Interoperability is a topic that has long been of interest to me. How networks, platforms, and devices work with each other–or sometimes fail to–is an important engineering, business, and policy issue. Back in 2012, I spilled out over 5,000 words on the topic when reviewing John Palfrey and Urs Gasser’s excellent book, Interop: The Promise and Perils of Highly Interconnected Systems.

I’ve always struggled with the interoperability issues, however, and often avoided them became of the sheer complexity of it all. Some interesting recent essays by sci-fi author and digital activist Cory Doctorow remind me that I need to get back on top of the issue. His latest essay is a call-to-arms in favor of what he calls “adversarial interoperability.” “[T]hat’s when you create a new product or service that plugs into the existing ones without the permission of the companies that make them,” he says. “Think of third-party printer ink, alternative app stores, or independent repair shops that use compatible parts from rival manufacturers to fix your car or your phone or your tractor.”

Doctorow is a vociferous defender of expanded digital access rights of many flavors and his latest essays on interoperability expand upon his previous advocacy for open access and a general freedom to tinker. He does much of this work with the Electronic Frontier Foundation (EFF), which shares his commitment to expanded digital access and interoperability rights in various contexts.

I’m in league with Doctorow and EFF on some of these things, but also find myself thinking they go much too far in other ways. At root, their work and advocacy raise a profound question: should there be any general right to exclude on digital platforms? Although he doesn’t always come right out and say it, Doctorow’s work often seems like an outright rejection of any sort of property rights in networks or platforms. Generally speaking, he does not want the law to recognize any right for tech platforms to exclude using digital fences of any sort.

Where to Draw the Lines?

As someone who has authored a book about the importance of permissionless innovation, I need to be able to answer questions about where these lines between open versus closed systems are drawn. Definitions and framing matter, however. I use “permissionless innovation” as a descriptor for one possible policy disposition when considering where legal and regulatory defaults should be set. Another conception of permissionless innovation is more of an engineering ideal; a general freedom to connect, tinker, modify, etc. (I speak more about these conceptions in my latest book, Evasive Entrepreneurs.) Of course, someone advocating permissionless innovation as a policy default will sometimes be confronted with the question of what the law should say when someone behaves in an “evasive” fashion in the latter conception of permissionless innovation.

Doctorow would generally answer that question by saying that law should not be rigged to favor exclusion through laws like the DMCA (and specifically the law’s anti- circumvention provisions), Computer Fraud and Abuse Act, patent law, and various other rules and laws. “[T]he current crop of Big Tech companies has secured laws, regulations, and court decisions that have dramatically restricted adversarial interoperability.”

Generally speaking, I agree. I’m not a fan of technocratic laws or regulations that seek to micro-manage interoperability and which stack the deck in favor of exclusionary conduct with steep penalties for evasion. But does that mean adversarial interoperability should be permitted in all cases? Should there exist any sort of common law presumption one way or the other when a user or competitor seeks access to an existing private platform or device?

Specifics matter here and I don’t have time to get into all the case studies that Doctorow goes through. Some are no-brainers, like the infamous Lexmark case involving refillable printer ink cartridges. Other cases are far more complicated, at least for me. Does Epic, creator of Fortnite, have a right of adversarial interoperability that it can exercise against Apple and their AppStore? As Dirk Auer suggests in a new essay, this episode looks more like a straightforward pricing dispute. Epic is making it out to be much more than that, suggesting Apple is guilty of unfair and exclusionary practices that require a legal remedy.

Why not take that logic further and just say Apple’s App Store us tantamount to a natural monopoly or digital essential facility that Epic and everyone else is entitled to on whatever terms they want? For that matter, why not apply the same logic to Epic’s Fortnite platform or even its Unreal Engine? Does every other gaming developer have a right to piggyback on the juggernaut that Epic has built?

This gets to the core question about Doctorow’s concept of adversarial interoperability: Exactly what should common law and the courts say platform owners make access rights a simple pricing matter and say: “You pay or you are out.” Like Doctorow and EFF, I don’t want Apple to benefit from any special favors from laws like DMCA. Where we differ is that I would still leave the door open for Apple to exercise various other common law contractual rights or property rights in court.

I suspect Doctorow would deny any such claims by Apple or anyone else. If so, I would like to see him spell out in more precise terms exactly what Apple’s property rights and contractual rights are in this instance. Or, again, should we just treat the App Store as a digital commons with unfettered open access rights for developers? If so, would Apple be required to still manage the resource once it is a quasi-commons?

I think that would end miserably, but would like to hear Doctorow’s preferred approach before saying more. I suspect a lot rides on the distinction between “open” verses “proprietary” standards, but compared to Doctorow and EFF, I am willing to embrace a world of both open and proprietary systems, and many hybrids in between. I don’t want the law favoring one type over the other, but that means I need to endorse a generalized property right for digital operators such that they can still exclude others (even in the absence of artificial regulatory rights like DMCA creates). Again, I suspect Doctorow would reject that standard, preferring a generalized right of access, even if that means the platforms become de facto commons.

More Radical Steps

Elsewhere, Doctorow has said is that some of these questions would be better addressed through more aggressive antitrust regulation. Mere data portability or mandatory interoperability isn’t enough for him. “Data portability is important,” Doctorow says, “but it is no substitute for the ability to have ongoing access to a service that you’re in the process of migrating away from.”

In his latest online book on “How to Destroy Surveillance Capitalism,” Doctorow suggests that it is time to “make Big Tech small again” through an “anti-monopoly ecology movement.” That “means bans on mergers between large companies, on big companies acquiring nascent competitors, and on platform companies competing directly with the companies that rely on the platforms.” And he desires a host of other remedies.

So, here we have the convergence of interoperability policy and antitrust policy, with a layer of property confiscation layered on top apparently. “Now it’s up to us to seize the means of computation, putting that electronic nervous system under democratic, accountable control,” he insists in his latest manifesto.

What’s funny about this is that Doctorow begins most of his essays by pointing out all the ways that politics is the problem when it comes to access issues, only to end by suggesting that a lot more political meddling is the required solution. He repeatedly laments how large tech players have so often been able to convince lawmakers and regulators to pass special laws or regulations that work to their favor. Yet, in his We-Can-Build-A-Better-Bureaucrat model of things, all those old problems will apparently disappear when we get the right people in power and get rid of those nefarious capitalist schemers.

Thus, what really animates Doctorow’s advocacy for adversarial interoperability is a deep suspicion of free market capitalism and property rights in particular. In this worldview, interoperability really just becomes a Trojan Horse meant to help bring down the entire capitalist order. Am I exaggerating? “As to why things are so screwed up? Capitalism.” Those are his exact words from the conclusion of his latest book.

