November 2011

I just released the following statement regarding Facebook’s settlement with the Federal Trade Commission of complaintsover changes the company made in December 2009 to what information would appear on users’ profiles:

For years, many privacy advocates have insisted that holding companies to their own privacy policies won’t protect consumers because companies can change those policies at a whim. Today’s settlement makes clear that changes to what a company may do with information already collected require informed user consent—provided the changes are material. This builds on a similar settlement with Google last month over the use of Gmail information in the Buzz social network without consent, among earlier FTC actions, such as preventing the transfer of sensitive information when a company goes into bankruptcy.

Thus, while Congress struggles to craft ‘comprehensive baseline privacy’ legislation in the European model, the FTC is using its existing 1938 authority over unfair or deceptive trade practices to build a common law of privacy. This is a process of discovery: what’s the right balance between protecting privacy and the consumer benefits of encouraging the development of new services? That process won’t be perfect or easy, but it’s much more likely to keep up with technological change than legislation or prophylactic regulation would be, and less likely to fall prey to regulatory capture by incumbents as a barrier to competition.

Case-by-case adjudication is a venerable American tradition—one that’s more, not less, vital in the rapidly changing field of consumer privacy. Rather than rushing to write new laws, Congress should focus on ensuring the FTC has the resources it needs to use its existing authority effectively. That means, most of all, having a larger core of technologists on staff to guide what is supposed to be our expert agency on privacy.

On the podcast this week, danah boyd, Senior Researcher at Microsoft Research, and Assistant Professor in Media, Culture, and Communication at New York University, discusses her recent article in First Monday with Ester Hargitai, Jason Schultz, and John Palfrey. It’s entitled, “Why parents help their children lie to Facebook about age: Unintended consequences of the Children’s Online Privacy Protection Act.” boyd discusses COPPA as it applies to Facebook, namely that children under 13 are not allowed to use the site. She then talks about her research, which looks at whether this restriction is helping parents protect their children’s privacy, and whether it is meeting COPPA’s ultimate goals. boyd discusses her findings, which indicate parents are allowing their children to lie about their age to obtain a Facebook account. According to boyd, parents want guidelines when it comes to data protection, but they do not necessarily want strict requirements. boyd feels that COPPA is not achieving its goal of privacy protection and should be evaluated with more transparency so parents and the public in general know how to protect their privacy.

Related Links

To keep the conversation around this episode in one place, we’d like to ask you to comment at the webpage for this episode on Surprisingly Free. Also, why not subscribe to the podcast on iTunes?

Yes, we pretty much have. That’s the inescapable conclusion following the U.S. Supreme Court’s historic First Amendment decision in Brown v. EMA back in June, which struck down a California law governing the sale of “violent video games” to minors.  By a 7-2 margin, the court held that video games have First Amendment protections on par with books, film, music and other forms of entertainment.

The folks over at ALEC asked me to explore what happens next and what steps state and local lawmakers can take in a post-Brown world if they wish to address concerns about video game content. My essay appears in the Nov/Dec Inside ALEC newsletter. You can read the entire thing here or via the Scribd embed I have placed down below the fold.

I argue that, going forward, this ruling will force state and local governments to change their approach to regulating all modern media content. Education and awareness-building efforts will be the more fruitful alternative since censorship has now been largely foreclosed. Continue reading →

[Cross-posted at]

While shoppers were hitting the malls Friday–a fair percentage of them no doubt evaluating the many choices of wireless smartphones and service plans available–AT&T said it was withdrawing its FCC application to merge with T-Mobile.

AT&T’s move was in response to FCC Chairman Julius Genachowski’s decision to refer the merger to an administrative law judge, coupled with a statement that he remains opposed to the $39 billion merger.

Many analysts see this as the beginning of the unraveling of the acquisition. Although AT&T said it plans to defend the deal in court against a Department of Justice antitrust suit, the company has taken accounting steps that signal it is prepared to pay Deutsche Telekom, T-Mobile’s current parent, the $4 billion it pledged if it could not close the purchase by September 2012.

