The FTC’s Google Buzz Privacy Settlement

by on March 30, 2011 · 3 comments

The FTC today announced it has reached a settlement with Google concerning privacy complaints about how the company launched its Buzz social networking service last year.  The consent decree runs for a standard twenty-year term and provides that Google shall (i) follow certain privacy procedures in developing products involving user information, subject to regular auditing by an independent third party, and (ii) obtain opt-in consent before sharing certain personal information. Here’s my initial media comment on this:

For years, many privacy advocates have insisted that only stringent new regulations can protect consumer privacy online.  But today’s settlement should remind us that the FTC already has sweeping powers to punish unfair or deceptive trade practices.  The FTC can, and should, use its existing enforcement powers to build a common law of privacy focused on real problems, rather than phantom concerns. Such an evolving body of law is much more likely to keep up with technological change than legislation or prophylactic regulation would be, and is less likely to fall prey to regulatory capture by incumbents.

I’ve written in the past about how the FTC can develop such a common law. If the agency needs more resources to play this role effectively, that is what we should be talking about before we rush to the assumption that new regulation is necessary. Anyway, a few points about Part III of the consent decree, regarding the procedures the company has to follow:

  • The company has to assess privacy risks raised by new products as well as existing products, much like data security assessments currently work. The company would have to assess, document and address privacy risks—and then subject those records to inspection by the independent auditor, who would determine whether the company has adequately studied and dealt with privacy risks.
  • Google is agreeing to implement a version of Privacy by Design, in that the company will do even more to bake privacy features into its offerings.
  • This is intended to avoid instances where the company makes a privacy blunder because it lacked adequate internal processes to thoroughly vet new offerings or simply to avoid innocent mistakes—as with the its inadvertent collection of content sent over unsecured Wi-Fi hotspots because the engineer designing its Wi-Fi mapping program mistakenly left that code in the system, even though it wasn’t necessary for what Google was doing. I wrote more on that here.

As to Part II of the consent decree, express affirmative consent for changes in the sharing of “identified information”: It’s  well-worth reading Commissioner Rosch’s concurring statement. Continue reading →

SHARE: 3 comments

Mark Stevenson on his tour of the future

by on March 29, 2011

On the podcast this week, Mark Stevenson, writer, comedian, and author of the new book An Optimist’s Tour of the Future: One Curious Man Sets Out to Answer “What’s Next?”, discusses his book. Stevenson calls An Optimist’s Tour of the Future a travelogue about science written for non-scientists, and he talks about why he traveled the world to try to draw conclusions about where human innovation is headed. He discusses his investigation of nanotechnology and the industrial revolution 2.0, transhumanism, information and communication technologies, and the ultimate frontier: space. Stevenson also discusses why he’s hopeful about the future and why he wants to encourage others to have optimism about the future.

Related Readings

To keep the conversation around this episode in one place, we’d like to ask you to comment at the web page for this episode on Surprisingly Free. Also, why not subscribe to the podcast on iTunes?

SHARE:

On Facebook “Normalizing Relations” with Washington

by on March 29, 2011 · 5 comments

The New York Times reports that, “Facebook is hoping to do something better and faster than any other technology start-up-turned-Internet superpower. Befriend Washington. Facebook has layered its executive, legal, policy and communications ranks with high-powered politicos from both parties, beefing up its firepower for future battles in Washington and beyond.”  The article goes on to cite a variety of recent hires by Facebook, its new DC office, and its increased political giving.

This isn’t at all surprising and, in one sense, it’s almost impossible to argue with the logic of Facebook deciding to beef up its lobbying presence inside the Beltway. In fact, later in the Times story we hear the same two traditional arguments trotted out for why Facebook must do so: (1) Because everyone’s doing it! and (2) You don’t want be Microsoft, do you?   But I’m not so sure whether “normalizing relations” with Washington is such a good idea for Facebook or other major tech companies, and I’m certainly not persuaded by the logic of those two common refrains regarding why every tech company must rush to Washington.

Continue reading →

SHARE: 5 comments

The Problem with Paul Ohm’s Suggestion to Regulate Inferences to Protect Privacy

by on March 28, 2011 · 0 comments

Here’s an interesting SmartPlanet interview with Paul Ohm, associate professor of law at the University of Colorado Law School, in which he discusses his concerns about “reidentification” as it relates to privacy issues.  “Reidentification” and “de-anonymization” fears have been set forth by Ohm and other computer scientists and privacy theorists, who suggest that because the slim possibility exists of some individuals in certain data sets being re-identified even after their data is anonymized, that fear should trump all other considerations and public policy should be adjusted accordingly (specifically, in the direction of stricter privacy regulation / tighter information controls).

