Andrew Orlowski of The Register (U.K.) recently posted a very interesting essay making the case for treating online copyright and privacy as essentially the same problem in need of the same solution: increased property rights. In his essay (“‘Don’t break the internet’: How an idiot’s slogan stole your privacy“), he argues that, “The absence of permissions on our personal data and the absence of permissions on digital copyright objects are two sides of the same coin. Economically and legally they’re an absence of property rights – and an insistence on preserving the internet as a childlike, utopian world, where nobody owns anything, or ever turns a request down. But as we’ve seen, you can build things like libraries with permissions too – and create new markets.” He argues that “no matter what law you pass, it won’t work unless there’s ownership attached to data, and you, as the individual, are the ultimate owner. From the basis of ownership, we can then agree what kind of rights are associated with the data – eg, the right to exclude people from it, the right to sell it or exchange it – and then build a permission-based world on top of that.”
And so, he concludes, we should set aside concerns about Internet regulation and information control and get down to the business of engineering solutions that would help us property-tize both intangible creations and intangible facts about ourselves to better shield our intellectual creations and our privacy in the information age. He builds on the thoughts of Mark Bide, a tech consultant:
For Bide, privacy and content markets are just a technical challenges that need to be addressed intelligently.”You can take two views,” he told me. “One is that every piece of information flowing around a network is a good thing, and we should know everything about everybody, and have no constraints on access to it all.” People who believe this, he added, tend to be inflexible – there is no half-way house. “The alternative view is that we can take the technology to make privacy and intellectual property work on the network. The function of copyright is to allow creators and people who invest in creation to define how it can be used. That’s the purpose of it. “So which way do we want to do it?” he asks. “Do we want to throw up our hands and do nothing? The workings of a civilised society need both privacy and creator’s rights.” But this a new way of thinking about things: it will be met with cognitive dissonance. Copyright activists who fight property rights on the internet and have never seen a copyright law they like, generally do like their privacy. They want to preserve it, and will support laws that do. But to succeed, they’ll need to argue for stronger property rights. They have yet to realise that their opponents in the copyright wars have been arguing for those too, for years. Both sides of the copyright “fight” actually need the same thing. This is odd, I said to Bide. How can he account for this irony? “Ah,” says Bide. “Privacy and copyright are two things nobody cares about unless it’s their own privacy, and their own copyright.”
These are important insights that get at a fundamental truth that all too many people ignore today: At root, most information control efforts are related and solutions for one problem can often be used to address others. But there’s another insight that Orlowski ignores: Whether we are discussing copyright, privacy, online speech and child safety, or cybersecurity, all these efforts to control the free flow of digitized bits over decentralized global networks will be increasingly complex, costly, and riddled with myriad unintended consequences. Importantly, that is true whether you seek to control information flows through top-down administrative regulation or by assigning and enforcing property rights in intellectual creations or private information.
Let me elaborate a bit (and I apologize for the rambling mess of rant that follows).
Parallels in Debates over Copyright & Privacy Protection
In several essays here over the past few years I have attempted to draw parallels between the battles over protecting digital copyright and online privacy, as well as battle over online safety/speech and cybersecurity. Here are a few of those essays in case you’re interested in seeing the evolution of my thinking about this:
- When It Comes to Information Control, Everybody Has a Pet Issue & Everyone Will Be Disappointed
- And so the IP & Porn Wars Give Way to the Privacy & Cybersecurity Wars
- SOPA & Selective Memory about a Technologically Incompetent Congress
- Privacy as an Information Control Regime: The Challenges Ahead
- Isn’t “Do Not Track” Just a “Broadcast Flag” Mandate for Privacy?
In those essays I have argued that a combination of selective morality and wishful thinking are at work in the information policy world these days. In essence, people hate Internet regulation… until they love it! Here’s how I summarized that fact during the debate over SOPA:
… conservatives rush out and breathlessly denounce each and every effort to impose Net neutrality regulation because of the danger of empowering an already over-zealous bunch of bumbling bureaucrats at the FCC. (And I agree with them.) Yet, with their next breath many conservatives praise SOPA even though it also empowers government to muck with the inner workings of the Internet. Some of those conservatives are also turning a blind eye to the growing appetite of the defense/security community to meddle with the Net’s architecture in the name of avoiding any number of non-catastrophes.
Meanwhile, the liberals decry SOPA and want it stopped at all costs. There’s never been a copyright protection measure they liked, of course, but each time one pops up we hear them claim that our analog era Congress is not well-positioned to be designing industrial policy schemes for the Internet. (And I generally agree with them.) But most liberals do a complete 180 whenever online privacy or Net neutrality regulations are the subject of congressional inquiry. Suddenly, the cyber-oafs in Congress are considered veritable technocratic philosopher kings who we should trust to guard our cyber-freedoms to lead us to the digital promised land.
