On the whiteboard that hangs in my office, I have a giant matrix of technology policy issues and the various policy “threat vectors” that might end up driving regulation of particular technologies or sectors. Along with my colleagues at the Mercatus Center’s Technology Policy Program, we constantly revise this list of policy priorities and simultaneously make an (obviously quite subjective) attempt to put some weights on the potential policy severity associated with each threat of intervention. The matrix looks like this: [Sorry about the small fonts. You can click on the image to make it easier to see.]

I use 5 general policy concerns when considering the likelihood of regulatory intervention in any given area. Those policy concerns are:

1. privacy (reputation issues, fear of “profiling” & “discrimination,” amorphous psychological / cognitive harms);
2. safety (health & physical safety or, alternatively, child safety and speech / cultural concerns);
3. security (hacking, cybersecurity, law enforcement issues);
4. economic disruption (automation, job dislocation, sectoral disruptions); and,
5. intellectual property (copyright and patent issues).

I realize that some of these five categories could be sub-divided and refined. I also understand that these five groupings may not encapsulate the full range of potential policy issues out there, but I’ve tried to avoid having too many categories to keep this as conceptually tidy as is possible. However, I might need to add a separate category for civil rights and disabilities-related policy issues eventually. Likewise, “psychological considerations” might deserve its own category because they do not necessarily perfectly fit into either the privacy or safety buckets right now, even though that’s where I have them currently. For example, some privacy activists call for regulation of “big data” and large databases based on fears about how all that data collection makes people feel about themselves. I consider that a privacy-related concern now, but you could imagine that being in a separate category. Meanwhile, there’s long been calls to regulate various types of media content (music, movies, video games, online porn, etc) based on the psychological impact they have on children. Those “media effects” theories have always been considered a child safety issue, which is where I currently have them slotted, but they could probably be its own category that also included concerns about distraction and addiction (which could come to haunt VR technologies in the future).

Anyway, my colleagues and I use this current matrix to help us determine what we should be paying more attention to and what sort of scholarly outputs are needed to address regulatory threats on each front. Generally speaking, this is the portfolio of issues I try to stay on top of full-time at Mercatus as part of our ongoing “Permissionless Innovation” project.

Several people who have seen that matrix in my office tell me I should do something more with it, but I’m not really sure what that something would be. In any event, I thought it might make sense to post it here to give others a feel for the current set of emerging tech policy issues that interest us at Mercatus. I will try to upload new versions of the matrix as that giant whiteboard in my office morphs over time and the list of technologies and regulatory threats changes or grows.

Incidentally, I am often asked to explain the relative weights I’ve assigned to each potential regulatory threat, so I will try to justify some of those rankings here briefly. (Again, it’s all quite subjective and I’m always open to hearing the case for tweaking the rankings.)

