In a new essay for the Mercatus Bridge, I ask, “How Many Lives Are Lost Due to the Precautionary Principle?” The essay builds on two recent case studies of how the precautionary principle can result in unnecessary suffering and deaths. The first case study involves the Japanese government’s decision in 2011 to entirely abandon nuclear energy following the Fukushima Daiichi nuclear accident. The second involves Golden Rice, a form of rice that was genetically engineered to contain beta-carotene, which helps combat vitamin A deficiency. Anti-GMO resistance among environmental activists and regulatory officials held up the diffusion of this miracle food. New reports and books now document how these precautionary decisions diminished human welfare instead of improving it. I encourage you to jump over to the Bridge and read the entire story.

I concluded the essay by noting that, “It is time to reject the simplistic logic of the precautionary principle and move toward a more rational, balanced approach to the governance of technologies. Our lives and well-being depend upon it.” Some read that as a complete rejection of  all preemptive regulation. I certainly was not arguing that, so let me clarify a few things.

There are, of course, “hard” and “soft” variants of the precautionary principle (PP). In my new essay, I am mostly focused on the very hardest variety (of a prohibitionary nature). They are the most concerning because they completely foreclose all future experimentation with new and better ways of doing things. In a section of my last book entitled, “When Does Precaution Make Sense?” I noted that outright bans on new goods and services are justified when the risk being evaluated can be shown to be highly probably, tangible, immediate, irreversible, and potentially catastrophic in nature. [See this essay for more on this point, including that entire section of my book reprinted as an appendix.]

However, “existential” risks are open to interpretation and far rarer than some suggest. Governments justly restrict the possession of uranium and bazookas and such grounds, but it would be imprudent to ban the development of all new AI technologies on the theory that one day we might get a Terminator scenario if we don’t.

Softer PP varieties of a permitting nature (such as FAA and FDA permitting regimes) are somewhat easier to justify because they at least leave the door open for some innovation, albeit after significant delay. It is impossible in advance to determine exactly how many lives are saved or lost because of long regulatory review processes, but some new products (such as large aircraft or pharmaceuticals) obviously deserve greater scrutiny because of the potential for adverse and catastrophic outcomes without some degree of initial oversight.

However, taken to the extreme and applied in too rigid of a fashion, even softer varieties of the PP can result in unnecessary suffering and deaths. Slowing experiments with potentially new and better ways of doing things means we are stuck with a status quo that can be sub-optimal, even deadly in its own right.

All roads lead back to improved benefit-cost analysis, better risk modeling, constant retrospective review, and stepped-up risk education/communication efforts. But the over-zealous and unthinking application of the PP shuts down that process almost entirely and forecloses any sort of policy or market experimentation. Flexibility, adaptability, and humility in policymaking are crucial to avoid policy errors.

Toward that end, as I noted in my last law review article, newer “soft law” governance tools offer us the chance to craft superior governance frameworks for existing and emerging technologies. Multistakeholder processes, agency guidances, collaborative best practices, and various other informal governance mechanisms are often better suited to address fast-moving sectors and technologies. In my next book, I argue that this is even true for many “existential risk” scenarios that people fear today. Preemptive controls – including some of a precautionary nature – will still be needed in many circumstances. (Genetic editing will be one such candidate). But we must still guard against overreaction and excessive control of technologies that have the potential to fundamentally improve human well-being.

In sum, trial-and-error is valuable both in the marketplace and in government policymaking settings. The fundamental problem with the precautionary principle is that is ends all such trial-and-error experimentation, including within regulatory regimes themselves! Greater flexibility is needed to ensure that public policy can more accurately balance risk and benefits and improve human well-being as a result. But the precautionary principle will almost never achieve that. We need more open, adaptive, and entrepreneurial governance mechanisms to achieve superior public health outcomes.

My next book, due out in April 2020, does a deeper dive into these issues. Stay tuned for more.

This week I will be traveling to Montreal to participate in the 2018 G7 Multistakeholder Conference on Artificial Intelligence. This conference follows the G7’s recent Ministerial Meeting on “Preparing for the Jobs of the Future” and will also build upon the  G7 Innovation Ministers’ Statement on Artificial Intelligence . The goal of Thursday’s conference is to, “focus on how to enable environments that foster societal trust and the responsible adoption of AI, and build upon a common vision of human-centric AI.” About 150 participants selected by G7 partners are expected to participate, and I was invited to attend as a U.S. expert, which is a great honor. 

I look forward to hearing and learning from other experts and policymakers who are attending this week’s conference. I’ve been spending a lot of time thinking about the future of AI policy in recent books, working papers, essays, and debates. My most recent essay concerning a vision for the future of AI policy was co-authored with Andrea O’Sullivan and it appeared as part of a point/counterpoint debate in the latest edition of the Communications of the ACM. The ACM is the Association for Computing Machinery, the world’s largest computing society, which “brings together computing educators, researchers, and professionals to inspire dialogue, share resources, and address the field’s challenges.” The latest edition of the magazine features about a dozen different essays on “Designing Emotionally Sentient Agents” and the future of AI and machine-learning more generally.

In our portion of the debate in the new issue, Andrea and I argue that “Regulators Should Allow the Greatest Space for AI Innovation.” “While AI-enabled technologies can pose some risks that should be taken seriously,” we note, “it is important that public policy not freeze the development of life-enriching innovations in this space based on speculative fears of an uncertain future.” We contrast two different policy worldviews — the precautionary principle versus permissionless innovation — and argue that:

artificial intelligence technologies should largely be governed by a policy regime of permissionless innovation so that humanity can best extract all of the opportunities and benefits they promise. A precautionary approach could, alternatively, rob us of these life-saving benefits and leave us all much worse off.

That’s not to say that AI won’t pose some serious policy challenges for us going forward that deserve serious attention. Rather, we are warning against the dangers of allowing worst-case thinking to be the default position in these discussions.

But what about some of the policy concerns regarding AI, including privacy, “algorithmic accountability,” or more traditional fears about automation leading to job displacement or industrial disruption. Some of the these issues deserve greater scrutiny, but as Andrea and I pointed out in a much longer paper with Raymond Russell, there often exists better ways of dealing with such issues before resorting to preemptive, top-down controls on fast-moving, hard-to-predict technologies.

“Soft law” options will often serve us better than old hard law approaches. Soft law mechanisms, as I write in my latest law review article with Jennifer Skees and Ryan Hagemann, are a useful way to bring diverse parties together to address pressing policy concerns without destroying the innovative promise of important new technologies. Among other things, soft law includes multistakeholder processes and ongoing efforts to craft flexible “best practices.” It can also include important collaborative efforts such as this recent IEEE “Global Initiative on Ethics of Autonomous and Intelligent Systems,” which serves as “an incubation space for new standards and solutions, certifications and codes of conduct, and consensus building for ethical implementation of intelligent technologies.” This approach brings together diverse voices from across the globe to develop rough consensus on what “ethically-aligned design” looks like for AI and aims to establish a framework and set of best practices for the development of these technologies over time.

Others have developed similar frameworks, including the ACM itself. The ACM developed a Code of Ethics and Professional Conduct in the early 1970s and then refined it in the early 1990s and then again just recently in 2018. Each iteration of the ACM Code reflected ongoing technological developments from the mainframe era to the PC and Internet revolution and on through today’s machine-learning and AI era. The latest version of the Code “affirms an obligation of computing professionals, both individually and collectively, to use their skills for the benefit of society, its members, and the environment surrounding them,” and insists that computing professionals “should consider whether the results of their efforts will respect diversity, will be used in socially responsible ways, will meet social needs, and will be broadly accessible.” The document also stresses how, “[a]n essential aim of computing professionals is to minimize negative consequences of computing, including threats to health, safety, personal security, and privacy. When the interests of multiple groups conflict, the needs of those less advantaged should be given increased attention and priority.”

Of course, over time, more targeted or applied best practices and codes of conduct will be formulated as new technological developments make them necessary. It is impossible to perfectly anticipate and plan for all the challenges that we may face down the line. But we can establish some rough best practices and ethical guidelines to help us deal with some of them. As we do so, we need to think hard about how to craft those principles and policies in such a way so as to not undermine the potentially amazing, life-enriching — and potentially even life- saving — benefits that AI technologies could bring about.

You can hear more about these and other issues surrounding the future of AI in this 6-minute video that  Communications of the ACM put together to coincide with my debate with Oren Etzioni of the Allen Institute for Artificial Intelligence. As you will probably notice, there’s actually a lot more common ground between us in this discussion that you might initially suspect. For example, we agree that it would be a serious mistake to regulate AI at the general-purpose level and that it instead makes more sense to zero-in on specific AI applications to determine where policy interventions might be needed.

Of course, things get more contentious when we consider  what kind of policy interventions we might want for specific AI applications, and also the much more challenging question about how to define and measure “harm” in this context. And this all assumes we can even come to some general consensus about how to first define what we even mean by “artificial intelligence” or “robotics” in general. That’s harder than many realize and it is important because it has a bearing on the overall scope and practicality of regulation in various contexts.

Another thing that seems to be the source of serious ongoing debate between people in this field concerns the wisdom of creating an entirely new agency or centralized authority of some sort to oversee or guide the development AI or robotics. I’ve debated that question many times with Ryan Calo, who first pitched the idea a few years back in a working paper for Brookings. In response, I noted that we already have quite a few “robot regulators” in existence today in the form of technocratic agencies that oversee the specific development of various types of robotic and AI-oriented applications. For example, NHTSA already oversees driverless cars, FAA regulates drones, and the FDA handles AI-based medical devices and applications. Will adding another big, over-arching Robotics Commission really add much value to the process? Or will it simply add another bureaucratic layer of red tape to the process of getting life-enriching services out to the public? I doubt, for example, that the Digital Revolution would have been somehow improved much had America created a Federal Computer Commission or Federal Internet Commission 25 years ago.

