I’ve posted another response in the Cato Unbound online debate over the impact of Lawrence Lessig’s Code and Other Laws of Cyberspace upon the book’s 10th anniversary. You will recall that I went fairly hard on Prof. Lessig in my essay, “Code, Pessimism, and the Illusion of ‘Perfect Control,’” and Lessig responded with a counter-punch that went after me for it. I respond in a new essay about “Our Conflict of Cyber-Visions.” In the piece, I address Lessig’s assertion that I just didn’t understand the central teachings of Code, as well as his reluctance to accept the “cyber-collectivism” label that I affixed to his book and life’s work. Again, please hop over to Cato Unbound for my complete response.
But one thing from the essay that I thought worth reproducing here is my effort to better define the key principles that separate the cyber-libertarian and cyber-collectivist schools of thinking. I argue that it comes down to this:
The cyber-libertarian believes that “code failures” are ultimately better addressed by voluntary, spontaneous, bottom-up, marketplace responses than by coerced, top-down, governmental solutions. Moreover, the decisive advantage of the market-driven approach to correcting code failure comes down to the rapidity and nimbleness of those response(s).
Of course, another key difference relates to how quickly one jumps to the conclusion that “code failures” are actually occurring at all. I argue:
Continue reading →
Lawrence Lessig’s Code and Other Laws of Cyberspace turns 10 this year and the folks over at Cato Unbound have put together an online debate about the book and its impact on cyberlaw, which I am honored to be taking part in. The discussion begins today with a lead essay from Declan McCullagh of CNet News and then continues throughout the week with responses from Harvard’s Jonathan Zittrain, myself, and then Prof. Lessig himself.
Declan’s lead essay, “What Larry Didn’t Get,” starts things off with a bang:
[Lessig] prefers what probably could be called technocratic philosopher kings, of the breed that Plato’s The Republic said would be “best able to guard the laws and institutions of our State — let them be our guardians.” These technocrats would be entrusted with making wise decisions on our behalf, because, according to Lessig, “politics is that process by which we collectively decide how we should live.”
Declan goes on to cite a litany of high-profile legislative and regulatory failures that have unfolded over the past decade, calling into question the wisdom of Prof. Lessig’s approach. Declan continues:
One response might be that the right philosopher-kings have not yet been elevated to the right thrones. But assuming perfection on the part of political systems (especially when sketching plans to expand their influence) is less than compelling. The field of public choice theory has described many forms of government failure, and there’s no obvious reason to exempt Internet regulation from its insights about rent-seeking and regulatory capture.
Sounds like it could be a heated discussion! Jonathan Zittrain is up next with an essay due to be posted on Wednesday and then my response will follow on Friday. Prof. Lessig’s response will go up a week from today. I look forward to this exchange and the responses it generates. I encourage readers to head over to the Cato Unbound site and check out the essays as they appear. I’ll post reminders here as the installments go live on the Cato site.
Unlike with wiretaps, law enforcement agents are not required by federal statutes to obtain search warrants before employing pen registers or trap and trace devices. These devices record non-content information regarding telephone calls and Internet communications. (Of course, “non-content information” has quite a bit of content – who is talking to whom, how often, and for how long.)
The Electronic Privacy Information Center points out in a letter to Senate Judiciary Committee Chairman Patrick Leahy (D-VT) that the Department of Justice has consistently failed to report on the use of pen registers and trap and trace devices as required by law:
The Electronic Communications Privacy Act requires the Attorney General to “annually report to Congress on the number of pen register orders and orders for trap and trace devices applied for by law enforcement agencies of the Department of Justice.” However, between 1999 and 2003, the Department of Justice failed to comply with this requirement. Instead, 1999-2003 data was provided to Congress in a single “document dump,” which submitted five years of reports in November 2004. In addition, when the 1999-2003 reports were finally provided to Congress, the documents failed to include all of the information that the Pen Register Act requires to be shared with lawmakers. The documents do not detail the offenses for which the pen register and trap and trace orders were obtained, as required by 18 U.S.C. § 3126(2). Furthermore, the documents do not identify the district or branch office of the agencies that submitted the pen register requests, information required by 18 U.S.C. § 3126(8).
EPIC has found no evidence that the Department of Justice provided annual pen register reports to Congress for 2004, 2005, 2006, 2007, or 2008. “This failure would demonstrate ongoing, repeated breaches of the DOJ’s statutory obligations to inform the public and the Congress about the use of electronic surveillance authority,” they say.
It’s a good bet, when government powers are used without oversight, that they will be abused. Kudos to EPIC for pressing this issue. Senator Leahy’s Judiciary Committee should ensure that DoJ completes reporting on past years and that it reports regularly, in full, from here forward.
FTC Chairman Jon Leibowitz warned yesterday that companies involved in Web advertising face their “last chance” to “voluntarily” adopt stricter policies governing the use and collection of consumer information, Reuters reports. This isn’t the first time the FTC has threatened the advertising industry with regulation, but it signals a sense of immediacy that may pressure industry leaders to change their practices in coming weeks.
Leibowitz presumably wants to quell widespread concern that Internet companies like Google and AT&T have “excessive control” over consumer information. But what’s excessive about using information that individuals have voluntarily handed over for marketing purposes, subject to legally enforceable rules laid out from the get-go?
Users ultimately control their data, not firms. After all, only data that users transmit can be collected. When a user visits a website, their IP address may be recorded, and when a user submits a query to a search engine, the search term can be logged. This is how the Internet has always worked.
