It seems peculiar to me that some of the same individuals and groups who so vociferously opposed a “broadcast flag” technological mandate in past years are now in a mad rush to have federal policymakers mandate a “Do Not Track” regulatory regime for privacy purposes. The broadcast flag debate, you will recall, centered around the wisdom of mandating a technological fix to the copyright arms race before digitized high-definition broadcast signals were effectively “Napster-ized.” At least that was the fear six or seven years ago. TV broadcasters and some content companies wanted the Federal Communications Commission (FCC) to recognize and enforce a string of code that would have been embedded in digital broadcast program signals such that mass redistribution of video programming could have been prevented.
Flash forward to the present debate about mandating a “Do Not Track” scheme to help protect privacy online. As I noted in my filing last week to the Federal Trade Commission, at root, Do Not Track is just another “information control regime.” Much like the broadcast flag proposal, it’s an attempt to use a technological quick-fix to solve a complex problem. When it comes to such information control efforts, however, there aren’t many good examples of simple fixes or silver-bullet solutions that have worked, at least not for very long. The debates over Wikileaks, online porn, Internet hate speech, and Spam all demonstrate how challenging it can be to put information back into the bottle once it is released into the digital wild.
To be clear, I am not opposed to technological solutions like broadcast flag or Do Not Track, but I am opposed to forcing them upon the Internet and digital markets in a top-down, centrally-planned fashion. While I am skeptical that either scheme would work well in practice (whether voluntary or mandated), my concern in these debates is that forcing such solutions by law will have many unintended consequences, not the least of which will be the gradual growth of invasive cyberspace controls in these or other contexts. After all, if we can have “broadcast flags” and “Do Not Track” schemes, why not “flag” mandates for objectionable speech or “Do Not Porn” browser mandates?
From 2002-2005, when the broadcast flag wars were really raging, groups like the Electronic Frontier Foundation and Center for Democracy & Technology made several legitimate legal and practical arguments against a mandatory broadcast flag regime. But their principled case against broadcast flag mandates came down to an underlying fear about government encroachment on the Internet and the specter of more far-reaching regulation of cyberspace. For example, in a December 2003 report, CDT noted that even if other details could be worked out, “the [broadcast] flag approach will still pose unresolved concerns regarding technical regulation of computers and the Internet by the government [and] the impact of regulations on innovation and future consumer uses” was also problematic.
Importantly, EFF and CDT hammered broadcast flag proponents on the question of jurisdictional authority. They rightly asked where the FCC got the authority to impose such rules at all and worried about the spillover effects of such arbitrary mandates in other Internet contexts. (The broadcast flag scheme was eventually tossed out by the D.C. Court of Appeals because of the FCC’s lack of authority.)
So, why wouldn’t these same concerns and arguments apply to Do Not Track regulation? CDT and EFF seem to care little that the Federal Trade Commission is aggressively pushing this new information control regime on the Internet. Indeed, CDT and EFF are two of the biggest cheerleaders for FTC action in this regard. Sorry, but I just don’t get it. If it was misguided for regulators to push a broadcast flag regime upon cyberspace, isn’t it just as misguided for them to be pushing Do Not Track? I suspect this inconsistency has something to do with CDT and EFF being inherently skeptical of the benefits of most online copyright protection schemes while being more sympathetic to legal efforts aimed at protecting personal privacy online. Simply stated, they think there’s something to the notion of privacy “rights” and will bend over backward to engineer an information control regime to protect against the “unauthorized” flow of personal information online. When it comes to the “unauthorized” flow of copyrighted bits of information online, however, they aren’t nearly as interested in inviting the code cops in.
But even if one sympathizes with that distinction — absolute privacy “rights” vs. minimal copy-“rights” — all the same concerns and criticisms that CDT and EFF raised earlier about the broadcast flag regulatory scheme would seemingly apply to the Do Not Track regime. Both regimes face formidable enforcement challenges and raise the specter of broader government control of cyberspace. There’s just no getting around that reality, and Do Not Track defenders who deny it are basically hiding from the ugly truth that they are greasing the skids for future information control efforts and regimes — both here and abroad.
I suppose that they might also argue that regulation is justified where it ensures more “choice” for consumers. But forcing “choice” upon online markets isn’t exactly the same thing as allowing it evolve in a natural, non-destructive fashion. As I noted in my filing, many others besides me are concerned about what mandatory Do Not Track would mean for the online ecosystem of mostly “free” content and services. Lauren Weinstein, co-founder of People For Internet Responsibility (PFIR), worries that the “ability [of Do Not Track concepts] to cause major collateral damage to the Internet ecosystem of free Web services is being unwisely ignored or minimized by many Do Not Track proponents.” And in a brilliant Huffington Post column this week about the rise of a privacy techno-panic, Jeff Jarvis said, “I also worry that efforts to bring in a ‘Do Not Track’ list and other demonization of ad targeting could cripple the revenue of the media and news industries even as they struggle to find sustainability; it could kill news outlets and reduce journalism.”
Weinstein and Jarvis are right. There is no free lunch. While groups like EFF and CDT who support Do Not Track regulation are well-intentioned in their aims, the reality is that government regulation that attempts to create a cost-free opt-out for data collection and targeted online advertising will likely have damaging consequences for the future provision of online content and services. In terms of direct costs to consumers, Do Not Track could result in higher prices for service as paywalls go up or, at a minimum, advertising will become less relevant to consumers and, therefore, more “intrusive” in other ways.
Which leads to my final point. What is perhaps most perplexing about this is how many of the advocates of Do Not Track argue that such a regulatory scheme will slow the “arms race” in the privacy arena. For example, EFF has said “The header-based Do Not Track system appeals because it calls for an armistice in the arms race of online tracking.” And my favorite frenemy Chris Soghoian argues that “opt out mechanisms… [could] finally free us from this cycle of arms races, in which advertising networks innovate around the latest browser privacy control.” At best, this is highly wishful thinking. At worst, it’s outright deceit aimed at sugar-coating the hard truth: If anything, a Do Not Track mandate will speed up the technological arms race and have many other unintended consequences. Online advertising will almost certainly become more “annoying” and even invasive as a result of such regulation. And “tracking” techniques aren’t going to be stopped or even slowed as a result of Do Not Track. (Hello DPI!) Again, check out my filing to the FTC for more details.
The important point here is that one intervention will simply beget another and another in an attempt to address the “arms race” and to refine and rework Do Not Track to cover more and more online information flows. One wonders how expansive this new regulatory regime will need to be to deal with the growing scale and volume of online information flows. Really, does anyone think there will be less personal information online in coming years? Unless we stop the unprecedented voluntary information-sharing and self-revelation of personal data that takes place on social networking sites and via user-generated content sites, there is simply no way in hell this problem is going to be curtailed. When 600 million people use Facebook as an open diary to the world (among many other examples I could cite), it’s hard to imagine we’ll ever be able to stop the mercurial flow of personal information across the Internet. Do Not Track certainly won’t stop it, but the cost of putting such a regulatory regime in place in an attempt to put the genie back in the bottle could be profound for the future of the Internet and online content and culture.
Again, this is essentially the same argument previously set forth against a broadcast flag mandate. As EFF once noted, “the technology mandate proposed… is unnecessary, ineffective, and unwise.” I agree, and I invite Do Not Track defenders at CDT and EFF (or anyone else) to explain why, conceptually speaking, Do Not Track isn’t just broadcast flag in drag.