Moreover, had we adopted such entities, I worry about how the tech companies of an earlier generation might have utilized that process to keep new players and technologies from emerging. As I noted this week in a tweet that got a lot of attention, I used to have the adjoining poster from PC Computing magazine on my office wall over 20 years ago. It was entitled, “Roadmap to Top Online Services,” and showed how the powerful Big 4 online service providers — America Online, Prodigy, Compuserve, and Microsoft — were spreading their tentacles. People used to see this poster on my wall and ask me whether there was any hope of disrupting the perceived choke-hold that these companies had on the market at the time.

Of course, we now look back and laugh at the idea that these firms could have bottled up innovation and kept competition at bay. But ask yourself: When disruptive innovations appeared on the scene, what would those incumbent firms have done if they had regulators to run to for help down at a Federal Computer Commission or Federal Internet Commission? I think we know exactly what they would have done because the lamentable history of so much Federal Communication Commission regulation shows us that  the powerful will grab for the levers of power wherever they exist. Some critics don’t accept the idea that “rent-seeking” and regulatory capture are real problems, or they believe that we can find creative ways to avoid those problems. But history shows this has been a reoccurring problem in countless sectors and one that we should try to avoid as much as possible by not establishing mechanisms that could exclude beneficial forms of competition and innovation from coming about to begin with.

That could certainly happen right now with the regulatory mechanisms already in place. For example, just this week, Jennifer Huddleston Skees and I wrote about the dangers of “Emerging Tech Export Controls Run Amok,” as the Trump Administration ponders a potentially massive expansion of export restrictions on a wide variety of technologies. More than a dozen different AI or autonomous system technologies appear on the list for consideration. That could pose real trouble not just for commercial innovators in this space, but also for non-commercial research and collaborative open source efforts involving these technologies.

Again, that doesn’t mean AI and robotics should develop in a complete policy vacuum. We need “governance” but we don’t need the sort of heavy-handed, top-down, competition-killing, innovation-restricting sort of regulatory regimes of the past. I continue to believe that more flexible, adaptive “soft law” mechanisms provide the reasonable path forward for most of the concerns we hear about AI and robotics today. These are challenging issues, however, and I look forward to learning more from other experts in the field when I visit Montreal for this week’s G7 discussion.

Additional Reading:

• “Should the Government Regulate Artificial Intelligence?” Wall Street Journal debate between Ryan Calo, Julia Powles, and Adam Thierer, April 29, 2018.
• Adam Thierer, Andrea O’Sullivan & Raymond Russell, “Artificial Intelligence and Public Policy,” Research Paper, Mercatus Center at George Mason University, August 23, 2017.
• Adam Thierer, “Which Emerging Technologies are “Weapons of Mass Destruction”? Technology Liberation Front, August 26, 2016.
• Adam Thierer, ““Wendell Wallach on the Challenge of Engineering Better Technology Ethics“
• Adam Thierer, “Problems with Precautionary Principle-Minded Tech Regulation & a Federal Robotics Commission,” Technology Liberation Front, September 22, 2014.
• Adam Thierer, “Are ‘Permissionless Innovation’ and ‘Responsible Innovation’ Compatible?” Technology Liberation Front, July 12, 2017.
• Adam Thierer & Jennifer Huddleston Skees, “Emerging Tech Export Controls Run Amok,” Technology Liberation Front, November 28, 2018.
• Adam Thierer, Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom

[Remarks p repared for Fifth Annual Conference on Governance of Emerging Technologies: Law, Policy & Ethics at Arizona State University, Phoenix, AZ, May 18, 2017.]

_________________

What are we to make of this peculiar new term “permissionless innovation,” which has gained increasing currency in modern technology policy discussions? And how much relevance has this notion had—or should it have—on those conversations about the governance of emerging technologies? That’s what I’d like to discuss here today.

Uncertain Origins, Unclear Definitions

I should begin by noting that while I have written a book with the term in the title, I take no credit for coining the phrase “permissionless innovation,” nor have I been able to determine who the first person was to use the term. The phrase is sometimes attributed to Grace M. Hopper, a computer scientist who was a rear admiral in the United States Navy. She once famously noted that, “It’s easier to ask forgiveness than it is to get permission.”

“Hopper’s Law,” as it has come to be known in engineering circles, is probably the most concise articulation of the general notion of “permissionless innovation” that I’ve ever heard, but Hopper does not appear to have ever used the actual phrase anywhere. Moreover, Hopper was not necessarily applying this notion to the realm of technological governance, but was seemingly speaking more generically about the benefit of trying new things without asking for the blessing of any number of unnamed authorities or overseers—which could include businesses, bosses, teachers, or perhaps even government officials.

Today, however, we most often hear the “permissionless innovation” used in discussions about the governance of information technologies as well as a wide variety of emerging technologies. Unfortunately, scholars and advocates who have suggested that permissionless innovation should serve as the governing lodestar in these areas do not always precisely define what they mean by the term.

None of them seem to be suggesting, however, that permissionless innovation is synonymous with anarchy. To the contrary, many of them are quick to note that governments will continue to have a role to play. It is even rare to see advocates of permissionless innovation in these varied contexts calling for the abolition of any laws, programs, or agencies.

Instead, it seems to be the case that most of those defenders of permissionless innovation are using the term as a sort of shorthand when what they really mean to say is something like: “give innovators a bit more breathing room,” or, “don’t rush to regulate.”

This is consistent with my own articulation of the term, which goes as follows:

“Permissionless innovation refers to the notion that experimentation with new technologies and business models should generally be permitted by default. Unless a compelling case can be made that a new invention will bring serious harm to society, innovation should be allowed to continue unabated and problems, if any develop, can be addressed later.”

Default Policy Positions

Framing the term in this fashion makes it clear that, as it pertains to technological governance, permissionless innovation is about setting our public policy defaults closer to green lights rather than red ones.

It switches the burden of proof to the opponents of ongoing technological change by asserting five things:

• First, technological innovation is the single most important determinant of long-term human well-being.
• Second, there is real value to learning through continued trial-and-error experimentation, resiliency, and ongoing adaptation to technological change.
• Third, constraints on new innovation should be the last resort, not the first. Innovation should be innocent until proven guilty.
• Fourth, as regulatory interventions are considered, policy should be based on evidence of concrete potential harm and not fear of worst-case hypotheticals.
• Fifth, and finally, where policy interventions are deemed needed, flexible, bottom-up solutions of an ex post (responsive) nature are almost always preferable to rigid, top-down controls of an ex ante (anticipatory) nature.

Shared Shortcomings of Both Visions

At least on the surface, that sort of governance vision stands in stark contrast to the “precautionary principle.” Defenders of the precautionary principle as the general default position in technology policy debates generally believe that new innovations should be curtailed or disallowed until their developers can prove that they will not cause any harm to individuals, groups, specific entities, cultural norms, or various existing laws, norms, or traditions.

That being said, I’d like to point out some of the shared shortcomings of both of these governance visions.

First, as with attempts to define the parameters of “permissionless innovation,” the precautionary principle is not always as rigid as its critics sometimes suggest. There are as many flavors of the precautionary principle as there are ice cream. Indeed, this is why many have criticized the precautionary principle not for what it says but rather for what it doesn’t say. It doesn’t tell us exactly how and when to apply precautionary measures, or how to evaluate the trade-offs associated with precaution.

This points the second and deeper underlying problem faced by advocates of both precautionary measures and permissionless innovation: Our collective inability to craft a widely-shared definition of what constitutes “technological harm” in various contexts. This is certainly not to suggest that no attempt has been made to do so. Rather, simply that we don’t seem to be any closer to concrete agreement about how or where to draw those lines.

Of course, let’s not kid ourselves into thinking that we can find bright-line answers to all these questions. After all, for many of these technological governance issues we are operating in the realm of “Level 3” or “Earth-level” systems, as Professors Allenby and Sarewitz refer to it in their book, The Techno-Human Condition. These are systems in which we deal with, as they say, “a context that is always shifting, and on meanings that are never fixed.”

That makes it even more challenging to define what we mean by “responsible innovation” or “socially desirable innovation” for purposes of determining optimal technology policy.

Risk Analysis through the Lens of Permissionless Innovation

For me, there are no easy ways out of this mess. But I do know two things for certain.

First, we must continue to refine and improve our risk analysis tools and techniques to make better determinations of when proposed interventions are sensible and cost-effective relative to the many trade-offs at work.

Again, I recognize the challenge of doing this when many of the issues and values in play are amorphous and metaphysical conflicts exist about how to even define some of these things. Most of the emerging technology policy issues I write about today, for example, involve some sort of privacy, safety, or security concern. In each case, however, very little consensus exists about what those terms even mean in varied contexts.

Nonetheless, the fact that benefit-cost analysis is hard should not serve as an excuse for failing to go through the exercise of attempting some sort of valuation of the many variables in play.

Soft Law Alternatives

The second thing I know for certain is that, due the combination of both definitional complexity regarding what constitutes technological harm, as well as the ever-accelerating pace of the so-called “pacing problem,” all roads lead back to soft law solutions instead of hard law remedies.

