Privacy, Security & Government Surveillance

Latest Lichtman podcast on privacy, Sec. 230, online liability

by on December 2, 2008 · 2 comments

Last month, I noted that UCLA Law School professor Doug Lichtman has a wonderful new monthly podcast called the “Intellectual Property Colloquium.” This month’s show features two giants in the field of tech policy — George Washington Law Professor Daniel Solove and Santa Clara Law Professor Eric Goldman –- discussing online privacy, defamation, and intermediary liability. More specifically, in separate conversations, Solove and Goldman both consider the scope of Section 230 of the Communications Decency Act of 1996, which shields Internet intermediaries from liability for the speech and expression of their users. Sec. 230 is the subject of hot debate these days and Solove and Goldman provide two very different perspectives about the law and its impact.

Goldman calls Sec. 230 “pure cyberspace exceptionalism” in the sense that it breaks from traditional tort norms governing intermediary liability. But he argues that this new online version of intermediary liability (which is extremely limited in scope) encourages more robust speech and expression than the older, offline version of liability (which was far more strict). I completely agree with Eric Goldman, but I respect the arguments that Lichtman and Solove raise about the privacy and defamation problems raised by the purist approach that Goldman and I favor.

Goldman also does a nice job dissecting the Roomates.com and Craigslist.com cases. And Lichtman brings up the JuicyCampus.com case during the conclusion. These are important cases for the future of Sec. 230 and online liability. Incidentally, there’s also an interesting conversation between Lichtman and Solove (around the 32:00 mark) about an issue that Alex Harris and Tim Lee have been raising here about the nature of online contracts and the perils of messy EULAs / Terms of Service (TOS).

These are two absolutely terrific conversations. Very in-depth and very highly recommended. Listen here.

[Note: I recently reviewed Daniel Solove’s important new book, Understanding Privacy, here.]

SHARE: 2 comments

Googlephobia: Part 6 – The Left Begins to Turn on Google

by on November 29, 2008 · 36 comments

Over the past year or so, many market-oriented critics of Google, like Scott Cleland and Richard Bennett, have criticized the company for aligning itself with Left-leaning causes and intellectuals. Lately, however, what I find interesting is how many leading leftist intellectuals and organizations have begun turning on the company and becoming far more critical of the America’s greatest capitalist success story of the past decade. The reason this concerns me is that I see a unholy Right-Left alliance slowly forming that could lead to more calls for regulation not just of Google, but the entire search marketplace.  In other words,  “Googlephobia” could bubble over into something truly ugly.

Consider the comments of Tim Wu and Lawrence Lessig in Jeff Rosen’s huge New York Times Magazine article this weekend, “Google’s Gatekeepers.” Along with Yochai Benkler, Lessig and Wu form the Holy Trinity of the Digital Left; they set the intellectual agenda for the Left on information technology policy issues. Rosen quotes both Wu and Lessig in his piece going negative on Google. Wu tells Rosen that “To love Google, you have to be a little bit of a monarchist, you have to have faith in the way people traditionally felt about the king.” Moreover:

Continue reading →

SHARE: 36 comments

Google Flu Trends and Privacy

by on November 26, 2008 · 13 comments

Over on the Cato@Liberty blog, I’ve done a fairly lengthy write-up of the Google Flu Trends privacy issue. It’s an important problem that I think deserves a little more than dismissal.

My conclusion: “The heart of the problem lies not with the current leader in search, or any other Internet innovator. The problem lies with our unconstrained government.”

If you’re inclined to dismiss this conclusion as libertarian boilerplate, please read the post.

SHARE: 13 comments

Beware the Era of Financial Regulation and its Spillover onto Tech Companies

by on November 25, 2008 · 7 comments

Remember being in grade school when a classmate’s rabble rousing would ruin it for everybody, and the teacher would hold back the class from going to recess? The other students would moan and groan and justifiably feel that punishing the entire class for one person’s misdeeds was unfair. This is what I fear for the tech industry, due to the trouble-making of the financial crisis.

If politicians turn their gaze from the financial sector to tech in 2009, they will likely focus on the issue of personally identifiable information (PII) and privacy. And here’s why.