Adversarial Innovation & Evolutionary Interop

Still, Doctorow raises many legitimate issues about interconnection and digital access rights. But we need a better approach to work though these questions than the one he suggests.

In my lengthy review of the Palfrey and Gasser Interop book, I tried to sketch out an alternative framework for thinking seriously about these issues. I referred to my preferred approach as “experimental interoperability” or “evolutionary interoperability.” I described this as the theory that ongoing marketplace experimentation with technical standards, modes of information production and dissemination, and interoperable information systems, is almost always preferable to the artificial foreclosure of this dynamic process through state action. The former allows for better learning and coping mechanisms to develop while also incentivizing the spontaneous, natural evolution of the market and market responses.

Adversarial interoperability is important, but not nearly as important as adversarial innovation and facilities-based competition. Stated differently, access rights to existing systems is an important value, but the incentives we have in place to encourage entirely new systems is what really matters most. At some point, a generalized right of access to existing systems discourages the sort of platform-building that could help give rise to the sort of creative destruction we have seen at work repeatedly in the past and that we still need today. Taken too far, adversarial interoperability threatens to undermine this goal. Why seek to build a better alternative platform if you can just endlessly free ride off someone else’s by force of law?

Thus, I prefer to work at the margins and think through how to balance these competing claims of access / interoperability rights versus contractual / property rights. My take will be too utilitarian for not only Doctorow but also for some libertarians, who want clear answers to all these questions based upon their preferred natural law-oriented constructions of rights. The problem with that approach is that it leads to all-or-nothing extremes (complete digital property rights, or virtually none) and that approach is fundamentally unworkable and destructive. We need to work harder about how to balance these rights and values in pro-competitive, pro-innovation fashion.

There is No Such Thing as Optimal Interoperability

In sum, there is no such thing as “optimal interoperablity.” Sometimes proprietary or “closed” systems will offer the public features and options that they will find preferable to “open” ones.  “There are many reasons why consumers might prefer ‘closed’ systems – even when they have to pay a premium for them,” argues Dirk Auer in a separate essay. It could be greater convenience, security, or other things. Palfrey and Gasser correctly noted in their book that, “the state is rarely in a position to call a winner among competing technologies” (p. 174). Moreover, they concluded:

“Lawmakers need to keep in view the limits of their own effectiveness when it comes to accomplishing optimal levels of interoperability. Case studies of government intervention, especially where complex information technologies are involved, show that states tend to be ill suited to determine on their own what specific technology will be the best option for the future (p. 175)

A thousand amens to that! The law should not artificially foreclose experimentation with many different types of platforms, standards, devices and the interoperability that exists among them.

The future of emerging technology policy will be influenced increasingly by the interplay of three interrelated trends: “innovation arbitrage,” “technological civil disobedience,” and “spontaneous private deregulation.” Those terms can be briefly defined as follows:

• “Innovation arbitrage” refers to the idea that innovators can, and will with increasingly regularity, move to those jurisdictions that provide a legal and regulatory environment more hospitable to entrepreneurial activity. Just as capital now fluidly moves around the globe seeking out more friendly regulatory treatment, the same is increasingly true for innovations. And this will also play out domestically as innovators seek to play state and local governments off each other in search of some sort of competitive advantage.
• “Technological civil disobedience” represents the refusal of innovators (individuals, groups, or even corporations) or consumers to obey technology-specific laws or regulations because they find them offensive, confusing, time-consuming, expensive, or perhaps just annoying and irrelevant. New technological devices and platforms are making it easier than ever for the public to openly defy (or perhaps just ignore) rules that limit their freedom to create or use modern technologies.
• “Spontaneous private deregulation” can be thought of as de facto rather than the de jure elimination of traditional laws and regulations owing to a combination of rapid technological change as well the potential threat of innovation arbitrage and technological civil disobedience. In other words, many laws and regulations aren’t being formally removed from the books, but they are being made largely irrelevant by some combination of those factors. “Benign or otherwise, spontaneous deregulation is happening increasingly rapidly and in ever more industries,” noted Benjamin Edelman and Damien Geradin in a Harvard Business Review article on the phenomenon.[1]

I have previously documented examples of these trends in action for technology sectors as varied as drones, driverless cars, genetic testing, Bitcoin, and the sharing economy. (For example, on the theme of global innovation arbitrage, see all these various essays. And on the growth of technological civil disobedience, see, “DOT’s Driverless Cars Guidance: Will ‘Agency Threats’ Rule the Future?” and “Quick Thoughts on FAA’s Proposed Drone Registration System.” I also discuss some of these issues in the second edition of my Permissionless Innovation book.)

In this essay, I want to briefly highlight how, over the course of just the past month, a single company has offered us a powerful example of how both global innovation arbitrage and technological civil disobedience— or at least the threat thereof—might become a more prevalent feature of discussions about the governance of emerging technologies. And, in the process, that could lead to at least the partial spontaneous deregulation of certain sectors or technologies. Finally, I will discuss how this might affect technological governance more generally and accelerate the movement toward so-called “soft law” governance mechanisms as an alternative to traditional regulatory approaches.

Comma.ai Case Study, Part 1: The Innovation Arbitrage Threat

The company I want to highlight is Comma.ai, a start-up that had hoped to sell a $999 after-market kit for vehicles called the “Comma One,” which “would give average, everyday cars autonomous functionality.”[2] Created by famed hacker George Hotz, who as a teenager gained notoriety for being the first person to unlock an iPhone in 2007, the Comma One represents an attempt to create autonomous vehicle tech “on the cheap” by using off-the-shelf cameras and GPS technology combined with a healthy dose of artificial intelligence technology.

But regulators at the National Highway Traffic Safety Administration (NHTSA), the federal agency responsible for road safety and automobile regulation, were none too happy to hear about Hotz’s plan to unleash his technology into the wild without first getting their blessing. On October 27, the agency fired off a nastygram to Hotz saying: “We are concerned that your product would put the safety of your customers and other road users at risk. We strongly encourage you to delay selling or deploying your product on the public roadways unless and until you can ensure it is safe.”