• Big Data / Online Marketing / the Internet of Things (IoT): Privacy is the #1 policy threat for these sectors. From a public policy perspective, what unifies these technologies is a growing concern about how expanding private sector data collection efforts could affect our privacy or reputations. We’ve already seen a flurry of legislative and regulatory activity here in the U.S. aimed at placing restrictions on data collection or use. And it goes without saying that other countries, especially in Europe, already impose a wide variety of controls on data collection in the name of privacy protection. There also exists a variety of closely-related security concerns here. But the rise of IoT technologies have introduced safety concerns into the mix in a major way, too. That’s especially true because of the large number of Big Data services and IoT devices that are health and medical related.  Taken together, this is the issue set I spend the majority of my time covering because the privacy and security implications of a data-driven economy already occupies the attention of countless regulatory activists and public policymakers across the globe. I think that will continue to be the case for many years to come.
• Robotics: Safety concerns tend to be the biggest driver of calls for regulation of robotic and autonomous technology. For example, new laws and regulations are already being proposed for driverless cars based on fears about the hacking of connected vehicles. And commercial drones attract policy attention based on safety-related concerns such as whether a drone could strike an airplane, or even just fall on our heads. Proposals have been floated to mandate the equivalent of DRM for drones, which would force drone innovators to embed federally-approved technological controls into their systems designating where they are allowed to fly. Even if most of these concerns are overstated or are currently being dealt with, we can expect more safety-related policy proposals for robotic tech in coming years.  Economic concerns would be a close second here due to the increasing worry that robots will eat all our jobs. At least so far, however, that concern has tended to be more of an academic nature rather than a public policy consideration. And it remains unclear what the policy prescription would be in this regard without becoming a neo-Luddite, “smash-the-machines” sort of proposal. That could change in coming years, however. It all depends on the labor market situation over time. Meanwhile, academics are floating the idea of a Federal Robotics Commission to provide greater policy “expertise” in the form of yet another technocratic Beltway bureaucracy.
• Additive manufacturing / 3D printing: Safety is probably the #1 concern here, although depending on what type of 3D-printed object we are talking about, it could be the case that intellectual property concerns will be a bigger driver of calls for regulatory intervention. A lot of the policy-related concerns around 3D printing today are being driven by worries over things like 3D-printed guns. That’s mostly a safety concern, of course. But it we are talking about the replication of branded commercial objects (3D-printed toys or other things, for example), then IP tends to be the bigger concern. The question of product liability also looms large here and it remains unclear how claims might be sorted out when there are fewer large, deep-pocketed intermediaries to go after in a world of decentralized production. Hopefully, those liability norms will be left to the courts and common law to sort out over time, but I wouldn’t be surprised to see more calls for preemptive legislative interventions here in both directions: i.e., some will call legislators to impose greater liability on certain parties while others will push to immunize intermediaries from punishing forms of liability for the downstream actions of others (like a Sec. 230 norm for 3D printing).
• Medical tech innovation: It goes without saying that traditional safety concerns will drive policy for advanced medical technologies, just as they have for earlier drugs, devices, and treatments. As software continues to “eat the world” and invade the world of health and medicine, regulators are increasingly going to be trying to figure out how to pigeonhole new technologies into old regulatory constructs. That’s why I have been watching how the FDA continues to deal with 3D-printed prosthetics and mobile medical apps on our smartphones. Eventually, the continuing decentralized democratization of 3D printing (driven by rapidly falling costs) will collide with old medical device regulatory realities and a century’s worth of FDA command-and-control style regulation. Oh my, what a fight that will be! And then chemical printers will become more widespread and this issue will get even more intense. The policy fight here is even more interesting because of all the thorny ethical issues pertaining to the rise of embeddable technology, biohacking, and genome innovation. I have a feeling that my policy portfolio will shift rapidly in this direction in coming years as the modern info-tech revolution spreads to the world of medicine and health. I already have two new papers coming out on these issues in the next few weeks.
• Sharing economy: Economic disruption is clearly the big policy issue here. Specifically, many policymakers and incumbent industries aren’t very happy about new entrants coming into their sectors and offering consumers services without strictly complying with traditional regulations. But safety issues often pop up in these debates when regulators or advocates claim we can’t trust sharing economy operators. What’s particularly interesting about this space is how these policy battles are playing out at almost every level of government: federal, state, local, and international. At least thus far, sharing economy innovators tend to be winning most of those battles. But the fight continues.
• Crypto & Bitcoin: I think safety would probably be the biggest issue here, in the sense that policymakers fear a world of unregulated crypto and decentralized blockchain applications are a world in which the “bad guys” will be able to use those technologies to harm the public in some fashion. We’ve heard this all before, of course, but (going all the way back to the Clipper Chip wars) you can always bank on law enforcement officials resorting to Chicken Little claims about terrorists and child predators thriving in a world of unregulated crypto. In many ways, this is the most important of all these policy fights because if the government can regulate crypto and blockchain technologies, it severely undermines the fabric of almost all the other technologies and platforms discussed herein. This is why the current debate over government-mandated “backdoors” is so important; it has profound ramifications for every other tech regulation debate that follows.
• Immersive Tech (VR and augmented reality): This is an amorphous and evolving area that I am getting increasingly interested in, but the policy issues here have yet to come into clear focus. However, when Google Glass was launched, there was a brief technopanic of sorts over its privacy and security ramifications. Those concerns have subsided a bit as Google Glass has seemingly faded away (probably because of its high price point more than because of its privacy concerns), but I suspect that future iterations of augmented reality technologies will raise similar concerns. That will especially be true as more sophisticated biometric (and facial recognition) capabilities are integrated into them. Academics are already wondering how to enforce “notice and consent” privacy norms and rules in a world where everyone is wearing miniature body cams and heads-up displays in their sunglasses. I’m not sure it’s even possible, but that debate will continue and include all sorts of calls for technological controls. OK, that’s augmented reality, but what about virtual reality technologies? I think safety concerns could drive some policy proposals as critics grow concerned about the psychological implications of people (especially kids) spending more and more time in immersive virtual worlds. In that sense, we might see a replay of the earlier debate over violent video games and/or video game addition. But it remains to be seen.

