Intermediary Deputization & Section 230

book review: Cyber War by Clarke & Knake

by on August 6, 2010 · 4 comments

While on vacation last week, I finished up a few new cyber-policy books and one of them was  Cyber War: The Next Threat to National Security and What to Do About It by Richard A. Clarke and Robert K. Knake.  The two men certainly possess the right qualifications for a review of the subject.  Clarke was National Coordinator for Security, Infrastructure Protection, and Counterterrorism during the Clinton years and also served in the Reagan and two Bush administrations. Knake is an international affairs fellow at the Council on Foreign Relations where he specializes in cybersecurity.

Clarke and Knake’s book is important if for no other reason than, as they note, “there are few books on cyber war.” (p. 261) Thus, their treatment of the issue will likely remain the most relevant text in the field for some time to come.

They define cyber war as “actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption” (p. 6) and they argue that such actions are on the rise.  And they also claim that the U.S. has the most to lose if and when a major cyber war breaks out, since we are now so utterly dependent upon digital technologies and networks.

At their best, Clarke and Knake walk the reader through the mechanics of cyber war, who some of the key players and countries are who could engage in it, and identify what the costs of such of war would entail.  Other times, however, the book suffers from a somewhat hysterical tone, as the authors are out here not just to describe cyber war, but to also issue a clarion call for regulatory action to combat it.  Ryan Singel of Wired, for example, has taken issue with the book’s “doomsday scenario that stretches credulity” and claims that “Like most cyberwar pundits, Clarke puts a shine on his fear mongering by regurgitating long-ago debunked hacker horror stories.”  Bruce Schneier and Jim Harper have raised similar concerns elsewhere.

Continue reading →

SHARE: 4 comments

Stupid People, Stupid Lawsuits, Stupid Warning Labels & the Coming Digital Tort Reform Fight

by on July 6, 2010 · 6 comments

I spend a lot of my time as an Internet policy analyst railing against elitist suggestions that “ordinary” users are just too dumb to take care of themselves online, no matter how effectively technology empowers them to make decisions for themselves about the content they and their children consume, what data they allow to be shared about themselves on social networking sites or while browsing, etc. Indeed, Adam Thierer and I wrote a lengthy paper about What Unites Advocates of Speech Controls & Privacy Regulation? attacking such elitism when enforced by paternalist laws that assume everyone has the same values and that only the wise philosopher-kings of technology policy can possibly protect us all from our own stupidity.

But of course there are plenty of stupid people in the world, and they often do very stupid things—like walking on the side of a highway with just a few feet between a noise barrier and passing cars just because “Google Maps told you to do so!” That’s essentially what Lauren Rosenberg claims in her very stupid lawsuit against Google, after she was hit by a passing car following directions from the beta walking directions tool in Google Maps—and despite the warning Google provided. Danny Sullivan tells the full story at SearchEngine Land, complete with photos that should have caused any reasonably prudent person to think, “Hey, what a minute, maybe that warning label I saw telling me the suggested route might lack sidewalks or pedestrian paths was actually there for a reason!”

Rosenberg seeks several hundred thousand dollars in damages from Harwood (the driver who hit her) and Google, asserting Google was negligent and failed to adequately warn her. The key policy issue this case raises is the same as in many, many aspects of Internet policy: How much disclosure is enough? As clearly shown by the photos in Danny’s post, Google did warn Rosenberg; so the real danger in this case is that the courts (or lawmakers in the future) could set ever-higher standards for increasingly obnoxious warning labels on websites than they would provide on their own. This reminds me of my all-time favorite warning label (on a collapsible baby stroller): “REMOVE BABY BEFORE FOLDING!” (A contest for similarly inane real-life warnings can be found here.) Continue reading →

SHARE: 6 comments

Joint CDT-PFF-EFF Comments on FTC’s COPPA Review & the Dangers of COPPA Expansion

by on June 30, 2010 · 4 comments

“Don’t turn COPPA into a sweeping age verification mandate for the Internet!” That was essentially the core message of joint comments (below) Adam Thierer and I today filed with the Center for Democracy & Technology and the Electronic Frontier Foundation on the FTC’s Implementation Review of the rules that implement the Children’s Online Privacy Protection Act of 1998 (which requires verifiable parental consent for kids under 13 to use most interactive sites and services if those sites are “directed to” them or if the site has “actual knowledge” it might be collecting personal information from such kids or allowing them to share such information through the site).

