Another Chink in Section 230’s Armor

by on April 29, 2009 · 7 comments

Just came across this informative blog article by David Ardia, a lawyer at the Harvard Berkman Center. He describes a recent ruling on Section 230 of the Communications Decency Act in a case that the New England Patriots filed against StubHub. The Pats bar fans from reselling their season tickets and want to hold online sites liable for the actions of ticket holders. The judge said that Section 230 did not give StubHub immunity. According to David:

In summary, StubHub profited as ticket prices increased; it didn’t require users to disclose what they paid for their tickets, thus making it harder to police its site; and it encouraged its best clients to buy low and sell high.  Isn’t this the way most online auction sites work?  Surely “knowing participation” isn’t coterminous with “materially contributing” to unlawful activity.

Using the factors described above is a troubling interpretation for Section 230, and has broad implications for online platforms and social networking sites – not just ticket exchanges. The court is sending a message that online sites should be the enforcer of private contracts to which they are not a party. This is an added obligation and potential liability that threatens the stated intent of Section 230, “to promote the continued development of the Internet and other interactive computer services and other interactive media.”

SHARE: 7 comments

Schneier on RealAge.com: Factually Incorrect

by on April 28, 2009 · 20 comments

(Update: Bruce Schneier linked to this post (and Adam’s) from his blog post on the topic, and the Wall Street Journal issued a “correction and amplification” at the top of the story on its site.)

I share many of Adam’s concerns with Bruce Schneier’s WSJ piece. But there’s something else wrong with it. He’s got the facts wrong, right in the first paragraph:

Almost none of more than 27 million people who took the RealAge quiz realized that their personal health data was sold to drug companies, who in turned used that information for targeted e-mail marketing campaigns.

RealAge does not sell data to drug companies. RealAge collects health information about users and markets to its users at the request of its “partners.” But, again, it does not disclose health data to those partners, including drug companies.

RealAge.com has a sensible business model: cultivate an audience of users that are interested in health, and make money on the sellers trying to reach them, like drug companies. And y’know what would kill that business model? Giving data about users to the drug companies.

And in terms of privacy, that’s a difference in kind, not degree. The data is held close by RealAge.com. Given that, Schneier’s argument that there is deception deserving government intervention falls apart. RealAge.com says what it does and does what it says.

The line from RealAge’s privacy policy that Bruce quotes is deprived of context by what he doesn’t quote. Here’s what he quotes: “[W]e will share your personal data with third parties to fulfill the services that you have asked us to provide to you.” Scary . . . ish.

The rest of the story is the next line: “These third parties are required not to use your Personal Data other than to provide the services requested by RealAge.”

When I first read the privacy policy a few weeks ago – here’s what I wrote then – I assumed this language allowed them to use an email service provider to store and send emails. I was impressed that they say they specifically require service providers like this not to repurpose the data.

When I checked with the people at RealAge.com today, they confirmed that these lines in their privacy policy are for this kind of third-party service provider, not for drug companies.

So, with the sinister data-sharing-with-drug-companies meme kinda dropped out of the equation, what you have left is the question whether personal information should be used to direct health information toward interested people. Should people get information about remedies they might need from companies interested in selling them?

People are free to doubt drug advertisements because they’re advertisements, but given the prospective health benefits, more information is better than none, and I have a hard time saying health marketing is bad. It’s a lot easier to say it’s bad when you assume incorrectly what happens to personal data in the process.

SHARE: 20 comments

NTIA names Online Safety Technical Working Group members

by on April 28, 2009 · 10 comments

Today, the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) announced the members of the new Online Safety and Technology Working Group (OSTWG).  I am honored to be among those chosen to participate in this new task force and I look forward to continuing the work started last year with the Harvard Berkman Center’s Internet Safety Technical Task Force (ISTTF), which I also served on.   I was very proud of the work done by the ISTTF and the impressive final report that Prof. John Palfrey crafted to reflect our findings.  I am eager to investigate these issues further and take a look at the latest research and technologies that can help us better understand how to protect our kids online while also protecting the free speech and privacy rights of Netizens.

The new NTIA working group, which was established under the “Protecting Children in the 21st Century Act,” will report to the Assistant Secretary of Commerce for Communications and Information on industry-implemented online child safety tools and efforts. Within a year of convening its first meeting, the group will submit a report of its findings and make recommendations on how to increase online safety measures.

Below the fold I have listed the complete roster of OSTWG task force members.  I very much looking forward to working with this outstanding group.  And I’m happy to report that my TLF blogging colleague Braden Cox will be joining me on this task force!

Continue reading →

SHARE: 10 comments

FTC Chair Warns Regulation on Behavioral Advertising Imminent

by on April 28, 2009 · 30 comments

FTC Chairman Jon Leibowitz warned yesterday that companies involved in Web advertising face their “last chance” to “voluntarily” adopt stricter policies governing the use and collection of consumer information, Reuters reports. This isn’t the first time the FTC has threatened the advertising industry with regulation, but it signals a sense of immediacy that may pressure industry leaders to change their practices in coming weeks.leibowitz

Leibowitz presumably wants to quell widespread concern that Internet companies like Google and AT&T have “excessive control” over consumer information. But what’s excessive about using information that individuals have voluntarily handed over for marketing purposes, subject to legally enforceable rules laid out from the get-go?

