Articles by Braden Cox

Braden Cox formerly wrote for the TLF.

Earlier this month, a coalition of ad and marketing associations made public a new self-regulatory program for behavioral advertising (or as we like to refer to them, “interest-based ads”). Will it be enough to whet the appetite of members of Congress waiting to chomp on the privacy bit when they get back in November?

Hopefully. But it all depends on ad network uptake and user adoption. FTC Chairman Jon Leibowitz’s wait-and-see attitude toward the self-regulatory effort probably sums up the thoughts of many pro-regulatory privacy advocates. According to Politico’s Morning Tech, Leibowitz said:

We commend industry’s effort to get a broad group of industry leaders on board. However, the effectiveness of this effort will depend on how, and the extent to which, the opt-out is actually implemented and enforced – all of which is yet to be seen. We also urge industry to make sure that the opt-out is easy for consumers to find, use, and understand.

Making it easy for consumers is what the advertising option icon (above) is all about. It’s a just-in-time “heads-up” accompanying ads that allows users to obtain more information about why they’re seeing the ad. In the future, it will allow users to opt-out. Ad networks will pay a license fee to have the right to display the icon and must submit to ongoing compliance.

It’s the compliance part that’s interesting. The Better Advertising project is a new company formed specifically for the self-regulatory program. According to Internet Retailer, “the Council of Better Business Bureaus and the Direct Marketing Association, a trade group for direct-to-consumer marketers and retailers, will begin monitoring compliance with the program early next year.”

Let’s hope the coalition moves quickly and successfully, before Congress does….

At the Safe Internet Alliance event earlier this week there was a surprising amount of agreement on one aspect of sharing information on the Internet: eliminating the fear factor.

“Facts, not fear” was a meme throughout the event. Rep. Boucher discussed how comprehensive privacy legislation encourages Internet use because consumers don’t need to fear how their information is protected. And Josh Gottheimer of the FCC cited a study that shows that one of the main reasons why people don’t have broadband is due to, as he called it, the “fear factor.”

For increased use and adoption of the Internet and online services, cutting through the fear is key. That’s why I stressed why one of the main goals of a group that’s discussing privacy-related public policies should be to distinguish between legitimate concerns versus overreactions.

For online safety, there was a period just a year or two ago where we saw a lot of rhetoric, but not a lot of facts, about the real risks and likely threats kids face when online. Today the discussion is less fear-based, and as a result is much more productive for making the Internet safer. The NTIA OSTWG report stressed this fact-based approach.

Today privacy is where the online safety debate was a few years ago. There’s a similar danger of overreaction where rhetoric may crowd-out productive solutions. But there’s also a risk of being too glib on each side: pro-regulatory privacy advocates may not value the need for legitimate revenue models while businesses may sometimes dismiss legitimate privacy concerns.

Ultimately it may come down to a question of who decides. Whether it’s default settings or what is personal information, is it government, companies, or consumers that decide? I’ll tip my hand here: I think the key is for consumers to on the one hand understand the decisions they make, and on the other hand be allowed to make decisions.

Fear not, NetChoice looks forward to working with the Safe Internet Alliance and policymakers on privacy issues.

I’d like to recommend Sonia Arrison’s recent article on the need for updating the Electronic Privacy Communications Act (ECPA). She makes a good case why citizens should feel a bit worried about the ability of government to invade their privacy when they keep data in the cloud. And citizens are customers, so online businesses are worried if people may use less of their services. But here’s another angle for why we need to update ECPA…it’s to promote online safety. From an excellent analysis by Becky Burr, ECPA reform:

Would establish uniform, clear, and easily understood rules about when and what kind of judicial review is needed by law enforcement to access electronic content; and

Would, by clarifying the applicable rules, enable business to respond more quickly and with greater confidence to law enforcement requests and to avail themselves of hosted productivity technology.

Right now the law is muddled, and online services have a hard time determining legitimate requests from those that are overreaching. When the law is clarified, businesses and law enforcement can (with appropriate legal process) share information that can help find sexual predators and other online miscreants.