Now is a tenuous time for all markets.  Our politicians are looking to reassure Americans by regulating areas of the economy where there’s minimal regulation and a perceived lack of transparency. Rightly or wrongly, there’s a perceived lack of transparency in the collection and use of a user’s online data. And the following overarching trends and recent events could combine to further a pro-regulatory privacy agenda in 2009:

  • Criminal Abuse: The Federal Trade Commission estimates that as many as 9 million Americans have their identities stolen each year. Increasingly, identity thieves use online phishing scams to deceive consumers. Phishers and other online criminals exist because more and more of us are in the pond—we store and access our personal and sensitive data online.
  • Private Abuse: The lack of transparency surrounding the failed experiment with NebuAd’s deep packet inspection behavioral tracking by some ISPs.
  • Private Use: The collection of user information is at the center of the web-delivered content and social media that helps define the Web2.0 economy. According to the Interactive Advertising Bureau, Internet advertising revenues for the first six months of 2008 were $11.5 billion, a 15.2 percent increase over the first half of 2007. Search histories and stored cookie profiles help create a user dossier that ad companies use to display specific ads, and to help generate the more than $120 billion in online retail sales expected this year.
  • Market Power: The DOJ investigation of the Google and Yahoo deal based on the market power of Google creates a big brother stigma on all online data collection practices.

Continue reading →

SHARE: 7 comments

Scrap E-Verify

by on November 24, 2008 · 9 comments

The 111th Congress and the new Obama administration should scrap “E-Verify.” The federal government’s inchoate immigration background check system is the culmination of 20 years’ failure to create a tolerable “internal enforcement” program for U.S. immigration law. Rather than building on past failure, the new Congress and president should pull the plug on E-Verify and reform immigration law so that it aligns with the nation’s economic need for labor.

More here.

SHARE: 9 comments

Book Review: Blown to Bits by Abelson, Ledeen, & Lewis

by on November 18, 2008 · 20 comments

Blown to Bits coverI’ve just finished reading Blown to Bits: Your Life, Liberty, and Happiness After the Digital Explosion, by Hal Abelson, Ken Ledeen, and Harry Lewis, and it’s another title worth adding to your tech policy reading list. The authors survey a broad swath of tech policy territory — privacy, search, encryption, free speech, copyright, spectrum policy — and provide the reader with a wonderful history and technology primer on each topic.

I like the approach and tone they use throughout the book. It is certainly something more than “Internet Policy for Dummies.” It’s more like “Internet Policy for the Educated Layman”: a nice mix of background, policy, and advice. I think Ray Lodato’s Slashdot review gets it generally right in noting that, “Each chapter will alternatively interest you and leave you appalled (and perhaps a little frightened). You will be given the insight to protect yourself a little better, and it provides background for intelligent discussions about the legalities that impact our use of technology.”

Abelson, Ledeen, and Lewis aren’t really seeking to be polemical in this book by advancing a single thesis or worldview. To the extent the book’s chapters are guided by any central theme, it comes in the form of the “two basic morals about technology” they outline in Chapter 1:

The first is that information technology is inherently neither good nor bad — it can be used for good or ill, to free us or to shackle us. Second, new technology brings social change, and change comes with both risks and opportunities. All of us, and all of our public agencies and private institutions, have a say in whether technology will be used for good or ill and whether we will fall prey to its risks or prosper from the opportunities it creates. (p. 14)

Mostly, what they aim to show is that digital technology is reshaping society and, whether we like or it not, we better get used to it — and quick!  “The digital explosion is changing the world as much as printing once did — and some of the changes are catching us unaware, blowing to bits our assumptions about the way the world works… The explosion, and the social disruption that it will create, have barely begun.” (p 3)

In that sense, most chapters discuss how technology and technological change can be both a blessing and a curse, but the authors are generally more optimistic than pessimistic about the impact of the Net and digital technology on our society. What follows is a quick summary of some of the major issues covered in Blown to Bits.

Continue reading →

SHARE: 20 comments

Bogus Privacy Fears over Google Flu Trends

by on November 16, 2008 · 16 comments

Declan McCullagh, CNET News’ chief political correspondent, does a nice job debunking the privacy fears about Google Flu Trends that a couple of pro-regulatory privacy advocates have set forth. Flu Trends is a very cool application that uses search terms as an indicator of possible upticks in flu-related illnesses in various regions of the U.S.  Of course, it didn’t take long for some Chicken Littles to rain on the parade with their irrational fears about data privacy. As Declan notes, however, there is no personally identifiable information being collected or shared here. It’s just search term analysis. Moreover, if these privacy-sensitive advocates are really that paranoid about it, they should just just Tor or another anonymizer to cloak their searches instead of calling in the regulators to suffocate another technology while its still in the cradle.

