Articles by Jerry Brito

Jerry is a senior research fellow at the Mercatus Center at George Mason University, and director of its Technology Policy Program. He also serves as adjunct professor of law at GMU. His web site is jerrybrito.com.


In town for CFP? Check out these GMU “cyber” conferences

by on June 1, 2011 · 1 comment

Jim [posted earlier today](http://techliberation.com/2011/05/31/be-sure-to-attend-cfp/) about the [Computers, Freedom and Privacy](http://www.cfp.org/2011/wiki/index.php/Main_Page) conference June 14th to 16th, which I’m very much looking forward to attending. If you’re in town for that, though, I’d like to bring to your attention two other related conferences being put on by the Center for Infrastructure Protection and Homeland Security at George Mason University.

The first is the **The Tenth Workshop on Economics of Information Security**, the leading forum for interdisciplinary scholarship on information security, combining expertise from the fields of economics, social science, business, law, policy and computer science. Prior workshops have explored the role of incentives between attackers and defenders, identified market failures dogging Internet security, and assessed investments in cyber-defense. [It starts on June 13th and the program is here.](http://www.regonline.com/builder/site/tab1.aspx?EventID=960652)

More relevant to my interests is the **Workshop on Cybersecurity Incentives** to be held June 16th, and featuring a keynote by Bruce Schneier. [The program is here.](http://www.regonline.com/builder/site/tab2.aspx?EventID=959995) The workshop will look at how scholarship in law, economics and other fields within the behavioral sciences inform stakeholders about how markets, incentives and legal rules affect each other and shed light on determinations of liability and responsibility.

SHARE: 1 comment

Konstantinos Stylianou on technological determinism and privacy

by on May 31, 2011

On the podcast this week, Konstantinos Stylianou, a former Fulbright Scholar now working on a PhD in law at Penn Law School, and author of the provocative new essay, “Hasta La Vista Privacy, or How Technology Terminated Privacy,” discusses technological determinism and privacy. Stylianou’s thesis is that the evolution of technology is eliminating privacy; therefore, lawmakers should switch emphasis from regulating the collection of information, which he claims is inevitable, to regulating the use of that information. Stylianou discusses why digital networks specifically make it difficult to keep information private, differences between hard and soft technological determinism, and when he thinks people will realize about their private information what the recording industry has finally realized about digital music.

Related Links

To keep the conversation around this episode in one place, we’d like to ask you to comment at the web page for this episode on Surprisingly Free. Also, why not subscribe to the podcast on iTunes?

SHARE:

Micah Sifry on government transparency and WikiLeaks

by on May 24, 2011 · 1 comment

On the podcast this week, Micah Sifry, co-founder of the Personal Democracy Forum, editor of techPresident.com, and author of the new book, Wikileaks and the Age of Transparency, discusses government transparency. Sifry talks about the various purposes of government transparency, technology’s effect on it, and bi-partisan competition that can promote it. He also discusses Bradley Manning’s case, the evolution of WikiLeaks, and the transparency, or lack thereof, within the WikiLeaks organization.

Related Links

To keep the conversation around this episode in one place, we’d like to ask you to comment at the web page for this episode on Surprisingly Free. Also, why not subscribe to the podcast on iTunes?

SHARE: 1 comment

Super-injunctions: enforceable until they’re not

by on May 23, 2011 · 10 comments

There is a major controversy rocking the UK over the far-reaching press gag orders known as “super-injunctions,” especially because they’ve been brought to the fore by a sex scandal between famous footballer Ryan Giggs and reality TV star Imogen Thomas. (This blog post is now officially illegal in the UK.) In [my latest TIME.com Techland post](http://techland.time.com/2011/05/21/twitters-super-duper-u-k-censorship-trouble/), I explain the controversy and say that while the injunction is legally enforceable–Facebook has a London office with over 50 employees, and [today comes word](http://blogs.ft.com/fttechhub/2011/05/twitter-london/) that Twitter is starting up its UK operation–they are not practically enforceable because once out, the information cannot be controlled. I wrote:

>Controlling information is possible, but only at the margin and at great cost. As information technology advances, that margin at which information can be controlled gets thinner and thinner, and the costs of doing so become greater and greater. So given the apparent futility of keeping facts secret, you’d think officials would look to find better ways of confronting the new reality. That’s unfortunately not the case.

>“Why are we assuming that the world of communication, developing as rapidly as it is, can never be brought under control by other technological developments?” asked the head of the U.K.’s judiciary yesterday. “I am not giving up on the possibility that people who in effect peddle lies about others through modern technology may one day be brought under control.”

>And we should not forget to look in the mirror. While the U.S. has some of the world’s most extensive free speech and press liberties, it seems every week there is a new proposal to control what information can be published online.

SHARE: 10 comments

Watch the Mercatus Center Panel on The FCC’S Wireless Competition Report

by on May 18, 2011 · 2 comments

Every year since 1995, the Federal Communications Commission has released a report on the state of competition in the wireless market. Last year’s report was the first not to find the market “effectively competitive.” As a result, expectations are high for the new annual report. How it determines the state of competition in the wireless market could affect regulatory policy and how the Commission looks at proposed mergers.