I won’t spend any time here on that particular issue since I am still waiting for Ohm and other “reidentification” theorists to address the cogent critique offered up by Jane Yakowitz in an important new study that I discussed here last week. Once they do, I might have more to say on that point. Instead, I just wanted to make some brief comments on one particular passage from the Ohm interview in which he outlines a bold new standard for privacy regulation:

We have 100 years of regulating privacy by focusing on the information a particular person has. But real privacy harm will come not from the information they have but the inferences they can draw from the data they have. No law I have ever seen regulates inferences. So maybe in the future we may regulate inferences in a really different way; it seems strange to say you can have all this data but you can’t take this next step. But I think that’s what the law has to do.

This is a rather astonishing new legal standard and there are two simple reasons why, as Ohm suggests, “no law… regulates inferences” and why, in my opinion, no law should.  Continue reading →

SHARE: 0 comments

Why My New Forbes Column is Called “Technologies of Freedom”

by on March 27, 2011 · 3 comments

I’m very excited to announce that I now have a regular Forbes column that will fly under the banner, “Technologies of Freedom.” My first essay for them is already live and it addresses a topic I’ve dealt with here extensively through the years: Irrational fears about tech monopolies and “information empires.” Jump over to Forbes to read the whole thing.

Regular readers of this blog will understand why I chose “Technologies of Freedom” as the title for my column, but I thought it was worth reiterating. No book has had a more formative impact on my thinking about technology policy than Ithiel de Sola Pool’s 1983 masterpiece, Technologies of Freedom: On Free Speech in an Electronic Age.  As I noted in my short Amazon.com review, Pool’s technological tour de force is simply breathtaking in its polemical power and predictive capabilities. Reading this book almost three decades after it was published, one comes to believe that Pool must have possessed a crystal ball or had a Nostradamus-like ability to foresee the future.

For example, long before anyone else had envisioned what we now refer to as “cyberspace,” Pool was describing it in this book. “Networked computers will be the printing presses of the twenty-first century,” he argued in his remarkably prescient chapter on electronic publishing. “Soon most published information will disseminated electronically,” and “there will be networks on networks on networks,” he predicted. “A panoply of electronic devices puts at everyone’s hands capacities far beyond anything that the printing press could offer.” Few probably believed his prophecies in 1983, but no one doubts him now! Continue reading →

SHARE: 3 comments

Senators Seek to Censor Mobile App Stores, Disregarding Public Safety and the Constitution

by on March 25, 2011 · 605 comments

In the latest example of big government run amok, several politicians think they ought to be in charge of which applications you should be able to install on your smartphone.

On March 22, four U.S. Senators sent a letter to Apple, Google, and Research in Motion urging the companies to disable access to mobile device applications that enable users to locate DUI checkpoints in real time. Unsurprisingly, in their zeal to score political points, the Senators—Harry Reid, Chuck Schumer, Frank Lautenberg, and Tom Udall—got it dead wrong.

Had the Senators done some basic fact-checking before firing off their missive, they would have realized that the apps they targeted actually enhance the effectiveness of DUI checkpoints while reducing their intrusiveness. And had the Senators glanced at the Constitution – you know, that document they swore an oath to support and defend – they would have seen that sobriety checkpoint apps are almost certainly protected by the First Amendment.

While Apple has stayed mum on the issue so far, Research in Motion quickly yanked the apps in question. This is understandable; perhaps RIM doesn’t wish to incur the wrath of powerful politicians who are notorious for making a public spectacle of going after companies that have the temerity to stand up for what is right.

Google has refused to pull the DUI checkpoint finder apps from the Android app store, reports Digital Trends. Google’s steadfastness on this matter reflects well on its stated commitment to free expression and openness. Not that Google’s track record is perfect on this front – it’s made mistakes from time to time – but it’s certainly a cut above several of its competitors when it comes to defending Internet freedom. Continue reading →

SHARE: 605 comments

Not-So-Fast Do-Not-Track

by on March 25, 2011 · 0 comments

FTC Commissioner J. Thomas Rosch puts the brakes on some of the Do-Not-Track excitement that has been bubbling up in this (wouldn’t you know it) Advertising Age piece.

The concept of do not track has not been endorsed by the commission or, in my judgment, even properly vetted yet. In actuality, in a preliminary staff report issued in December 2010, the FTC proposed a new privacy framework and suggested the implementation of do not track. The commission voted to issue the preliminary FTC staff report for the sole purpose of soliciting public comment on these proposals. Indeed, far from endorsing the staff’s do-not-track proposal, one other commissioner has called it premature.

Do-Not-Track does need more vetting and consideration. Don’t get your hopes up about being free of tracking anytime soon. (Do you even know what “tracking” is?)