Hotz responded on Twitter promptly and angrily. After posting the full NHTSA letter, he said, “First time I hear from them and they open with threats. No attempt at a dialog.” In a follow-up tweet, he said, “Would much rather spend my life building amazing tech than dealing with regulators and lawyers. It isn’t worth it.” And then he announced that, “The comma one is cancelled. comma.ai will be exploring other products and markets. Hello from Shenzhen, China.” A flood of news articles followed about Hotz’s threat to engage in this sort of global innovation arbitrage by bolting US shores.[3]

Incidentally, what Hotz and Comma.ai were proposing to do with Comma One—i.e., deploy autonomous vehicle tech into the wild without prior regulatory approval—was recently done by Otto, a developer of autonomous trucking technology. As Mark Harris reported on Backchannel:

When Otto performed its test drive — the one shown in the May video — it did so despite a clear warning from Nevada’s Department of Motor Vehicles (DMV) that it would be violating the state’s autonomous vehicle regulations. When the DMV realized that Otto had gone ahead anyway, one official called the drive “illegal” and even threatened to shut down the agency’s autonomous vehicle program.”[4]

While Nevada regulators were busy firing off angry letters, Otto was busy doing even more testing in others states (like Ohio), which are eager to make their jurisdictions a testbed for autonomous vehicle innovation.[5] In fact, just recently, Ohio Gov. John Kasich announced the creation of the “Smart Mobility Corridor,” which, according to the Dayton Daily News, will be “a 35-mile stretch of U.S. 33 in central Ohio that runs through Logan County. Officials say that section of U.S. 33 will become a corridor where technologies can be safely tested in real-life traffic, aided by a fiber-optic cable network and sensor systems slated for installation next year.”[6]

This is an example of innovation arbitrage will increasingly take root here domestically as well as abroad, and some states (or countries) will use inducements in an effort to lure innovators to their jurisdictions.

Anyway, let’s get back to the Comma One case study. I don’t want to get too sidetracked regarding the merits of the concerns raised by NHTSA in its letter to Hotz and the implications of the agency’s threats for innovation in this space. But EFF board member Brad Templeton did a nice job addressing that issue in an essay about NHTSA’s letter that threatened Comma. As Templeton observed:

I will presume the regulators will say, “We only want to scare away dangerous innovation” but the hard truth is that is a very difficult thing to judge. All innovation in this space is going to be a bit dangerous. It’s all there trying to take the car — the 2nd most dangerous legal consumer product — and make it safer, but it starts from a place of danger. We are not going to get to safety without taking risks along the way.[7]

This gets to the very real trade-offs in play in the debate over driverless car technology and its regulation. In fact, my Mercatus Center colleague Caleb Watney and I recently filed comments [8] with NHTSA addressing the agency’s recently proposed “Federal Automated Vehicles Policy.”[9] We stressed the potentially deleterious implications of prior regulatory restraints on autonomous vehicle innovation by stressing the horrific real-world baseline we live with today, in which over 35,000 people dying on US roadways in 2015 (roughly 96 people per day) and 94 percent of all those crashes being attributable to human error.

Caleb and I noted that, by imposing new preemptive constraints on the coding of superior autonomous driving technology, “NHTSA’s proposed policy for automated vehicles may inadvertently increase the number of total automobile fatalities by delaying the rapid development and diffusion of this life-saving technology.” Needless to say, if that comes to pass, it would be a disaster because “automation on the roads could be the great public-health achievement of the 21st century.”[10]

In our filing, Caleb and I estimated that, “If NHTSA’s proposed premarket approval process slows the deployment of HAVs by 5 percent, we project an additional 15,500 fatalities over the course of the next 31 years. At 10 percent regulatory delay, we project an additional 34,600 fatalities over 33 years. And at 25 percent regulatory delay, we project an additional 112,400 fatalities over 40 years.[11]

So, needless to say, this is a very big deal.

But let’s ignore all those potential foregone benefits for the moment and just stick with the question of whether Hotz’s threat to engage in a bit of global innovation arbitrage (by moving to China or somewhere else) could work, or at least affect policy in some fashion. I think it absolutely could be an effective threat both because (a) policymakers really do want to do everything they can to achieve greater road safety, and (b) the auto sector remains a hugely important industry for the United States, and one that policymakers will want to do everything in their power to retain on our shores.

Moreover, as Templeton observes that “Comma is not the only company trying to build a system with pure neural networks doing the actual steering decisions.” Even if NHTSA succeeds in bringing Comma to heel, there will be others who will follow in its footsteps. It might be a firm like Otto, but there are many other players in this space today, including big dogs like Tesla and Google. If ever there was a truly global technology industry, it the automotive sector. Autonomous vehicle innovation could take root and blossom in almost any country in the world, and many countries will be waiting with open arms if America screws up its regulatory process.

As Templeton concludes:

The USA and California led the way in robocars in part because it was unregulated. In the USA, everything is permitted unless it was explicitly forbidden and nobody thought to write “no robots” in the laws. Progress in other countries where everything is forbidden unless it is permitted was much slower. The USA is moving in the wrong direction.[12]

Comma.ai Case Study, Part 2: The Technological Civil Disobedience Threat

But an interesting thing happened on the way to Comma’s threatened exodus. On November 30, the firm announced that it would now be open sourcing the code for its autonomous vehicle technology. Reporters at The Verge noted that, during a press conference:

Hotz said that Comma.ai decided to go open source in an effort to sidestep NHTSA as well as the California DMV, the latter of which he said showed up to his house on three separate occasions. “NHTSA only regulates physical products that are sold,” Hotz said. “They do not regulate open source software, which is a whole lot more like speech.” He went on to say that “if the US government doesn’t like this [project], I’m sure there are plenty of countries that will.”[13]

So here we see Hotz combining the threat of still potentially taking the project offshore (i.e., global innovation arbitrage) with the suggestion that by open-sourcing the code for Comma One he might be able to get around the law altogether. We might consider that an indirect form of technological civil disobedience.

Incidentally, Hotz may not be aware of the fact that NHTSA is in the process of making a power-play to become a driverless car code cop. While Hotz is technically correct that, under current law, NHTSA officials “do not regulate open source software, which is a whole lot more like speech,” NHTSA’s recent Federal Automated Vehicles Policy claimed that the agency “has authority to regulate the safety of software changes provided by manufacturers after a vehicle’s first sale to a consumer” while also suggesting that the agency “may need to develop additional regulatory tools and rules to regulate the certification and compliance verification of such post-sale software updates.”^[14]

Needless to say, this proposal has important ramifications for not only Comma, but all other firms in this sector. Consider the implications for Tesla’s “autopilot” mode, which is really little more than a string of constantly-evolving code it pushes out to offer greater and greater autonomous driving functionality.  How would that iterative process work if every time Tesla wanted to make a little tweak to its code it had to run to Washington and file paperwork with NHTSA petitioning for permission to experiment and improve their systems? And then think about all the smaller innovators out there who want to be the next Elon Musk or George Hotz but do not yet have the resources or political connections in Washington to even go through this complex and costly process.

In any event, I have no idea if Hotz or Comma.ai will follow through with any of these threats or be successful in doing so. It may be the case that he is just blowing off smoke and that he and his firm will end up staying in the U.S. and perhaps even later reversing course on the decision to open source the Comma code. But to the extent that innovators like Hotz even hint that they might split the country or open source their code to avoid burdensome regulatory regimes, it can have an influence on future policy decisions. Or at least it should.