“The fat lady hasn’t sung yet,” said Craig Moffett, an investment analyst for Sanford C. Bernstein, as quoted by the Washington Post’s Cecilia Kang. “But she has taken the stage. And the band has begun to play.”

By itself, Genachowski’s move is a tremendous exercise of executive power, as an ALJ hearing would only occur if AT&T wins its suit with the DoJ or settles it satisfactorily. In essence, the FCC is attempting to craft an ad hoc court of appeals in order to abrogate a separate judicial ruling.

Continue reading →

Over at, [I write]( about the “Russian hackers are in our water plants” min-panic that erupted last week. Turns out it was a false alarm, but that didn’t stop the rhetoric from going on overdrive. Check out [this story from Nov. 21](, one day before DHS and the FBI announced there was no attack, which said that a variant of Stuxnet had been used to attack the Illinois water plant and “caused the destruction of a water pump”. My takeaways from this incident:

>First, we shouldn’t jump to conclusions based on sketchy first reports of cyberattacks. Bad reporting tends to take on a life of its own. Two years ago, an electrical blackout in Brazil was similarly blamed on hackers, but the cause turned out to be [nothing more than sooty insulators]( That hasn’t stopped pundits, defense contractors and politicians from citing the debunked incident as evidence that we need comprehensive legislation to regulate Internet security.

>Second, although Bellovin was mistaken in believing the initial reports, he’s right that such an attack is possible. The discussion should be about the possible magnitude of attacks and what can be done to prevent them. Although the rhetorical engines of those who want new cyber-legislation were spinning into overdrive before the facts abruptly shut them down, this incident, if it had been a cyberattack, would not have shown a dire need for new rules. Instead, it showed that the damage was not catastrophic and that the water utility worked well with federal authorities under existing law.

Read [the whole thing]( at

On the podcast this week, Joseph Flatley, Features Editor with The Verge, discusses his recent article entitled, “Condo at the End of the World.” Flatley first gives an overview of The Verge, a new website dedicated to in-depth reporting usually seen in traditional media such as newspapers and magazines. He describes The Verge as a website dedicated not only to what technology means, but also to how it affects our lives. The discussion then turns to Flately’s article on survival condos, which have attracted the attention of wealthy citizens concerned about end of the world calamity and economic collapse. According to Flatley, the interest in survival condos has increased after 9/11, and after the recent economic downturn. The “condos” are abandoned missile silos that date back to the cold war. Flatley describes his interviews with different people who are carving out a market for high-end survival real estate, turning these abandoned missile silos into luxury living. He describes how survivalists might live in an end of the world scenario, including what they will eat and how they will stay properly hydrated.

Related Links

To keep the conversation around this episode in one place, we’d like to ask you to comment at the webpage for this episode on Surprisingly Free. Also, why not subscribe to the podcast on iTunes?

My latest weekly Forbes column (“The Twilight of Copyright?”) considers the future of copyright law and the controversy generated by “Stop Online Piracy Act” (SOPA). [See Ryan Radia’s mega-post for all the details on the SOPA fight.]  After co-editing a big book on copyright law with Wayne Crews nine years ago (Copy Fights: The Future of Intellectural Property in the Information Age, Cato Institute, 2002), I decided to stop covering copyright policy altogether. Any attempt to try to find balance in this debate is pretty much futile, and I also got tired of losing friends over the issue. (Nothing starts a good catfight among libertarians like copyright policy.)

I don’t plan to jump back in the fight in a big way, but I felt compelled to say something about SOPA since it represents one of the most sweeping attempts at Internet regulation ever conceived. As much as I detest the culture of free-riding that exists online today, I think extreme solutions like SOPA are never justified. And I’m not even sure it would work in practice. In my Forbes essay, I wonder aloud about what’s left to try. I lay out three options: (1) Do nothing: Leave the shell of copyright law in place and hope for best; (2) Massive vertical integration: Let conduit guys buy out content owners and let them figure out how to pay content creators; (3) Blanket online compulsory license: Force everyone to pay an embedded fee on broadband or devices to cross-subsidize content.