Incidentally, I use this matrix and provide more context to it in my big presentation on “Permissionless Innovation & the Clash of Visions over Emerging Technologies.” [It’s embedded below.] And I discuss most of these issues in more detail in my book, Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom. I am in the process of finishing up the second edition of that book and will be expanding the case studies about the issues discussed above. Finally, I discussed many of these policy threats during my recent appearance on the Andreessen Horowitz podcast.

Update 10/2/15: For another take on various new technology trends and the potential policy issues they raise, check out this report from the World Economic Forum, Deep Shift: Technology Tipping Points and Societal Impact. The WEF report identifies 21 technology “shifts” and then groups them into six “mega-trend” categories. Almost all these issues are on my matrix above, but the WEF report provides some nice additional context on why each technology trend will be so disruptive.

I suppose it was inevitable that the DRM wars would come to the world of drones. Reporting for the Wall Street Journal today, Jack Nicas notes that:

In response to the drone crash at the White House this week, the Chinese maker of the device that crashed said it is updating its drones to disable them from flying over much of Washington, D.C.SZ DJI Technology Co. of Shenzhen, China, plans to send a firmware update in the next week that, if downloaded, would prevent DJI drones from taking off within the restricted flight zone that covers much of the U.S. capital, company spokesman Michael Perry said.

Washington Post reporter Brian Fung explains what this means technologically:

The [DJI firmware] update will add a list of GPS coordinates to the drone’s computer telling it where it can and can’t go. Here’s how that system works generally: When a drone comes within five miles of an airport, Perry explained, an altitude restriction gets applied to the drone so that it doesn’t interfere with manned aircraft. Within 1.5 miles, the drone will be automatically grounded and won’t be able to fly at all, requiring the user to either pull away from the no-fly zone or personally retrieve the device from where it landed. The concept of triggering certain actions when reaching a specific geographic area is called “geofencing,” and it’s a common technology in smartphones. Since 2011, iPhone owners have been able to create reminders that alert them when they arrive at specific locations, such as the office.

This is complete overkill and it almost certainly will not work in practice. First, this is just DRM for drones, and just as DRM has failed in most other cases, it will fail here as well. If you sell somebody a drone that doesn’t work within a 15-mile radius of a major metropolitan area, they’ll be online minutes later looking for a hack to get it working properly. And you better believe they will find one.

Second, other companies or even non-commercial innovators will just use such an opportunity to promote their DRM-free drones, making the restrictions on other drones futile.

Perhaps, then, the government will push for all drone manufacturers to include DRM on their drones, but that’s even worse. The idea that the Washington, DC metro area should be a completely drone-free zone is hugely troubling. We might as well put up a big sign at the edge of town that says, “Innovators Not Welcome!”

And this isn’t just about commercial operators either. What would such a city-wide restriction mean for students interested in engineering or robotics in local schools? Or how about journalists who might want to use drones to help them report the news?

For these reasons, a flat ban on drones throughout this or any other city just shouldn’t fly.

Moreover, the logic behind this particular technopanic is particularly silly. It’s like saying that we should install some sort of kill switch in all automobile ignitions so that they will not start anywhere in the DC area on the off chance that one idiot might use their car to drive into the White House fence. We need clear and simple rules for drone use; not technically-unworkable and unenforceable bans on all private drone use in major metro areas.

[ Update 1/30: Washington Post reporter Matt McFarland was kind enough to call me and ask for comment on this matter. Here’s his excellent story on “The case for not banning drone flights in the Washington area,” which included my thoughts.]

The Federal Communications Commission (FCC) recently sought additional comment on whether it should eliminate its network non-duplication and syndicated exclusivity rules (known as the “broadcasting exclusivity” rules). It should just as well have asked whether it should eliminate its rules governing broadcast television. Local TV stations could not survive without broadcast exclusivity rights that are enforceable both legally and practicably.

The FCC’s broadcast exclusivity rules “do not create rights but rather provide a means for the parties to exclusive contracts to enforce them through the Commission rather than the courts.” (Broadcast Exclusivity Order, FCC 88-180 at ¶ 120 (1988)) The rights themselves are created through private contracts between TV stations and video programming vendors in the same manner that MVPDs create exclusive rights to distribute cable network programming.

Local TV stations typically negotiate contracts for the exclusive distribution of national broadcast network or syndicated programming in their respective local markets in order to preserve their ability to obtain local advertising revenue. The FCC has long recognized that, “When the same program a [local] broadcaster is showing is available via cable transmission of a duplicative [distant] signal, the [local] broadcaster will attract a smaller audience, reducing the amount of advertising revenue it can garner.” (Program Access Order, FCC 12-123 at ¶ 62 (2012)) Enforceable broadcast exclusivity agreements are thus necessary for local TV stations to generate the advertising revenue that is necessary for them to survive the government’s mandatory broadcast television business model.