Specifically, we counsel the Commission against expanding COPPA beyond its original, limited purposes and scope, or calling on Congress to enact an expansion. In a techno-functional sense, COPPA is already “expansive,” since it is essentially device- and technology- neutral—essentially applying to any site or service that uses the Internet. That flexibility should allow the FTC to apply the statute in a changing landscape without further legislative changes. But we explain why COPPA is necessarily narrow in its age scope and the “directed to” and “actual knowledge” concepts that actually trigger COPPA’s requirements—and why changing any one of these three critical parts would inevitably lead to unconstitutional restrictions on the speech rights of adults, minors, and site operators, while actually reducing online privacy but without enhancing the online safety of children.

We call instead for the agency (i) to use the breadth and flexibility already given to it by Congress in the COPPA statute to enforce the statute in a manner consistent with the rapidly changing technical landscape and (ii) to supplement enforcement of that existing law with increased educational efforts and promotion of parental empowerment solutions.

Adam and I certainly have our differences with CDT and EFF on some issues, but this is not one of them! I’m deeply proud to join with these organizations in pointing out the unintended consequences of expanding regulation in an area where all too many people stop thinking carefully about the effects of regulation because, they seem to think, “We can never do enough for the children!” As we point out in our comments, the trade-offs here aren’t just between “The Children” and anyone’s narrow economic interests, but run far, far deeper. Adam & I did our best to succinctly capture the true, complex cluster of issues at stake with the title of the paper we released last summer about COPPA expansion: “COPPA 2.0: The New Battle over Privacy, Age Verification, Online Safety & Free Speech.”

The stakes here for our digital future could hardly be higher, yet more subtle. Continue reading →

SHARE: 4 comments

The Fallacy of “E-Personation” Laws

by on June 11, 2010 · 14 comments

I was interviewed yesterday for the local Fox affiliate on Cal. SB 1411, which criminalizes online impersonations (or “e-personation”) under certain circumstances.

On paper, of course, this sounds like a fine idea.  As Palo Alto State Senator Joe Simitian, the bill’s sponsor, put it, “The Internet makes many things easier.  One of those, unfortunately, is pretending to be someone else.  When that happens with the intent of causing harm, folks need a law they can turn to.”

Or do they?

The Problem with New Laws for New Technology

SB1411 would make a great exam question of short paper assignment for an information law course.  It’s short, is loaded with good intentions, and on first blush looks perfectly reasonable—just extending existing harassment, intimidation and fraud laws to the modern context of online activity.  Unfortunately, a careful read reveals all sorts of potential problems and unintended consequences.

Continue reading →

SHARE: 14 comments

McCotter’s Plan to Expand DMCA-Style Take-Downs

by on April 25, 2010 · 10 comments

The “Cyber Privacy Act”? No it ain’t!

Michigan Representative Thaddeus McCotter (R) has introduced a bill to create a take-down regime for personal information akin to the widely abused DMCA process. The Digital Millennium Copyright Act established a system where copyright holders could as a practical matter force content off the Internet simply by requesting it.

McCotter’s proposal would similarly regulate every Internet site that has a comment section. He thinks it’s going to protect privacy, but he’s sorely mistaken. Its passage would undermine privacy and limit free speech.

I’ll take you through how McCotter’s gotten it wrong.

The operative language of H.R. 5108 is:

Any Internet website that makes available to the public personal information of individuals shall–

(1) provide, in a clear and conspicuous location on the Internet website, a means for individuals whose personal information it contains to request the removal of such information; and

(2) promptly remove the personal information of any individual who requests its removal.

The Federal Trade Commission would enforce the failure to abide by requests as it does unfair and deceptive trade practices. (Meaning: penalties.)

