Articles by Berin Szoka

Berin is the founder and president of TechFreedom, a tech policy think tank based on pragmatic optimism about technology and skepticism about government. Previously, he was a Senior Fellow at The Progress & Freedom Foundation and Director of PFF's Center for Internet Freedom.

This article originally appeared at

On December 15, the European Commission announced that it had reached agreement with the European Parliament and the Council on a new EU Data Protection regulation. The new regulation, which is not yet public, has been under negotiation since January 2012, and would replace Europe’s 1995 Data Protection directive, which left implementation up to nation states.

Europe has a collective insecurity complex about the Internet,” said Berin Szoka, President of TechFreedom. “The problem isn’t that Europeans aren’t innovative, but that Europe’s most innovativeusually leave the gray continent to start web businesses in the U.S., where innovation doesn’t require permission. Now, it seems, European governments have thrown in the towel: instead of trying to stop the digital brain drain by making Europe more open to innovation, they’re cracking down on the data flows that drive web companies. Their hodgepodge of new measures will prove either crippling, counter-productive or utterly unworkable.”

The worst idea is banning young teens from using social media without parental consent,” continued Szoka. “We already know that kids 13 and under simply lie about their age to get access to the sites they want to use. Teens will do the same, making the promise of parental control utterly illusory. That, in turn will undermine social media platforms’ efforts to offer age-appropriate experiences for their users. The only way to avoid this will be to age-verify all users, which means tyingeveryone’s Internet use to a verified identity — in short, ending online anonymity. Similarly, the ‘right to be forgotten’ sounds great, but in practice, means giving users a right to censor speech about them they don’t like.”

The new regulations will harm startups most,” concluded Szoka. “Allowing fines of up to 4% of a company’s global revenue will make all companies reluctant to experiment with new offerings that unsettle established norms. From Google’s Street View to Facebook’s NewsFeed, yesterday’s ‘creepy’ has proved to be today’s ‘awesome.’ Now, that line will be drawn by bureaucrats rather than consumers. Ironically, it’s established, American companies that will be most able to deal with the burden of compliance — which is why, of course, these heavy-handed regulations will no doubt be enforced arbitrarily. Regulatory discretion will be used as a tool of digital protectionism — yet another way for regulators to vent their frustration as Europe falls further and further behind Silicon Valley. Ordinary Europeans will be told that only tougher measures will bridge the gap, and Europe’s sad spiral of digital self-destruction will go on, and on, and on…”

This article originally appeared at

WASHINGTON D.C. — Yesterday, the Federal Trade Commission announced that it had reached a settlement with Wyndham Hotels over charges that the company had “unreasonable” data security. In 2009, Russian hackers stole customer information, including credit card numbers, from Wyndham hotel systems. The company initially refused to settle an FTC enforcement action, becoming the first to challenge the FTC’s approach to data security in federal court. The FTC has used a decade of settlements with dozens of companies to establish fuzzy de facto standards for data security. In August, the Third Circuit denied Wyndham’s appeal of the district court’s decision to let the case proceed.

The FTC has, once again, avoided having a federal court definitively answer fundamental questions about the constitutionality of the FTC’s approach to data security,” said Berin Szoka, President of TechFreedom, which joined an amicus brief in the case. “The FTC will no doubt claim the Third Circuit vindicated its approach, but all the court really said was that Wyndham’s specific practices may have been unfair. Indeed, the appeals court agreed with Wyndham that the FTC’s so-called ‘common law of consent decrees’ cannot provide the ‘fair notice’ required by the Constitution’s Due Process clause. This implied that the FTC needs to do much more to guide companies on what ‘reasonable’ data security would be. By settling the case, the FTC avoided having the district court resolve those questions.”

It’ll take years for another case to work its way through the courts,” explained Szoka. “LabMD’srecent victory before the FTC’s chief administrative law judge is encouraging, and may allow a federal court to weigh in on the requirements of Section 5’s amorphous unfairness standard, if the full Commission overrules the ALJ. But that case focuses more on how the FTC weighs costs and benefits in each enforcement action than on the issue of how much guidance it provides guidance to industry.”