Last year, I had the pleasure of reading and reviewing Wendell Wallach’s new book and then having a nice conversation with him about it at Microsoft’s DC headquarters. The most interesting thing about our exchange was that, although we do not begin in the same place philosophically-speaking, we largely end up in the same place practically-speaking.

That is, there seemed to be some grudging acceptance on both our parts that “soft law” systems, multistakeholder processes, and various other informal governance mechanisms will need to fill the governance gap left by the gradual erosion of hard law.

Many other scholars, including many of you in this room, have discussed the growth of soft law mechanisms in specific contexts, but I believe we have probably failed to acknowledge the extent to which these informal governance models have already become the dominant form of technological governance, at least in the United States.

I’m currently co-authoring a very long study which documents how the Obama Administration came to rely quite heavily on multistakeholder processes, negotiated “best practices,” and industry codes of conduct as the primary governance mechanisms for a long list of emerging tech issues, including: driverless cars, commercial drones, big data, facial recognition, the Internet of Things and wearable technology, mobile medical applications, 3D printing, artificial intelligence, the Sharing Economy, and much more.

Most of these soft law processes were driven by the NTIA and FTC, but plenty of other agencies with an “N” or an “F” at the beginning of their name have undertaken some sort of soft law process, including NHTSA, the FDA, the FAA, and so on.

Now, I’m willing to bet that many of those involved in these processes who generally favor more anticipatory regulatory approaches would have preferred to start with hard law solutions to some of these issues. And I am equally certain that many of the innovators involved in those multistakeholder processes would have probably preferred not to have had to come to the table at all.

But at the end of the day, for the most part, all sides did come to the table and worked together in a good faith effort to find some rough consensus about what sort of informal guidelines would govern the future of innovation in these sectors.

The Worst of All Systems, Except All the Others

Plenty of questions remain about such soft law systems, and the irony is that defenders of both permissionless innovation and the precautionary principle will quite often be raising very similar concerns regarding the transparency, accountability, and enforceability of these systems.

But I’m inclined to believe that no matter where you sit on the permissionless vs. precautionary spectrum, and no matter what your reservations may be about it the new world of soft law governance that we find ourselves moving into, this is the future and the future is now.

Much as Churchill said of democracy being “the worst form of Government except for all those other forms that have been tried from time to time,” I think we are well on our way to a world in which soft law is the worst form of technological governance except for all those others that have been tried before.

Of course, the devil is always in the details and I suspect that we’ll have plenty of discuss and debate in that regard. Let’s get that conversation going.

Wallach’s latest book is entitled, A Dangerous Master: How to Keep Technology from Slipping beyond Our Control. And, as I’ve noted here recently, the greatly expanded second edition of my latest book, Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom, has just been released.

Of all the books of technological criticism or skepticism that I’ve read in recent years—and I have read stacks of them!— A Dangerous Master is by far the most thoughtful and interesting. I have grown accustomed to major works of technological criticism being caustic, angry affairs. Most of them are just dripping with dystopian dread and a sense of utter exasperation and outright disgust at the pace of modern technological change.

Although he is certainly concerned about a wide variety of modern technologies—drones, robotics, nanotech, and more—Wallach isn’t a purveyor of the politics of panic. There are some moments in the book when he resorts to some hyperbolic rhetoric, such as when he frets about an impending “techstorm” and the potential, as the book’s title suggests, for technology to become a “dangerous master” of humanity. For the most part, however, his approach is deeper and more dispassionate than what is found in the leading tracts of other modern techno-critics.

Many Questions, Few Clear Answers

Wallach does a particularly good job framing the major questions about emerging technologies and their effect on society. “Navigating the future of technological possibilities is a hazardous venture,” he observes. “It begins with learning to ask the right questions—questions that reveal the pitfalls of inaction, and more importantly, the passageways available for plotting a course to a safe harbor.” (p. 7) Wallach then embarks on a 260+ page inquiry that bombards the reader with an astonishing litany of questions about the wisdom of various forms of technological innovation—both large and small. While I wasn’t about to start an exact count, I would say that the number of questions Wallach poses in the book runs well into the hundreds. In fact, many paragraphs of the book are nothing but an endless string of questions.

Thus, if there is a primary weakness with A Dangerous Master, it’s that Wallach spends so much time formulating such a long list of smart and nuanced questions that some readers may come away disappointed when they do not find equally satisfying answers. On the other hand, the lack of clear answers is also completely understandable because, as Wallach notes, there really are no simple answers to most of these questions.

Just Slow Down!

Moving on to substance, let me make clear where Wallach and I generally see eye-to-eye and where we part ways.

Generally speaking, we agree about the need to come up with better “soft governance” systems for emerging technologies, which might include multistakeholder process, developer codes of conduct, sectoral self-regulation, sensible liability rules, and so on. (More on those strategies in a moment.)

But while we both believe it is wise to consider how we might “bake-in” better ethics and norms into the process of technological development, Wallach seems much more inclined than me to expect that we will be able to pre-ordain (or potentially require?) all this happens before much of this experimentation and innovation actually moves forward. Wallach opens by asking:

Determining when to bow to the judgment of experts and whether to intervene in the deployment of a new technology is certainly not easy. How can government leaders or informed citizens effectively discern which fields of research are truly promising and which pose serious risks? Do we have the intelligence and means to mitigate the serious risks that can be anticipated? How should we prepare for unanticipated risks? (p. 6)

Again, many good questions here! But this really gets to the primary difference between Wallach’s preferred approach and my own: I tend to believe that many of these things can only be worked out through ongoing trial and error, the constant reformulation of the various norms that govern the process of innovation, and the development of sensible ex post solutions to some of the most difficult problems posed by turbulent technological change.

By contrast, Wallach’s generally attitude toward technological evolution is probably best summarized by the phrases: “Slow down!” and, “Let’s have a conversation about it first!” As he puts it in his own words: “Slowing down the accelerating adoption of technology should be done as a responsible means to ensure basic human safety and to support broadly shared values.” (p. 13)

But I tend to believe that it’s not always possible to preemptively determine which innovations to slow down, or even how to determine what those “shared values” are that will help us make this determination. More importantly, I worry that there are very serious potential risks and unintended consequences associated with slowing down many forms of technological innovation, which could improve human welfare in important ways. There can be no prosperity, after all, without a certain degree of risk-taking and disruption.

Getting Out Ahead of the Pacing Problem

Yet, what concerns Wallach most is the much-discussed issue from the field of the philosophy of technology, the so-called “pacing problem.” Wallach concisely defines the pacing problem as “the gap between the introduction of a new technology and the establishment of laws, regulations, and oversight mechanisms for shaping its safe development.” (p. 251) “There has always been a pacing problem,” he notes, but he is concerned that technological innovation—especially highly disruptive and potentially uncontrollable forms of innovation—is now accelerating at an absolutely unprecedented pace.

(Just as an aside for all the philosophy nerds out there…  Such a rigid belief in the “pacing problem” represents a techno-deterministic viewpoint that is, ironically, sometimes shared by technological skeptics like Wallach as well as technological optimists like Larry Downes and even many in the middle of this debate, like Vivek Wadhwa. See, for example, The Laws of Disruption by Downes and “Laws and Ethics Can’t Keep Pace with Technology” by Wadhwa. Although these scholars approach technology ethics and politics quite differently, they all seem to believe that the pace of modern technological change is so relentless as to almost be an unstoppable force of nature. I guess the moral of the story is that, to some extent, we’re all technological determinists now!)

Despite his repeated assertions that modern technologies are accelerating at such a potentially uncontrollable pace, Wallach nonetheless hopes we can achieve some semblance of control over emerging technologies before they reach a critical “inflection point.” In the study of history and science, an inflection point generally represents a moment when a situation and trend suddenly changes in a significant way and things begin moving rapidly in a new direction. These inflections points can sometimes develop quite abruptly, ushering in major changes by creating new social, economic, or political paradigms. As it relates to technology in particular, inflection points can refer to the moment with a particular technology achieves critical mass in terms of adoption or, more generally, to the time when that technology begins to profoundly transform the way individuals and institutions act.

Another related concept that Wallach discusses is the so-called “Collingridge dilemma,” which refers to the notion that it is difficult to put the genie back in the bottle once a given technology has reached a critical mass of public adoption or acceptance. The concept is named after David Collingridge, who wrote about this in his 1980 book, The Social Control of Technology. “The social consequences of a technology cannot be predicated early in the life of the technology,” Collingridge argued. “By the time undesirable consequences are discovered, however, the technology is often so much part of the whole economics and social fabric that its control is extremely difficult.”