Based on two (1, 2) previous cyber security bills, a draft bill that has been circulating around town backed by Senate Majority Leader Harry Reid would give the White House sweeping new powers over companies that operate “covered critical infrastructure” or (CCI). And more than that, the bill would eliminate a vital aspect of the governmental process: a right to a day in court.

People often think of critical infrastructure as power plants, dams, and public safety communication networks. On the Internet, modems, routers and other specific network equipment could be designated as CCI. But this bill is written broadly, so that the Administration could even designate online services—such as e-mail and cloud computing services—that use the Internet but are not themselves network infrastructure.

All businesses want to keep Americans safe and protect infrastructure that supports the American economy. But what happens if a company (or an industry) wants to challenge their CCI designation? Typically, what makes America work is that we can question authority and even challenge our government in court when we think it’s wrong. But this legislation explicitly denies businesses their right to challenge a CCI designation in court.

(4) Final appeal.—A final decision in any appeal under this subsection shall be a final agency action that shall not be subject to judicial review except as part of an enforcement action under section 306(b)(7). [emphasis added]

This part of the bill has to be amended to allow judicial appeals to make it fair for the businesses that will pay for it. Continue reading →

Up on the NetChoice blog, Steve DelBianco writes about how online child safety was a hot topic at the Internet Governance Forum (IGF) last week in Lithuania. There was one workshop on location-based services that allow users to publish their mobile phone location info to their parents or social network pages (e.g. Foursquare, Loopt, and Facebook Places).

The entire workshop reminded Steve of the movie Minority Report, where a ‘precrime’ police unit relies on the visions of psychics to predict future crimes, then arrests the potential perpetrators before they do anything wrong:

In the world of Internet governance, the future is now, as regulators want online services to predict and prevent safety threats before they actually occur. According to some privacy advocates and lawmakers, the precrime problem here is that location data might be seen by someone with bad intentions.  In the name of protecting children, panelists here favor a policy framework that would require innovators to clear new location-based services with regulators before making them available to users.

Think of the irony with this regulatory approach. Lawmakers are not likely to predict all the ways that bad people can abuse a good service, and regulatory approvals are notoriously slow and inflexible.  On the other hand, Internet innovation is marked by rapid development of new services and quick reactions to fine-tune new features or fix unexpected problems.

Thankfully, there was a young person in the audience that actually knows how kids use the Internet and what will help them the most:

More sage advice came from young people – the anticipated victims of precrimes that might use location-based info. Joonas Makinen of the Youth Coalition on Internet Governance told the IGF, “It is better to focus on fighting ignorance and building digital literacy than applying safety strategies based on restriction.”


After a quiet August recess in Washington, DC, it’s time to refocus our efforts on public policies that impact online commerce. And today we consider not the good, and not merely the bad, but the awful – iAWFUL.

NetChoice unveiled an updated version of out Internet Advocates’ Watchlist for Ugly Laws (iAWFUL) where we track the ten instances of state and federal legislation that pose the greatest threat to the Internet and e-commerce. Our efforts so far this year have helped to remove two of the worst offenders from the February 2010 iAWFUL list, including a federal bill giving the Federal Trade Commission more powers to make new rules for online activity without Congressional guidance, and a Maine law restricting online marketing to teenagers.

In our second update for 2010, NetChoice identifies new legislation that has the potential to stall Internet commerce. Our top two are Congressional bills:

Number 1:  Federal online privacy efforts such as Rep. Rush’s “Best Practices Act” (HR 5777) and the staff discussion draft from Boucher / Stearns.

