Every once and awhile it’s worth taking a step back and looking at the long view of how Internet policy developments have unfolded and consider where they might be heading next. We’ve reached such a moment as it pertains to efforts to police the Internet for copyright piracy, objectionable online content, privacy violations, and cybersecurity. We’re at an interesting crossroads in this regard since the prospects for successful cracking down on copyright piracy and pornography appear grim. Seemingly every effort that has been tried has failed. The Net is awash in online porn and pirated content. I am not expressing a normative position on this, rather, I’m just stating what now seems to be commonly accepted fact.
In the meantime, the United States is in the process of creating new information control regimes and this time its access to personal information and cybersecurity that are the focus of regulatory efforts. The goal of the privacy-related regulatory efforts is to help Netizens better protect their privacy in online environments and stop the “arms race” of escalating technological capabilities. The goal of cybersecurity efforts is to make digital networks and systems more secure or, more profoundly as we see in the Wikileaks case, it is to bottle up state secrets.
These efforts are also likely to fail. Simply stated, it’s a nightmare to bottle-up information once it’s out there. Continue reading →
This is a response to Nick Carr’s recent piece, “The Attack on Do Not Track,” in which he goes after me for some comments I made in this essay about the trade-offs at work in the privacy and online advertising debates. In his critique of my essay, he argues:
What the FTC is suggesting is that the unwritten quid pro quo be written, and that the general agreement be made specific. Does Thierer really believe that invisible tradeoffs are somehow better than visible ones? Shouldn’t people know the cost of “free” services, and then be allowed to make decisions based on their own cost-benefit analysis? Isn’t that the essence of the free market that Thierer so eloquently celebrates?
My response to Nick follows. Continue reading →
The ACLU of Northern California says it’s time for a privacy check-in on location based-services. Their handy chart compares several of the most popular location-based services along a number of dimensions.
Little of what they examine has to do with civil liberties—cough, cough, ahem (this is a favorite critique of mine for my ACLU friends)—but the report does find that five out of six location-based providers are unclear about whether they require a warrant before handing information over to the government. Facebook is the winner here. Yelp, Foursquare, Gowalla, Loopt, and Twitter are unclear about whether they protect your location data from government prying.
“The do-not-track system could put an end to the technological ‘arms race’ between tracking companies and people who seek not to be monitored.” – David Vladeck, FTC
David Vladeck is right. The Do Not Track system would put an end to the technological “arms race” – but that’s not a good thing. Instead, its the nuclear option that will halt ongoing industry innovation and consumer welfare.
This has been unofficial privacy week in Washington, DC. Wednesday saw the release of the FTC’s privacy report. Yesterday was the House Commerce Committee hearing; phrased in the form of a question, the tile of the hearing was a bit presumptuous: “Do-Not-Track Legislation: Is Now the Right Time?” And today, NetChoice responds with why the answer to that question should be No.
Do Not Track is a Blunt Response, Not an Informed Choice
The FTC’s report calls for a “uniform and comprehensive” way for consumers to decide whether they want their activities tracked. The Commission points to a Do Not Track system consisting of browser settings that would be respected by web tracking services. A user could select one setting in Firefox, for example, to opt out of all tracking online. The FTC wrongly calls this “universal choice.”
Really, it’s a universal
response. It’s a single response to an overly-simplified set of choices we encounter on the web. This single response means that tracking for the purpose of tailored advertising is either “on” or “off.” There is no middle setting. But it is the “middle” where we want consumers to be. The middle setting would represent an educated setting where consumers understand the tradeoffs of interest-based advertising – in return for tracking your preferences and using them to target ads to you, you get free content/services. But an on/off switch is too blunt and not, err, targeted enough. There is no incentive for consumers to learn about the positives, they’ll only fear the worst-case scenarios and will opt-out. In return they’ll also opt-out of the benefits. [more on the “middle” below]. Continue reading →
As part of what Politico’s
Tony Romm calls this week’s “all-out online privacy blitzkrieg,” Rep. Ed Markey (D-Mass) announced he would be proposing legislation aimed at better protecting kids from the supposed evils of online “tracking” and marketing. Apparently, Rep. Markey’s effort will build on the “Do Not Track” proposal that is garnering so much attention this week.