On “Having a Discussion” & Coming Up with “a Broad Plan”

These related concepts of inflection points and the Collingridge dilemma constitute the operational baseline of Wallach’s worldview. “In weighing speedy development against long-term risks, speedy development wins,” he worries. “This is particularly true when the risks are uncertain and the perceived benefits great.” (p. 85)

Consequently, throughout his book, Wallach pleads with us to take what I will call Technological Time Outs. He says we need to pause at times so that we can have “a full public discussion” (p. 13) and make sure there is a “broad plan in place to manage our deployment of new technologies” (p. 19) to make sure that innovation happens only at “a humanly manageable pace” (p. 261) “to fortify the safety of people affected by unpredictable disruptions.” (p. 262) Wallach’s call for Technological Time Outs is rooted in his belief that “the accelerating pace [of modern technological innovation] undermines the quality of each of our lives.” (p. 263)

That is Wallach’s weakest assertion in the book and he doesn’t really offer much evidence to prove that the velocity of modern technological is hurting us rather than helping us, as many of us believe. Rather, he treats it as a widely accepted truism that necessitates some sort of collective effort to slow things down if the proverbial genie is about to exit the bottle, or to make sure those genies don’t get out of their bottles without a lot of preemptive planning regarding how they are to be released into the world. In the following passage on pg. 72, Wallach very succinctly summarizes his approach recommended throughout A Dangerous Master:

this book will champion the need for more upstream governance: more control over the way that potentially harmful technologies are developed or introduced into the larger society. Upstream management is certainly better than introducing regulations downstream, after a technology is deeply entrenched or something major has already gone wrong. Yet, even when we can access risks, there remain difficulties in recognizing when or determining how much control should be introduced. When does being precautionary make sense, and when is precaution an over-reaction to the risks? (p. 72)

Those who have read my Permissionless Innovation book will recall that I open by framing innovation policy debates in almost exactly the same way as Wallach suggests in that last line above. I argue in the first lines of my book that:

The central fault line in innovation policy debates today can be thought of as ‘the permission question.’  The permission question asks: Must the creators of new technologies seek the blessing of public officials before they develop and deploy their innovations? How that question is answered depends on the disposition one adopts toward new inventions and risk-taking, more generally.  Two conflicting attitudes are evident. One disposition is known as the ‘precautionary principle.’ Generally speaking, it refers to the belief that new innovations should be curtailed or disallowed until their developers can prove that they will not cause any harm to individuals, groups, specific entities, cultural norms, or various existing laws, norms, or traditions. The other vision can be labeled ‘permissionless innovation.’ It refers to the notion that experimentation with new technologies and business models should generally be permitted by default. Unless a compelling case can be made that a new invention will bring serious harm to society, innovation should be allowed to continue unabated and problems, if any develop, can be addressed later.

So, by contrasting these passages, you can see what I am setting up here is a clash of visions between what appears to be Wallach’s precautionary principle-based approach versus my own permissionless innovation-focused worldview.

How Much Formal Precaution?

But that would be a tad bit too simplistic because just a few paragraphs after Wallach makes the statement just above about “upstream management” being superior to ex post solutions formulated “after a technology is deeply entrenched,” Wallach begins slowly backing away from an overly-rigid approach to precautionary principle-based governance of technological processes and systems.

He admits, for example, that “precautionary measures in the form of regulations and governmental oversight can slow the development of research whose overall society impact will be beneficial,” (p. 26) and that can “be costly” and “slow innovation.” For countries, Wallach admits, this can have real consequences because “Countries with more stringent precautionary policies are at a competitive disadvantage to being the first to introduce a new tool or process.” (p. 74)

So, he’s willing to admit that what we might call a hard precautionary principle usually won’t be sensible or effective in practice, but he is far more open to soft precaution. But this is where real problems begin to develop with Wallach’s approach, and it presents us with a chance to turn the tables on him a bit and begin posing some serious questions about his vision for governing technology.

Much of what follows below are my miscellaneous ramblings about the current state of the intellectual dialogue about tech ethics and technological control efforts. I have discussed these issues at greater length in my new book as well as a series of essays here in past years, most notably: “On the Line between Technology Ethics vs. Technology Policy; “What Does It Mean to “Have a Conversation” about a New Technology?”; and, “Making Sure the “Trolley Problem” Doesn’t Derail Life-Saving Innovation.”

As I’ve argued in those and other essays, my biggest problem with modern technological criticism is that specifics are in scandalously short supply in this field! Indeed, I often find the lack of details in this arena to be utterly exasperating. Most modern technological criticism follows a simple formula:

TECHNOLOGY –>> POTENTIAL PROBLEMS –>> DO SOMETHING!

But almost all the details come in the discussion about the nature of the technology in question and the apparent many problems associated with it. Far, far less thought goes into the “DO SOMETHING!” part of the critics’ work. One reason for that is probably self-evident: There are no easy solutions. Wallach admits as much at many junctures throughout the book. But that doesn’t excuse the need for the critics to give us a more concrete blueprint for identifying and then potentially rectifying the supposed problems.

Of course, the other reason that many critics are short of specifics is because what they really mean when they quip how much we need to “have a conversation” about a new disruptive technology is that we need to have a conversation about stopping that technology.

Where Shall We Draw the Line between Hard and Soft Law?

But this is what I found most peculiar about Wallach’s book: He never really gives us a good standard by which to determine when we should look to hard governance (traditional top-down regulation) versus soft governance (more informal, bottom-up and non-regulatory approaches).

On one hand, he very much wants society to exercise greatly restraint and precaution when it comes to many of the technologies he and others worry about today. Again, he’s particularly concerned about the potential runaway development and use of drones, genetic editing, nanotech, robotics, and artificial intelligence. For at least one class of robotics—autonomous military robots—Wallach does call for immediate policy action in the form of an Executive Order to ban “killer” autonomous systems. (Incidentally, there’s also a major effort underway called the “Campaign to Stop Killer Robots” that aims to make such a ban part of international law through a multinational treaty.)

But Wallach also acknowledges the many trade-offs associated with efforts to preemptively controls on robotics and other technology. Perhaps for that reason, Wallach doesn’t develop a clear test for when the Precautionary Principle should be applied to new forms of innovation.

Clearly there are times when it is appropriate, although I believe it is only in an extremely narrow subset of cases. In the 2 ^nd Edition of my Permissionless Innovation book, I tried to offer a rough framework for when formal precautionary regulation (i.e., highly-restrictive policy defaults are necessary, such as operational restrictions, licensing requirements, research limitations, or even formal bans) might be necessary. I do not want to interrupt the flow of this review of Wallach’s book too much, so I have decided to just cut-and-paste that portion of Chapter 3 of my book (“When Does Precaution Make Sense?”) down below as an appendix to this essay.

The key takeaway of that passage from my book is that all of us who study innovation policy and the philosophy of technology—Wallach, myself, the whole darn movement—have done a remarkably poor job being specific about precisely when formal policy precaution is warranted. What is the test? All too often, we get lazy and apply what we might call an “I-Know-It-When-I-See-It” standard. Consider the possession of bazookas, tanks, and uranium. Almost all of us would agree that citizens should not be allowed to possess or use such things. Why? Well, it seems obvious, right? They just shouldn’t! But what is the exact standard we use to make that determination.

In coming years, I plan on spending a lot more time articulating a better test by which Precautionary Principle-based policies could be reasonably applied. Those who know me may be taken aback by what I just said. After all, I’ve spend many years explaining why Precautionary Principle-based thinking threatens human prosperity and should be rejected in the vast majority of cases. But that doesn’t excuse the lack of a serious and detailed exploration of the exact standard by which we determine when we should impose some limits on technological innovation.

Generally speaking, while I strongly believe that “permissionless innovation” should remain the policy default for most technologies, there certainly exists some scenarios where the threat of harm associated with a new innovation might be highly probable, tangible, immediate, irreversible, and catastrophic in nature. If so, that could qualify it for at least a light version of the Precautionary Principle. In a future paper or book chapter I’m just now starting to research, I hope to fuller develop those qualifiers and formulate a more robust test around them.

I would have very much liked to see Wallach articulate and defend a test of his own for when formal precaution would make sense. And, by extension, when should we default to soft precaution, or soft law and informal governance mechanisms for emerging technologies.

We turn to that issue next.

Toward Soft Governance & the Engineering of Better Technological Ethics

Even though Wallach doesn’t provide us with a test for determining when precaution makes sense or when we should instead default to soft governance, he does a much better job explaining the various models of soft law or informal governance that might help us deal with the potential negative ramifications of highly disruptive forms of technological change.

What Wallach proposes, in essence, is that we bake a dose of precautionary directly into the innovation process through a wide variety of informal governance/oversight mechanisms. “By embedding shared values in the very design of new tools and techniques, engineers improve the prospect of a positive outcome,” he claims. “The upstream embedding of shared values during the design process can ease the need for major course adjustments when it’s often too late.” (p. 261)

Wallach’s favored instrument of soft governance is what he refers to as “Governance Coordinating Committees” (GCCs). These Committees would coordinate “the separate initiatives by the various government agencies, advocacy groups, and representatives of industry” who would serve as “issue managers for the comprehensive oversight of each field of research.” (p. 250) He elaborates and details the function of GCCs as follows:

These committees, led by accomplished elders who have already achieved wide respect, are meant to work together with all the interested stakeholders to monitor technological development and formulate solutions to perceived problems. Rather than overlap with or function as a regulatory body, the committee would work together with existing institutions. (p. 250-51)

Wallach discussed the GCC idea in much greater detail in a 2013 book chapter he penned with Gary E. Marchant for a collected volume of essays on Innovative Governance Models for Emerging Technologies. (I highly recommend you pick up that book if you can afford it! Many terrific essays in that book on these issues.) In their chapter, Marchant and Wallach specify some of the soft law mechanisms we might use to instill a bit of precaution preemptively. These mechanisms include: “codes of conduct, statements of principles, partnership programs, voluntary programs and standards, certification programs and private industry initiatives.”

If done properly, GCCs could provide exactly the sort of wise counsel and smart recommendations that Wallach desires. In my book and many law review articles on various disruptive technologies, I have endorsed many of the ideas and strategies Wallach identifies. I’ve also stressed the importance of many other mechanisms, such as education and empowerment-based strategies that could help the public learn to cope with new innovations or use them appropriately. In addition, I’ve highlighted the many flexible, adaptive ex post remedies that can help when things go wrong. Those mechanisms include common law remedies such as product defects law, various torts, contract law, property law, and even class action lawsuits. Finally, I have written extensively about the very active role played by the Federal Trade Commission (FTC) and other consumer protection agencies, which have broad discretion to police “unfair and deceptive practices” by innovators.