So if someone posts his or her name in a comment section and later regrets it, the operator of that web site would have to take it down. Sounds nice—and that is the right thing for webmasters to do when the circumstances warrant. But what about when they don’t? Continue reading →

SHARE: 10 comments

Eric Goldman on New Threats to Sec. 230

by on March 27, 2010 · 8 comments

By Adam Thierer & Berin Szoka

Short but very important essay here from Santa Clara University Law School Prof. Eric Goldman about calls to alter Sec. 230 of the Communications Decency Act (CDA) to address concerns about online harassment. Generally speaking, Sec. 230 immunizes online intermediaries from punishing liability for the content that travels over their networks / services. Specifically, Sec. 230 stipulates that “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” In other words: Don’t shoot the messenger!

As we’ve noted here before, it is probably not an overstatement to think of Sec. 230 as the very cornerstone of Internet Freedom, since it makes possible an online “utopia for utopias,” to borrow a phrase from our favorite modern political philosopher, the late Robert Nozick. Without Sec. 230, intermediaries would likely be forced to shut down many avenues of communication and would have to become deputized conduct and morality police for every cyber-street corner.

Goldman, America’s leading expert on Sec. 230-related jurisprudence, correctly notes that, “Frequently, § 230’s critics do not attack the immunization generally, but instead advocate a new limited exception for their pet concern.” He’s got that right. Indeed, we are increasingly hearing calls from numerous quarters these days to “tweak 230” for one pet concern after another. We’ve illustrated some of those concerns in this exhibit.

Deputization of the Middleman

Regulatory advocates can be found for each of these issues who like to see the protections afforded by Sec. 230 scaled back by Congress or he courts. But Goldman rightly warns:

Continue reading →

SHARE: 8 comments

How Financial Overhaul Could Put the FTC on Steroids & Transform Internet Regulation Overnight

by on March 17, 2010 · 23 comments

Progress Snapshot 6.7, The Progress & Freedom Foundation (PDF)

This week marks a pivotal point in the history of the Internet.  Monday was the 25th anniversary of the first .COM registration—and in some ways, the beginning of the commercial Internet.  Yesterday, the Federal Communications Commission unveiled its long-awaited National Broadband Plan, which proposes ambitious subsidies to encourage broadband deployment.  On the theory that unease about online privacy may discourage broadband adoption, the Plan also calls for increased regulation of how websites collect, and use, data from consumers.

The debate over how to regulate online data use has gone on for over a decade, leading to today’s final “Roundtable” in the “Exploring Privacy” series held by the Federal Trade Commission over the last three months.  The stakes in this debate are high: Data is the lifeblood of online content and services, and consumers will ultimately bear the cost of restrictions on data use in the form of reduced advertising funding for, and innovation in, online content and services.

That’s why this week’s most important technology policy event may ultimately prove to be today’s Senate Commerce Committee hearing on Rep. Barney Frank’s “Wall Street Reform and Consumer Protection Act of 2009” (H.R. 4173), which narrowly passed the House in December without a single hearing and no real debate.  Although the sprawling (273,579 word) bill is mostly famous for creating a Consumer Financial Protection Agency, it would also, in just 613 words, “put the FTC on steroids,” in the words of Jim Miller, FTC Chairman from 1981 to 1985.  With vastly expanded powers, the FTC could impose sweeping new regulation touching virtually every sector of our economy.

The current FTC chairman, Jon Leibowitz, has made clear his determination to step up regulation of online data use, advertising, “blogola,” and child protection, just to name a few of the hot topics in Internet policy.  While the FTC will no doubt continue to push for increased statutory authority, such as the online privacy bill reportedly being drafted by House Commerce Internet Subcommittee Chairman Rick Boucher (mandating opt-in for data collection), Chairman Leibowitz may be able to implement most of his radical Internet regulatory agenda using the new powers conferred on his agency in a bill (H.R, 4173) few realize has anything to do with Internet policy. Continue reading →

SHARE: 23 comments

The Real Reason the Google Convictions in Italy are Bad Precedent

by on March 4, 2010 · 0 comments

In interviews last week and this week (see KUOW’s “The Conversation”), I argue that the convictions of three Google executives by an Italian court for “illegal handling of personal data” threaten the future of all hosted content.  More than that, I said that the convictions had a disturbing subtext:  the on-going effort of the Italian government to intimidate the remaining media outlets in that country it doesn’t already control.  (See “Larger Threat is Seen in Google Case” by the New York Times’ Rachel Donadio for the details.)

