[Cross posted from TechFreedom]
Today, the Digital Advertising Alliance, a group of leading digital ad agencies and online ad networks, unveiled a campaign to bring attention to AdChoices, its icon-based system allowing users to opt-out of behavioral advertising. The following statement can be attributed to Berin Szoka, President of TechFreedom:
In the 1990s, Congress tried and failed to regulate Internet content. Instead, the courts have required an approach grounded in user empowerment, education and enforcement of existing laws against fraud and deception. Today, we’re seeing the the advertising industry build on this approach for consumer protection on privacy. The AdChoices campaign launched last summer empowers consumers to make their own choices on privacy. The ad campaign launched today educates consumers on how to use this tool. The Digital Advertising Alliance has promised to enforce industry’s principles. Consumer advocates should hold them to that promise. It’s also fair to insist that empowerment and education improve over time. But today, for once, let’s give the ad industry credit for doing the right thing.
Here’s the notice I’ve been getting the last few days when, logged into Facebook from a computer, I try to post a comment or update my status.
Clever observers will note that the recommendation to log in from a computer is misplaced, as I get it when I’m logged in from a computer. Facebook gives me no instructions when I log in (or when I log out and log in again), though it did once ask me to change my password, which I did.
Most likely, Facebook’s algorithms believe I’ve violated some part of the Terms of Service, such as by repetitive posting or other spammy behavior. My exclusion from the site began contemporaneous with my attempt to post a single comment that failed for reasons I couldn’t discern in several tries.
Undoubtedly, my friends at Facebook will leap to my aid and clear this up for me in short order, feeling slightly stung that I “went public” with the problem rather than going to them. But I wanted to experience this as an ordinary consumer, not as a member of the digerati with insider access to people at important companies. In the past, I’ve used insider access with services like PayPal and (the now defunct) Bitcoin7 to get help that an ordinary user couldn’t have gotten. Bully for me that I can do that, but my experience is atypical and no basis for observing how the world works.
Some observations: Continue reading →
Filings are due to the Federal Trade Commission (FTC) today as part of its review of the Children’s Online Privacy Protection Act (COPPA) and the COPPA rule that the FTC devised and enforces. I didn’t have time to pen as much as I wanted, but I did submit a short filing to the agency in the matter based on some of my previous work both with Berin Szoka and on my own. Here’s the executive summary for my filing:
It goes without saying that the Children’s Online Privacy Protection Act (COPPA) is complicated law and rule. When considering the rule and proposals to amend it, it is easy to get lost in the weeds and ignore the bigger picture. That would be a mistake. There are broader, more important questions that need to be asked as part of the Federal Trade Commission’s effort to expand this regulatory regime. These questions involve not only the costs of increased regulation for online business interests, but the impact of expanded regulation on market structure, competition, and innovation. More importantly, these questions cut to the core of whether the public (including children) will be served with more and better digital innovations in the future. There is no free lunch. Regulation—even well-intentioned regulation like COPPA—is not a costless exercise. There are profound trade-offs for online content and culture that must always be considered.
Whatever one thinks about the effectiveness or sensibility of the COPPA regulatory model for the Web 1.0 world, it is clear that the regime is being strained by the unforeseen realities of the Web 2.0 world of hyper-ubiquitous connectivity and user-generated content creation and sharing. The digital genie cannot be put back in the bottle. While COPPA may continue to have a marginal role to play in this rapidly evolving world, that role will likely be increasingly limited by the inherent realities of the information age.
Entire filing can be found on the Mercatus website, on SSRN, or via Scribd [Also embedded below in a Scribd reader.] Continue reading →
Jim Adler, Chief Privacy Officer and General Manager of Data Systems at Intelius, always has interesting and thoughtful things to say about online privacy debates. I recommend following him on Twitter (@jim_adler). Today, he posted an interesting essay on his blog entitled “Creepy Is As Creepy Does, which begins by noting that “with increasing volume, ‘creepy’ has snuck its way in to the privacy lexicon and become a mainstay in conversations around online sharing and social networking. How is it possible that we use the same word to describe Frankenstein and Facebook?” Good question. Better question: Why is “creepiness” the standard by which we are judging privacy matters? I posted a comment to his blog post elaborating on that point that I thought I would also post here:
I think we’d be better served by moving privacy deliberations — at least the legal ones — away from “creepiness” and toward a serious discussion about what constitutes actual harm in these contexts. While there will be plenty of subjective squabbles over the definition of “harm” as it relates to online privacy / reputation, I believe we can be more concrete about it than continuing these silly debates about “creepiness,” which could not possibly be any more open-ended and subjective.
Continue reading →
Over at TIME.com, I write about face detection technology and how privacy concerns around the tracking of consumers and targeted advertising online may be coming to the physical world.
As Congress and the FTC balance the public interest in privacy with the advantages of new tools, let’s hope they take Sen. Rockefeller’s insight to heart: Public policy does indeed have a tough time keeping up with technology. That should be a signal to policy-makers that they shouldn’t be too hasty, lest they strangle a nascent technology while it’s in the cradle.