Moreover, we already have a quasi-GCC model developing today with the so-called “multistakeholder governance” model that is often used in both informal and formal ways to handle many emerging technology policy issues.  The Department of Commerce (the National Telecommunications and Information Administration in particular) and the FTC have already developed many industry codes of conduct and best practices for technologies such as biometrics, big data, the Internet of Things, online advertising, and much more. Those agencies and others (such as the FDA and FAA) are continuing to investigate other codes or guidelines for things like advanced medical devices and drones, respectively. Meanwhile, I’ve heard other policymakers and academics float the idea of “digital ombudsmen,” “data ethicists,” and “private IRBs” (institutional review boards) as other potential soft law solutions that technology companies might consider. Perhaps going forward, many tech firms will have Chief Ethical Officers just as many of them today have Chief Privacy Officers or Chief Security Officers.

In other words, there’s already a lot of “soft law” activities going on in this space. And I haven’t even begun an inventory of the many other bodies or groups that already exist in each sector today that has set forth their own industry self-regulatory codes, but they exist in almost every field that Wallach worries about.

So, I’m not sure how much his GCC idea will add to this existing mix, but I would not be opposed to them playing the sort of coordinating “issue manager” role he describes. But I still have many questions about GCC’s, including:

• How many of them are needed and how we will know which one is the definitive GCC for each sector or technology?
• If they are overly formal in character and dominated by the most vociferous opponents of any particular technology, a real danger exists that a GCC could end up granting a small cabal a “heckler’s veto” over particular forms of innovation.
• Alternatively, the possibility of “regulatory capture” could be a problem for some GCCs if incumbent companies come to dominate their membership.
• Even if everything went fairly smoothly and the GCCs produced balanced reports and recommendations, future developers might wonder if and why they are to be bound by older guidelines.
• And if those future developers choose not to play by the same set of guidelines, what’s the penalty for non-compliance?
• And how are such guidelines enforced in a world where what I’ve called “global innovation arbitrage” is an increasing reality?

Challenging Questions for Both Hard and Soft Law

To summarize, whether we are speaking of “hard” or “soft” law approaches to technological governance, I am just not nearly as optimistic as Wallach seems to be that we will be able to find consensus on these three things:

(1) what constitutes “harm” in many of these circumstances;

(2) which “shared values” should prevail when “society” debates the shaping of ethics or guiding norms for emerging technologies but has highly contradictory opinions about those values (consider online privacy as a good example, where many people enjoy hyper-sharing while other demand hyper-privacy); and,

(3) that we can create a legitimate “governing body” (or bodies) that will be responsible for formulating these guidelines in a fair way without completely derailing the benefits of innovation in new fields and also remaining relevant for very long.

Nonetheless, as he and others have suggested, the benefit of adopting a soft law/informal governance approach to these issues is that it at least seeks to address these questions in more flexible and adaptive fashion. As I noted in my book, traditional regulatory systems “tend to be overly rigid, bureaucratic, inflexible, and slow to adapt to new realities. They focus on preemptive remedies that aim to predict the future, and future hypothetical problems that may not ever come about. Worse yet, administrative regulation generally preempts or prohibits the beneficial experiments that yield new and better ways of doing things.” ( Permissionless Innovation, p. 120)

So, despite the questions I have raised here, I welcome the more flexible soft law approach that Wallach sets forth in his book. I think it represents a far more constructive way forward when compared to the opposite “top-down” or “command-and-control” regulatory systems of the past. But I very much want to make sure that even these new and more flexible soft law approaches leave plenty of breathing room for ongoing trial-and-error experimentation with new technologies and systems.

Conclusion

In closing, I want to reiterate that not only did I appreciate the excellent questions raised by Wendell Wallach in A Dangerous Master, but I take them very seriously. When I sat down to revise and expand my Permissionless Innovation book last year, I decided to include this warning from Wallach in my revised preface: “The promoters of new technologies need to speak directly to the disquiet over the trajectory of emerging fields of research. They should not ignore, avoid, or superficially dampen criticism to protect scientific research.” (p. 28–9)

As I noted, in response to Wallach: “I take this charge seriously, as should others who herald the benefits of permissionless innovation as the optimal default for technology policy. We must be willing to take on the hard questions raised by critics and then also offer constructive strategies for dealing with a world of turbulent technological change.”

Serious questions deserve serious answers. Of course, sometimes those posing those questions fail to provide many answers of their own! Perhaps it is because they believe the questions answer themselves. Other times, it’s because they are willing to admit that easy answers to these questions typically prove quite elusive. In Wallach’s case, I believe it’s more the latter.

To wrap up, I’ll just reiterated that both Wallach and I share a common desire to find solutions to the hard questions about technological innovation. But the crucial question that probably separates his worldview and my own is this: Whether we are talking about hard or soft governance, how much faith should we place in preemptive planning vs. ongoing trial and error experimentation to solve technological challenges? Wallach is more inclined to believe we can divine these things with the sagacious foresight of “accomplished elders” and technocratic “issue managers,” who will help us slow things down until we figure out how to properly ease a new technology into society (if at all). But I believe that the only way we will find many of the answers we are searching for is by allowing still more experimentation with the very technologies that he and others seek to control the development of. We humans are outstanding problem-solvers and have the uncanny ability among all mammals to adapt to changing circumstances. We roll with the punches, learn from them, and become more resilient in the process. As I noted in my 2014 essay, “Muddling Through: How We Learn to Cope with Technological Change”:

we modern pragmatic optimists must continuously point to the unappreciated but unambiguous benefits of technological innovation and dynamic change. But we should also continue to remind the skeptics of the amazing adaptability of the human species in the face of adversity. [. . .] Humans have consistently responded to technological change in creative, and sometimes completely unexpected ways. There’s no reason to think we can’t get through modern technological disruptions using similar coping and adaptation strategies.

Will the technologies that Wallach fears bring about a “techstorm” that overwhelms our culture, our economy, and even our very humanity? It’s certainly possible, and we should continue to seriously discuss the issues that he and other skeptics raise about our expanding technological capabilities and the potential for many of them to do great harm. Because some of them truly could.

But it is equally plausible—in fact, some of us would say, highly probable—that instead of overwhelming us, we learn how to bend these new technological capabilities to our will and make them work for our collective benefit. Instead of technology becoming “a dangerous master,” we will instead make it our helpful servant, just as we have so many times before.

APPENDIX: When Does Precaution Make Sense?

[excerpt from chapter 3 of Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom. Footnotes omitted. See book for all references.]

But aren’t there times when a certain degree of precautionary policymaking makes good sense? Indeed, there are, and it is important to not dismiss every argument in favor of precautionary principle–based policymaking, even though it should not be the default policy rule in debates over technological innovation.

The challenge of determining when precautionary policies make sense comes down to weighing the (often limited) evidence about any given technology and its impact and then deciding whether the potential downsides of unrestricted use are so potentially catastrophic that trial-and-error experimentation simply cannot be allowed to continue. There certainly are some circumstances when such a precautionary rule might make sense. Governments restrict the possession of uranium and bazookas, to name just two obvious examples.

Generally speaking, permissionless innovation should remain the norm in the vast majority of cases, but there will be some scenarios where the threat of tangible, immediate, irreversible, catastrophic harm associated with new innovations could require at least a light version of the precautionary principle to be applied.  In these cases, we might be better suited to think about when an “anti-catastrophe principle” is needed, which narrows the scope of the precautionary principle and focuses it more appropriately on the most unambiguously worst-case scenarios that meet those criteria.

But most cases don’t fall into this category. Instead, we generally allow innovators and consumers to freely experiment with technologies, and even engage in risky behaviors, unless a compelling case can be made that precautionary regulation is absolutely necessary.  How is the determination made regarding when precaution makes sense? This is where the role of benefit-cost analysis (BCA) and regulatory impact analysis is essential to getting policy right.  BCA represents an effort to formally identify the tradeoffs associated with regulatory proposals and, to the maximum extent feasible, quantify those benefits and costs.  BCA generally cautions against preemptive, precautionary regulation unless all other options have been exhausted—thus allowing trial-and-error experimentation and “learning by doing” to continue. (The mechanics of BCA are discussed in more detail in section VII.)

This is not the end of the evaluation, however. Policymakers also need to consider the complexities associated with traditional regulatory remedies in a world where technological control is increasingly challenging and quite costly. It is not feasible to throw unlimited resources at every problem, because society’s resources are finite.  We must balance risk probabilities and carefully weigh the likelihood that any given intervention has a chance of creating positive change in a cost-effective fashion.  And it is also essential to take into account the potential unintended consequences and long-term costs of any given solution because, as Harvard law professor Cass Sunstein notes, “it makes no sense to take steps to avert catastrophe if those very steps would create catastrophic risks of their own.”  “The precautionary principle rests upon an illusion that actions have no consequences beyond their intended ends,” observes Frank B. Cross of the University of Texas. But “there is no such thing as a risk-free lunch. Efforts to eliminate any given risk will create some new risks,” he says.

