Articles by Braden Cox

Braden Cox formerly wrote for the TLF.

In the mix of yesterday’s FCC Broadband report release and today’s FTC Privacy Roundtable and Senate hearing on expanding FTC rulemaking authority, there’s a lot going on in Washington that impacts online commerce. And we heard particularly pointed comments about the future of .com at yesterday’s 25 Years of .Com Policy Impact Forum.

A panel about the Internet and privacy that highlighted how the the future of .com may be less about commerce and more about commissions – particularly the Federal Trade Commission.

Kara Swisher (D: All Things Digital) and Fred Wilson (a VC at Union Square Ventures) dug deep into online privacy issues. They decried the supposed privacy abuses of online companies, particularly by Google and Facebook. And while Kara is smart and well-informed, Fred Wilson was flippant, scattered, and skin-deep with many of his assertions—including when he accused Facebook of pulling off “the greatest privacy heist in history, and they got away with it!”

He’s referring to the changes Facebook made last December to the way users control their privacy settings (NetChoice defended Facebook’s actions on our blog). Facebook made some recommended changes based on where it sees its service going. Users (like me) could change these if they wanted. Some people complained that Facebook changed the default settings, which modified how users previously set some of their preferences.

But does changing the recommended defaults when giving users a choice constitute a “heist?” Only based on whether a user likes it or not. There certainly wasn’t any fraud or misappropriation. Or measurable consumer harm. Still, we heard from pro-regulatory privacy groups that filed a complaint urging that the FTC unleash it’s enforcement hammer.

There are legitimate debates on whether Facebook’s switch in privacy settings was clear and easy enough to understand for most users. But overblown rhetoric on privacy harm is hard to square with other concerns about  breaches, ID theft, and other abuses of data. Continue reading →

He climbed cathedral mountains, he saw silver clouds below

He saw everything as far as you can see

And they say that he got crazy once and he tried to touch the sun

And he lost a friend but kept his memory

-John Denver, Rocky Mountain High

We know that states are increasingly looking to tax anything and everything, including on the Internet. As Declan McCullagh reported earlier this week, Colorado and “fifteen other states have considered or are considering enacting laws targeting Amazon and other e-commerce companies that typically do not charge sales tax for shipments sent outside their home state.” These nexus taxes are #2 on the NetChoice iAWFUL list of bad legislation.

But Colorado’s recent “track and tax” law marks the most privacy-egregious Internet-related tax law we’ve seen.

Here’s the rub:  The Colorado state tax department will now have a listing of all purchases its citizens make from out-of-state companies. Why? So it can enforce its tax on purchases by way of the use tax that each of us owes to our government when sales tax isn’t collected.

HB 1193 was enacted last month as part of a package of revenue raising legislation. It originally started as an advertising nexus bill, but turned into a reporting bill when a lot of in-state companies that rely on affiliate advertising revenue complained that they would be harmed. Now it is consumer privacy that is harmed.

HB 1193 forces out-of-state retailers to track and report the purchases of Coloradans: Continue reading →

Yesterday, NetChoice joined the Center for Democracy & Technology and the Maine Civil Liberties Union (and PFF, who submitted written testimony) before the Maine legislature to oppose a bill that would restrict how health-related products can me marketed to minors under age 17.

The bill, LD 1677, is a repeal and replacement for current law passed last year that was strongly opposed by the online industry. As I previously blogged, NetChoice was a lead plaintiff in last year’s lawsuit to enjoin the law. Though well intentioned, this law was overly-broad and wrought with constitutional concerns. As a result, Attorney General Mills agreed not to enforce the statute. In October last year, NetChoice joined others in testifying before Maine Joint Standing Committee on the Judiciary regarding this law. In short, the conclusion of all parties involved was that the current legislation could not stand and that the legislature should move to quickly repeal.

So we all arrived in Augusta, ready for the next round – after all, this bill is #9 on the NetChoice iAWFUL list! But when we arrived, we were treated to a surprise amendment from the bill sponsor and this became the focus for discussion and testimony. Here’s the amended prohibition:

A person may not knowingly collect and use personal information collected on the Internet from a minor residing in this State for the purposes of pharmaceutical marketing prescription drugs to that minor, unless the minor specifically requests that information about the prescription drug be provided to them

John Morris at CDT gave great testimony and generally welcomed the amendment. However, he cautioned the committee that it should make sure that website intermediaries would not have liability for merely displaying ads. Continue reading →

“With a few notable exceptions, the tech industry seems unwilling to regulate itself. I will introduce legislation that will require Internet companies to take reasonable steps to protect human rights, or face civil and criminal liability.” – Senator Dick Durbin, as reported by the Washington Post.