Users ultimately control their data, not firms. After all, only data that users transmit can be collected. When a user visits a website, their IP address may be recorded, and when a user submits a query to a search engine, the search term can be logged. This is how the Internet has always worked.

Not all consumers understand what information is gathered about them as they browse online. The best way to protect such users is not through regulation, but by educating — and, therefore, empowering — users. Volumes have been written on privacy and data security, and the ongoing TLF series “Privacy Solutions” offers a growing body of tips on how consumers can achieve the level of privacy that suits them.

Understandably, some people are uncomfortable with their queries being logged, and would prefer that websites simply not track any data. Some sites are willing to do just that — Cuil, a search engine launched in 2008, promises to never log IP addresses or even use cookies (as Jim has noted). Other anonymity solutions rely on secure virtual tunnels that can mask users’ actual IP addresses.

Still, no matter what the FTC does, transmitting data in plaintext over the Internet will never be truly “safe.” Robust end-to-end encryption is the only surefire method of ensuring information cannot be seen by anybody except the sender and the recipient. Even then, information is only as safe to the extent that the party at the other end of the line can be trusted.

Continue reading →

SHARE: 30 comments

Supreme Court Decision in FCC v. Fox (Part 4: The Thomas Concurrence)

by on April 28, 2009 · 23 comments

With today’s historic Supreme Court decision in FCC v. Fox, I have been commenting on the logic and implications of the decision. Part 3 dealt with the majority’s decision in the case, which was driven solely by procedural / admin law considerations.  This installment will discuss the very interesting concurring opinion penned by Justice Thomas, which is the only one that takes a serious look at the constitutional foundations of the FCC’s current regulatory regime.  While I was sad to see Justice Thomas join the majority’s decision upholding the FCC’s radical expansion of speech regulation in recent years, he joined that majority only on straightforward procedural grounds.   On the underlying constitutional issues at stake here, it is clear from his concurring statement that he is ready for the Court to hear a challenge to the previous court precedents and traditional regulatory doctrines that have long supported FCC speech and media controls.

“I write separately,” Justice Thomas says “to note the questionable viability of the two precedents that support the FCC’s assertion of constitutional authority to regulate the programming at issue in this case.”  Specifically, he addresses the two key cases upon which almost all FCC speech regulation rests: Red Lion Broadcasting Co. v. FCC, 395 U. S. 367 (1969) and FCC v. Pacifica Foundation, 438 U. S. 726 (1978). Thomas continues: “Red Lion and Pacifica were unconvincing when they were issued, and the passage of time has only increased doubt regarding their continued validity.”

BOOM!  With those words, Justice Thomas has dropped the hammer and taken what will hopefully be the first swing at toppling the house of cards that is modern FCC speech regulation.  Justice Thomas goes on to itemize the many problems with what I have referred to as “America’s Jurisprudential Twilight Zone” when it comes to how we apply the First Amendment to media platforms in this country.  He states: Continue reading →

SHARE: 23 comments

Supreme Court Decision in FCC v. Fox (Part 3: The Majority Decision)

by on April 28, 2009 · 27 comments

As I noted earlier, the U.S. Supreme Court today handed down a historical First Amendment decision in the case of Federal Communications Commission v. Fox Television Stations.  The Court ruled in the FCC’s favor by a 5-4 margin.  My initial general thoughts are here. In this piece, I’ll talk a bit more about the majority’s decision in the case.

The most important thing to realize about the Court’s 5-4 decision in FCC v. Fox is that the Court has intentionally dodged all the serious constitutional issues in play here and instead decided the case solely on procedural grounds. “We decline to address the constitutional questions at this time,” the majority says. (p. 26) Writing for the majority, Justice Scalia says:

There is… no basis in the Act or this Court’s opinions for a requirement that all agency change be subjected to more searching review. Although an agency must ordinarily display awareness that it is changing position… and may sometimes need to account for prior fact finding or certain reliance interests created by a prior policy, it need not demonstrate to a court’s satisfaction that the reasons for the new policy are better than the reasons for the old one. It suffices that the new policy is permissible under the statute, that there are good reasons for it, and that the agency believes it to be better, which the conscious change adequately indicates.

Of course, it’s not entirely unusual for the Court to decide important regulatory cases by sticking to administrative law / APA issues, but what’s different in this case is that we’re not talking about the regulation of widgets here. We are talking about the regulation of freedom of speech and expression. Shouldn’t the administrative law analysis change a bit when the issues at stake implicate profound constitutional imperatives? I think so, but the majority doesn’t address that. Continue reading →

SHARE: 27 comments

Supreme Court Decision in FCC v. Fox (Part 2: Initial Thoughts)

by on April 28, 2009 · 10 comments

As I noted earlier, the Supreme Court just handed down a historical First Amendment decision in the case of Federal Communications Commission v. Fox Television Stations. Here are my initial general thoughts on the case that were just sent out in a PFF press release. Again, more commentary to follow later today as I continue to digest the decision.