Tune in here to watch this afternoon’s panel discussion on these issues, brought to you by the Mercatus Center at George Mason University’s Technology Policy Program.

The panel features:

  • Thomas W. Hazlett, Professor of Law & Economics, George Mason University School of Law
  • Joshua D. Wright, Associate Professor of Law, George Mason University School of Law
  • Robert M. Frieden, Professor of Telecommunications & Law, Penn State University
  • Harold Feld, Legal Director, Public Knowledge

SHARE: 2 comments

Joseph Menn on the hunt for internet crime lords

by on May 17, 2011

On the podcast this week, Joseph Menn, a Financial Times technology reporter and the author of Fatal System Error: The Hunt for the New Crime Lords Who Are Bringing Down The Internet, discusses cyber crime. Menn says that one of the main challenges of cybersecurity is that the internet was never intended for many of the things it’s used for today, like e-commerce or critical infrastructure management. He talks about the implications of the internet still being in beta form and comments on the recent Sony data breach and other similar cyber attacks. Menn also discusses his book, telling a few anecdotes about the people who go beyond computer screens in pursuit of internet crime lords.

Related Links

To keep the conversation around this episode in one place, we’d like to ask you to comment at the web page for this episode on Surprisingly Free. Also, why not subscribe to the podcast on iTunes?

SHARE:

Yet another non-consensual use of cell geo-data

by on May 11, 2011 · 3 comments

In [a post at Techland yesterday](http://techland.time.com/2011/05/10/new-emergency-alert-system-comes-to-your-phone/) I noted that the FCC and FEMA’s new “PLAN” text-based emergency alert system might do little good since new media seems to always beat government to get out critical information:

>If history is any guide, however, you may not get any messages from 1600 Pennsylvania. Since the Emergency Alert System was created in 1963, it’s never been activated, despite hurricanes, earthquakes, tornadoes, the Cuban Missile Crisis, the Oklahoma City bombing, and 9/11. Why?

>The chairman of the FCC during the 9/11 attacks, Michael Powell, says that “The explosion of 24-hour-a-day, 7-day-a-week media networks in some ways has proven to supplant those original conceptions of a senior leader’s need to talk to the people.”

>Given that it was Twitter, and not the President’s address, that recently broke the killing of Osama Bin Laden, you have to wonder whether the new service will be just as swiftly supplanted.

Another thing occurred to me talking to a colleague today. The PLAN system relies on cell carriers’ ability to track your geographic location so that targeted warning messages can be sent to your phone depending on where it is you are at the moment. Also, as far as I can tell from [the FCC’s fact sheet](http://docs.google.com/viewer?url=http://www.fcc.gov/Daily_Releases/Daily_Business/2011/db0510/DOC-306417A2.pdf), you’re automatically signed up for the system when you buy a phone and you cannot opt-out of presidential messages. I wonder if we’ll see a congressional hearing on the use of geo data without consumer consent?

SHARE: 3 comments

Brin, Transaction costs and Do Not Track

by on May 10, 2011 · 4 comments

I’m reading David Brin’s 1998 classic [The Transparent Society](http://www.amazon.com/gp/product/0738201448/ref=as_li_ss_tl?ie=UTF8&tag=jerrybritocom&linkCode=as2&camp=217145&creative=399349&creativeASIN=0738201448) and I’d like to share a passage that I found especially interesting in light of the [recent Do-Not-Track bill](http://thehill.com/blogs/hillicon-valley/technology/160035-rockefeller-unveils-do-not-track-bill) introduced by Sen. Rockefeller.

On this blog, Adam Thierer has often written about the [implicit quid pro quo](http://www.google.com/search?q=site:techliberation.com+quid+pro+quo) between tracking and free online services. It seems to me that many folks find this an abstract concept. Here is Brinn writing in the late 90s about the possibility of an explicit quid pro quo:

>An Economy of Micropayments? I cannot predict whether such an experiment would succeed, though using a “carrot”—or what chaos theorists call an “attractor state”—offers better prospects than the [IP owner’s] coalition’s present strategy of saber rattling and making hollow legal threats. In fact, the same approach might be used to deal with other aspects of “information ownership,” even down to the change of address you file with the post office. Perhaps someday advertisers and mail-order corporations will pay fair market value for each small use, either directly to each person listed or through royalty pools that assess users each time they access data on a given person. Or we might apply the concept of “trading-out”: getting free time at some favorite per-use site in exchange for letting the owners act as agents for our database records. It could be beneficial to have database companies competing with each other, bidding for the right to handle our credit dossiers, perhaps by offering us a little cash, or else by letting us trade our data for a little fun. Proponents of such a “micropayment economy” contend that the process will eventually become so automatic and computerized that it effectively fades into the background. People would hardly notice the dribble of royalties slipping into their accounts when others use “their” facts—any more than they would note the outflowing stream of cents they pay while skimming on the Web.

That is essentially what happened, except without all the transactions costs. It seems to me that all Do Not Track will do is introduce the transactions costs that we have so far avoided to the benefit of innovation. Who will this change benefit? The few people who are not willing to make the trade and who today have [options to opt out](http://adblockplus.org/). This leaves the majority of us who are willing to make the bargain in a very un-Coasean world.

