Cybersecurity is one of the issues that the President may touch upon tonight in his State of the Union speech, and Senate Majority Leader Harry Reid has said he is ready to move on comprehensive cybersecurity legislation soon. This all raises the question: what is the problem we’re trying to fix?
In an important new working paper for the Mercatus Center at George Mason University, Eli Dourado asks if there is a market failure in cybersecurity that requires a government response. He concludes that policymakers may be jumping to conclusions a little too hastily.
Proponents of cybersecurity regulation make the case that private network owners do not completely internalize cyber risks. The reason, they say, is that a loss stemming from a cyber attack, against a financial network for example, will affect not just the network owner, but thousands of consumers as well. As a result, private network owners won’t spend the socially optimal amount on to meet that risk. That is a market failure, they say, and only government intervention can ensure that we get the right amount of cybersecurity.
In his paper, however,Dourado shows that the presence of an externality does not necessarily mean that there is a market failure. Externalities are often internalized by private parties without government intervention. This is true both generally and in the realm of cybersecurity. Policy makers, he says, should therefore be careful not to enact cybersecurity legislation just because they observe an externality. Regulating when there is no market failure will likely have dire unintended consequences.
According to the BBC, the European Commission is apparently set to adopt formal rules guaranteeing a so-called “right to be forgotten” online. As part of the Commission’s overhaul of the 1995 Data Protection Directive, this new regulation will mandate that, “people will be able to ask for data about them to be deleted and firms will have to comply unless there are ‘legitimate’ grounds to retain it,” the BBC reports.
In the ongoing debate over SOPA, PIPA, and rogue websites legislation, most commentators have focused on what Congress should and shouldn’t do to combat these sites. Less attention, however, has been paid to the underlying assumption that these rogue websites represent a public policy problem. While no one has defended websites that defraud consumers by deceptively selling them fake pharmaceuticals and other counterfeit goods, many consumers who frequent “rogue websites” do so for the express purpose of downloading copyright infringing content.
As Julian Sanchez explains over on Cato-at-Liberty, how the latter category of rogue websites (including The Pirate Bay and, until last week, MegaUpload) affects the U.S. economy and social welfare is hotly contested in the economic literature:
[I]t’s become an indisputable premise in Washington that there’s an enormous piracy problem, that it’s having a devastating impact on U.S. content industries, and that some kind of aggressive new legislation is needed tout suite to stanch the bleeding. Despite the fact that the [GAO] recently concluded that it is “difficult, if not impossible, to quantify the net effect of counterfeiting and piracy on the economy as a whole,” our legislative class has somehow determined that . . . this is an urgent priority. Obviously, there’s quite a lot of copyrighted material circulating on the Internet without authorization, and other things equal, one would like to see less of it. But does the best available evidence show that this is inflicting such catastrophic economic harm—that it is depressing so much output, and destroying so many jobs—that Congress has no option but to Do Something immediately? Bearing the GAO’s warning in mind, the data we do have doesn’t remotely seem to justify the DEFCON One rhetoric that now appears to be obligatory on the Hill. The International Intellectual Property Alliance . . . actually paints a picture of industries that, far from being “killed” by piracy, are already weathering a harsh economic climate better than most, and have far outperformed the overall U.S. economy through the current recession.
Nevertheless, in my view, rogue websites dedicated to the infringement of U.S. copyrights pose a public policy problem that merits not only serious congressional attention, but also prompt (albeit prudent) legislative action. While I’m relieved that the flawed SOPA and PIPA bills seem unlikely to pass in their current forms, I also think it would be unwise for Congress to dither on rogue sites legislation for years in search of “credible data” about how such sites impact our economy.
Over at TIME.com, [I consult public choice theory to glean](http://techland.time.com/2012/01/23/why-we-wont-see-many-protests-like-the-sopa-blackout/) the meaning of last week’s SOPA protest success:
>The SOPA blackout protest last week was an unprecedented event. Its massive success — with dozens of members of Congress switching their stance in one day under the withering intensity of thousands of phone calls — surprised even the activists who spurred the protest. So does this mean that we are entering the much-heralded era of Internet-powered citizen democracy?
Today, the Supreme Court issued its decision in U.S. v. Jones, unanimously holding that law enforcement violated the Fourth Amendment by affixing a GPS tracker to a vehicle to monitor its movements without obtaining a search warrant from a court. The following statement can be attributed to Berin Szoka, President of TechFreedom:
This was an easy case: law enforcement plainly trespassed on private property protected by the Fourth Amendment. But as the majority notes, today’s holding is only the bare minimum of the Constitution’s protections. The harder question awaits the Court: When does purely electronic surveillance—without physical trespass—violate the Fourth Amendment?
At the very least, the Court must reconsider the “third party” doctrine invented by lower courts, which denies us protection for information we share with trusted third parties like “cloud” services that host our email, photos, and documents. The Court should make clear that Fourth Amendment protections hinge not on keeping information secret, but on whether we take steps to preserve that information as private. That, not the “reasonable expectation of privacy,” is the standard the Court applied in its landmark 1967 Katz decision. It is also the only standard that will effectively protect Americans’ privacy in the digital age.