In Italy and other countries (think of the Twitter revolt following dubious elections in Iran), TCP/IP is quickly becoming the last bastion of a truly free press.   In that sense, the objectionable nature of the video in question made Google an easy target for a prosecutor who wanted to give the appearance of defending human dignity rather than threatening a free press.

In a post that was picked up on Saturday by TechMeme, I explained my position in detail:

The case involved a video uploaded to Google Videos (before the acquisition of YouTube) that showed the bullying of a person with disabilities.

Internet commentators were up-in-arms about the conviction, which can’t possibly be reconciled with European law or common sense.  The convictions won’t survive appeals, and the government knows that as well as anyone.  They neither want to or intend to win this case.  If they did, it would mean the end of the Internet in Italy, if nothing else. Still, the case is worth worrying about, for reasons I’ll make clear in a moment.

But let’s consider the merits of the prosecution. Prosecutors bring criminal actions because they want to change behavior—behavior of the defendant and, more important given the limited resources of the government, others like him.  What behavior did the government want to change here? Continue reading →

SHARE: 0 comments

Video from my Second Life Discussion about Government’s Place in Virtual Worlds

by on October 9, 2009 · 12 comments

I really enjoyed my Second Life appearance on “Government’s Place in Virtual Worlds and Online Communities,” which was hosted by Metanomics.  You can watch the entire segment on the Metanomics site.  But the folks at Metanomics have also posted 6 clips from the show at YouTube that highlight some of the topics we discussed.  Here’s the list of clips and the videos:

Part 1: Are the Feds about to Regulate Second Life & Virtual Worlds?

Continue reading →

SHARE: 12 comments

Cyberbullying Hearing Yesterday: Education, not Criminalization or Intermediary Deputization

by on October 1, 2009 · 16 comments

The House Judiciary Committee’s Crime subcommittee yesterday held a hearing yesterday on the painful issues of cyberbullying (webcast). Rep. Linda Sánchez (D-CA) talked about her bill, the “Megan Meier Cyber Bullying Prevention Act” (H.R. 1966), which would create of a new federal felony to punish cyberharassment, including fines and jail time for violators. Rep. Debbie Wasserman Schultz (D-FL) talked about her bill, the “Adolescent Web Awareness Requires Education Act (AWARE Act)” (H.R. 3630), which would instead allocate $125 million over five years in grants for education and awareness-building about these problems. Without endorsing any particular approach, Adam and I discussed the general advantages of education over criminalization in our “Cyberbullying Legislation: Why Education is Preferable to Regulation” paper published by PFF in June, which we updated and submitted as written testimony. But we really couldn’t have done a better job at making this point than Ranking Member Louie Gohmert (R-TX), who powerfully articulated his opposition to the run-away growth of federal criminal law. Chairman Scott (D-VA) also expressed a commendable reluctance to just pass another law and assume that fixes the problem.

Problems with Criminalization

Three lawyers on the panel generally agreed on the thorny speech and due process concerns raised by criminalization and agreed that the Sánchez bill would require serious revision to pass constitutional muster.  UVA Law Prof. Robert O’Neil (testimony) suggested that of the exceptions to free speech protection recognized by the Supreme Court, the only one that could likely be used to do what advocates of cyberbullying criminalization want to accomplish is the intentional infliction of emotional distress. But O’Neill emphasized that this is generally a tort, not a criminal action—which seems like a pretty big distinction to me, especially when the criminal sanction might involve a felony conviction, as Sánchez has proposed. Felony convictions are the “Mark of Cain” in modern life, exceeded only in their lasting effect by being required to register on a sex offender registry. Cato Adjunct Fellow and civil rights lawyer Harvey Silverglate (testimony) highlighted the serious problems raised by vagueness and over-breadth in attempting to define harassment—as evidenced by speech codes at many universities. Harvard Law Prof. John Palfrey (testimony) generally echoed these concerns.

Criminalizing what is mostly child-on-child behavior simply will not solve the age-old problem of kids mistreating each other, a problem that has traditionally been dealt with through counseling and rehabilitation at the local level. For all the talk of how to craft a criminal law (especially its definitions) to minimize constitutional problems, I was very surprised that no one at the hearing raised the critical issue of just who it is we’re trying to protect and from whom. Continue reading →

SHARE: 16 comments

← Previous Entries

Next Entries →