In the end, I argue that all three solutions have serious drawbacks but, sadly, I don’t really have any fresh ideas to offer. Anyway, read the whole thing if you’re interested in the topic. I think I’m done with it for another decade.

Over at, I write that while Congress mulls an Internet blacklist in SOPA, there are efforts underway to reengineer parts of the Net to make communications more decentralized and censorship-proof. These include distributed and decentralized DNS systems, currencies, and social networks, as well as attempts to circumvent ISPs using mesh networking.

>It’s not a certainty that these projects will all succeed. Most probably won’t. Yet these far-out efforts serve as proof-of-concept for a censorship-resistant Internet. Just as between Napster and BitTorrent there was Gnutella and Freenet, it will take time for these concepts to mature. What is certain is the trend. The more governments squeeze the Internet in an attempt to control information, the more it will turn to sand around their fingers.

Read the whole thing here.

I spoke at the MSU/Quello Center’s “Governance of Social Media” workshop on November 11.  My talk runs 21 minutes and starts at 1:16:54 in this video. The Q&A begins at 1:41:00.

My presentation follows below. Continue reading →

The Stop Online Piracy Act (SOPA), a controversial bill before the House of Representatives aimed at combating “rogue websites,” isn’t just about criminal, foreign-based sites that break U.S. intellectual property laws with impunity. Few dispute that these criminal websites that profit from large-scale counterfeiting and copyright infringement are a public policy problem. SOPA’s provisions, however, extend beyond these criminal sites, and would potentially subject otherwise law-abiding Internet intermediaries to serious legal risks.

Before moving forward with rogue websites legislation, it’s crucial that lawmakers take a deep breath and appreciate the challenges at stake in legislating online intermediary liability, lest we endanger the Nozickian “utopia of utopias” that is today’s Internet. The unintended consequences of overbroad, carelessly drafted legislation in this space could be severe, particularly given the Internet’s incredible importance to the global economy, as my colleagues have explained on these pages (123456)

To understand why SOPA could be a game-changer for online service providers, it’s important to understand the simmering disagreement surrounding the Digital Millennium Copyright Act (DMCA) of 1998, which grants certain online service providers a safe harbor from liability for their users’ copyright infringing actions. In exchange for these protections, service providers must comply with the DMCA’s notice-and-takedown system, adopt a policy to terminate users who repeatedly infringe, and meet several other conditions. Service providers are only eligible for this safe harbor if they act to expeditiously remove infringing materials upon learning of them. Also ineligible for the safe harbor are online service providers who turn a blind eye to “red flags” of obvious infringement.

The DMCA does not, however, require providers to monitor their platforms for infringing content or design their services to facilitate monitoring. Courts have held that a DMCA-compliant service provider does not lose its safe harbor protection if it fails to act upon generalized knowledge that its service is used for many infringing activities, in addition to lawful ones, so long as the service provider does not induce or encourage users’ infringing activities.

Defenders of the DMCA safe harbor argue that it’s helped enable America’s Internet-based economy to flourish, allowing an array of web businesses built around lawful user-generated content — including YouTube, Facebook, and Twitter — to thrive without fear of copyright liability or burdensome monitoring mandates.

Conversely, some commentators, including UCLA’s Doug Lichtman, argue that the DMCA inefficiently tips the scales in favor of service providers, to the detriment of content creators — and, ultimately, consumer welfare. Pointing to a series of court rulings interpreting the safe harbor’s provisions, critics argue that the DMCA gives online intermediaries little incentive to do anything beyond the bare minimum to stop copyright infringement. Critics further allege that the safe harbor has been construed so broadly that it shields service providers that are deliberately indifferent to their users’ infringing activities, however rampant they may be.

What does SOPA have to do with all of this? Buried in the bill’s 78 pages are several provisions that run a very real risk of effectively sidestepping many of the protections conferred on online service providers by the DMCA safe harbor.

Continue reading →