The FCC determined nearly fifty years ago that it is an anticompetitive practice for multichannel video programming distributors (MVPDs) to import distant broadcast signals into local markets that duplicate network and syndicated programming to which local stations have purchased exclusive rights. ( See First Exclusivity Order, 38 FCC 683, 703-704 (1965)) Though the video marketplace has changed since 1965, the government’s mandatory broadcast business model is still required by law, and MVPD violations of broadcast exclusivity rights are still anticompetitive.

The FCC adopted broadcast exclusivity procedures to ensure that broadcasters, who are legally prohibited from obtaining direct contractual relationships with viewers or economies of scale, could enjoy the same ability to enforce exclusive programming rights as larger MVPDs. The FCC’s rules are thus designed to “allow all participants in the marketplace to determine, based on their own best business judgment, what degree of programming exclusivity will best allow them to compete in the marketplace and most effectively serve their viewers.” (Broadcast Exclusivity Order at ¶ 125.)

When it adopted the current broadcast exclusivity rules, the FCC concluded that enforcement of broadcast exclusivity agreements was necessary to counteract regulatory restrictions that prevent TV stations from competing directly with MVPDs. Broadcasters suffer the diversion of viewers to duplicative programming on MVPD systems when local TV stations choose to exhibit the most popular programming, because that programming is the most likely to be duplicated. ( See Broadcast Exclusivity Order at ¶ 62.) Normally firms suffer their most severe losses when they fail to meet consumer demand, but, in the absence of enforceable broadcast exclusivity agreements, this relationship is reversed for local TV stations: they suffer their most severe losses precisely when they offer the programming that consumers desire most.

The fact that only broadcasters suffer this kind of [viewership] diversion is stark evidence, not of inferior ability to be responsive to viewers’ preferences, but rather of the fact that broadcasters operate under a different set of competitive rules. All programmers face competition from alternative sources of programming. Only broadcasters face, and are powerless to prevent, competition from the programming they themselves offer to viewers. (Id. at ¶ 42.)

The FCC has thus concluded that, if TV stations were unable to enforce exclusive contracts through FCC rules, TV stations would be competitively handicapped compared to MVPDs. ( See id. at ¶ 162.)

Regulatory restrictions effectively prevent local TV stations from enforcing broadcast exclusivity agreements through preventative measures and in the courts: (1) prohibitions on subscription television and the use of digital rights management (DRM) prevent broadcasters from protecting their programming from unauthorized retransmission, and (2) stringent ownership limits prevent them from obtaining economies of scale.

Preventative measures may be the most cost effective way to protect digital content rights. Most digital content is distributed with some form of DRM because, as Benjamin Franklin famously said, “an ounce of prevention is worth a pound of cure.” MVPDs, online video distributors, and innumerable Internet companies all use DRM to protect their digital content and services — e.g., cable operators use the CableCard standard to limit distribution of cable programming to their subscribers only.

TV stations are the only video distributors that are legally prohibited from using DRM to control retransmission of their primary programming. The FCC adopted a form of DRM for digital television in 2003 known as the “broadcast flag”, but the DC Circuit Court of Appeals struck it down.

The requirement that TV stations offer their programming “at no direct charge to viewers” effectively prevents them from having direct relationships with end users. TV stations cannot require those who receive their programming over-the-air to agree to any particular terms of service or retransmission limitations through private contract. As a result, TV stations have no way to avail themselves of the types of contractual protections enjoyed by MVPDs who offer services on a subscription basis.

The subscription television and DRM prohibitions have a significant adverse impact on the ability of TV stations to control the retransmission and use of their programming. The Aereo litigation provides a timely example. If TV stations offered their programming on a subscription basis using the CableCard standard, the Aereo “business” model would not exist and the courts would not be tying themselves into knots over potentially conflicting interpretations of the Copyright Act. Because they are legally prohibited from using DRM to prevent companies like Aereo from receiving and retransmitting their programming in the first instance, however, TV stations are forced to rely solely on after-the-fact enforcement to protect their programming rights — i.e., protected and uncertain litigation in multiple jurisdictions.

Localism policies make after-the-fact enforcement particularly cost for local TV stations. The stringent ownership limits that prevent TV stations from obtaining economies of scale have the effect of subjecting TV stations to higher enforcement costs relative to other digital rights holders. In the absence of FCC rules enforcing broadcast exclusivity agreements, family owned TV stations could be forced to defend their rights in court against significantly larger companies who have the incentive and ability to use litigation strategically.