SHARE: 4 comments

Julian Sanchez on electronic surveillance

by on May 10, 2011

On the podcast this week, Julian Sanchez, a research fellow at the Cato Institue who focuses on issues related to technology, privacy, and civil liberties, discusses electronic communications. Sanchez talks about changes in surveillance of electronic communications since 9/11, highlighting the large number of cases in which the FBI has gathered phone, internet, and banking information without judicial oversight. He then discusses the legal framework around electronic communications, which he says was built for a very different set of assumptions than we have today. Sanchez also gives a few recommendations for how to disentangle the convoluted legal standards related to electronic communications.

Related Links

To keep the conversation around this episode in one place, we’d like to ask you to comment at the web page for this episode on Surprisingly Free. Also, why not subscribe to the podcast on iTunes?

SHARE:

Privacy breaches: There oughta be a law?

by on May 9, 2011 · 3 comments

“[There’s No Data Sheriff on the Wild Web](http://www.nytimes.com/2011/05/08/weekinreview/08bilton.html),” is an article by Nick Bilton in the *New York Times* this weekend, pointing out that no federal law punishes the massive breaches of personal information like the recent Epsilon and Sony cases.

>”There needs to be new legislation and new laws need to be adopted” to protect the public, said Senator Richard Blumenthal, Democrat of Connecticut, who has been pressing Sony to answer questions about its data breach and what the company did to avoid it. “Companies need to be held accountable and need to pay significantly when private and confidential information is imperiled.”

>But how? Privacy experts say that Congress should pass legislation regulating companies if they collect certain types of information. If such laws existed today, they say, Sony could be held responsible for failing to properly protect the data by employing up-to-date security on its systems.

>Or at the very least, companies would be forced to update their security systems. In underground online forums last week, hackers said Sony’s servers were severely outdated and infiltrating them was relatively easy.

While there may be no law requiring site operators to keep their networks updated and secure, it’s not as if they currently have no incentive to do so, and it’s not as if they are completely unaccountable. Witness the (at least) two lawsuits already filed against Sony. [One in Canada](http://ingame.msnbc.msn.com/_news/2011/05/03/6577819-sony-declines-to-testify-before-congress-as-1-billion-lawsuit-filed) for $1 billion and [one in the U.S.](http://ingame.msnbc.msn.com/_news/2011/04/27/6544610-sony-sued-could-bleed-billions-following-playstation-network-hack) looking for class action status. Not to mention that the PlayStation network is still down and losing money, as well as Sony’s reputation loss. Are you now more or less likely to buy a PlayStation as your next console?

To the extent we do need legislation, it’s not to tell firms to keep their Apache servers up to date. There are plenty of terrible things that happen to a firm if it doesn’t take the security of its customers’ data seriously. Sony is living proof of that. Adding a criminal fine to the pile likely won’t improve private incentives. What prescriptive legislation might to do, however, is put federal bureaucrats in charge of security standards, which is not a good thing in my book.

The missing incentive here might be the incentive to disclose that a breach has occurred. Rep. Mary Bono Mack [has suggested that she might introduce legislation](http://thehill.com/blogs/hillicon-valley/technology/159581-gop-rep-sony-playing-the-victim-in-hacker-attack) to require such disclosures. Such legislation may well be responding to a real and harmful information asymmetry. If a firm could preserve such an asymmetry, then the usual incentives wouldn’t work.

Rather than trying to legislatively predict and preempt security breaches, when it comes to the security of personal information it might be better to seek a policy of transparency and resiliency. As I explain in my [latest TIME Techland piece](http://techland.time.com/2011/05/08/why-your-personal-information-wants-to-be-free/), we may now be in a world were it’s next to impossible to ensure that at lease some of our private personal information that is digitized and connected to the net won’t be compromised. To attempt to put that genie back in the bottle might be not only futile, but counterproductive. Instead, we may be better served by being informed when our data is compromised, seeking civil redress, and learning to cope with the new reality. As I write in the piece:

>On net, the fact that we now live in a hyper-connected world where information can’t be controlled is a good thing. The cultural, social, economic and political benefits of such a transparent system will likely outweigh the price we pay in privacy and security. And that’s especially the case if learn to live with that reality.

>Human beings are incredibly resilient, and faced with a new environment, we adapt. When major changes take place—-from natural disasters to the Industrial Revolution—-we learn to live in the new context, but only if we acknowledge the new reality. We need to get used to this new world in which information can’t be controlled.

>Maybe a new social norm will develop that accepts that everyone will have embarrassing facts about them online, and that it’s OK because we’re human. Maybe if we assumed that data breaches are inevitable, we wouldn’t give up on securing networks, but we might do more to cope. For example, the technology exists to make all credit card numbers single-use to a particular vendor, so they’re of little value to hackers.

>Welcome to the new world. Information wants to be free. The Net interprets information control as damage and routes around it. Get used to it.

SHARE: 3 comments

← Previous Entries

Next Entries →