New Tech Realities & Their Policy Implications

Indeed, the increasing prevalence of global innovation arbitrage and technological civil disobedience raise some interesting issues for the governance of emerging technologies going forward. The traditional regulatory stance toward many existing sectors and technologies will be challenged by these realities. That’s because most of those traditional regulatory systems are highly precautionary, preemptive, and prophylactic in character. They generally opt for policy solutions that are top-down, overly rigid, and bureaucratic.

Of course, in the past, many innovators (especially smaller scale entrepreneurs) really couldn’t do much to avoid similar regulatory systems where they existed. You either fell into line, or else! It wasn’t always clear what “or else!” would entail, but it could range from being denied a permit/license to operate, waiting months or years for rules to emerge, dealing with fines or other penalties, or some combination of all those things. Or perhaps you would just give up on your innovative idea altogether and exit the market.

But the world has changed in some important ways in recent years. Many of the underlying drivers of the digital revolution—massive increases in processing power, exploding storage capacity, steady miniaturization of computing, ubiquitous communications and networking capabilities, the digitization of all data, and more—are beginning to have a profound impact beyond the confines of cyberspace.^[15] As venture capitalist Marc Andreessen explained in a widely read 2011 essay about how “software is eating the world”:

More and more major businesses and industries are being run on software and delivered as online services—from movies to agriculture to national defense. Many of the winners are Silicon Valley-style entrepreneurial technology companies that are invading and overturning established industry structures. Over the next 10 years, I expect many more industries to be disrupted by software, with new world-beating Silicon Valley companies doing the disruption in more cases than not. Why is this happening now? Six decades into the computer revolution, four decades since the invention of the microprocessor, and two decades into the rise of the modern Internet, all of the technology required to transform industries through software finally works and can be widely delivered at global scale.^[16]

We can add to this list of a new realities the more general problem of technology accelerating at an unprecedented pace. This is what philosophers of technology call the “pacing problem.”  In his new book,  A Dangerous Master: How to Keep Technology from Slipping beyond Our Control, Wendell Wallach concisely defined the pacing problem as “the gap between the introduction of a new technology and the establishment of laws, regulations, and oversight mechanisms for shaping its safe development.” “There has always been a pacing problem,” Wallach correctly observed, but like other philosophers, he believes that modern technological innovation is accelerating much faster than it was in the past.[17]

What are the ramifications of all this for policy? As technology lawyer and consultant Larry Downes has noted, lawmaking in the information age is now inexorably governed by the “law of disruption” or the fact that “technology changes exponentially, but social, economic, and legal systems change incrementally.”[18] This law is “a simple but unavoidable principle of modern life,” he said, and it will have profound implications for the way businesses, government, and culture evolve. “As the gap between the old world and the new gets wider,” he argues, “conflicts between social, economic, political, and legal systems” will intensify and “nothing can stop the chaos that will follow.”[19]

The end result of the “law or disruption” and a world relentlessly governed by the ever-accelerating “pacing problem” is that it will be harder than ever to effectively control emerging technologies using traditional legal and regulatory systems and mechanisms. And this makes it even more likely that the related threats of global innovation arbitrage and various forms of technological civil disobedience will become more regular fixtures in debates about many emerging technologies.

New Governance Models

How one reacts to these new realities will depend upon their philosophical disposition toward innovative activities more generally.

Consider first those adhering to a more “precautionary principle” mindset, which I have defined in my recent book as those who believe “that new innovations should be curtailed or disallowed until their developers can prove that they will not cause any harm to individuals, groups, specific entities, cultural norms, or various existing laws, norms, or traditions.”[20]

Needless to say, the precautionary principle crowd with be dismayed by these new trends and perhaps even decry them as “lawlessness.” Some of these folks seem to be in denial about these new realities and pretend that nothing much has changed. Yet, I have found that most precautionary principle-oriented advocates, and even many regulatory agencies themselves, tend to acknowledge these new realities. But they remain very uncertain about how best to respond to them, often just suggesting that we’ll all need to just try harder to impose new and better regulations on a more expedited or streamlined basis.

Of course, those of us who generally embrace the alternative policy vision for technological governance—“permissionless innovation”—are going to be more accepting of the new technological realities I have described, and we will perhaps even work to defend and encourage them. But while I count myself among this crowd, we cannot ignore the fact that many serious challenges will arise when innovation outpaces law or can easily evade it.

There is some middle ground here, although it is very messy middle ground.

The era of technocratic, top-down, one-size-fits-all regulatory regimes is fading, or at least being severely strained. We will instead need to craft flexible and adaptive policies going forward that are bottom-up, flexible, and evolutionary in character.

What that means in practice is that a lot more “soft law” and informal governance mechanisms will become the new norm. I wrote about this new policy environment in my recent essay, “DOT’s Driverless Cars Guidance: Will ‘Agency Threats’ Rule the Future?” as well as this lengthy review of Wendell Wallach’s latest book about technology ethics.  Along with Gary Marchant of the Arizona State University law school, Wallach recently published an excellent book chapter on “Governing the Governance of Emerging Technologies,” which discussed these soft law mechanisms, which include: “codes of conduct, statements of principles, partnership programs, voluntary programs and standards, certifications programs and private industry initiatives.”[21]

Their chapter appears in an important collection of essays that Gary Marchant edited with Kenneth W. Abbott and Braden Allenby entitled, Innovative Governance Models for Emerging Technologies.

What is interesting about the chapters in that book is that seemingly widespread consensus now exists among experts in this field that some combination of these soft law mechanisms are likely to become the primary mode of technological governance for the indefinite future.  This is because, as Marc A. Saner points out in a different chapter of that book, “the control paradigm is too limited to address all the issues that arise in the context of emerging technologies.”[22] By the control paradigm, he generally means traditional administrative regulatory agencies and processes. He and other contributors in the book all seem to agree that the control problem paradigm “has its limits when diffusion, pacing and ethical issues associated with emerging technologies become significant, as is often the case.”[23]

And so the traditional command-and-control ways will gradually give way to a new paradigm for emerging technology governance. In fact, as I noted in my recent essay on driverless cars, we see this happening quite a bit already. “Multistakeholder processes” are already all the rage in the world of emerging technologies and their governance. In recent years, we have seen the White House and various agencies (such as the FTC, NTIA, FDA, and others) craft multistakeholder agreements or best practice guidance documents for technologies as far ranging as:

• Drones & privacy
• Sharing economy
• Internet of Things
• Driverless cars
• Big data
• Artificial intelligence
• Cross-device tracking
• Native advertising
• Online data collection
• Mobile app transparency and security
• Mobile apps for kids
• Mobile medical apps
• Online health advertising
• 3D printing
• Facial recognition

And that list is not comprehensive. I know I am missing other multistakeholder efforts, best practices, or industry guidance documents that have been crafted in recent years.