Not all consumers understand what information is gathered about them as they browse online. The best way to protect such users is not through regulation, but by educating — and, therefore, empowering — users. Volumes have been written on privacy and data security, and the ongoing TLF series “Privacy Solutions” offers a growing body of tips on how consumers can achieve the level of privacy that suits them.
Understandably, some people are uncomfortable with their queries being logged, and would prefer that websites simply not track any data. Some sites are willing to do just that — Cuil, a search engine launched in 2008, promises to never log IP addresses or even use cookies (as Jim has noted). Other anonymity solutions rely on secure virtual tunnels that can mask users’ actual IP addresses.
Still, no matter what the FTC does, transmitting data in plaintext over the Internet will never be truly “safe.” Robust end-to-end encryption is the only surefire method of ensuring information cannot be seen by anybody except the sender and the recipient. Even then, information is only as safe to the extent that the party at the other end of the line can be trusted.
Continue reading →
I’ve been quite depressed to witness Bruce Schneier’s ongoing conversion from opponent of government intervention in the high-tech economy (at least on encryption) to vociferous proponent (at least in terms of privacy regulation). Anyway, his latest cheerleading piece for government privacy regulation in The Wall Street Journal includes lots of fear-mongering about private website data collection for, God forbid, purposes of trying to better target advertising and market us products we might actually want.
Schneier uses the term “deceptive” several times in the piece to refer to privacy policies that don’t make it explicitly clear that some of the information you leave on a site, or that is collected preemptively by them, will be used to craft more targeted marketing efforts. Like many other would-be privacy regulators, Schneier seemingly wants companies to fly blimps over your desk as you surf the Net with big signs that basically say: ‘Hey stupid, your info may be used to market you stuff.’ It’s hard to be against more disclosure, of course — and most sites spell out what they do with data in their privacy policies — but it never seems to be good enough for most privacy advocates, who paint consumers out to be mindless sheep who cannot be trusted to make wise decisions for themselves. Sorry, but I just don’t buy it.
Continue reading →
New Jerseyans may get a chance to vote their Fourth Amendment preferences in the upcoming gubernatorial elections. Among the candidates is Chris Christie, who as U.S. Attorney for New Jersey authorized the tracking of suspects’ cell phones without getting a warrant.
I’ve been helping to organize this year’s CFP, which is consistently one of the most interesting and forward-looking privacy conferences. Here’s the program as it now stands.
Register now as an early-bird – prices rise May 1.
Government officials have an uncanny knack for deflecting blame they deserve onto others. The latest group on the receiving end of this blame game is The Lime Group, creators of the popular file-sharing service LimeWire. Rather than the government taking responsibility for its own utter incompetence in managing its network security and internal IT protocols, it’s found a convenient scapegoat.
Salon.com reports today that the House Committee on Oversight and Government Reform is reopening its investigation of services like LimeWere that allow consumers to distribute files online. Committee chairman Edolphus Towns (D-NY) and ranking Republican Darrell E. Issa have explained their renewed interest in LimeWire and other peer-to-peer (P2P) services, as Salon explains:
They cited press reports this year and last year of computer users making available the blueprints and avionics for Marine One, the president’s helicopter; more than 150,000 tax returns; 25,800 student loan applications; 626,000 credit reports and tens of thousands of medical files with names, addresses and Social Security numbers for patients with AIDS, cancer and mental illnesses.
Congressmen Towns and Issa don’t seem to realize that LimeWire is just one of hundreds of applications that allow end-users to share files with each other. To say that we should investigate these software applications for working as they were designed just plain misses the point.
The Pentagon’s leak of Marine One plans was entirely preventable had the proper limitations been placed on individual users machines—in this case a private contractor—something a high-school student working as an IT admin could easily do. Rather than looking at LimeWire as a place to lay blame, Congress should be asking for a full-scale investigation into the DoD and other agency IT managers, as they’re the dolts who allowed LimeWire to be installed on machines laden with sensitive data. This sort of policing and investigation into
government incompetence is what the Oversight and Government Reform Committee is supposed to do.
Continue reading →
It seems Microsoft is facing much the same problem Pepsi faced in the 70s, when it created the Pepsi challenge (a blind taste test between Coke and Pepsi):
A stark sign of the challenge Yusuf Mehdi faces as a point man for Microsoft in the company’s battle with Google comes from the company’s own research into the habits of consumers online.
During regular “blind taste tests,” in which Microsoft asks randomly-selected consumers to score the quality of results from various Internet search engines, the quality of Microsoft’s search results have so improved that people can’t tell the difference between Microsoft and Google search results, says Mr. Mehdi, senior vice president of Microsoft’s online audience business group. But when Microsoft slaps the Google brand name on the results from Microsoft’s own search engine during another portion of its tests, users invariably score them highest.
“Just by putting the name up, people think it’s more relevant,” he says.
… Microsoft still faces the problem of the strong association in consumers’ minds between Google and Internet search. In theory, it’s far easier for a consumer to switch Internet search engines than it is for them to switch other forms of software. But Mr. Mehdi–a veteran of the Web browser wars of the late 90s in which Microsoft managed to overtake the pioneer in the category, Netscape Communications–says in reality it’s very hard to convince consumers to change their search behavior.
So, Microsoft faces an uphill battle. Happily for the Internet marketplace, it seems they’re embracing the challenge cheerily by attempting to kill two birds with one stone: launching an innovative new semantic search engine capable of answering users’ questions more directly while also creating a fresh new brand for what Microsoft acknowledges is a “confusing jumble of brand names for its search efforts.” I, for one am looking forward to Microsoft’s forthcoming search engine, dubbed “Kumo.”
But I think there’s a bigger lesson here: Google’s most valuable asset is its brand. Continue reading →
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.