Oftentimes, after working through all these considerations about whether to regulate new technologies or technological processes, the best solution will be to do nothing because, as noted throughout this book, we should never underestimate the amazing ingenuity and resiliency of humans to find creative solutions to the problems posed by technological change.  (Section V discusses the importance of individual and social adaptation and resiliency in greater detail.) Other times we might find that, while some solutions are needed to address the potential risks associated with new technologies, nonregulatory alternatives are also available and should be given a chance before top-down precautionary regulations are imposed. (Section VII considers those alternative solutions in more detail.)

Finally, it is again essential to reiterate that we are talking here about the dangers of precautionary thinking as a public policy prerogative—that is, precautionary regulations that are mandated and enforced by government officials. By contrast, precautionary steps may be far more wise when undertaken in a more decentralized manner by individuals, families, businesses, groups, and other organizations. In other words, as I have noted elsewhere in much longer articles on the topic, “there is a different choice architecture at work when risk is managed in a localized manner as opposed to a society-wide fashion,” and risk-mitigation strategies that might make a great deal of sense for individuals, households, or organizations, might not be nearly as effective if imposed on the entire population as a legal or regulatory directive.

Finally, at times, more morally significant issues may exist that demand an even more exhaustive exploration of the impact of technological change on humanity. Perhaps the most notable examples arise in the field of advance medical treatments and biotechnology. Genetic experimentation and human cloning, for example, raise profound questions about altering human nature or abilities as well as the relationship between generations.

The case for policy prudence in these matters is easier to make because we are quite literally talking about the future of what it means to be human.  Controversies have raged for decades over the question of when life begins and how it should end. But these debates will be greatly magnified and extended in coming years to include equally thorny philosophical questions.  Should parents be allowed to use advanced genetic technologies to select the specific attributes they desire in their children? Or should parents at least be able to take advantage of genetic screening and genome modification technologies that ensure their children won’t suffer from specific diseases or ailments once born?

Outside the realm of technologically enhanced procreation, profound questions are already being raised about the sort of technological enhancements adults might make to their own bodies. How much of the human body can be replaced with robotic or bionic technologies before we cease to be human and become cyborgs?  As another example, “biohacking”—efforts by average citizens working together to enhance various human capabilities, typically by experimenting on their own bodies —could become more prevalent in coming years.  Collaborative forums, such as Biohack.Me, already exist where individuals can share information and collaborate on various projects of this sort.  Advocates of such amateur biohacking sometimes refer to themselves as “grinders,” which Ben Popper of the Verge defines as “homebrew biohackers [who are] obsessed with the idea of human enhancement [and] who are looking for new ways to put machines into their bodies.”

These technologies and capabilities will raise thorny ethical and legal issues as they advance. Ethically, they will raise questions of what it means to be human and the limits of what people should be allowed to do to their own bodies. In the field of law, they will challenge existing health and safety regulations imposed by the FDA and other government bodies.

Again, most innovation policy debates—including most of the technologies discussed throughout this book—do not involve such morally weighty questions. In the abstract, of course, philosophers might argue that every debate about technological innovation has an impact on the future of humanity and “what it means to be human.” But few have much of a direct influence on that question, and even fewer involve the sort of potentially immediate, irreversible, or catastrophic outcomes that should concern policymakers.

In most cases, therefore, we should let trial-and-error experimentation continue because “experimentation is part and parcel of innovation” and the key to social learning and economic prosperity.  If we froze all forms of technological innovation in place while we sorted through every possible outcome, no progress would ever occur. “Experimentation matters,” notes Harvard Business School professor Stefan H. Thomke, “because it fuels the discovery and creation of knowledge and thereby leads to the development and improvement of products, processes, systems, and organizations.”

Of course, ongoing experimentation with new technologies always entails certain risks and potential downsides, but the central argument of this book is that (a) the upsides of technological innovation almost always outweigh those downsides and that (b) humans have proven remarkably resilient in the face of uncertain, ever-changing futures.

In sum, when it comes to managing or coping with the risks associated with technological change, flexibility and patience is essential. One size most certainly does not fit all. And one-size-fits-all approaches to regulating technological risk are particularly misguided when the benefits associated with technological change are so profound. Indeed, “[t]echnology is widely considered the main source of economic progress”; therefore, nothing could be more important for raising long-term living standards than creating a policy environment conducive to ongoing technological change and the freedom to innovate.

The Obama Administration has just released a draft “Consumer Privacy Bill of Rights Act of 2015.” Generally speaking, the bill aims to translate fair information practice principles (FIPPs) — which have traditionally been flexible and voluntary guidelines — into a formal set of industry best practices that would be federally enforced on private sector digital innovators. This includes federally-mandated Privacy Review Boards, approved by the Federal Trade Commission, the agency that will be primarily responsible for enforcing the new regulatory regime.

Many of the principles found in the Administration’s draft proposal are quite sensible as best practices, but the danger here is that they could soon be converted into a heavy-handed, bureaucratized regulatory regime for America’s highly innovative, data-driven economy.

No matter how well-intentioned this proposal may be, it is vital to recognize that restrictions on data collection could negatively impact innovation, consumer choice, and the competitiveness of America’s digital economy.

Online privacy and security is vitally important, but we should look to use alternative and less costly approaches to protecting privacy and security that rely on education, empowerment, and targeted enforcement of existing laws. Serious and lasting long-term privacy protection requires a layered, multifaceted approach incorporating many solutions.

That is why flexible data collection and use policies and evolving best practices will ultimately serve consumers better than one-size-fits all, top-down regulatory edicts. Instead of imposing these FIPPs in a rigid regulatory fashion, privacy and security best practices will need to evolve gradually to new marketplace realities and be applied in a more organic and flexible fashion, often outside the realm of public policy.

Regulatory approaches, like the Obama Administration’s latest proposal, will instead impose significant costs on consumers and the economy. Data is the fuel that powers our information economy. Privacy-related mandates that curtail the use of data to better target or personalize new services could raise costs for consumers. There is no free lunch. Something has to pay for all the wonderful free sites and services we enjoy today. If data can’t be used to cross-subsidize those services, prices will go up.

Data regulations could also indirectly cost consumers by diminishing the abundance of content and culture now supported by the data-driven economy. In other words, even if prices and paywalls don’t go up, quantity or quality could suffer if data collection is restricted.

Data regulations could also hurt the competitiveness of domestic markets and the global competitive advantage that America’s tech sector has in this space. That regulatory burden would fall hardest on smaller operators and new start-ups. Today’s “app economy” has given countless small innovators a chance to compete on even footing with the biggest players. Burdensome data collection restrictions could short-circuit the engine that drives entrepreneurial innovation among mom-and-pop companies if ad dollars get consolidated in the hands of only the larger companies that can afford to comply with new rules.

We don’t want to go down the path the European Union charted in the 1990s with heavy-handed data directives. That suffocated high-tech entrepreneurialism and innovation there. America’s Internet sector came to be the envy of the world because our more flexible, light-touch regulatory regime leaves more breathing room for competition and innovation compared to Europe’s top-down regime. We should not abandon that approach now.

Finally, the Obama Administration’s proposal deals exclusively with private sector data collection and has nothing to say about government surveillance activities. The Administration would be wise to channel its energies into that far more significant privacy problem first.

Additional Reading from Adam Thierer of the Mercatus Center

Law Review Articles:

• “The Pursuit of Privacy in a World Where Information Control is Failing,” Harvard Journal of Law and Public Policy, Vol. 36, No. 2, (2013).
• “A Framework for Benefit-Cost Analysis in Digital Privacy Debates,” George Mason Law Review, Vol. 20, No. 4, (2013).
• “Privacy Law’s Precautionary Principle Problem,” Maine Law Review, Vol. 66, No. 2 (2014).
• “The Internet of Things and Wearable Technology: Addressing Privacy and Security Concerns without Derailing Innovation,” Richmond Journal of Law and Technology, Vol. 21 (2015).
• “Technopanics, Threat Inflation, and the Danger of an Information Technology Precautionary Principle,” Minnesota Journal of Law, Science & Technology, Vol. 14, No. 1, (2013).

Testimony / Filings

• Testimony before the Senate Commerce Committee on the Internet of Things, February 11, 2015.
• Testimony before the Senate Commerce Committee on Privacy, Data Collection & Do Not Track, April 24, 2013.
• Filing to the Federal Trade Commission on Privacy & Security Implications of the Internet of Things, May 31, 2013.
• Filing to the Federal Trade Commission on Protecting Consumer Privacy in an Era of Rapid Change, February 22, 2011.

Much of my recent research and writing has been focused on the contrast between “permissionless innovation” (the notion that innovation should generally be allowed by default) versus its antithesis, the “precautionary principle” (the idea that new innovations should be discouraged or even disallowed until their developers can prove that they won’t cause any harms).  I have discussed this dichotomy in three recent law review articles, a couple of major agency filings, and several blog posts. Those essays are listed at the end of this post.

In this essay, I want to discuss a recent speech by Federal Trade Commission (FTC) Chairwoman Edith Ramirez and show how precautionary principle thinking is increasingly creeping into modern information technology policy discussions, prompted by the various privacy concerns surrounding “big data” and the “Internet of Things” among other information innovations and digital developments.