In sum, the FCC’s non-duplication and syndication rules balance broadcast regulatory limitations by providing clear mechanisms for TV stations to communicate their contractual rights to MVPDs, with whom they have no direct relationship, and enforce those rights at the FCC (which is a strong deterrent to the potential for strategic litigation). There is nothing unfair or over-regulatory about FCC enforcement in these circumstances. So why is the FCC asking whether it should eliminate the rules?

When it comes to information control, everybody has a pet issue and everyone will be disappointed when law can’t resolve it. I was reminded of this truism while reading a provocative blog post yesterday by computer scientist Ben Adida entitled “(Your) Information Wants to be Free.” Adida’s essay touches upon an issue I have been writing about here a lot lately: the complexity of information control — especially in the context of individual privacy. [See my essays on “Privacy as an Information Control Regime: The Challenges Ahead,” “And so the IP & Porn Wars Give Way to the Privacy & Cybersecurity Wars,” and this recent FTC filing.]

In his essay, Adida observes that:

In 1984, Stewart Brand famously said that information wants to be free. John Perry Barlow reiterated it in the early 90s, and added “Information Replicates into the Cracks of Possibility.” When this idea was applied to online music sharing, it was cool in a “fight the man!” kind of way. Unfortunately, information replication doesn’t discriminate: your personal data, credit cards and medical problems alike, also want to be free. Keeping it secret is really, really hard.

Quite right. We’ve been debating the complexities of information control in the Internet policy arena for the last 20 years and I think we can all now safely conclude that information control is hugely challenging regardless of the sort of information in question. As I’ll note below, that doesn’t mean control is impossible, but the relative difficulty of slowing or stopping information flows of all varieties has increased exponentially in recent years.

But Adida’s more interesting point is the one about the selective morality at play in debates over information control. That is, people generally expect or favor information freedom in some arenas, but then get pretty upset when they can’t crack down on information flows elsewhere. Indeed, some people can get downright religious about the whole “information-wants-to-be-free” thing in some cases and then, without missing a beat, turn around and talk like information totalitarians in the next breath.

I discussed this in relation to the privacy debates in my essays referenced above. I’ve noted how some “cyber-progressives” (or whatever you prefer to call tech thinkers and advocates on the Left) have been practically giddy with delight at the sight of copyright owners scrambling to find methods to protect their content from widespread distribution over distributed digital networks. Just about every information control effort attempted in the copyright arena — whether we are talking about efforts like DRM  & paywalls or even suing end-users — has failed to provide the degree of protection desired. The “darknet” critique remains fairly cogent. It doesn’t mean I’m excusing copyright piracy as a normative matter; it’s just to say that the cyber-progressives were certainly on to something as an empirical matter when they detailed the deficiencies of various IP control efforts.

But here’s the interesting question: Why shouldn’t we believe that the exact same critique applies to privacy and personal information flows? Again, it’s not to say that, as a normative matter, privacy isn’t important. And data security certainly is. It’s just to say that, as an empirical matter, information control in this context is going to be every bit as difficult as information control in the copyright context. Yet, the same crowd of cyber-progressives who were all for information freedom in the copyright context are now hoping to crack down on personal information flows in the name of protecting privacy.

And it is not going to work.

Nor will it work well for those who are looking to crack down on the flow of bits that contain porn or violent content.

Nor will it work well for those “cyber-conservatives” who are looking to crack down on the flow of bits that contain state secrets or online gambling.

Nor will it work well for those who want to curb what they regard as “harassing” speech, “hate speech,” or defamatory comments.

And so on. And so on.

I will be accused of being too much of a technological determinist, but I think there’s a lot of evidence suggesting that at least “soft determinism” is the order of the day. In a brilliant and highly provocative new paper, ” Hasta La Vista Privacy, or How Technology Terminated Privacy,”  Konstantinos K. Stylianou of the University of Pennsylvania Law School discusses varieties of technological determinism as it pertains to information control and notes:

In-between the two extremes (technology as the defining factor of change and technology as a mere tangent of change) and in a multitude of combinations falls the so called soft determinism; that is, variations of the combined effect of technology on one hand and human choices and actions on the other. (p. 46)