Again, it’s both selective morality and wishful thinking. It’s selective morality in that some folks think certain values are sacrosanct and deserving of a “by-any-means-necessary” enforcement attitude, yet they are often just as likely to denounce similar information control efforts when it comes to issues or values they don’t give a damn about. And it is wishful thinking in that you can’t run around insisting that “information wants to be free” in some contexts but then express outrage when something that you want to bottle up turns out to “just want to be free” as well!
But the important takeaway here is that, consistent with what Orlowski argues, I believe that online copyright and privacy are essentially the same problem: It’s an information control problem.
Potential Costs of Control
Once you start thinking about Internet policy debates as a single issue — namely, information control — you can begin to investigate the potential costs of control in a somewhat more objective fashion. Of course, challenging issues remain:
- Which method of control should we choose? On one hand, there are many varieties of administrative regulation, technical infrastructure controls, and device mandates. On the other hand, there are property rights and liability / tort schemes. And there are many hybrid enforcement models, such as increasingly popular “co-regulation” models, government standard-setting, and “nudging” of system defaults. Each method will entail different costs and trade-offs.
- What metric(s) should we use when attempting to determine whether the benefits of control exceed the costs? Ask any advocate of information control about whether the costs might exceed the benefits of regulation for their pet issue and they will typically suggest that either (a) there are no costs or that (b) the benefits dwarf any costs that may exist. But all too often the benefits they identify are extremely subjective and amorphous in character (“privacy,” “safety,” and “security” are hard to quantify, after all) while the costs are very real and increasingly substantial.
In my view, these practical questions are increasingly the most interesting issues to explore in the field of cyberlaw and digital economics. We can debate the normative or ethical considerations until we’re all blue in the face and ready to rip each other’s heads off, but I am less and less interested in such squabbles. Instead, I keep coming back to the question of how we’ll go about controlling info flows and how much effort and resources it makes sense to expend in pursuit of each of the values identified above. Some of the specific considerations I find myself asking in every paper I write these days include:
(A) Will the proposed form of information control tie us up in the courts forever, lead to increasingly onerous and unworkable liability norms, and end up yielding outrageous litigation costs?
(B) Will the proposed form of information control require a significant increase in regulatory bureaucracy? How many levels of government will need to be involved in the proposed enforcement scheme? How many new offices and officials will need to be empowered in the hope of achieving some measure of control?
(C) What are the alternatives to the proposed form of information control? Are there less costly or less restrictive means of addressing the concern in question? For example, education and empowerment effort are often an effective way to address many online safety and digital privacy concerns. Can we use those methods in conjunction with social norms, public pressure, self-regulation, informal contracting, and other methods to address these and other concerns?
For me, the costs associated with the A & B are increasing so rapidly that I almost always default to C as the better approach. Importantly, although A & B will be less onerous or costly when the solution is of the increased property-ization variety than of the administrative regulation variety, that does not mean property rights-based solutions for information are costless. Indeed, I increasingly find myself concluding that C solutions are more cost-effective even compared to increased property rights.
Practical Advice Once You Accept the Increasing Costs & Complications of Control
At this point, readers may be thinking: “Wait a minute, this dude is just some kooky libertarian who doesn’t want any form of information control, so he’s just trying to rationalize anarchy here.” No, I’m not. I certainly favor less control across the board than most people, but I also understand that there are times, at the margin, when some forms of “control” are necessary. But my views on the wisdom of control are heavily influenced by the costs of control. The costs of control — broadly defined — are a key factor in every cost-benefit analysis I do related to the wisdom of Net regulation and information control methods — even when one of those methods is increased “property-ization.” And because I have come to believe that those costs are going up and that most information control efforts will not work well in practice, I have boiled down my advice on this front to two simple principles:
- Choose your info control battles wisely. Figure out where the most serious harms or threats lie and then target the info control solution accordingly and forget about the rest. For example, in child safety debates, that would mean going after child porn rings but leaving run-of-the-mill adult porn alone entirely. In copyright, it would mean nailing the largest commercial mass piracy sites but accepting a certain amount of casual sharing. In the field of personal info, it means singling out health and financial information and data for special protections and likely giving up on most other forms of info control. And so on. In essence, these are where the greatest potential harms lie that most people would consider intolerable. As you move further away from such issues, the case for control becomes harder and harder and the costs will almost certainly exceed the benefits.
- Have a good backup plan in mind when those info control plans fail anyway. That backup plan should generally be based on education, empowerment, coping strategies, and resiliency. Again, these are the “C” solutions mentioned above. [I developed this model more robustly in the second half of this recent paper.] This approach won’t be perfect but it will likely be what you’ll end up relying on anyway, so you better start thinking about plowing more resources into this alternative approach even while you’re trying to devise info control mechanisms.