Lost in the smoke surrounding that privacy blitzkrieg is an important distinction between these two proposals: There is a very big difference between re-engineering browsers and websites to comply with a “Do Not Track” mandate and a new regulatory scheme aimed at identifying the ages or identities of individuals using certain online sites or services. Namely, the latter likely necessitates some sort of mandatory age verification or online authentication regime for the Internet.
Let’s take a step back for some context. Markey helped author the Children’s Online Privacy Protection Act (COPPA) of 1998, which dealt with the collection of information for kids under 13 online. But COPPA wasn’t a strict age verification or online authentication regime for the Internet. Instead, COPPA mandated a “verifiable parental consent” regime which the Federal Trade Commission (FTC) later enforced using a so-called “sliding scale” approach. Essentially, sites that are “directed at” kids under 13 are supposed to get parental consent using a variety of mechanisms (credit cards, sign and fax forms, phone calls, etc) before any collection of information takes place. Of course, there are some devilish details here regarding what counts as “directed at” or “collection,” but the crucial point here is that COPPA does
not require the formal authentication of web surfer identities or ages — whether they kids or parents.
So, the really tricky question here is how one goes about expanding the COPPA regulatory regime without stumbling into the legal thicket that tied up the Child Online Protection Act (COPA) of 1998, a law which did mandate such an authentication regime and, as a result, witnessed a grueling decade-long legal battle over its constitutionality. Ultimately, the courts rejected COPA as inconsistent with America’s tradition of anonymous speech, something central to our evolution as a democracy, pre-dating even the First Amendment that protects it from government interference. Thus, we have, at least for now, closed the book on COPA. But are we about to re-open it with COPPA expansion a la the forthcoming Markey bill? Continue reading →
There’s a sharp piece by Fred Wilson in the New York Times today pointing out the benefits of online “tracking.” It’s part of a series of essays in one of their “Room for Debate” series about the FTC’s new “Do Not Track” regulatory proposal. (Our own Jim Harper also has a good essay worth reading.)
In Wilson’s essay, “Tracking Personalizes the Web,” he argues:
“Tracking helps services like the Weather Channel give you the information you are looking for without having to enter a lot of data every time you use the service. Tracking can make sure you don’t see the same news story twice.
Tracking is the technology behind some of the most powerful personalization technologies on the Web. A Web without tracking technology would be so much worse for users and consumers.”
He’s right, “tracking” makes personalization possible–and much more effective. But the really important point here is the one I made early today in my essay on “No-Cost Opt-Outs & Online Content & Culture“: data collection and advertising drive the free online content, sites, and services we take for granted today. Personalization of all those things is great, but we might not have some (most?) of them at all without data collection and advertising, or we’d at least have fewer that were entirely gratis.
Free isn’t really free, people!
In his essay today, “Go On, Opt Out. Just Don’t Come Cryin’ To Me …,” John Battelle has some very sensible thinking on the “Do Not Track” idea and privacy regulation more generally:
Look, if you want to, you can put yourself on a “do not track” list in the Real World. As you walk around in our Real World, where small shopkeepers and Starbucks alike attempt to lure you into their stores, you can simply decide to ignore their come ons. You can refuse to get a grocery card, and forego the discounts they offer. You can forego the countless coupons, come ons, and catalogs that come through your newspaper, browser, or your community mailer, and if you work at it, you can even opt out through some specialized services (with more coming soon, if the FTC gets its way). And you can turn off your television (cause lord knows even the shows are trying to influence you now), and you can ignore your friends when they talk about the latest, coolest promotion that Verizon or ATT has pushed them through their cell phones. If folks insist on talking about stuff that might smack of someone selling you something, heck, you can start to dress like the Unabomber and withdraw entirely from our obviously commercial culture. You might look weird, but at least folks will leave you alone. And if you do, your world will either be better, or it will suck more. Your call.
But don’t come crying to me when you realize that in opting out of our marketing-driven world, you’ve also opted out of, well, a pretty important part of our ongoing cultural conversation, one that, to my mind, is getting more authentic and transparent thanks to digital platforms. And, to my mind, you’ve also opted out of being a thinking person capable of filtering this stuff on your own, using that big ol’ bean which God, or whoever you believe in, gave you in the first place. Life is a conversation, and part of it is commercial. We need to buy stuff, folks. And we need to sell stuff too.