Unfortunately, Stylianou notes, “The scope of soft determinism is unfortunately so broad that is loses all normative value. Encapsulated in the axiom ‘human beings do make their world, but they are also made by it,’ soft determinism is reduced to the self-evident.”  Nonetheless, he argues, “a compromise can be reached by mixing soft and hard determinism in a blend that reserves for technology the predominant role only in limited cases,” since he believes “there are indeed technologies so disruptive by their very nature they cause a certain change regardless of other factors.” (p. 46) He concludes his essay by noting:

it seems reasonable to infer that the thrust behind technological progress is so powerful that it is almost impossible for traditional legislation to catch up. While designing flexible rules may be of help, it also appears that technology has already advanced to the degree that is is able to bypass or manipulate legislation. As a result, the cat-and-mouse chase game between the law and technology will probably always tip in favor of technology. It may thus be a wise choice for the law to stop underestimating the dynamics of technology, and instead adapt to embrace it. (p. 54)

That pretty much sums up where I’m at on most information control issues and explains why I sound so fatalistic at times, even if I do believe that law can have an impact at the margins. Such “soft determinism” will be hard for some to swallow. Many will simply refuse to accept it, especially when they hear statements like those Stylianou makes in the context of privacy, such as: “the advancement of digital technology is ineluctably bound to have a destructive impact on privacy” (p. 47), or “technology has made it indeed so easy to collect personal data that in many cases they have lost their individual value, and instead function merely as statistical or ancillary data” (p. 51), or “What technological determinism teaches us so far is that people will always react negatively to more intrusive technology, but in the end they will probably succumb.” (p. 54)

One might cynically view this simply as a more eloquent restatement of Scott McNealy’s famous quip: “privacy is dead, get over it.”  While that’s an a bit of overstatement, it’s nonetheless true that privacy is under enormous strain because of modern digital developments (summarized in Exhibit 3 below). But, again, everything is under enormous strain. Perhaps, therefore, we need a reformulation of McNealy’s quip: “Information control is dead, get over it.”

Anyway, going forward, we need a framework to think about information control efforts. I’ve been working with my Mercatus Center colleague Jerry Brito to develop just that in a forthcoming paper (current running title: “The Trouble with Information Control.”)  To begin, we simplify matters by dividing information control efforts into four big buckets, as shown in Exhibit 1 below. ( Note: With Jerry Brito’s help, I have reworked these categories since first outlining them here):

Exhibit 1: RATIONALES FOR INFORMATION CONTROL

(1) Censorship / Speech Control

• politically unpopular speech
• porn
• violent content
• hate speech
• cyberbullying

(2) Privacy

• defamation
• reputation

(3) Copyright & Trademark Protection

(4) Security

• state secrets
• national security
• law enforcement
• cybersecurity
• online gambling

Next, we can consider various legal responses to these objects of information control, as detailed in Exhibit 2:

Exhibit 2: LEGAL & REGULATORY RESPONSES / APPROACHES TO INFORMATION CONTROL

• Intermediary deputization / secondary liability
• Individual prosecutions / fines
• Controls on speech / expression
• Controls on monetary flows
• Other Regulation
• Taxation / fines
• Agency enforcement / adjudication

Finally, we need to consider how efforts to control information today are greatly complicated by problems or phenomena that are unique to the Internet or the Information Age, as outlined in Exhibit 3:

Exhibit 3: INFORMATION CONTROL CONSIDERATIONS / COMPLICATIONS

• Media & Technological Convergence
• Decentralized, Distributed Networking
• Unprecedented Scale of Networked Communications
• Explosion of the Overall Volume of Information
• Unprecedented Individual Information Sharing Through User-Generation of Content and Self-Revelation of Data

In this upcoming paper, Jerry and I will provide case studies based on many of the issues outlined in Exhibit 1 and show how the information control methods shown in Exhibit 2 typically fail to slow or restrict information flows because of the factors outlined in Exhibit 3. Assuming we can prove our thesis — that soft determinism is the order of the day and information control efforts of all varieties are increasingly difficult (and often completely futile) — I fully expect that we will make just about everybody unhappy with us!

However, I want to conclude by noting that just because I am somewhat fatalistic or deterministic about the likely failure of most information control proposals or mechanisms, it doesn’t mean I am willing to just throw my hands in the air and say there’s absolutely nothing that can be done to address some of the concerns listed in Exhibit 1.  In my work on how to address online child safety issues, I tried to develop what I call a “3-E Solution” to address these concerns.  In my paper with Jerry, I’m hoping to use this as a framework for how to deal with all information control concerns going forward:

1. Education: Get more information out about the issue / concern.
2. Empowerment: Give consumers more and better tools to act on that information.
3. (Selective) Enforcement: Have law step in at the margins when it’s appropriate and cost-efficient, and only after education and empowerment fail.

