The “Cyber Privacy Act”? No it ain’t!
Michigan Representative Thaddeus McCotter (R) has introduced a bill to create a take-down regime for personal information akin to the widely abused DMCA process. The Digital Millennium Copyright Act established a system where copyright holders could as a practical matter force content off the Internet simply by requesting it.
McCotter’s proposal would similarly regulate every Internet site that has a comment section. He thinks it’s going to protect privacy, but he’s sorely mistaken. Its passage would undermine privacy and limit free speech.
I’ll take you through how McCotter’s gotten it wrong.
The operative language of H.R. 5108 is:
Any Internet website that makes available to the public personal information of individuals shall–
(1) provide, in a clear and conspicuous location on the Internet website, a means for individuals whose personal information it contains to request the removal of such information; and
(2) promptly remove the personal information of any individual who requests its removal.
The Federal Trade Commission would enforce the failure to abide by requests as it does unfair and deceptive trade practices. (Meaning: penalties.)
So if someone posts his or her name in a comment section and later regrets it, the operator of that web site would have to take it down. Sounds nice—and that is the right thing for webmasters to do when the circumstances warrant. But what about when they don’t? Continue reading →
Google has just launched a new tool that lets users view the total number of requests received “from government agencies around the world to remove content from our services, or provide information about users of our services and products.” As the FAQ explains, the tool overlays the requests received over the last six months, except for countries like China that prohibit the release of such numbers, on a map with totals for both data requests if over 30 (criminal-related but not civil) and removal requests if over 10 (not including requests from private parties, like DMCA copyright take-down notices). Google makes a few important observations about the data—especially that Brazil and India’s numbers are skewed way off because of the popularity of Orkut, Google’s answer to Facebook, there.
This tool represents the beginning of a new era in transparency into how governments censor the Internet and violate users’ privacy. I very much look forward to seeing Google improve this tool to provide greater granularity of disclosure, and to seeing other companies improve upon what Google has started. Over time, this transparency could do wonders to advance Internet freedom for users by promoting positive competition among countries.
To illustrate the kinds of things one could do with this data with a more robust interface, I put together the following spreadsheet (by scraping Google’s request numbers and mashing them up with total Internet users numbers I found here (which are mostly from late 2009):
http://spreadsheets.google.com/pub?key=0AtwIXain9oyPdFJBQUxMcUpselNYcElGUHhhMnBuUUE&hl=en&output=html&widget=true
Continue reading →
The Congressional Internet Caucus Advisory Committee is hosting their second annual State of the Mobile Net conference this Wednesday, April 21 at the DC Hyatt Regency (400 New Jersey Ave NW). The conference runs 12-5 pm followed by a cocktail reception. This conference and the larger State of the Net conference are probably the two best annual Internet policy events in DC, so I hope you’ll attend! This year’s SOMN includes a bonus: a “Growing Up with the Mobile Net” seminar coordinated by Common Sense Media, 9-11:45 am. I’ll be on the first panel of the morning on Kids’ Privacy on the Mobile Net: Is it PII or TMI? with:
- Amanda Lenhart of the Pew Internet & American Life Project, veritable goddess of cyber-sociological data (check out her terrific Social Media & Young Adults report);
- Phyllis Marcus, who handles childrens’ privacy and COPPA issues at the FTC (and is one of my favorite people there); and
- Alan Simpson, Common Sense Media, a tireless advocate for educating children & parents.
I can only assume Alan asked me to be on this distinguished panel panel to represent kids directly on account of my baby-faced-ness! Jerry Rubin famously said, “Don’t trust anyone over thirty”—so I’ve still got 3.5 months of trustworthiness to go! (Or perhaps he actually read the huge PFF paper Adam Thierer and I did last summer about COPPA and my recent post on the FTC’s recently announced COPPA implementation review or my testimony on Maine’s COPPA 2.0 law.) Anyway, the rest of the day looks great (so register here), including these sessions: Continue reading →
By Adam Thierer & Berin Szoka
Opt-in mandates may soon be coming to an Internet near you! Rick Boucher, House Energy & Commerce Committee Chairman, is expected to soon introduce the privacy bill he’s been working on behind closed doors for many months. At the heart of the bill is supposed to be a mandate that websites and services obtain opt-in consent prior to collecting information with users—at least if they plan on sharing that information with any third party or doing with it beyond what a narrow safe harbor would allow.