Number 2:  The expansion of Internet taxation HR 5660, the “Streamlined Sales Tax Bill”

This iAWFUL list targets federal privacy proposals that would curtail the continued development of ad-supported content and services that consumers have come to expect from the Internet. No one’s saying that privacy isn’t important or that we shouldn’t be concerned with our personal information. However, one federal privacy proposal would regulate small websites that don’t collect personally identifiable information but add just 100 users a week, even when users provide only a nickname and password. Continue reading →

It’s not often that you see advice on Internet privacy sandwiched between articles on “4 Times it Pays to Splurge” and  how to “Be a Full-time Mom with a Part-time Passion.” But online privacy is such a hot topic that even Redbook, the women’s magazine, has a story in its August issue.  The article is an informed, well-balanced look at providing practical tips (well it should be, I was interviewed for it!) on being secure and private when on various Internet sites:

If you’re a LIVE-LIFE-OUT-LOUD GIRL (i.e., you offer a play-by-play of your life to your 1,000 Facebook friends, blog readers, and Twitter followers), these are the guidelines you — and everyone — should follow:

  • On your social networking profiles, take the time to check out the privacy settings and decide whom you want to have access to what information. The risks here aren’t great, but do you really want your cousins to read about your sex life, or your frenemy to see photos of the party you didn’t invite her to?
  • If you’re on a public wireless network, like at Starbucks, don’t do your online banking or log on to other sites that contain sensitive information about you. Other users accessing the network might be able to access it.
  • Teach your kids about the risks of sharing personal information on the Web. If it feels appropriate for your child, bring up the countless cases of tweens’ and teens’ personal photos and videos that have ended up in the wrong inboxes because of how easy it is to forward email. Have a conversation about what sites they’re visiting online, and make sure they’re staying safe by signing up for a free limiting service such as AOL Parental Controls, which allows you to log in and monitor their activity. Check with your wireless carrier for similar services on your kids’ phones, too.

There’s more tips if interested, or read about unboring veggies sides for grilled food.

In reaction to recent government pressures for RIM to reveal customer encryption keys, Steve DelBianco writes over at the NetChoice blog:  enough with the bullies from UAE and Saudi Arabia kicking sand on the skinny Canadian guy.

It’s not likely that the UAE and Saudi governments will pick a fight with every company in a global industry.  Nor is it likely they would ban all electronic messaging, knowing their monarchs would be forced to back down after a few days of embarrassing international criticism.

It’s time for these governments to stop bullying a company that’s investing heavily to bring connectivity, content, and commerce to their own citizens.  It will only lead to a larger fight where everyone loses.

Kicking sand, indeed.

Two privacy bills are already up for consideration. And at yesterday’s Senate Commerce hearing on Consumer Online Privacy, we heard Senator Kerry announce that he will be working on new legislation to regulate online privacy.  While we wait to see what Kerry will offer, NetChoice has concerns over the bills we do know about:  Rep. Rush’s “Best Practices Act” and the Boucher/Stearns Discussion Draft. Our side-by-side comparison identifies four concerns:

  • Both proposals would regulate small websites that don’t even collect PII. Boucher-Stearns would regulate a tiny online startup that is adding just 100 users a week, even where its users provide only a made-up user name and password. As defined, “covered information” would overly restrict the flow of useful information and harm the development of ad-supported content and services. Continue reading →

Internet governance is often thought of as ICANN and domain names, but the Internet Governance Forum, a body of the UN, takes a broad approach. Tomorrow I’ll be speaking on a panel about online safety at IGF-USA,  a national body that reports to the full IGF.  We’ll discuss the recent NTIA OSTWG “Youth Safety on a Living Internet” report, among other online safety issues such as sexting, cyberbullying, and proposed state legislation.

UPDATE:  Here’s a summary and video excerpt of my presentation.

Here’s the panel:

Moderator: Danny Weitzner, Associate Administrator, Office of Policy Analysis and Development U.S. Department of Commerce


  • Michael W. McKeehan, Executive Director, Internet and Technology Policy, Verizon
  • Braden Cox, Policy Counsel, NetChoice Coalition
  • Anne Collier, via remote participation [Invited]
  • Jennifer Hanley, Family Online Safety Institute (FOSI)
  • Stacie Rumenap, Stop Child Predators


  • Morgan C. Little, Elon University Graduate, Political Science, American University
  • Jane Coffin, NTIA: comments on some of the global activities
  • Bessie Pang, Executive Director, POLCYB

Check it out and come for the other panels on cybersecurity, cloud computing and global governance for governments. Registration is free.