It’s high time Congress reasserted itself here,” concluded Szoka. “The FTC has demonstrated little willingness to change from within, and we can’t wait for the courts to address these questions. Congress needs to put the FTC on sounder footing across the board — from data security to privacy and other consumer protection issues. Far from hamstringing the agency, requiring better explanation of what the law requires and weighing of costs and benefits would actually help consumers — both by promoting better business practices and by avoiding FTC actions that end up harming consumers. Such common sense reforms should be bipartisan, just as they were back in 1980, the last time Congress really checked the FTC’s vast discretion.”

Szoka is co-author, along with Geoffrey Manne and Gus Hurwitz, of the FTC: Technology & Reform Project’s initial report, “Consumer Protection & Competition Regulation in a High-Tech World: Discussing the Future of the Federal Trade Commission,” which critiques the FTC’s processes and suggests areas where the FTC, the courts and Congress could improve how the FTC applies its sweeping unfairness and deception powers in data security, privacy and other cases, especially related to technology.

This article originally appeared at

Today, the House voted to extend key, but narrow, privacy rights to citizens of “covered countries.” The Judicial Redress Act, passed by a voice vote, would allow the Attorney General to work with other federal agencies to determine countries whose citizens can enforce their data protection rights in U.S. courts under the Privacy Act of 1974. Since that statute specifically exempts sensitive issues regarding law enforcement and national security, extending Privacy Act rights to citizens of selected countries poses no significant concerns.

Today, the House took one small step toward repairing America’s tarnished image on data privacy,” said Berin Szoka, President of TechFreedom. “Since the Snowden disclosures, our government’s inaction on surveillance reform has provoked an international crisis — one that could lead to a European blockade of American Internet companies.”

Two weeks ago, in the Schrems case, the European Court of Justice struck down the Safe Harbor agreement that has, since 2000, allowed U.S. companies to receive and use data about European citizens. Lack of redress rights for Europeans is among the chief reasons why the ECJ found that the Commission had failed to update its finding that U.S. privacy protections were “adequate.”

Without a new agreement, U.S. companies will be at the mercy of each and every European Data Protection Authority, which, under Schrems, can now decide how to regulate cross-border data flows. This burden will likely fall heaviest on U.S. tech startups, who can ill afford this risk. If the Digital Protection Authorities (DPAs) start cracking down, American companies may simply decide to forego the European market, or to split their services into two pieces that don’t allow users to interact — especially new companies that haven’t yet launched their services. That, in turn, could mean a regionalization of what has, until now, been an inherently global medium.

Passage of the Judicial Redress Act is ‘table stakes’ for the U.S.,” continued Szoka. “Without it, the State Department will have no credibility at the bargaining table in negotiating with the Europeans over a replacement for Safe Harbor. However, Privacy Act rights are necessary but not sufficient: Congress will need to move on to other privacy reforms immediately, starting with ensuring that law enforcement must obtain a warrant before accessing stored data of both American and European citizens. Congress will also need to finish the surveillance reforms it started with USA FREEDOM, specifically regarding Section 702.”


We can be reached for comment at See more of our work on privacy, especially:

  • “Only Congressional Privacy Reforms Can Prevent  EU Internet Blockade of US,” a statement from TechFreedom on the ECJ striking down Safe Harbor

This Wednesday, TechFreedom joined Niskanen Center and a coalition of free market groups in urging the White House to endorse the use of strong encryption and disavow efforts to intentionally weaken encryption, whether by installing “back doors,” “front doors,” or any security vulnerabilities into encryption products.

The coalition letter concludes:

We urge your Administration to consider the full ramifications of weakening or limiting encryption. There is no such thing as a backdoor that only the US government can access: any attempt to weaken encryption means making users more vulnerable to malicious hackers, identity thieves, and repressive governments. America must stand for the right to encryption — it is nothing less than the Second Amendment for the Internet.