Boucher is apparently trying to strike the right balance between “protecting privacy” and the benefits to users of advertising and data collection. But there may be significant costs to an opt-in regime that are little appreciated by privacy advocates, who tend to think of opt-out as meaningless and opt-in as the ideal of user empowerment. In their new paper “
Opt-in Dystopias,” Google’s Senior Policy Counsel Nicklas Lundblad and Policy Manager Betsy Masiello provide a sophisticated analysis of the dark side of opt-in. They argue that “mandatory opt-in applied across contexts of information collection is poised to have several unintended consequences on social welfare and individual privacy,” specifically:
• Dual cost structure: Opt-in is necessarily a partially informed decision because users lack experience with the service and value it provides until after optingin. Potential costs of the opt-in decision loom larger than potential benefits,
whereas potential benefits of the opt-out decision loom larger than potential costs.
•
Excessive scope: Under an opt-in regime, the provider has an incentive to exaggerate the scope of what he asks for, while under the opt-out regime the provider has an incentive to allow for feature-by-feature opt-out.
•
Desensitisation: If everyone requires opt-in to use services, users will be desensitised to the choice, resulting in automatic opt-in.
•
Balkanisation: The increase in switching costs presented by opt-in decisions is likely to lead to proliferation of walled gardens.
Lundblad and Masiello discuss each of those concerns in great detail, so read the paper for further elaboration. They do a particularly good good walking the reader through the complexity of even defining what we mean by “opt-in,” which is far trickier than most people imagine.
Continue reading →
It’s intended as a cute line, but the opener of Stephanie Clifford’s New York Times story about custom coupons is packed with ideological assumptions: “For decades, shoppers have taken advantage of coupons. Now, the coupons are taking advantage of the shoppers.”
Meta-data in printed coupons can reveal much about the people using them.
Here’s a shocker, people: Free money might come with strings attached.
It would be wrong to dismiss the privacy problems that custom coupons might contain. They’re similar to the privacy problems that lots of other new technologies and business processes have. But the starting point if you worry about them is that you don’t have to use them.
I don’t—and it’s not even because of privacy worries. I just don’t.
But Clifford quotes two advocates of government regulation in her article—zero advocates of freedom, market experimentation, or innovation. Ed Mierzwinski, consumer program director for the United States Public Interest Research Group, says, “There really have been no rules set up for this ecosystem.”
Rules, rules. Anything new has to be draped in rules.
I would have opened the article saying, “For decades, shoppers have taken advantage of coupons. Now, the deal is going to be a little more fair.” Where does the story go from there?
Years ago, when I worked on Capitol Hill, a colleague invited me to attend a meeting with some university professors who had a new idea for regulation of the telecommunications sector.
“Bits,” they said. “All regulation should center on bits.”
With convergence on IP-based communications, the regulatory silos dominating telecommunications would soon be more than anachronistic. Indeed, they would be a burden on the telecom sector. Bits were the fundamental unit of measure for the coming telecommunications era, and regulation should be formed around that reality.
My colleague and I looked at each other, amused. Continue reading →
According to the Reporters Committee for Freedom of the Press’ First Amendment Handbook, twelve states forbid the recording of private conversations without the consent of all parties. Maryland is one of them.
And now a guy who was recording
his own antics on a motorcycle is facing a felony charge because he continued recording during a traffic stop. David Rittgers has more on the Cato@Liberty blog.
Laws that ban all surreptitious recording to get at wrongful recording are overbroad and damaging. Laws that prevent the recording of police officers are particularly wrongheaded. Maryland needs some technology liberation.
REAL ID continues its long, slow failure. The federal government’s national ID plans continue to bash against the shoals of state and popular opposition.
Late last month, the governor of Utah signed H.B. 234 into law. The bill prohibits the Utah driver license division from implementing REAL ID. That brings to 25 the number of states rejecting the national ID law, according to the Tenth Amendment Center.
And the state of Nevada, one of few states that had been working to get in front of REAL ID, is reconsidering. With wait times at Las Vegas DMVs reaching two to four hours, the legislature may soon allow a temporary REAL ID implementation measure signed last year to lapse—this according to the Ely (NV) News.