Let me just say a brief word to my market-oriented friends who are dismayed by my inclusion of property rights in the mix of “information control” efforts. I’m a big believer in the importance of property rights in many contexts, but context does matter. More specifically, physicality matters. It is easy to create property rights in tangible goods and almost always right to do so. Property rights in intangible ideas and creations raise special issues, however. Because ideas are non-rivalrous and have public good qualities, it makes property-ization more complicated and less effective. Property rights in facts can also come into conflict with other values and more well-established rights, especially freedom of speech and expression.
On the privacy front, Eugene Volokh made this point in his famous 2000 law review article, “Freedom of Speech, Information Privacy, and the Troubling Implications of a Right to Stop People from Speaking About You,” when he noted that, “The difficulty[with] the right to information privacy — the right to control other people’s communication of personally identifiable information about you — is a right to have the government stop people from speaking about you. And the First Amendment (which is already our basic code of “fair information practices”) generally bars the government from “control[ling the communication] of information,” either by direct regulation or through the authorization of private lawsuits.” That doesn’t mean free speech values should always trump privacy values, but denying this tension is just plain silly. If you want to propertytize all personal information, then you better be prepared to explain how that plays out in practice. How far are you prepared to go to ban the dissemination of facts? Would you place prior restraint on the press to accomplish it? Would you ban a historian from writing a biographies that reveal intimate facts about the subject? Would you shut down all the online sites and services that rely on a certain amount of personal information to fuel their free offerings?
Likewise, copyright law was far more effective in the analog age when we were still pressing music on vinyl and plastic. As soon as digitization become widespread, it was pretty much game over for traditional copyright law and now we are off and running with all sorts of convoluted and increasingly costly regulatory regimes. It’s not that I don’t want these some of these schemes to work — I’ve been a long-time copyright defender — but, again, the practicality of control simply must be considered here. I am not will to “pay any price, bear any burden” in defense of protecting intellectual property rights even as I remain outraged by the staggering amount of free-riding at work every single second of the day on the Internet. So, adopting the framework I outlined about, we might try targeted solutions to go after the biggest of those freeloaders — commercial mass piracy hubs — but we should generally avoid the sort of ham-handed technical control methods we saw in SOPA and other fights, like the broadcast flag battle among others. But, generally speaking, property rights just aren’t going to work as well in this space going forward. I’ve come to believe that the best hope lies in massive consolidation of content and conduit. In other words, pipe and device owners need to buy out all the content-creating industries and just embed a small fee in their monthly services to cross-subsidize content. This is essentially a private collective licensing solution and it is not unprecedented. Nor is it perfect. It will be very leaky. Plenty of piracy will still take place. But it will probably offer creators a better chance of finding a sustainable revenue stream than the current system does. The old copyright system that served them and us so well is dying and they had better start thinking of alternatives like this. Of course, antitrust law may never allow it, so I could be wasting my breath here. (Just look at all the grief that antitrust officials both here and abroad are giving Apple and eBook sellers for working together even though that it probably the best scheme devised in recent memory to sustain publishing in an age of mass piracy. Policymakers should be encouraging more of that sort of thing, not punishing it.)
An Uncertain Future
So, to wrap up… I can imagine a future in which both heavy-handed, top-down info control efforts and property / liability solutions are failing almost universally because of the ubiquitous, instantaneous, quicksilver-like flow of information across decentralized digital networks. Some utopians will argue that such a world will be better in every way than the one we live in today. I do not share such hyper-optimism. While I believe that, on balance, the free flow if information generally benefits society, I also understand how it creates enormous angst and intractable challenges for many. It’s a world in which copyright is a hollow shell of its former self that offers creators very little protection for their expressive works. And it’s a world in which personal privacy is harder to safeguard with each passing day because no matter how hard we try to property-tize facts about ourselves, that enforcement model simply breaks down at some point or becomes socially and economically intolerable. As with copyright, efforts to property-tize personal information will lose the battle against data sharing. As computer scientist Ben Adida argued in his essay, “(Your) Information Wants to be Free,” “unfortunately, information replication doesn’t discriminate: your personal data, credit cards and medical problems alike, also want to be free. Keeping it secret is really, really hard.”
Indeed, and it is growing harder by the day. Contrary to what Orlowski suggests, therefore, this isn’t a simple engineering problem. I wish it were as easy as he suggests to build “permissions-based markets” because they could have real benefits for individuals and society. But it is most certainly not that simple. It is far more costly and complicated than ever to devise workable information control schemes on one hand and “permissions-based” property rights schemes on the other. In some cases, I might still be willing to try the latter, but unlike Orlowski, I just don’t place much faith in the success of the endeavor.