Amen, brother. This is a point Berin Szoka and I have made repeatedly here in the past:
The debate over privacy regulation is fundamentally tied up with the future of online content and culture. The idea of a cost-free opt-out model for the all online data collection / advertising may sound seductive to some, but we must take into account the opportunity costs of regulation. The real world is full of trade-offs and, despite what the Federal Trade Commission seems to think, there is no such thing as a free lunch.
In the latest WikiLeaks data dump, around a quarter-million confidential American diplomatic cables were published online. “Cablegate,” as it is being called, has revealed some rather startling information. Among the tech-relevant secrets, the State Department tasked agents to collect DNA and other biometric information on foreigners of interest.
Specifically, U.S. officials were told that in addition to collecting “email addresses, telephone and fax numbers,” they should also snap up “fingerprints, facial images, DNA, and Iris scans.” This directive makes the recent TSA scandal over airport full body scanners seem like child’s play.
Wired joked that this would explain to foreign leaders why the “chief of mission seemed a bit too friendly at the last embassy party.”
Jokes aside, access to DNA information is potentially one of the most important privacy issues of the future.
In a world in which DNA sequencing is becoming exponentially faster and cheaper, it won’t be long before it is possible to sequence everyone’s genomes for medical purposes. Possession of an individual’s DNA blueprint will be useful in fighting disease and in personalizing drugs and other therapies. Of course, as with any technology, DNA sequencing can be used for either good or evil purposes, so it will need to be used wisely.
[…]
Read the rest of my column here.
This morning, the Federal Trade Commission (FTC) released its eagerly-awaited Preliminary FTC Staff Report on Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers. As expected, the agency has generally endorsed an expanded regulatory regime to govern online data collection and advertising efforts in the name of protecting consumer privacy. More specifically, the agency endorsed a so-called “Do Not Track” mechanism that would supposedly help consumers block unwanted data collection or advertising. Here’s how the agency describes it:
Such a universal mechanism could be accomplished by legislation or potentially through robust, enforceable self-regulation. The most practical method of providing uniform choice for online behavioral advertising would likely involve placing a setting similar to a persistent cookie on a consumer’s browser and conveying that setting to sites that the browser visits, to signal whether or not the consumer wants to be tracked or receive targeted advertisements. To be effective, there must be an enforceable requirement that sites honor those choices. (p. 66)
I’m sure we’ll have plenty more to say here about the issue in coming weeks and months (comments on the FTC report are due by Jan. 31), but we’ve already commented on this proposal here before. See 1, 2, 3. To briefly summarize a few of those concerns: Continue reading →
At the risk of pointing out the obvious, I’d like to remark that the popular revolt against intrusive TSA searches would not have been possible without the internet and digital technologies.
-
It was John Tyner’s cell phone video recording of his encounter with TSA, which he posted to his blog, that really galvanized folks to take action.
-
The Fly With Dignity campaign was conceived and organized by folks collaborating on the Reddit community.
-
It is through online social networks that the meme of Nov. 24 as National Opt-Out Day has spread.
Without the internet, we would have been at the mercy of the news media to get the word out about citizen frustration. Complaining would have been relegated to writing your congressman. And organizing a wide-spread protest would likely have been impossible.
Instead, we’ll hopefully see Americans engaging in peaceful civil disobedience comforted by the knowledge that they’re not alone. So with a nod to Evgeny Morozov’s critique, it makes me happy to see that the internet can still serve to empower the citizens of a democracy to tell its government, enough is enough. This moment should also remind us why we should not ever cede to government the ability to control the flow of information.
Every once and awhile it’s worth taking a step back and looking at the long view of how Internet policy developments have unfolded and consider where they might be heading next. We’ve reached such a moment as it pertains to efforts to police the Internet for copyright piracy, objectionable online content, privacy violations, and cybersecurity. We’re at an interesting crossroads in this regard since the prospects for successful cracking down on copyright piracy and pornography appear grim. Seemingly every effort that has been tried has failed. The Net is awash in online porn and pirated content. I am not expressing a normative position on this, rather, I’m just stating what now seems to be commonly accepted fact.
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.