Of course, many challenging issues need to be sorted out here, most notably: how transparent and accountable will these soft law systems be in practice? How will they be enforced? And what will happen to all those existing laws, regs, and agencies that will continue to exist? More generally, it is worth asking whether we can more closely study these various multistakeholder arrangements and soft law governance mechanisms and determine if there are certain principles or strategies that could be applicable across a wide class of technologies and sectors. In other words, can we a do a better job of “formalizing the informal,” without falling right back into the trap of trying to impose rules in a rigid, top-down, one-size-fits-all fashion?

Conclusion

Those are just a few of the hard questions we will need to consider going forward. For now, however, I think it is safe to conclude that we will no longer see much “law” being made for emerging technologies, at least not in the traditional sense of the term. Thanks to the new technological realities I have described here—and the relentless reality of the “pacing problem” more generally—I believe we are witnessing a wide-ranging and quite profound transformation in how technology is governed in our modern world. And I believe this movement away from traditional “hard law” and toward “soft law” governance mechanisms is likely to accelerate due to the increasing prevalence of innovation arbitrage, technological civil disobedience, and spontaneous private deregulation.

The ramifications of this transformation will be studied by philosophers, legal theorists, and political scientists for many decades to come. But we are still in the early years of this momentous transformation in technological governance and we will continue to struggle to figure out how to make it all work, as messy as it all may be.

[ Note: This essay is condensed from a manuscript I have been working on about The Rise of Technological Civil Disobedience. I’m not sure I will ever get around to finishing it, however, so I thought I would at least post this piece for now. In a subsequent essay, which is also part of that draft manuscript, I hope to discuss how this process might play out for technologies that are “born free” versus those that are “born in captivity.” That is, how likely is it that the trends I discuss here will take hold for technologies that have no pre-existing laws or agencies, while other technologies that are born into a regulatory environment are potentially doomed to be pigeonholed into those old regulatory regimes? What are the chances that the latter technologies can escape captivity and gain the freedom the other technologies already enjoy? How might technology-enabled “spontaneous private deregulation” be accelerated for those sectors? Is that always desirable? Again, I will leave these questions for another day. Scholars and students who are interested in these topics can feel free to contact me if they are interested in discussing them as well as potential paper ideas. Regardless of how you feel about these trends, these issues are ripe for intellectual exploration.]

[1]     Benjamin Edelman and Damien Geradin, “Spontaneous Deregulation,” Harvard Business Review, April 2016, https://hbr.org/2016/04/spontaneous-deregulation.

[2]     Megan Geuss, “After mothballing Comma One, George Hotz releases free autonomous car software,” Ars Technica, November 30, 2016, http://arstechnica.com/cars/2016/11/after-mothballing-comma-one-george-hotz-releases-free-autonomous-car-software.

[3]     See: “NHTSA Scared This Self-Driving Entrepreneur Off the Road,” Bloomberg Technology, October 28, 2016, https://www.bloomberg.com/news/articles/2016-10-28/nhtsa-scared-this-self-driving-entrepreneur-off-the-road; Sean O’Kane, “George Hotz cancels his self-driving car project after NHTSA expresses concern,” The Verge, October 28, 2016, http://www.theverge.com/2016/10/28/13453344/comma-ai-self-driving-car-comma-one-kit-canceled; Brad Templeton, “Comma.ai cancels comma-one add-on box after threats from NHTSA,” Robohub, October 31, 2016, http://robohub.org/comma-ai-cancels-comma-one-add-on-box-after-threats-from-nhtsa.

[4]     Mark Harris, “How Otto Defied Nevada and Scored a $680 Million Payout from Uber,” Backchannel, November 28, 2016,  https://backchannel.com/how-otto-defied-nevada-and-scored-a-680-million-payout-from-uber-496aa07f5ba2#.9rmtb29bl

[5]     Larry E. Hall, “Otto Self-Driving Truck Tests in Ohio; Violated Nevada Regulations,” Hybrid Cars, November 29, 2016, http://www.hybridcars.com/otto-self-driving-truck-tests-in-ohio-violated-nevada-regulations.

[6]     Kara Driscoll, “Ohio to create ‘smart’ road for driverless trucks,” Dayton Daily News, November 30, 2016, http://www.daytondailynews.com/business/ohio-create-smart-road-for-driverless-trucks/25qC7uYjz9rE96q6YFVUUK.

[7]     Brad Templeton, “Comma.ai cancels comma-one add-on box after threats from NHTSA,” Robohub, October 31, 2016, http://robohub.org/comma-ai-cancels-comma-one-add-on-box-after-threats-from-nhtsa/

[8]     Adam Thierer and Caleb Watney, “Comment on the Federal Automated Vehicles Policy,” November 22, 2016, https://www.researchgate.net/publication/311065194_Comment_on_the_Federal_Automated_Vehicles_Policy.

[9]     National Highway Traffic Safety Administration (NHTSA), Federal Automated Vehicles Policy, September 2016.

[10]   Adrienne LaFrance, “Self-Driving Cars Could Save 300,000 Lives per Decade in America,” Atlantic, September 29, 2015

[11]   Adam Thierer and Caleb Watney, “Comment on the Federal Automated Vehicles Policy,” November 22, 2016, https://www.researchgate.net/publication/311065194_Comment_on_the_Federal_Automated_Vehicles_Policy.

[12]   Templeton.

[13]   Sean O’Kane and Lauren Goode, “George Hotz is giving away the code behind his self-driving car project,” The Verge, November 30, 2016, http://www.theverge.com/2016/11/30/13779336/comma-ai-autopilot-canceled-autonomous-car-software-free.

^[14]   NHTSA, Federal Automated Vehicles Policy, 76.

[15]   Adam Thierer, Jerry Brito, and Eli Dourado, “Technology Policy: A Look Ahead,” Technology Liberation Front, May 12, 2014, http://techliberation.com/2014/05/12/technology-policy-a-look-ahead.

[16]   Marc Andreessen, “Why Software Is Eating the World,” Wall Street Journal, August 20, 2011, http://www.wsj.com/articles/SB10001424053111903480904576512250915629460.

[17]   Wendell Wallach, A Dangerous Master: How to Keep Technology from Slipping beyond Our Control (New York: Basic Books, 2015), 60.

[18]   Larry Downes, The Laws of Disruption: Harnessing the New Forces That Govern Life and Business in the Digital Age 2 (2009).

[19]   Id.

[20]   Thierer, Permissionless Innovation, at 1.