Of course, how much stress we place on each component of this toolbox will depend on the issue. I’ve already suggested that the last “E” of enforcement will be largely ineffective, especially when outright prohibition of particular information flows is the objective. But enforcement could be more effective in other contexts, such as holding companies accountable for the promises they make to consumers, by policing industry self-regulatory schemes, or by demanding more transparency / disclosure. Those enforcement practices have helped in the child safety and privacy contexts. In other contexts, the severity of the harm in question may be so severe — ex: child pornography — that we would bypass the education and empowerment steps altogether and go to much greater lengths to make the enforcement option work. Even then, we should keep our expectations in check and avoid a rush to extreme solutions.

There’s much more to be explored here. Stay tuned.

Should ISPs be barred under net neutrality from discriminating against illegal content? Not according to the FCC’s draft net neutrality rule, which defines efforts by ISPs to curb the “transfer of unlawful content” as reasonable network management. This exemption is meant to ensure providers have the freedom to filter or block unlawful content like malicious traffic, obscene files, and copyright-infringing data.

EFF and Public Knowledge (PK), both strong advocates of net neutrality, are not happy about the copyright infringement exemption. The groups have urged the FCC to reconsider what they describe as the “copyright loophole,” arguing that copyright filters amount to “poorly designed fishing nets.”

EFF’s and PK’s concerns about copyright filtering aren’t unreasonable. While filtering technology has come a long way over the last few years, it remains a fairly crude instrument for curbing piracy and suffers from false positives. That’s because it’s remarkably difficult to accurately distinguish between unauthorized copyrighted works and similar non-infringing files. And because filters generally flag unauthorized copies on an automated basis without human intervention, even when filters get it right, they often disrupt legal, non-infringing uses of copyrighted material like fair use.

Despite copyright filtering technology’s imperfections, however, outlawing it is the wrong approach. At its core, ISP copyright filtering represents a purely private, voluntary method of dealing with the great intellectual property challenge. This is exactly the sort of approach advocates of limited government should embrace. As Adam and Wayne argued back in 2001:

To lessen the reliance on traditional copyright protections, policymakers should ensure that government regulations don’t stand in the way of private efforts to protect intellectual property.

That’s exactly right. As digital technology evolves, effectively enforcing intellectual property privileges will grow increasingly difficult for content creators. The traditional model for financing content creation — direct payments from consumers to producers — will remain viable only if there’s an economic incentive for consumers to fork over money in exchange for content. Voluntary filtering arrangements between network providers and content owners may prove valuable to this end because they discourage the unauthorized transfer of copyrighted files.

The best part about copyright filtering? It doesn’t necessitate the exercise of the state’s coercive power. In this way, it has the potential to help us move gradually toward a regime of intellectual property protection that’s reliant on the force of the market rather than the force of government.

Of course, there’s no guarantee that attempts to filter copyrighted content at the ISP level will turn out to be effective. That’s because end-to-end encryption, which enjoys growing popularity among savvy users, renders traffic impossible to digitally “fingerprint.” It amounts to a near-perfect foil to deep-packet filtering technologies. There are alternative methods of identifying infringing files — IP address blacklisting, for instance — but such methods tend to be notoriously imprecise and as such are unlikely to be met with acceptance by consumers.

As with all kinds of unsavory ISP behavior, in the long run, overly blunt copyright filtering is simply not a sustainable business practice. Users tend to expect the Internet will “just work,” and attempts by providers to interfere with access to content are invariably met with swift resistance. Consider the recent 4chan blockages by AT&T and Verizon, both of which lasted for mere hours but immediately sparked outrage that reverberated throughout the tech world.

To be sure, some providers may experiment with ineffective, overly aggressive copyright filters. But this sort of experimentation, while painful for those involved, is crucial if providers are to learn the valuable lessons that will signal to the market how to properly balance consumer interests with content creators’ interests. And since ISP competition is on the rise, as Obama’s Department of Justice recently explained, even in relatively uncompetitive markets like Rochester, New York it’s only a matter of time before some 4G LTE carrier deploys residential-grade broadband and shakes things up.

As I’ve argued before, the best way government can serve consumers in DRM disputes is by steering clear of them entirely. Markets may not be perfect, but they tend to efficiently balance competing concerns in a way government regulators simply cannot. In the same way, network-level copyright filtering should succeed or fail based on its own merits and how it impacts consumer welfare, not on how well it meets the invariably vague criteria of the FCC. If net neutrality rules are enshrined into law — and for the record, I hope they aren’t — regulating ISP efforts to curb illegal content should be off the table.