Congress has attempted to circumvent the growing state opposition to REAL ID with the now-stalled PASS ID legislation. It basically would rename REAL ID so as to nullify the many state resolutions and laws barring implementation of the national ID law because they refer to the May 2005 “REAL ID” law specifically.
But PASS ID is the same national ID, it has all the privacy issues of REAL ID, and its costs would be as great or greater than REAL ID.
That doesn’t mean national ID supporters in Congress won’t try to sneak the REAL ID revival bill into law sometime later this year, of course . . .
I got a call today from CNBC asking me to appear on a program to discuss the rising controversy surrounding GetUnvarnished.com, which CNBC called “the scariest website ever” and an “online reputation killer.” For those of you not familiar with the site, it bills itself as “an online resource for building, managing, and researching professional reputation, using community-contributed, professional reviews.” More specifically, the site says:
Unvarnished reviews help you get the inside scoop on other business professionals, providing candid assessments of coworkers, potential hires, business partners, and more. By contributing Unvarnished reviews, you can share your knowledge of other professionals, giving credit where credit is due, and valuable feedback where needed. Lastly, your own Unvarnished profile, which you may create yourself or claim one that has been created for you, helps you take control of and build your own professional reputation. Get recognition for your accomplishments and actively manage your career growth.
In essence, the site is like other online product or service review sites except in this case the product or service being reviewed is you! By letting people comment on other people’s reputation anonymously, the theory is that Unvarnished can become “a central hub for community-contributed reviews regarding an individual business professional,” according to the site.
However, as you can well imagine, the site raises all sorts of thorny questions about anonymity, free speech, privacy, personal reputation, libel, child safety, cyberbullying, intermediary liability, and so on. If you read these two
TechCrunch articles [1, 2], you’ll get a good feel for the heated debate that will follow, which I’m sure we’ll be talking about more here on this blog in the months to come. I can see this becoming the next AutoAdmit or JuicyCampus case, and raising some of the same questions that came to the fore during the “skank” blogger case last year. For now, here’s the video from the CNBC show, and down below I have included some talking points I put together before I went on the air.
http://plus.cnbc.com/rssvideosearch/action/player/id/1461740784/code/cnbcplayershare
Continue reading →
CNet‘s Declan McCullagh has a great piece about the politics of actually implementing the ECPA reform principles announced today by the Digital Due Process Coalition, which PFF, CEI and Net Coalition all proudly signed on to along with a number of other think tanks, advocacy groups, and leading tech companies. Ryan and I explained earlier today how these proposals would Protect Americans’ Privacy by Restoring Constitutional Limits to Government.
As I note at the end of the article:
“This is an opportunity for President Obama to show that he understands President Reagan’s central lesson: ‘Government is not the solution to our problem—government is the problem,'” says Berin Szoka, an attorney at the Progress and Freedom Foundation. “These proposals offer a sensible, long-overdue way of protecting us from the real Big Brother, our government, without crippling law enforcement or the private companies that keep giving us all wonderful new content and services, mostly for free.”
This is a point Adam Thierer and I have made repeatedly in the debate over how to deal with concerns about online privacy. Check out our/my key pieces on this point:
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.
McCotter’s Plan to Expand DMCA-Style Take-Downs
by Jim Harper on April 25, 2010 · 10 comments
The “Cyber Privacy Act”? No it ain’t!
Michigan Representative Thaddeus McCotter (R) has introduced a bill to create a take-down regime for personal information akin to the widely abused DMCA process. The Digital Millennium Copyright Act established a system where copyright holders could as a practical matter force content off the Internet simply by requesting it.
McCotter’s proposal would similarly regulate every Internet site that has a comment section. He thinks it’s going to protect privacy, but he’s sorely mistaken. Its passage would undermine privacy and limit free speech.
I’ll take you through how McCotter’s gotten it wrong.
The operative language of H.R. 5108 is:
The Federal Trade Commission would enforce the failure to abide by requests as it does unfair and deceptive trade practices. (Meaning: penalties.)
So if someone posts his or her name in a comment section and later regrets it, the operator of that web site would have to take it down. Sounds nice—and that is the right thing for webmasters to do when the circumstances warrant. But what about when they don’t? Continue reading →