[21]   Gary E. Marchant and Wendell Wallach, “Governing the Governance of Emerging Technologies,” in Gary E. Marchant, Kenneth W. Abbott & Braden Allenby (eds.), Innovative Governance Models for Emerging Technologies (Cheltenham, UK: Edward Elgar, 2013), 136.

[22]   Marc A. Saner,  “The Role of Adaptation in the Governance of Emerging Technologies,” in Gary E. Marchant, Kenneth W. Abbott & Braden Allenby (eds.), Innovative Governance Models for Emerging Technologies (Cheltenham, UK: Edward Elgar, 2013), 106.

[23]   Ibid., at 94.

In June, The Guardian ran a groundbreaking story that divulged a top secret court order forcing Verizon to hand over to the National Security Agency (NSA) all of its subscribers’ telephony metadata—including the phone numbers of both parties to any call involving a person in the United States and the time and duration of each call—on a daily basis. Although media outlets have published several articles in recent years disclosing various aspects the NSA’s domestic surveillance, the leaked court order obtained by The Guardian revealed hard evidence that NSA snooping goes far beyond suspected terrorists and foreign intelligence agents—instead, the agency routinely and indiscriminately targets private information about all Americans who use a major U.S. phone company.

It was only a matter of time before the NSA’s surveillance program—which is purportedly authorized by Section 215 of the USA PATRIOT Act (50 U.S.C. § 1861)—faced a challenge in federal court. The Electronic Privacy Information Center fired the first salvo on July 8, when the group filed a petition urging the U.S. Supreme Court to issue a writ of mandamus nullifying the court orders authorizing the NSA to coerce customer data from phone companies. But as Tim Lee of The Washington Post pointed out in a recent essay, the nation’s highest Court has never before reviewed a decision of the Foreign Intelligence Surveillance Act (FISA) court, which is responsible for issuing the top secret court order authorizing the NSA’s surveillance program.

Today, another crucial lawsuit challenging the NSA’s domestic surveillance program was brought by a diverse coalition of nineteen public interest groups, religious organizations, and other associations. The coalition, represented by the Electronic Frontier Foundation, includes TechFreedom, Human Rights Watch, Greenpeace, the Bill of Rights Defense Committee, among many other groups. The lawsuit, brought in the U.S. district court in northern California, argues that the NSA’s program—aptly described as the “Assocational Tracking Program” in the complaint—violates the First, Fourth, and Fifth Amendments to the Constitution, along with the Foreign Intelligence Surveillance Act.

In a statement today, TechFreedom President Berin Szoka described the lawsuit as follows:

We’re standing up for the constitutional rights of all Americans: The First Amendment protects our right to communicate and associate privately. The Fourth Amendment protects us against unreasonable searches and seizures by barring the kind of general warrant that compelled U.S. telephone carriers to turn over potentially sensitive information about Americans’ telephone call records. The secretive processes of the Foreign Intelligence Surveillance Court violate the most fundamental guarantees of the Fifth Amendment to due process, as well as basic principles of the rule of law.

Amen. Our founding fathers wrote the 4th Amendment to prevent precisely this kind of secretive sifting through citizens’ private records. As the recent scandal involving the IRS targeting tea party groups illustrates, America’s founders knew all too well that government would always be tempted to use perfectly innocuous information about Americans’ beliefs and behaviors to harass them and treat them unfairly. This is why our Constitution and federal laws restrict the government’s power to collect private information about its citizens. These rules exist not so criminals can conceal their behavior, but to protect you and me. And when the government violates those rules, it is acting criminally.

Think you’re off the the hook because you communicate primarily using the Internet, rather than via phone? Think again. We know that far more extensive collection of Americans’ data has occurred under the same authority—50 U.S.C. § 1861—upon which the Associational Tracking Program is based.

According to a leaked 2009 NSA Inspector General report, NSA in 2001 began collecting “bulk Internet metadata” from at least three unknown large Internet companies. A 2007 DOJ memo regarding “supplemental procedures” for NSA data collection authorized the agency to collect Internet metadata—including the “email address[es]” of each sender and recipient of an email, along with their “IP address”—for “persons in the United States.” The memo further states that “NSA has in its database a large amount of communications metadata associated with persons in the United States.” However, a spokesman for James Clapper, the Director of National Intelligence has claimed this Internet metadata collection program was “discontinued in 2011 for operational and resource reasons.” Who knows if this is accurate, or another “clearly erroneous” statement that will be corrected in future months or years in a statement resembling the letter James Clapper sent to the Senate Intelligence Committee a few weeks ago.

Yet if the NSA’s Associational Tracking Program is lawful, the Internet metadata program is probably legal as well. If courts fail to halt the NSA’s program as it currently exists, and clarify what Section 215 of the USA PATRIOT Act really means, nothing is stopping the government from resuming its acquisition of Internet metadata—that is, if it hasn’t already done so.

These suspicionless mass surveillance programs don’t just endanger our constitutional rights. They also threaten free enterprise in the information economy. Increasingly, we transact, communicate, innovate, and create in the digital realm, where information itself is a form of wealth. But if Americans reasonably perceive their digital communications—including metadata—are subject to warrantless governmental interception, some who might use cloud services will choose not to do so. Not only would this distort the future of Internet commerce, it might cause cloud computing servers and businesses to move or be formed abroad—which, ironically, could deny U.S. law enforcement access to this cloud data.

If the information age is to realize its full potential, providers of electronic communications services must be free to make credible assurances to their users about when private information will be shared, and with whom. Users need to know that the data they relinquish is confined to agreed-upon business, transactional, and record-keeping purposes—not automatically stored in a government datacenter.

Tim Lee is right. The Electronic Frontier Foundation post announcing its decision to accept Bitcoin is strange.

“While we are accepting Bitcoin donations,” the post says, ” EFF is not endorsing Bitcoin.” (emphasis in original)

They’ve been using dollars over there without anyone inferring that they endorse dollars. They’ve been using various payment systems with no hint of endorsement. And they use all kinds of protocols without disclaiming endorsement—because they don’t need to.

Someone at EFF really doesn’t like Bitcoin. But, oh, how wealthy EFF would be as an institution if they had held on to the Bitcoin they were originally given. I argued at the time it refused Bitcoin that it was making a mistake, not because of the effect on its bottom line, but because it showed timidity in the face of threats to liberty.

Well, just in time for the Bitcoin 2013 conference in San Jose (CA) this weekend, EFF is getting on board. That’s good news, but it’s not as good as the news would have been if EFF had been a stalwart on Bitcoin the entire time. I have high expectations of EFF because it’s one of the great organizations working in the area of digital liberties.

The US Patent and Trademark office is starting to recognize that it has a software patent problem and is soliciting suggestions for how to improve software patent quality. A number of parties such as Google and EFF have filed comments.