Smart sign and face detection technology is very new—so new that we don’t really know how consumers will react to it. It’s tempting to want to get out in front privacy concerns, but it would be better to allow the technology to develop and mature a bit before we make any judgments.
Read the whole thing here.
Earlier this year I read Scott Cleland’s new book, Search & Destroy: Why You Can’t Trust Google, Inc., after he was kind enough to send me an advance copy. I didn’t have time to review it at the time and just jotted down a few notes for use later. Because the year is winding down, I figured I should get my thoughts on it out now before I publish my end of year compendium of important tech policy books.
Cleland is President of Precursor LLC and a noted Beltway commentator on information policy issues, especially Net neutrality regulation, which he has vociferously railed against for many years. On a personal note, I’ve known Scott for many years and always enjoyed his analysis and wit, even when I disagree with the thrust of some of it.
And I’m sad to report that I disagree with most of it in
Search & Destroy, a book that is nominally about Google but which is really a profoundly skeptical look at the modern information economy as we know it. Indeed, Cleland’s book might have been more appropriately titled, “Second Thoughts about Cyberspace.” In a sense, it represents an outline for an emerging “cyber-conservative” vision that aims to counter both “cyber-progressive” and “cyber-libertarian” schools of thinking.
After years of having Scott’s patented bullet-point mini-manifestos land in my mailbox, I think it’s only appropriate I write this review in the form of a bulleted list! So, here it goes.. Continue reading →
When Senator William Proxmire (D-WI) proposed and passed the Fair Credit Reporting Act forty years ago, he almost certainly believed that the law would fix the problems he cited in introducing it. It hasn’t. The bulk of the difficulties he saw in credit reporting still exist today, at least to hear consumer advocates tell it.
Advocates of sweeping privacy legislation and other regulation of the information economy would do well to heed the lessons offered by the FCRA. Top-down federal regulation isn’t up to the task of designing the information society. That’s the upshot of my new Cato Policy Analysis, “Reputation under Regulation: The Fair Credit Reporting Act at 40 and Lessons for the Internet Privacy Debate.” In it, I compare Senator Proxmire’s goals for the credit reporting industry when he introduced the FCRA in 1969 against the results of the law today. Most of the problems that existed then persist today. Some problems with credit reporting have abated and some new problems have emerged.
Credit reporting is a complicated information business. Challenges come from identity issues, judgments about biography, and the many nuances of fairness. But credit reporting is simple compared to today’s expanding and shifting information environment.
“Experience with the Fair Credit Reporting Act counsels caution with respect to regulating information businesses,” I write in the paper. “The federal legislators, regulators, and consumer advocates who echo Senator Proxmire’s earnest desire to help do not necessarily know how to solve these problems any better than he did.”
Management of the information economy should be left to the people who are together building it and using it, not to government authorities. This is not because information collection, processing, and use are free of problems, but because regulation is ill-equipped to solve them.
TechFreedom president and TLF contributor Berin Szoka will be speaking today at the
Economics of Privacy conference hosted by the Silicon Flatirons center
at the University of Colorado and co-sponsored by TechFreedom. The
entire conference will be livestreamed (embedded below) begining at 11am EST; Berin’s
panel begins at 4:30pm EST. Highlights include a keynote conversation
with FTC Commissioner Julie Brill and keynote speeches by FTC Bureau of
Economics Director Joseph Farrell and Carnegie Mellon University
Information Technology and Public Policy Associate Professor Alessandro
Acquisti. Check the schedule for full details. The Twitter hashtag for
the event is #flatirons.
I just released the following statement regarding Facebook’s settlement with the Federal Trade Commission of complaintsover changes the company made in December 2009 to what information would appear on users’ profiles:
For years, many privacy advocates have insisted that holding companies to their own privacy policies won’t protect consumers because companies can change those policies at a whim. Today’s settlement makes clear that changes to what a company may do with information already collected require informed user consent—provided the changes are material. This builds on a similar settlement with Google last month over the use of Gmail information in the Buzz social network without consent, among earlier FTC actions, such as preventing the transfer of sensitive information when a company goes into bankruptcy.
Thus, while Congress struggles to craft ‘comprehensive baseline privacy’ legislation in the European model, the FTC is using its existing 1938 authority over unfair or deceptive trade practices to build a common law of privacy. This is a process of discovery: what’s the right balance between protecting privacy and the consumer benefits of encouraging the development of new services? That process won’t be perfect or easy, but it’s much more likely to keep up with technological change than legislation or prophylactic regulation would be, and less likely to fall prey to regulatory capture by incumbents as a barrier to competition.
Case-by-case adjudication is a venerable American tradition—one that’s more, not less, vital in the rapidly changing field of consumer privacy. Rather than rushing to write new laws, Congress should focus on ensuring the FTC has the resources it needs to use its existing authority effectively. That means, most of all, having a larger core of technologists on staff to guide what is supposed to be our expert agency on privacy.
I spoke at the MSU/Quello Center’s “Governance of Social Media” workshop on November 11. My talk runs 21 minutes and starts at 1:16:54 in this video. The Q&A begins at 1:41:00.
My presentation follows below. Continue reading →
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.