First, let me recap the core argument I make in my recent articles and filings. It can be summarized as follows:

• If public policy is guided at every turn by the precautionary mindset then innovation becomes impossible because of fear of the unknown. Hypothetical worst-case scenarios trump all other considerations under this mentality. Social learning and economic opportunities become far less likely under such a policy regime. In practical terms, it means fewer services, lower quality goods, higher prices, diminished economic growth, and a decline in the overall standard of living. (See this essay and this one.)
• Wisdom is born of experience, including experiences involving risk and the possibility of mistakes and accidents. Patience and a general openness to permissionless innovation represent the wise disposition toward new technologies not only because it provides breathing space for future entrepreneurialism, but also because it provides an opportunity to observe both the evolution of societal attitudes toward new technologies and how citizens adapt to them. (See this essay.)
• Not every wise ethical principle, social norm, or industry best practice automatically makes for wise public policy. If we hope to preserve a free and open society, we simply cannot convert every ethical directive or norm — no matter how sensible — into a legal directive or else the scope of human freedom and innovation will need to shrink precipitously. (See this essay.)
• The best solutions to complex social problems are organic and “bottom-up” in nature. User education and empowerment, informal household media rules, social pressure, societal norms, and targeted enforcement of existing legal norms (especially through the common law) are almost always superior to “top-down,” command-and-control regulatory edits and bureaucratic schemes of a “Mother, May I” nature. (See this essay).
• For the preceding reasons, when it comes to information technology policy, “permissionless innovation” should, as a general rule, trump “precautionary principle” thinking. To the maximum extent possible, the default position toward new forms of technological innovation should be “innovation allowed,” or what Paul Ohm has appropriately labeled the “anti-Precautionary Principle.” (See this essay.)

Again, we are today witnessing the clash of these conflicting worldviews in a fairly vivid way in many current debates about online commercial data collection, “big data,” and the so-called “Internet of Things.” For example, FTC Chairwoman Ramirez recently delivered a speech at the annual Technology Policy Institute Aspen Forum on the topic of “The Privacy Challenges of Big Data: A View from the Lifeguard’s Chair.” Ramirez made several provocative assertions and demands in the speech, but here’s the one “commandment” I really want to focus on. Claiming that “One risk is that the lure of ‘big data’ leads to the indiscriminate collection of personal information,” Chairwoman Ramirez went on to argue:

The indiscriminate collection of data violates the First Commandment of data hygiene: Thou shall not collect and hold onto personal information unnecessary to an identified purpose. Keeping data on the offchance that it might prove useful is not consistent with privacy best practices. And remember, not all data is created equally. Just as there is low quality iron ore and coal, there is low quality, unreliable data. And old data is of little value. (emphasis added)

And later in the speech she goes on to argue that “Information that is not collected in the first place can’t be misused” and then suggests a parade of horribles that will befall if such data collection is allowed at all.

The Problem with “Mother, May I”?

So here we have a rather succinct articulation of precautionary principle thinking as applied to modern data collection practices. Chairwoman Ramirez is essentially claiming that — because there are various privacy risks associated with data collection and aggregation — we must consider preemptive and potentially highly restrictive approaches to the initial collection and aggregation of data.

The problem with that logic should be fairly obvious and it was perfectly identified by the great political scientist Aaron Wildavsky in his seminal 1988 book Searching for Safety. Wildavsky warned of the dangers of the “trial without error” mentality — otherwise known as the precautionary principle approach — and he contrasted it with the trial-and-error method of evaluating risk and seeking wise solutions to it. Wildavsky argued that:

The direct implication of trial without error is obvious: If you can do nothing without knowing first how it will turn out, you cannot do anything at all. An indirect implication of trial without error is that if trying new things is made more costly, there will be fewer departures from past practice; this very lack of change may itself be dangerous in forgoing chances to reduce existing hazards. (emphasis added)

Let’s apply that lesson to Chairwoman Ramirez’s speech. When she argues that “Information that is not collected in the first place can’t be misused,” there is absolutely no doubt that her statement is true. But it is equally true that information that is not collected at all is information that might have been used to provide us with the next “killer app” or the great gadget or digital service that we cannot currently contemplate but that some innovative entrepreneur out there might be looking to develop.

Likewise, claiming that “old data is of little value” and issuing the commandment that “Thou shall not collect and hold onto personal information unnecessary to an identified purpose” reveals a rather stunning arrogance about the possibility of serendipitous data discovery: Either Chairwoman Ramirez doesn’t think it can happen or she doesn’t care if it does. But the reality is that the cornucopia of innovation information options and opportunities we have at our disposal today was driven in large part by data collection, including personal data collection. And often those innovations were not part of some initial grand design; instead they came about through the discovery of new and interesting things that could be done with data after the fact.

For example, many of the information services and digital technologies that we enjoy and take for granted today — language translation tools, mobile traffic services, digital mapping technologies, spam and fraud detection tools, instant spell-checkers, and so on — came about not necessarily because of some initial grand design but rather through innovative thinking after-the-fact about how preexisting data sets might be used in interesting new ways. As Viktor Mayer-Schonberger and Kenneth Cukier point out in their recent book, Big Data: A Revolution That Will Transform How We Live, Work, and Think, “data’s value needs to be considered in terms of all the possible ways it can be employed in the future, not simply how it is used in the present.” “In the big-data age,” they note, “data is like a magical diamond mine that keeps on giving long after its principle value has been tapped.” (p. 103-4)

In any event, if the new policy in the United States is to follow Chairwoman Ramirez’s pronouncement that “Keeping data on the offchance that it might prove useful is not consistent with privacy best practices,” then much of the information economy as we know it today will need to be shut down. At a minimum, entrepreneurs will need to start hiring a lot more lobbyists who can sit in Washington and petition the FTC or other policymakers for permission to innovate whenever they have an interesting new idea for how to use data in order to offer us a new service that was not initially collected for a previously stated purpose. Again, it’s “Mother, May I” regulation and we had better get used to a lot more of it if we go down the path that Chairwoman Ramirez is charting.

Alternative, Less-Restrictive Remedies

But here’s the biggest flaw in Chairwoman Ramirez’s reasoning: There is no need for preemptive, prophylactic, precautionary approaches when less-restrictive and potentially equally effective remedies exist.

The title of Ramirez’s speech was subtitled “A View from the Lifeguard’s Chair,” implying that her role is oversee online practices to ensure consumers are safe. That’s a noble intention, but based on some of her remarks, one is left wondering if her true intention is to just drain the information oceans instead.

But there are better ways to deal with dangerous digital waters. In my work on both online child safety and commercial data privacy, I have argued that the best answer to these complex social problems is a mix of technological controls, social pressure and, informal rules and norms, and, most importantly, education and digital literacy efforts.  And government can play an important role by helping educate and empower citizens to help prepare them for our new media environment.

That was the central finding of a blue-ribbon panel of experts convened in 2002 by the National Research Council of the National Academy of Sciences to study how best to protect children in the new, interactive, “always-on” multimedia world. Under the leadership of former U.S. Attorney General Richard Thornburgh, the group produced an amazing report entitled Youth, Pornography, and the Internet, which outlined a sweeping array of methods and technological controls for dealing with potentially objectionable media content or online dangers. Ultimately, however, the experts used a compelling metaphor to explain why education was the most important tool on which parents and policymakers should rely:

Technology—in the form of fences around pools, pool alarms, and locks—can help protect children from drowning in swimming pools. However, teaching a child to swim—and when to avoid pools—is a far safer approach than relying on locks, fences, and alarms to prevent him or her from drowning. Does this mean that parents should not buy fences, alarms, or locks? Of course not—because they do provide some benefit. But parents cannot rely exclusively on those devices to keep their children safe from drowning, and most parents recognize that a child who knows how to swim is less likely to be harmed than one who does not. Furthermore, teaching a child to swim and to exercise good judgment about bodies of water to avoid has applicability and relevance far beyond swimming pools—as any parent who takes a child to the beach can testify. (p. 224)

Regrettably, as I noted in my old book on online safety, we often fail to teach our children how to swim in the new media waters. Indeed, to extend the metaphor, it is as if we are generally adopting an approach that is more akin to just throwing kids in the deep water and waiting to see what happens. The same is true for digital privacy. We sometimes expect both kids and adults to figure out how to swim in these information currents without a little training first.

To rectify this situation, a serious media literacy and digital citizenship agenda is needed in America. Media literacy programs teach children and adults alike to think critically about media, and to better analyze and understand the messages that media providers are communicating.  I went on to argue in my old book that government should push media literacy efforts at every level of the education process. And those efforts should be accompanied by widespread public awareness campaigns to better inform parents about the parental control tools, rating systems, online safety tips, and other media control methods at their disposal.

In the three recent law review articles listed below, I extended this model to privacy and showed how this bottom-up, education and empowerment-based approach is equally applicable to all the debates we are having today about commercial data collection. And I also stressed to vital importance of personal responsibility and corporate responsibility as part of these digital citizenship efforts.

Conclusion

So, in sum, the key question going forward is: Are we going teach people how to swim, or are we going to drain the information oceans based on the fear that people could be harmed by the very existence of some deep data waters?

Chairwoman Ramirez concluded her speech by noting that, “Like the lifeguard at the beach, though, the FTC will remain vigilant to ensure that while innovation pushes forward, consumer privacy is not engulfed by that wave.” As well-intentioned as that sounds, the thrust of her remarks suggest that fear of the water is prompting this particular lifeguard to consider drastic precautionary steps to save us from the potential dangers of those waves. Needless to say, such a mentality and corresponding policy framework would have profound ramifications.

Indeed, let’s be clear about what’s at stake here. This is not about “protecting corporate profits” or Silicon Valley companies. This is about ensuring that individuals as both citizens and consumers continue to enjoy the myriad benefits that accompany an open, innovative information ecosystem. We can find better ways to address the dangers of deep data waters without draining the info-oceans. Let’s teach people how to swim in those waters and how to be responsible data stewards so that we can all continue to enjoy the many benefits of our modern data-driven economy.