If Do-Not-Track goes forward, don’t get your hopes up to be free of tracking either. When you take control of what your browser sends out over the Internet? Then you can rightly anticipate being free of unwanted tracking!

SHARE: 0 comments

Lessons from the Gmail Privacy Scare of 2004

by on March 25, 2011 · 6 comments

Last night, Declan McCullagh of CNet posted two tweets related to the concerns already percolating in the privacy community about a new Apple and Android app called “Color,” which allows those who use it to take photos and videos and instantaneously share them with other people within a 150-ft radius to create group photo/video albums. In other words, this new app marries photography, social networking, and geo-location. And because the app’s default setting is to share every photo and video you snap openly with the world, Declan wonders “How long will it take for the #privacy fundamentalists to object to Color.com’s iOS/Android apps?” After all, he says facetiously, “Remember: market choices can’t be trusted!”  He then reminds us that there’s really nothing new under the privacy policy sun and that we’ve seen this debate unfold before, such as when Google released its GMail service to the world back in 2004.

Indeed, for me, this debate has a “Groundhog Day” sort of feel to it.  I feel like I’ve been fighting the same fight with many privacy fundamentalists for the past decade. The cycle goes something like this: Continue reading →

SHARE: 6 comments

Search Bias and Antitrust

by on March 24, 2011 · 4 comments

[Cross-posted at Truthonthemarket.com]

There is an antitrust debate brewing concerning Google and “search bias,” a term used to describe search engine results that preference the content of the search provider.  For example, Google might list Google Maps prominently if one searches “maps” or Microsoft’s Bing might prominently place Microsoft affiliated content or products.

Apparently both antitrust investigations and Congressional hearings are in the works; regulators and commentators appear poised to attempt to impose “search neutrality” through antitrust or other regulatory means to limit or prohibit the ability of search engines (or perhaps just Google) to favor their own content.  At least one proposal goes so far as to advocate a new government agency to regulate search.  Of course, when I read proposals like this, I wonder where Google’s share of the “search market” will be by the time the new agency is built.

As with the net neutrality debate, I understand some of the push for search neutrality involves an intense push to discard traditional economically-grounded antitrust framework.  The logic for this push is simple.  The economic literature on vertical restraints and vertical integration provides no support for ex ante regulation arising out of the concern that a vertically integrating firm will harm competition through favoring its own content and discriminating against rivals.  Economic theory suggests that such arrangements may be anticompetitive in some instances, but also provides a plethora of pro-competitive explanations.  Lafontaine & Slade explain the state of the evidence in their recent survey paper in the Journal of Economic Literature:

We are therefore somewhat surprised at what the weight of the evidence is telling us. It says that, under most circumstances, profit-maximizing vertical-integration decisions are efficient, not just from the firms’ but also from the consumers’ points of view. Although there are isolated studies that contradict this claim, the vast majority support it. Moreover, even in industries that are highly concentrated so that horizontal considerations assume substantial importance, the net effect of vertical integration appears to be positive in many instances. We therefore conclude that, faced with a vertical arrangement, the burden of evidence should be placed on competition authorities to demonstrate that that arrangement is harmful before the practice is attacked. Furthermore, we have found clear evidence that restrictions on vertical integration that are imposed, often by local authorities, on owners of retail networks are usually detrimental to consumers. Given the weight of the evidence, it behooves government agencies to reconsider the validity of such restrictions.

Of course, this does not bless all instances of vertical contracts or integration as pro-competitive.  The antitrust approach appropriately eschews ex ante regulation in favor of a fact-specific rule of reason analysis that requires plaintiffs to demonstrate competitive harm in a particular instance. Again, given the strength of the empirical evidence, it is no surprise that advocates of search neutrality, as net neutrality before it, either do not rely on consumer welfare arguments or are willing to sacrifice consumer welfare for other objectives.

I wish to focus on the antitrust arguments for a moment.  In an interview with the San Francisco Gate, Harvard’s Ben Edelman sketches out an antitrust claim against Google based upon search bias; and to his credit, Edelman provides some evidence in support of his claim.

I’m not convinced.  Edelman’s interpretation of evidence of search bias is detached from antitrust economics.  The evidence is all about identifying whether or not there is bias.  That, however, is not the relevant antitrust inquiry; instead, the question is whether such vertical arrangements, including preferential treatment of one’s own downstream products, are generally procompetitive or anticompetitive.  Examples from other contexts illustrate this point.

Continue reading →

SHARE: 4 comments

Getting to Know Your RFID

by on March 23, 2011 · 0 comments

Kinda cool.

SHARE: 0 comments

← Previous Entries

Next Entries →