I am on record against the idea patenting software at all. I think it is too difficult for programmers, as they are writing code, to constantly check to see if they are violating existing software patents, which are not, after all, easy to identify. Furthermore, any complex piece of software is likely to violate hundreds of patents owned by competitors, which makes license negotiation costly and not straightforward.

However, given that the abolition of software patents seems unlikely in the medium term, there are some good suggestions in the Google and EFF briefs. They both note that the software patents granted to date have been overbroad, equivalent to patenting headache medicine in general rather than patenting a particular molecule for use as a headache drug.

This argument highlights one significant problem with patent systems generally, that they depend on extremely high-quality review of patent applications to function effectively. If we’re going to have patents for software, or anything else, we need to take the review process seriously. Consequently, I would favor whatever increase in patent application fees is necessary to ensure that the quality of review is rock solid. Give USPTO the resources it needs to comply with existing patent law, which seems to preclude such overbroad patents. Simply applying patent law consistently would reduce some of the problems with software patents.

Higher fees would also function as a Pigovian tax on patenting, disincentivizing patent protection for minor innovations. This is desirable because the licensing cost of these minor innovations is likely to exceed the social benefits the patents generate, if any.

While it remains preferable to undertake major patent reform, many of the steps proposed by Google and EFF are good marginal policy improvements. I hope the USPTO considers these proposals carefully.

Here’s a thought experiment. Let’s say you believe the Internet economy needs more regulation to guard against potential privacy violations or what you regard as excessive data aggregation. Further, you believe that no amount of self-regulation, social norms, market pressure, education, empowerment, or anything else could possibly substitute for regulation. I know there are a lot of people out there today who feel this way. Regardless of the merits of such claims, here’s my question for you: Do the ends (enhanced privacy protections) justify any means (regulation at any and every level of government)? For example, what would you think about having all 50 states creating their own Privacy Offices or Data Protection Bureaus that issued regulations or recommendations about Internet best practices?

What got me thinking about this was this new blog post by Parker Higgins of EFF, “California Attorney General Releases Mobile Privacy Recommendations.” In the essay, Higgins showers praise on California Attorney General Kamala D. Harris, who just released a document (“Privacy on the Go“) that lays out a long set of privacy “best practices” for mobile app developers. Higgins writes:

EFF applauds this important step forward, and congratulates the California Attorney General on a thorough and clearly written explanation of the importance of mobile privacy and how developers can deliver. It’s true that as technology changes, the specific needs and guidelines for companies will need to adapt. We could well see a time when these principles do not adequately protect the rights and needs of consumers. However, right now these principles represent a huge step forward — going beyond existing law in a way that improves transparency, accountability, and choice for users of mobile devices.

Regardless of the merits of the principles and recommendations contained in that report — and I agree that many of them are quite sensible best practices that industry should be following — I can’t help but wonder whether it is wise for EFF to be cheering on state-based Internet meddling so openly. OK, so I can hear the primary objection: It’s not regulation; it’s just a set of recommendations! Well, yes and no. What AG Harris is doing here is an exercise in soft power or regulatory nudging. It’s a variation of what Tim Wu calls the “agency threats” model of regulating without any formal regulation being promulgated. (Wu enthusiastically endorses such exercises in arbitrary soft power). Or it’s what Randy Picker refers to a “non-law law,” which we are seeing more and more of on this front through the use of “best practice” reports or other agency guidance. And this is happening against the backdrop of a gradual expansion of formal privacy law in the state, such as the the California Online Privacy Protection Act (OPPA). Moreover, the state also has its own Office of Privacy Protection and AG Harris recently announced the creation of a Privacy Enforcement and Protection Unit in the Calif. Department of Justice.  Last year, she also brokered a Joint Statement of Principles that was adopted by the leading operators of mobile application platforms “to help bring mobile apps in compliance with the California Online Privacy Protection Act.”

Thus, when the AG announces a new set of best practices and strongly suggests industry should be following them, there’s an implied “or else!” threat that hangs like a quasi-regulatory Sword of Damocles over the collective necks of everyone in this sector. Regardless of how you feel about such “administrative arm-twisting,” I would hope we could agree that there is some theoretical limit to efficient state-based regulation of a network that is national or global in scope, such as the Internet. And yet that’s the perilous path we’re heading down if more states begin to mimic AG Harris and the state of California.

I can’t help but think that if AG Harris was issuing best practices on almost any other Internet policy issue — online free speech, copyright, cybersecurity, online authentication, etc. — that EFF would be (rightly) screaming bloody murder or at least raising some tough questions about the potentially slippery slope of increased state-based Internet meddling. But because there’s a bit of selective morality at work here — EFF welcomes more privacy regulation but opposes most other forms of information control — they are willing to turn a blind eye to the danger of a parochial patchwork of Internet policies in the privacy context.

Perhaps such nudging ends in California and doesn’t spread more broadly across the U.S.  But that’s a pretty big risk. I hope EFF and others give more thought to what they are sanctioning here. 50 state Internet Bureaus isn’t likely to help the digital economy or serve the long-term interests of consumers.

Further Reading

• Copyright, Privacy, Property Rights & Information Control: Common Themes, Common Challenges
• When It Comes to Information Control, Everybody Has a Pet Issue & Everyone Will Be Disappointed
• The ACLU vs. Itself on User Empowerment for Online Safety & Privacy
• Privacy as an Information Control Regime: The Challenges Ahead
• Isn’t “Do Not Track” Just a “Broadcast Flag” Mandate for Privacy?

The Supreme Court wasn’t playing games with the First Amendment today. With its 7-2 decision in Brown v. EMA, the Court has protected video game creators and players from unconstitutional restrictions on what we can produce and play.

Today’s decision ensures that video games have First Amendment protection on par with books, film, music and other forms of entertainment and will help block other regulatory efforts that are justified by blindly alluding to the rationale that “it’s for the children.” The decision fits nicely alongside an impressive and growing string of recent First Amendment cases from the Court that significantly raise the bar against legislative efforts to regulate freedom of speech and expression.

Quick background: In May 2010, the Supreme Court announced that it would review a California law regulating the sale of violently-themed video games to minors. The case was Schwarzenegger v. Entertainment Merchants Association, but the name of the case changed to after Jerry Brown became governor of California.  The Ninth Circuit Court of Appeals had struck down a California law which prohibited the sale or rental of “violent video games” to minors, but California appealed and the SCOTUS took up the issue.  [Note: When we were still with the Progress & Freedom Foundation, Berin Szoka and I filed a big amicus brief with the Court in the case along with some folks at the Electronic Frontier Foundation.]  By a 7-2 vote, the Supreme Court backed the Ninth Circuit and overturned the California law. Justice Scalia wrote for the majority. Justices Thomas and Breyer dissented.