We hear you, Sen. Durbin. The practices of many nations toward free speech and political dissidents are terribly wrong. But we respectfully and strongly disagree with your statements at yesterday’s Senate Judiciary hearing on global Internet freedom and the rule of law.

The growth of IT companies throughout the world has been an enormous boon to free speech and human rights. Although these technologies present new challenges, particularly when taken together with widely varying laws, they are doing far more good than harm, everywhere that they are deployed.

But if you attended the hearing and knew nothing about the Internet, you’d think that American online companies doing business in China and elsewhere were pure evil – as if they were the ones with the power to not comply with – or change — the criminal laws of other nations.

In particular, Facebook and Twitter were called out for not joining the Global Network Initiative (GNI). The product of more than two years of study and development by companies and public interest groups, the Initiative offers a set of guiding principles for global IT companies doing business in an increasingly global environment.

But while the GNI exposes online companies to new scrutiny, it doesn’t provide any protection from aggressive governments. And at a price tag of $200,000, the GNI isn’t cheap. How effective will it be, really, at changing the practices of totalitarian nations? Continue reading →

Congress gets dinged a lot for slowing down innovation, but sometimes that is just what the doctor ordered. Thirty-five years ago, a Democratically controlled Congress passed the Magnuson-Moss Act in an attempt to check a hyperactive FTC.

Like a kid set loose in a candy store, the FTC at the time had gone on a binge of overreaching and harmful regulation. The core enabler of this action is the exceptionally broad mandate bestowed on the agency to regulate all “unfair” consumer activity. Unlike regulating the structural stability of bridges or safety in food, “fairness” is a subjective concept.

Congress’ prudent action to place special restrictions on FTC rulemaking [15 U.S.C. Sect. 57a(b)(2)(A)] was in direct response to the agency’s overreach and regulation of activities that would have included advertising children’s products – in essence, acting like a kid in a candy store. Magnuson-Moss was the equivalent of putting the candy behind the counter, providing Congress and courts control over how much candy was appropriate.

Now, 35 years later, the FTC has that ‘unfairness feeling’ again. In a NY Times interview last month, FTC Chairman Jon Leibowitz signaled his intent to change standard marketing tactics of disclosure and opt-out, by requiring users to opt-In for collection of information for targeting ads.   They are concerned about what’s “fair” in advertising, but we know that low rates of opt-in will reduce ad revenue. If the change were put into effect, free online services might have to charge a “fare” to users.

At the same time, the FTC is seeking to shed what the Chair called “medieval restrictions” on its rulemaking powers.  A change that would allow the FTC to move quickly to require opt-in. Taken together, these threats to online services and e-commerce are #1 on the NetChoice 2010 iAWFUL list. Continue reading →

NetChoice filed comments today with the FCC in its inquiry on Empowering Parents and Protecting Children in an Evolving Media Landscape. PFF’s comments (jointly filed w/ EFF as described in their TLF post) are comprehensive, excellent, and very highly recommended (well done Adam and Berin). I took a narrower approach. My goal was to dismiss age and parental verification as a tool to keep kids safe online:

Teens are very active users of Internet websites. To verify parental consent, parents would have to provide identifying data (most often credit card information) to a myriad of sites and services. This would require private companies to store vast amounts of parents’ personal information and, by doing so, increase customers’ vulnerability to security breaches and identity theft. According to the Berkman study, “there are significant potential privacy concerns and security issues given the type and amount of data aggregated and collected by the technology solutions….” Many online companies have moved away from collecting and storing this type of data for good reason.

Like the comments filed jointly by PFF and EFF, I also asserted that the FCC lacks jurisdiction to regulate online media platforms. Neither the Telecommunications Act of 1996 nor the Children’s Television Act of 1990 provides the Commission with the authority to regulate online media content. Furthermore, if the FCC were to pursue regulation of the Internet in the same manner it regulates broadcast and cable television, we believe there would be serious first amendment implications.

Not sure where the FCC can go with this NOI (at least as it regards the Internet) but that’s the scariness of it all.

It was an awfully bad snowfall that paralyzed Washington, DC last week. And though we may curse Old Man Winter, ‘tis still the season for snow.  Unfortunately, it’s also the season for a flurry of bad legislation – and we’re already trying to dig-out the Internet from a pile of bad proposed state and federal laws.

So far this year there have been hundreds of bills introduced nationwide, many that impact the Internet. That’s why today NetChoice released its first iAWFUL list of 2010, taking stock of the most serious legislative threats facing the global Internet.

The Internet Advocates’ Watchlist for Ugly Laws (iAWFUL) is our top ten – or more accurately, “bottom ten” – list of the worst proposed Internet laws in America. We have Congress and 16 states represented on our list (the same bad bills often spread to multiple states).

