This week I will again be attending the Family Online Safety Institute’s excellent annual summit. The 2-day affair brings together some of the world’s leading experts on online safety and privacy issues. It’s a great chance to learn about major developments in the field. As I was preparing for the session I am moderating on Thursday, I thought back to the first FOSI annual conference, which took place back in 2007. What is remarkable about that period compared to now is that there was a flurry of legislative and regulatory activity related to online child safety then that we simply do not see today.
In fact, just 3 1/2 years ago, John Morris of the Center for Democracy and Technology and I compile a legislative index [summary here] that cataloged the more than 30 legislative proposals that had been introduced in the the 110th session of Congress. There was also a great deal of interest in these issues within the regulatory community. Finally, countless state and local measures related to online safety and speech issues had been floated. Today, by contrast, it is hard for me to find any legislative measures focused on online safety regulation at the federal level, and I don’t see much activity at the agency level either. I haven’t surveyed state and local activity, but it seems like it has also died down.
Generally speaking, I think this is a good development since I am opposed to most proposals to regulate online speech, expression, or conduct. But let’s ignore the particular wisdom of such measures and ask a simple question: What explains the decline in Internet safety legislation and online content regulation? I believe there are three possible explanations:
1) The effectiveness of education and awareness-building strategies
I would like to believe that all the efforts made by various groups and individuals (including myself) to encourage policymakers to adopt “Educate & Empower” approaches over “Legislative & Regulate” approaches are finally bearing fruit. The first instinct for many policymakers is to legislate immediately and then worry about the consequences later (if at all). But such approaches, no matter how well-intentioned, often backfire and have myriad unintended consequences (including the problem addressed next). So, perhaps it is the case that lawmakers and regulators are finally coming to realize that education and awareness approaches — married to empowerment-based efforts — are actually the more sensible approach compared to a flurry of legislative measures that ultimately accomplish very little.
2) The deterrent effect of inevitable and lengthy constitutional challenges
Here are two things I know for certain: First, almost every Internet-related measure faces a constitutional challenge, typically on First Amendment grounds (but sometimes also on Sec. 230 grounds). Second, most of those challenges succeed. I don’t have hard stats to back up this assertion, but I’d bet that there are few areas of modern law that have witnessed a higher percentage of successful constitutional challenges in recent years than the field of cyberlaw. Taking that as a given, one must assume that at some point it becomes a deterrent to additional state action in this field. Why waste years legislating and regulating if it is all enjoined and then overturned a short time later?
3) Resurgence of privacy as major policy issue and the emergence of cybersecurity as a policy issue
It could also be that case that privacy policy crowds out congressional interest in online safety legislation. In fact, it seems like these issues often move in opposing waves. When a wave of online safety legislative and regulatory activity is cresting, interest in privacy policy seems to fall. That certainly seemed to be the case between roughly 2005 and 2008 when online safety dominated congressional debates and privacy was hardly on the radar. Today the reverse is true. Privacy has been the dominant Internet policy issue of the past year or so. It is sucking all the oxygen out of the room — whether that room is a congressional hearing room, a regulatory agency event, or even academic conferences.
Importantly, cybersecurity has rapidly emerged as a major new fault line in Internet policy debates. It, too, is eating up a lot of the “attention bandwidth” available among policymakers today. And intellectual property matters always seem to be percolating out there.
It is my belief that because some of these Net policy issues are so complicated, policymakers are sometimes discouraged from doing a “deep dive” on them. To the extent they do, it seems unlikely that lawmakers are willing to invest serious time in more than a couple of these arcane matters at one time. Also, don’t forget how busy the relevant committees (Commerce and Judiciary) are with other, not tech policy-related matters. On any given legislative day, they could be handling a wide range of other policy issues that crowd out the amount of attention they can devote to Net policy matters, which are often far down the list of legislative priorities. Again, I’m generally pretty happy about that fact! I’d rather lawmakers go slow on these issues, whether the slow pace of the action is intentional or not.
So, what do you think? Are there other possible explanations for why we’ve seen less activity on the online safety / Internet content regulation front in recent years?