The move comes in the middle of a vociferous debate on PIPA and its House counterpart, the Stop Online Piracy Act (SOPA) and provides more fuel for opponents who argue that the bills threaten to undermine legal, legitimate mechanisms that are integral to the Internet technological and social utility (See my commentary posted on Reason yesterday afternoon).
PIPA supporters have argued that worries about Internet censorship and user disruption are exaggerated and the bill’s real goal is to target shadowy “rogue” sites that deal in counterfeit merchandise and pirated video downloads. Yesterday we found out just who the Feds thinks these rogue sites are.
Megaupload.com is a major commercial file-sharing site used by millions of consumers and businesses in the course of daily business. Users park large files that can then be shared among friends, family or professional workgroups. It competes directly with other such services such as Dropbox and RapidUpload. Megaupload claims to have about 50 million daily visits and even DoJ notes that at one point it was estimated to be the 13th most frequently visited site on the Internet.
Today, the Digital Advertising Alliance, a group of leading digital ad agencies and online ad networks, unveiled a campaign to bring attention to AdChoices, its icon-based system allowing users to opt-out of behavioral advertising. The following statement can be attributed to Berin Szoka, President of TechFreedom:
In the 1990s, Congress tried and failed to regulate Internet content. Instead, the courts have required an approach grounded in user empowerment, education and enforcement of existing laws against fraud and deception. Today, we’re seeing the the advertising industry build on this approach for consumer protection on privacy. The AdChoices campaign launched last summer empowers consumers to make their own choices on privacy. The ad campaign launched today educates consumers on how to use this tool. The Digital Advertising Alliance has promised to enforce industry’s principles. Consumer advocates should hold them to that promise. It’s also fair to insist that empowerment and education improve over time. But today, for once, let’s give the ad industry credit for doing the right thing.
The Megaupload folks are not the most sympathetic defendants, to say the least. They likely knew very well they were profiting from piracy, and they probably induced it as well. Anonymous’s attacks in retaliation for the arrests and domain seizures, therefore, threaten to destroy the good will the Internet community generated the previous day with the SOPA protests. That all said, we can’t lose sight of the principle because of the bad actors involved.
This case shows that law enforcement is perfectly capable of securing international cooperation and taking direct action against large piracy operations overseas. The Megaupload principals were arrested and they now face extradition and trial. So why do we need due-process-free domain seizures or tinkering with the inner workings of the Internet to combat piracy?
This case also reminds us that the federal government already has the power to seize .com, .net, .org and other U.S.-registered domains. Stopping SOPA is one thing, but now the task should be rolling back excessive government powers to control information online.
The balance struck by the DMCA, which gives safe harbor to sites that take down allegedly infringing content when notified by the owner, is the right one. No safe harbor is available to sites that have actual knowledge that they are benefiting from pirated content, as is probably the case with Megaupload.
I thought Todd Zywicki, a senior scholar with the Mercatus Center at George Mason University, did a nice job on Judge Napolitano’s “Freedom Watch” show addressing the contentious question of whether government should be regulating food advertising in order to somehow make American kids healthier. Todd pointed out how the advertising guidelines currently being developed are anything but “voluntary” and noted that there are many causes of childhood obesity. Watch the clip here:
Tune in here 12-1:45pm today for the livestream (below) of TechFreedom‘s joint Capitol Hill briefing, “Unintended Consequences of Rogue Website Crackdown,” co-sponsored by the Competitive Enterprise Institute and the Cato Institute. Our expert panel will discuss the recent outpouring of public opposition to the Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA), what’s next for these troublesome bills, possible compromises, and the proposed alternative, Online Protection and Enforcement of Digital Trade (OPEN) Act. Our panelists are:
Ryan Radia, Associate Director of Technology Studies, CEI
This event is the perfect way to celebrate TechFreedom‘s one-year anniversary. Our theme for the last year has been two-fold: optimism about how technology can expand our capacity to choose for ourselves and skepticism about government meddling with the Internet. As Hayek famously said about the “curious task” of economics, TechFreedom’s task is to “demonstrate to men how little they really know about what they imagine they can design.”
We’re skeptical of SOPA and PIPA not because we’re against copyright, but for the same reason we’re skeptical of regulations aimed at protecting net neutrality, privacy, competition, and other legitimate values: Tinkering with the Internet is a perilous game—and policymakers rarely see the full implications of their interventions.
That’s why we’ve emphasized the need to consider the trade-offs of regulating extremely carefully—to minimize unintended burdens of any rogue website crackdown on cybersecurity, free speech, entrepreneurship, and global Internet governance. But we also want an open and judicious process for copyright’s sake! As we noted in our coalition letter with CEI and other free market groups, “If the public perceives this copyright legislation to be the product of a hasty and opaque process, respect for copyrights and trademarks will be diminished, not enhanced.” Continue reading →
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology. Learn more about TLF →