There’s been a lot of FUD floating around about the MPAA’s plan to offer new release films for cable subscribers to watch at home on pay-per-view channels. Currently, movies come out on DVD about four months after their theatrical release, and are typically available on pay-per-view a month or two thereafter. As box office receipts have waned, Hollywood has warmed to the idea of letting consumers watch movies at home just a few weeks after being released in theaters.

Due to piracy concerns, new movies would be subject to an extra layer of copy protection. The movie studios want to use a technology called Selectable Output Control (SOC) to prevent new release films from being viewed on analog outputs. SOC makes it possible to seal the “analog hole” by disabling all unprotected paths.

Consumers are willing to pay to watch new movies at home, and content producers are willing to transmit them, but government is standing in the way. FCC regulations forbid multi-channel video programming distributors from activating SOC, but firms may apply for a waiver from these rules if they can demonstrate that consumers stand to benefit. The MPAA has applied for a waiver, arguing that “These new Services are exactly the type of ‘new business models’ that the Commission contemplated when it adopted the encoding rules.”

Under Section 304 of the Telecommunications Act of 1996, the FCC is tasked with “assuring commercial consumer availability of equipment used to access services provided by multichannel video programming distributors.” FCC regulations, therefore, mandate that all video transmitted on cable TV must be viewable on all outputs, including legacy analog connectors like RCA and S-Video. In a 2003 Notice of Proposed Rulemaking, the FCC stated that, “we are concerned that selectable output control would harm those ‘early adopters’ whose DTV equipment only has component analog inputs for high definition display, placing these consumers at risk of being completely shut off from the high-definition content they expect to receive.”

But it’s expected that early adopters will sometimes encounter technical hurdles. Why should Selective Output Control be any different? Just as HD-DVD players are effectively obsolete, and K56flex modems are no longer supported by most dial-up ISPs, people who bought HDTVs several years ago prior to the adoption of HDCP might have to live without the ability to watch new release movies at home.

HDCP—which stands for High Definition Copy Protection, a digital encryption standard built in to nearly all newer HDTVs—lets consumers watch high-def programming in full 1080p glory over digital, encrypted outputs (DVI and HDMI). The trouble is that some consumers own high-definition displays that aren’t HDCP capable, as the standard wasn’t widely implemented until early 2006. But that’s hardly a reason why those who do own HDCP-enabled devices should lose out on the opportunity to view high-value content that content producers are uncomfortable releasing on mediums vulnerable to piracy.

New-release films are a major target for pirates, so MPAA’s worries about copyright infringement make sense. Typically, high-quality versions of new release films do not become widely available on the usual piracy venues until the film is out on Blu-Ray and DVD. Transmitting brand new movies in high-def on analog component outputs would allow pirates to distribute high resolution releases captured with off-the-shelf equipment.

With a growing number of IP-based video options coming to the scene, the market will punish overly aggressive DRM technologies. Consumers enjoy an increasing menu of alternatives to cable for viewing high-def movies at home. This fall, Xbox 360 owners will be able to stream Netflix movies straight to their console. If cable companies offer an inferior product—say, one that “breaks” commonly used outputs—subscribers will simply switch to competing video services

Concerns about cable subscribers paying for movies only to receive a black screen are overblown. Why would any cable company make such a bone-headed move? Hollywood has voluntarily chosen not to activate the Image Constraint Token (which “downrezzes” 1080p content to 540p when played through an analog output) for fear of alienating users. Facing fierce competition, cable companies have a strong incentive to avoid angering their subscribers.

Several groups have argued that the FCC should reject the MPAA’s waiver on fair use grounds. But content owners aren’t required to ensure that all movies can be easily timeshifted and archived. There is no consumer right to unfettered, analog video programming. Fair use is an important exception to copyright law, but that doesn’t mean government should mandate crippled DRM just so consumers can exercise fair use. If movie studios wish to relegate certain films to being viewed only on encrypted outputs, then it’s up to the marketplace to devise methods to allow for timeshifting of protected content.

The real impediment to fair use isn’t Selectable Output Control, but the DMCA’s chilling anti-circumvention clause. Software capable of breaking DRM shouldn’t be banned, but robust DRM shouldn’t be illegal, either. Consumers will shun content that’s encumbered with intrusive DRM, and market forces will reward copy-protection schemes that balance transparency with robustness. In the ongoing battle over DRM, the best course for government is to stay out entirely.

If there’s a market for new release movies delivered straight to the home, it should be allowed to emerge, unfettered by federal regulation. Content owners should not be required to ask for the FCC’s permission to activate DRM technology. If the FCC rejects the MPAA waiver, Hollywood may simply decide that nobody will get a chance to watch new release films at home.