Anyway, make sure to read Declan’s excellent piece.

SHARE: 16 comments

Book Review: Solove’s Understanding Privacy

by on November 8, 2008 · 24 comments

Solove Understanding Privacy book coverWith the publication of Understanding Privacy (Harvard University Press 2008), George Washington University Law School professor Daniel J. Solove has firmly established himself as one of America’s leading intellectuals in the field of information policy and cyberlaw.  Solove had already made himself a force to be reckoned with in this field with the publication of important books like The Future of Reputation: Gossip, Rumor, and Privacy on the Internet (Yale University Press 2007), The Digital Person: Technology and Privacy in the Information Age (NYU Press 2004) and his treatise on Information Privacy Law with Paul M. Schwartz of the Berkeley School of Law (Aspen Publishing, 2d ed. 2006).  But with Understanding Privacy, Solove has now elevated himself to that rarefied air of “people worth watching” in the cyberlaw field; an intellectual — like Lawrence Lessig or Jonathan Zittrain — whose every publication becomes something of an event in the field to which all eyes turn upon release.

Like those other intellectuals, however, my respect for their stature should not be confused with agreement with their positions.  In fact, my disagreements with Lessig and Zittrain are frequently on display here and, we have been critical of Solove here in the past as well. [Here’s Jim Harper’s review of Solove’s last book, with which I am in wholehearted agreement.]  In a similar vein, although I greatly appreciate what Prof. Solove attempts to accomplish in Understanding Privacy — and I am sure it will change the way we conceptualize and debate privacy policy in the future — I found his approach and conclusions highly problematic.

Continue reading →

SHARE: 24 comments

Should a National ID be Required for Voting?

by on November 4, 2008 · 10 comments

Over on the Cato@Liberty blog, I’ve highlighted some recent talk of a creating a national ID system for voting. Worrisome thinking from people who should be more circumspect.

A Breezy Slide From Vote Integrity to National ID” is the post.

SHARE: 10 comments

Government Data Mining: The Need for a Legal Framework

by on November 3, 2008 · 8 comments

Indiana University law professor Fred Cate writes with characteristic thoroughness and organization in his article Government Data Mining: The Need for a Legal Framework, published in the Harvard Civil Rights-Civil Liberties Law Review this summer.

It took me a while to get around to reading it – a little longer to write it up. Don’t make the same mistakes I did! It’s good!

Here’s a snippet from the abstract:

The article describes the extraordinary volume and variety of personal data to which the government has routine access, directly and through industry, and examines the absence of any meaningful limits on that access. So-called privacy statutes are often so outdated and inadequate that they fail to limit the government’s access to our most personal data, or they have been amended in the post-9/11 world to reduce those limits. And the Fourth Amendment, the primary constitutional guarantee of individual privacy, has been interpreted by the Supreme Court to not apply to routine data collection, accessing data from third parties, or sharing data, even if illegally gathered.

Professor Cate spends a good deal of time on the Supreme Court’s pernicious “third party doctrine,” which exempts information shared with a third party (think of ISPs, banks, etc.) from Fourth Amendment protection. This rule was bad when it was written and it grows worse and worse as we move our lives further and further online.

Oh, there are details from the paper I would have treated differently. He mistakenly says the 9/11 terrorists used false ID. (Fraudulently gotten, yes. False identities, no.) And he omits the Federal Agency Data Mining Reporting Act of 2007, passed as §804 of the Implementing Recommendations of the 9/11 Commission Act of 2007 (Public Law 110-53). But these are trivial issues with a paper that is excellent overall.

Poking around among the Internets to confirm this and that detail, I found this post saying that Professor Cate authored much of a recent report called “Protecting Individual Privacy in the Struggle Against Terrorists.” It’s also very good stuff.

Fred Cate, people!

One of the bright lights.

SHARE: 8 comments

← Previous Entries

Next Entries →