Our #1 iAWFUL bill is a Congressional bill (HR4173) that would expand the FTC’s rulemaking power. Buried in the 1700 pages plus of the Wall Street Reform and Consumer Protection Act of 2009 is a four page amendment to the FTC Act that would dramatically increase the FTC’s rulemaking authority. This expansion would mean the removal of significant procedural safeguards that have existed for the past thirty-five years. Given the aggressively pro-regulatory statements made by FTC officials on privacy and online media, expanded powers could do serious damage to online services and Internet innovation. Reporter Grant Gross wrote a good article recapping the issue here.

#2 on the iAWFUL list are the advertising nexus bills in Colorado (SB 1193), Illinois (SB 3353), Maryland (SB 824), New Mexico (HB 50), Virginia (SB 660) and Vermont (HB 661). These bills declare that some forms of Internet advertising are equivalent to having sales agents in their states.  All these states want to force out-of-state advertisers to collect and remit sales tax on sales to their residents. These nexus bills are popping up everywhere, whack-a-mole style.

Check out #3 – #10. Hopefully DC is done for the year with snow. Regardless, I’ll still need my snow shovel to help dig the Internet out from a blizzard of bad legislation.

Is privacy a broadband issue? We think not. Privacy is based on what consumers care about, not the speed of the pipe.

NetChoice filed comments today with the FCC, which were in response to the agency’s request for comments on online privacy issues. The FCC asked for comments on the use of personal information, identity management services and privacy protections across broadband applications. The questions raised in the request were drafted entirely by the Center for Democracy and Technology, and are an attempt to inject the privacy debate into discussion of the National Broadband Plan.

Our comments took a nuanced approached—we focused our response on the appropriateness of this inquiry as it relates to Internet privacy issues. While we assert that the FCC doesn’t have the legal authority if it were to act, we focus the bulk of our comments on how the FTC has already established jurisdiction and occupies the online privacy issue area. We also highlight how the FCC’s ability to regulate broadband pipes as infrastructure does not convey jurisdiction to regulate that which flows over the pipes as information. Importantly, privacy is not a broadband issue:  the privacy policies of the ends (consumers and online services) are not defined by the middle (the speed of the communications pipe).

Privacy is an important issue not because it is specific to broadband; rather, because privacy is a consumer-driven expectation that must be met regardless of transmission technology.

    Following up from Adam’s post on Hillary Clinton’s speech on global Internet freedom, here’s an interesting blog post from Nora von Ingersleben at ACT. Nora was the lucky (and only) person at the event to ask a question to our Secretary of State. Her question centered upon the practical–while it is well-and-good that companies should “do the right thing”, there are real-world consequences when a company doesn’t comply with a legal request. How can off-shore employees be protected?

    QUESTION: Nora von Ingersleben with the Association for Competitive Technology. Madame Secretary, you mentioned that U.S. companies have to do the right thing, not just what is good for their profits. But what if I am a U.S. company and I have a subsidiary in China and the Chinese Government is coming after my guys for information and, you know, we have resisted but now my guys have been taken to jail, my equipment is being hauled away. In that situation, what can the State Department do? Or what will the State Department do?

    SECRETARY CLINTON: Well, we obviously speak out on those individual cases. And we are, as I said, hoping to engage in a very candid and constructive conversation with the Chinese Government. We have had a positive year of very open discussions with our Chinese counterparts. I think we have established a foundation of understanding. We disagree on important issues with them. They disagree on important issues with us. They have our perspective; we have our perspective. But obviously, we want to encourage and support increasing openness in China because we believe it will further add to the dynamic growth and the democratization on the local level that we see occurring in China.

    Last year there was discussion of a possible return of the FCC’s “Fairness Doctrine” that used to apply to broadcasters. This year, we should all be aware of the FTC’s stepped-up rhetoric toward an “Unfairness Doctrine” for privacy–an increased effort toward enforcing the “unfair” part of Section 5 of the FTC Act, which prohibits unfair or deceptive practices.

    Historically, the approach of the FTC toward privacy has been one of notice and consent and to hold companies to the word of their privacy policies — if companies say one thing and then do another, the FTC goes after them for being deceptive. This is the “deceptive” part of the FTC’s power to enforce the law against unfair or deceptive commercial practices.

    For privacy, we really haven’t seen the “unfair” part being enforced. But if public comments from high-ranking officials is any indicator (and it is), that’s about to change.

    A recent New York Times article summarizes its interview with FTC Chairman Jon Leibowitz and David Vladeck, chief of the FTC’s Bureau of Consumer Protection. It’s another insight into how aggressive the commission wants to be toward privacy.

    Advise-and-consent “depended on the fiction that people were meaningfully giving consent,” Mr. Vladeck said. “The literature is clear” that few people read privacy policies, he said.

    But even if people did read privacy policies, Vladeck still doesn’t think it is fair that people give consent to data practices, often in exchange for free services: Continue reading →