While the Court decided this case on purely procedural grounds, its failure to address the constitutional issues at stake will leave the First Amendment freedoms of both media creators and consumers in this country uncertain until another case winds its way up to the court, which could take years. Practically speaking, as Justice Thomas noted, what’s the point of continuing to apply a censorship regime to one of the oldest mediums—broadcast TV and radio—when kids are flocking to unregulated mediums in large numbers? At this point, we’re doing little more than protecting adults from themselves and destroying over-the-air broadcasting in the process.

Until the Court clearly addresses the First Amendment protection of broadcasting in light of the Digital Revolution, we’ll just have to speculate as to how to reconcile the broadcast law of bygone era with the Court’s recent Internet jurisprudence—which has strongly supported the First Amendment. Although new media technologies and platforms are not covered currently by FCC content controls, the specter of regulation now haunts all media as platforms continue to converge and broadcast content gets repurposed on other platforms.

Finally, what makes the Court’s ruling even less sensible is that all parents have an extensive array of tools and strategies at their disposal to control media in their homes and in their lives of the children. That is especially the case for broadcast television programming, which is easier to control than ever before. The Court has held that user empowerment and private blocking solutions should shield the Internet from content regulation. Why shouldn’t the same principle apply to broadcasting?

SHARE: 10 comments

Supreme Court Decision in FCC v. Fox (Part 1: The Decision)

by on April 28, 2009 · 19 comments

Breaking news: The Supreme Court as just ruled in the important First Amendment case of Federal Communications Commission v. Fox Television Stations and held in the government’s favor by a 5-4 vote. Decision is here.

My background info about the case is here and will publish some essays throughout the day as I digest the decision. Importantly, the case was decided squarely on procedural grounds, not constitutional grounds. However, Justice Thomas has some very important and interesting things to say about those constitutional issues in his separate concurrence. Coverage from AP, Reuters, and UPI.

The full decision can be viewed below in a Scribd reader:

[Supreme Court Decision] FCC v. Fox 07-582 http://d.scribd.com/ScribdViewer.swf?document_id=14715905&access_key=key-21fh1qa1sk7qthfi40is&page=1&version=1&viewMode=

SHARE: 19 comments

Schneier on Data Collection and “Deception”

by on April 28, 2009 · 11 comments

I’ve been quite depressed to witness Bruce Schneier’s ongoing conversion from opponent of government intervention in the high-tech economy (at least on encryption) to vociferous proponent (at least in terms of privacy regulation).  Anyway, his latest cheerleading piece for government privacy regulation in The Wall Street Journal includes lots of fear-mongering about private website data collection for, God forbid, purposes of trying to better target advertising and market us products we might actually want.

Schneier uses the term “deceptive” several times in the piece to refer to privacy policies that don’t make it explicitly clear that some of the information you leave on a site, or that is collected preemptively by them, will be used to craft more targeted marketing efforts.  Like many other would-be privacy regulators, Schneier seemingly wants companies to fly blimps over your desk as you surf the Net with big signs that basically say: ‘Hey stupid, your info may be used to market you stuff.’  It’s hard to be against more disclosure, of course — and most sites spell out what they do with data in their privacy policies — but it never seems to be good enough for most privacy advocates, who paint consumers out to be mindless sheep who cannot be trusted to make wise decisions for themselves.  Sorry, but I just don’t buy it.

Continue reading →

SHARE: 11 comments

A View from the Inside — State Legislators and Social Networking

by on April 27, 2009 · 6 comments

Last week I attended the National Conference of State Legislators spring meeting here in Washington, DC.  One of the panels was called “Social Networking 101”, and it was an interesting inside discussion centered on how legislatures and legislators are using Facebook, MySpace, Twitter and other social networking tools. Presenters were Sharon Crouch Steidel (Dir of IT for Virginia House of Delegates), Rep. Steve Harrelson from Arkansas, and Pam Greenberg of NCSL.

Rep. Harrelson described three main reasons for legislators to blog: (1) Immediacy – can get in front of the media story; (2) No filters – can tell the story how you want to, and can tell the whole story; (3) Transparency – tell constituents reasons for votes. His blog is amazingly complete.

According to Harrelson, his blog readers care more about politics, not policy issues. Reader traffic spikes when Harrelson talks about who was at what dinner/social event, or who is running for what seat, or committee maneuvering.  One consideration is whether to allow readers to comment and if so, do you censor? Harrelson does not censor, and wonders whether it would be unconstitutional for him to do so using a state computer on state time.

Speakers complained about a flood of email. Policymakers hate canned email and they hate it when they can’t tell if email is actually from a constituent. Legislators and IT directors struggle with how to use social media for effective dialogues, not just emails that say “I support HB 555” 30,000 times. They also want technology that forces users to input their addresses, so they can have constituent mail readily identified.

Virginia is moving toward the use of Wikis for current bills. Continue reading →

SHARE: 6 comments

← Previous Entries

Next Entries →