The White House’s silence on encryption is deafening,” said Tom Struble, Policy Counsel at TechFreedom. “The President’s hitherto failure to endorse strong encryption has given ammunition to European regulators seeking to restrict cross-border data flows and require that data on EU citizens be stored in their own countries. Just yesterday, the European Court of Justice struck down a longstanding agreement that made it easier for Europeans to access American Internet services. If the White House continues to dawdle, it will only further embolden ‘digital protectionism’ across the pond.”

The letter’s signatories include: Niskanen Center, TechFreedom, FreedomWorks, R Street Institute, Students For Liberty, Citizen Outreach, Downsize DC, Institute for Policy Innovation, Less Government, Center for Financial Privacy and Human Rights, and American Commitment.

The last several months have been a busy time for tech policy. Major policies have been enacted, particularly in the areas of surveillance and Internet regulation. While we haven’t checked in here on TLF in some time,TechFreedom has been consistently fighting for the policies that make innovation possible.

  1. Internet Independence: On July 4th, we launched  the Declaration of Internet Independence, a grassroots petition campaign calling on Congress to restore the light-touch approach to Internet regulation that resulted in twenty years of growth and prosperity.
  2. Internet Regulation: This February the FCC issued its Open Internet Order, reclassifying broadbandas a communications service under Title II of the 1934 Communications Act, despite opposition from many in the tech sector, including supporters of our “Don’t Break the Net” campaign. In response, we’ve joined and several leading internet entrepreneurs in litigation against the FCC   to ask the Court to strike down the Order.
  3. Surveillance: Section 215 of the PATRIOT Act, which authorized bulk collection of phone records, sunset this May, giving privacy advocates the opportunity to enact meaningful surveillance reform. TechFreedom voiced support for such reforms, including the USA FREEDOM Act, which will end all bulk collection of Americans’ telephone records under any authority.
  4. Broadband Deployment: Making fast, affordable Internet available to everyone is a goal that we all share. We’ve been urging government at all levels to make it easier for private companies to do just that through policies like Dig Once conduits, while cautioning that government-run broadband should only be a last resort.
  5. FTC Reform: The FTC is in dire need of reform. We’ve recommended changes to ensure that the agency fulfills its duty to protect consumers from real harm without a regulatory blank check, which stifles innovation and competition. While progress has been made, there’s still a long way to go. The agency can start by helping to unshackle the sharing economy from legacy regulations.

Telephone companies have already begun transitioning their networks to Internet Protocol. This could save billions while improving service for consumers and promoting faster broadband, but has raised a host of policy and legal questions. How can we ensure the switch is as smooth and successful as possible? What legal authority do the FCC and other agencies have over the IP Transition and how should they use it?

Join TechFreedom on Monday, May 19, at its Capitol Hill office for a lunch event to discuss this and more with top experts from the field. Two short technical presentations will set the stage for a panel of legal and policy experts, including:

  • Jodie Griffin, Senior Staff Attorney, Public Knowledge
  • Hank Hultquist, VP of Federal Regulatory, AT&T
  • Berin Szoka, President, TechFreedom
  • Christopher Yoo, Professor, University of Pennsylvania School of Law
  • David Young, VP of Federal Regulatory Affairs, Verizon

The panel will be livestreamed (available here). Join the conversation on Twitter with the #IPTransition hashtag.

Monday, May 19, 2014
11:30am – 12:00pm — Lunch and registration
12:00pm – 12:20pm — Technical presentations by AT&T and Verizon
12:20pm – 2:00 pm — Panel on legal and policy issues, audience Q&A

United Methodist Building, Rooms 1 & 2
100 Maryland Avenue NE
Washington, DC 20002

RSVP today!


Monday, TechFreedom submitted comments urging the White House to apply economic thinking to its inquiry into “Big Data,” also pointing out that the worst abuses of data come not from the private sector, but government. The comments were in response to a request by the Office of Science and Technology Policy.

“On the benefits of Big Data, we urge OSTP to keep in mind two cautions. First, Big Data is merely another trend in an ongoing process of disruptive innovation that has characterized the Digital Revolution. Second, cost-benefit analyses generally, and especially in advance of evolving technologies, tend to operate in aggregates which can be useful for providing directional indications of future trade-offs, but should not be mistaken for anything more than that,” writes TF President Berin Szoka.

