out how to exploit the law—the way some copyright holders exploit the DMCA—they could inundate small sites with requests. Webmasters would be right to treat all requests with suspicion. Confirming requests would require them to convert to greater surveillance. A percentage of the small sites and blogs that are hobbies or money-losers would just shut down comments rather than deal with the nonsense.
Representative McCotter’s plan to regulate Internet communications this way is no “Cyber Privacy” act. It’s anti-privacy, and it’s anti-free-speech.