 Additional Reading:

Law Review Articles:

• “The Pursuit of Privacy in a World Where Information Control is Failing” – Harvard Journal of Law & Public Policy
• “Technopanics, Threat Inflation, and the Danger of an Information Technology Precautionary Principle” – Minnesota Journal of Law, Science & Technology
• “A Framework for Benefit-Cost Analysis in Digital Privacy Debates” – George Mason University Law Review

Blog posts:

• “Who Really Believes in ‘Permissionless Innovation’?” – March 4, 2013
• “What Does It Mean to ‘Have a Conversation’ about a New Technology?”
• “Planning for Hypothetical Horribles in Tech Policy Debates,” August 6, 2013
• “On the Line between Technology Ethics vs. Technology Policy,” August 1, 2013
• “Can We Adapt to the Internet of Things?” – June 19, 2013 (IAPP Privacy perspectives blog)

Testimony / Filings:

• Senate Testimony on Privacy, Data Collection & Do Not Track – April 24, 2013
• Comments of the Mercatus Center to the FTC in Privacy & Security Implications of the Internet of Things
• Mercatus filing to FAA on commercial domestic drones

The latest edition (Version 4.0) of my PFF special report on “Parental Controls and Online Child Protection: A Survey of Tools & Methods” is now up.  For those not familiar with the report, it explores the market for parental control tools, rating schemes, education and media literacy efforts, and various other tools, methods, and initiatives aimed at promoting online child safety.  After evaluating that state of this market, I conclude: “There has never been a time in our nation’s history when parents have had more tools and methods at their disposal to help them decide what constitutes acceptable media content in their homes and in the lives of their children.”  Moreover, I believe that the parental controls and content management tools cataloged in the report represent a better, less restrictive alternative to government regulation.

Version 4.0 of the report is now over 250 pages long (up from 200 pages in Version 3.0) and it contains almost 70 exhibits (up from 50), 725 references (up from roughly 500), and numerous updates in all five sections of the book. Major updates have been made to the Internet, social networking, and mobile media sections, reflecting the growing importance of those sectors and issues. Other new sections or appendices have also been added to the report, including:

• a new section examining how many households really need parental control tools;
• a new appendix on the downsides of mandatory parental controls and restrictive default settings;
• a new section on the dangers of “deputizing the online middleman” solution as an approach to solving child safety concerns;
• a new appendix reviewing the findings of 5 past online safety task forces;
• … and much more.

I issue major updates once a year and 1 or 2 minor tweaks during the course of the year to reflect the evolution of the parental control and online child safety marketplace and debate. The report is available free-of-charge on the PFF website, and the previous editions of the report are housed there too in case you want to see how it has evolved over the past couple of years. For those interested in taking a quick look at the report, I have embedded it down below the fold as a Scribd file. Finally, as is always the case, I encourage readers to send me updates and suggestions for how to improve the report and I will incorporate them into future versions.

A major new online child safety task report by the “Point Smart. Click Safe.” Blue Ribbon Working Group has just been released. First, some background. In June 2007, the National Cable & Telecommunications Association (NCTA), the principal trade association of the cable industry in the United States, announced “Cable Puts You in Control: PointSmart. ClickSafe.” a new campaign by its members to offer parents assistance in keeping their children safe online.   As part of the initiative, the NCTA hosted a major online child safety summit and also announced the formation of the “Point Smart. Click Safe. Blue Ribbon Working Group” in partnership with the Internet KeepSafe Coalition (iKeepSafe) and Common Sense Media. These three organizations, along with the cable industry’s “Cable in the Classroom” program, agreed to bring together a collection of online safety experts from many disciplines to study these issues and develop a set of “best practice” recommendations that could be implemented across the Internet industry. [Disclosure: It was my pleasure to serve as a member of this blue ribbon working group.]

Today, the “Point Smart. Click Safe.” working group produced its final report and concluded that:

Ensuring children’s online safety is a difficult and complex task that calls for input from and action by a wide variety of stakeholders. There is no “silver bullet”—no single technology or approach that has proved effective. Rather, what is required is:

• A combination of different technologies,
• Continuing digital literacy education for parents, educators, and children, and
• Active participation by all concerned companies, groups and individuals.

Similarly, a singular focus on safety is insufficient. Children must learn to minimize risks but also learn appropriate and ethical behaviors in this digital world. In addition, they need an understanding of media literacy, in order to be able to think critically about the content they consume and increasingly create. Therefore, best practices must be part of a larger effort to provide an entertaining, educational, and safe experience for children.

Compared to previous online child safety task forces, which I will discuss in a subsequent post, the major contribution of this task force was its focus on detailed industry best practices that various online providers could adopt to help parents, policymakers, and law enforcement better keep kids safe online. As the working group’s final report noted:

It should be easy for parents and others to find clear and simple explanations of what information and safety elements exist, how they function, and what a user can do in various circumstances. Therefore, best operating practices should:

• Use clear and common language,
• Be consistent and transparent, and
• Provide information and tools that can vary by age and stage of the user.

These best operating practices should be crafted so that they can be:

• Modified for a specific service or application (e.g. ISP, blog, chat, social network),
• Scaled based on the number of intended or actual users,
• Designed and created as part of the product development cycle, and
• Continuously updated to reflect growth and change in the application or service.

The task force then provided a detailed outline of the many tools and strategies that industries could use to accomplish these goals. I encourage you to check out the “Recommendations for Best Practices” section of the report for more detail since there are far too numerous to itemize here.

As I will point out in a related post later, the “Point Smart. Click Safe.” working group’s findings and recommendation were very much in line with what 4 previous online safety task forces have concluded.  Again, more on that later.  For now, read this report!

Update: Here’s a few links to what others are saying about the report:

• Tech Daily Dose
• PC Magazine
• Broadcasting & Cable
• Internet News.com
• Education Week

• Statements from various members of Congress
• David Burt of Filtering Facts
• iKeepSafe
• Paul Rodriguez of Cable Tech Talk
• Microsoft
• Google
• Verizon
• Family Online Safety Institute

Just FYI, the latest update of my booklet on “Parental Controls and Online Child Protection: A Survey of Tools & Methods” is now live. The new version, Version 3.1, provides minor updates to all sections of the book and a new appendix of relevant research in the field. I issue major updates early each year and 1 or 2 tweaks during the course of the year to reflect the evolution of the parental control and online child safety market and debate.

For those not familiar with the report, it explores the market for parental control tools, rating schemes, education efforts, and initiatives aimed at promoting online child safety. I believe that the parental controls and content management tools cataloged in the report represent a better, less restrictive alternative to government regulation. As I conclude after evaluating that state of the market: “There has never been a time in our nation’s history when parents have had more tools and methods at their disposal to help them decide what constitutes acceptable media content in their homes and in the lives of their children.”

The report is available free-of-charge on the PFF website, and the previous editions of the report are housed there too in case you want to see how it has evolved over the past two years. For those interested in taking a quick look at the report, I have embedded it down below the fold as a Scribd file. Finally, as is always the case, I encourage readers to send me updates and suggestions for how to improve the report and I will incorporate them into future versions.

PFF has just releasing an updated edition of my booklet on “Parental Controls and Online Child Protection: A Survey of Tools & Methods.” The new version, Version 3.0, includes two new appendixes and updates to each section to reflect new parental control tools and programs developed in the last nine months.

The updated report is timely as it comes on the heels of the recently-announced Internet Safety Technical Task Force, which is being chaired by the Berkman Center for Internet & Society at Harvard Law School. I am privileged to serve as a member of the Task Force, which is evaluating various online safety technologies and strategies and then reporting back to state attorneys general with our findings.

Those issues and much more are covered in the latest edition of my report. The report explores the market for parental control tools, rating schemes, education efforts, and initiatives aimed at promoting online child safety. I believe that the parental controls and content management tools cataloged in the report represent a better, less restrictive alternative to government regulation. As I conclude after evaluating that state of the market: “There has never been a time in our nation’s history when parents have had more tools and methods at their disposal to help them decide what constitutes acceptable media content in their homes and in the lives of their children.”

Version 3.0 of the special report, now over 200 pages, contains over fifty exhibits and numerous updates in all five sections of the book. Major updates have been made to the Internet, social networking, and mobile media sections, reflecting the growing importance of those sectors and issues. A greatly expanded section on video empowerment technologies has also been included. Finally, two appendices have also been added: a comprehensive legislative index cataloging over thirty bills introduced in Congress on these issues (complied with John Morris of Center for Democracy & Technology), and a glossary of 35 relevant terms and cases.

The report is available free-of-charge on the PFF website, as are the previous editions. And I am happy to provide hard copies to those who are interested.

PFF has just released my latest paper entitled “Parental Control Perfection? The Impact of the DVR and VOD Boom on the Debate over TV Content Regulation.” In the report, I focus on the extent to which new video technologies, such as digital video recorders (DVRs) and video on demand (VOD) services, are changing the way households consume media and are helping parents better tailor viewing experiences to their tastes and values. I provide evidence showing the rapid spread of these technologies and discuss how parents are using these tools in their homes. Finally, I argue that these developments will have profound implications for debates over the regulation of video programming. As parents are given the ability to more effectively manage their family’s viewing habits and experiences, it will lessen—if not completely undercut—the need for government intervention on their behalf.

This 16-page report can be found at: http://www.pff.org/issues-pubs/pops/pop14.20DVRboomcontentreg.pdf