The comments also highlight the often-overlooked reality that data, big or small, is speech. Therefore, OSTP’s inquiry must address the First Amendment analysis. Historically, policymakers have ignored the First Amendment in regulating new technologies, from film to blogs to video games, but in 2011 the Supreme Court made clear in Sorrell v. IMS Health that data is a form of speech. Any regulation of Big Data should carefully define the government’s interest, narrowly tailor regulations to real problems, and look for less restrictive alternatives to regulation, such as user empowerment, transparency and education. Ultimately, academic debates over how to regulate Big Data are less important than how the Federal Trade Commission currently enforces existing consumer protection laws, a subject that is the focus of the ongoing FTC: Technology & Reform Project led by TechFreedom and the International Center for Law & Economics.

More important than the private sector’s use of Big Data is the government’s abuse of it, the group says, referring to the NSA’s mass surveillance programs and the Administration’s opposition to requiring warrants for searches of Americans’ emails and cloud data. Last December, TechFreedom and its allies garnered over 100,000 signatures on a petition for ECPA reform. While the Administration has found time to reply to frivolous petitions, such as asking for the construction of a Death Star, it has ignored this serious issue for over three months. Worse, the administration has done nothing to help promote ECPA reform and, instead, appears to be actively orchestrating opposition to it from theoretically independent regulatory agencies, which has stalled reform in the Senate.

“This stubborn opposition to sensible, bi-partisan privacy reform is outrageous and shameful, a hypocrisy outweighed only by the Administration’s defense of its blanket surveillance of ordinary Americans,” said Szoka. “It’s time for the Administration to stop dodging responsibility or trying to divert attention from the government-created problems by pointing its finger at the private sector, by demonizing private companies’ collection and use of data while the government continues to flaunt the Fourth Amendment.”

Szoka is available for comment at Read the full comments and see TechFreedom’s other work on ECPA reform.

Join TechFreedom on Thursday, December 19, the 100th anniversary of the Kingsbury Commitment, AT&T’s negotiated settlement of antitrust charges brought by the Department of Justice that gave AT&T a legal monopoly in most of the U.S. in exchange for a commitment to provide universal service.

The Commitment is hailed by many not just as a milestone in the public interest but as the bedrock of U.S. communications policy. Others see the settlement as the cynical exploitation of lofty rhetoric to establish a tightly regulated monopoly — and the beginning of decades of cozy regulatory capture that stifled competition and strangled innovation. Continue reading →

How do DC and SF think about the future? Are their visions of how to promote, and adapt to, technological change compatible? Or are America’s policymakers fundamentally in conflict with its innovators? Can technology ultimately trump politics?

In the near-term, are traditional left/right divides breaking down? What are the real fault lines in technology policy? Where might a divided Congress reach consensus on tech policy issues like privacy, immigration, copyright, censorship, Internet freedom and biotech?

For answers and more questions, join moderator Declan McCullagh (Chief Political Correspondent for CNET), and a panel of technology policy experts: Berin Szoka (President, TechFreedom), Larry Downes (author, Laws of Disruption), and Mike McGeary (Co-Founder and Chief Political Strategist, Engine Advocacy). This event will include a complimentary lunch and is co-sponsored by TechFreedom, Reason Foundation, and the Charles Koch Institute.

Continue reading →

The suicide of Aaron Swartz earlier this year has sparked a national debate about reforming the Computer Fraud and Abuse Act (CFAA). Most notably, in June, Reps. Zoe Lofgren and Jim Sensenbrenner joined Sen. Ron Wyden to introduce Aaron’s Law, which aims to rein in the excesses of the federal computer fraud law and ensure it targets real criminals, rather than researchers or tinkerers.

Would this bipartisan reform go far enough — or too far? Would Aaron’s Law preserve the government’s ability to prosecute harmful hacking? What can activists do to promote CFAA reform in Congress?

These are some of the questions that will be explored in a panel discussion hosted by TechFreedom and the Electronic Frontier Foundation at CNET’s San Francisco Headquarters on July 22. RSVP here. Continue reading →