The crucial holdings in the decision are as follows:

1. Video games are protected speech deserving strict First Amendment scrutiny. The Court held: “Video games qualify for First Amendment protection.  Like protected books, plays, and movies, they communicate ideas through familiar literary devices and features distinctive to the medium.  And ‘the basic principles of freedom of speech… do not vary’ with a new and different communication medium.”
2. Depictions of violence in video games cannot be treated as obscenity and regulated as such. The Court concluded flatly: “speech about violence is not obscene” and held that “a legislature cannot  create new categories of unprotected speech simply by weighing the value of a particular category against its social  costs and then punishing it if it fails the test.” It continues on: “the State of California wishes to create a wholly new category of content-based regulation that is permissible only for speech directed at children.  That is unprecedented and mistaken.  This country has no tradition of specially restricting children’s access  to depictions  of violence.”
3. The social science literature on the impact of violent games is inconclusive. The Court found that: “Psychological studies purporting to show a connection between exposure to violent video games and harmful effects on children do not prove that such exposure causes minors to act  aggressively.  Any demonstrated effects are both small and indistinguishable from effects produced by other media.”
4. Concerns about children cannot be used as an excuse for sweeping content regulation (especially when less-restrictive means exist of dealing with access to objectionable content.) Government cannot excuse censorship by pointing to fears about children’s access to violent depictions of media. The Court noted that, “California’s effort to regulate violent video games is the latest episode in a long series of failed attempts to censor violent entertainment for minors,” but that, “even where the protection of children is the object, the  constitutional limits on governmental action apply.” Violently-themed media is as old as literature itself, the Court noted. As has been the case with previous forms of violent content, parental responsibility is the better way to regulate access to potentially objectionable media. And the Court noted that tools and ratings exist to help parents do so.

This is the proper approach for a society that cherishes free speech, freedom of expression, and personal responsiblity. The Court did a great thing here today. Honestly, I was expecting a loss and had a long essay ready to go that reflected my disappointment.  Never have I been so pleased to tear up something I had spent so much time on!

A great day for the First Amendment.

P.S. As if often the case, best line in the decision came in a footnote: “Reading Dante is unquestionably more cultured and intellectually edifying than playing Mortal Kombat. But these cultural and intellectual differences are  not  constitutional ones.  Crudely violent video games, tawdry TV shows, and cheap novels and magazines are no less  forms of speech than The Divine Comedy,” Justice Scalia wrote.

Additional TLF Reading on Video Games:

• Again, Most Video Games Are Not Violent
• <a title="Permanent link to Thoughts on Oral Arguments in Schwarzenegger v. EMA Video Game Case” href=”../2010/11/04/thoughts-on-oral-arguments-in-schwarzenegger-v-ema-video-game-case/”>Thoughts on Oral Arguments in Schwarzenegger v. EMA Video Game Case
• <a title="Permanent link to EFF-PFF Amicus Brief in Schwarzenegger v. EMA Supreme Court Videogame Violence Case” href=”../2010/09/18/eff-pff-amicus-brief-in-schwarzenegger-v-ema-supreme-court-videogame-violence-case/”>EFF-PFF Amicus Brief in Schwarzenegger v. EMA Supreme Court Videogame Violence Case
• If We Ban Violent Video Games, Why Not Violent Theme Park Attractions?
• Video Games, Media Violence & the Cathartic Effect Hypothesis
• More on Monkey See-Monkey Do Theories about Media Violence & Real-World Crime
• Will the Supreme Court Protect Kitten-Crushing Videos & Virtual Kid Porn but Not Video Games?
• Video Games, Free Speech & the Lunacy of “Ecogenerism”
• Like the Terminator, Video Game Censorship Efforts Just Won’t Die
• Video Games and “Moral Panic”
• Kids, Video Games, Fantasy, & Imagination
• Video Games, Violence, & Social “Science”: Another Day, Another Fight
• Dear Gov. Patterson… Regarding that Video Game Bill You Are About to Sign
• Do video games create cop killers?
• review: Dr. Kourosh Dini’s “Video Game Play & Addiction”
• review: Kutner & Olson’s “Grand Theft Childhood”
• presentation at PSU’s conference on future of video games
• Why hasn’t violent media turned us into a nation of killers?
• First Amendment & Video Games [Updated] Score: Gamers 11, Censors 0
• Sen. Rockefeller Gives Up on Parenting at Senate Violence Hearing
• Can Government Improve Video Game Ratings?
• An Indecency Regime for Video Games?
• Let’s Consider the Facts Before We Call In Government to Regulate Video Games

My expectations of the Electronic Frontier Foundation are high. It’s an organization that does a tremendous amount of good, advocating for rights to freely use new technologies. Alas, a blog post about how good EFF is would be as interesting as a newspaper story about the lack of house fires in Springfield. So I’ll share how I feel EFF has gone wobbly on Bitcoin.

Bitcoin, the very interesting distributed digital currency that is inflation-, surveillance-, and confiscation-resistant, has been getting a lot of attention. EFF announced yesterday, though, that it would reverse course and stop accepting donations denominated in Bitcoin.

Its justifications, laid out in a blessedly brief and well-organized blog post, were three:

1. We don’t fully understand the complex legal issues involved with creating a new currency system. Bitcoin raises untested legal concerns related to securities law, the Stamp Payments Act, tax evasion, consumer protection and money laundering, among others. And that’s just in the U.S. While EFF is often the defender of people ensnared in legal issues arising from new technologies, we try very hard to keep EFF from becoming the actual subject of those fights or issues. Since there is no caselaw on this topic, and the legal implications are still very unclear, we worry that our acceptance of Bitcoins may move us into the possible subject role.

My insta-reaction was to joke: “Related: ACLU to stop bringing ‘right to petition’ cases.” That’s a little ambiguous, so: Imagine that the government took a position in litigation that suing the government was not protected by the First Amendment, but was in fact actionable. Under EFF’s logic—avoid becoming the subject of a rights fight—the ACLU would not fight the government on that issue. Luckily, the ACLU would fight the government on that issue—as fiercely or more fiercely than any other!

There are some ambiguities. Bitcoin is legally novel. But every new technology is legally novel. EFF didn’t shy away from publishing commentary online while publisher liability was legally ambiguous.

Accepting a Bitcoin donation is like accepting a donation in kind, in contract rights, or in cat food. If it’s worth taking, you go figure out how to accept the donation and square it with existing law. If it’s clearly illegal, you don’t accept the contribution. (EFF would have said so if they felt it was.) If it’s in the middle, a defender of rights to use technology should be inclined toward accepting Bitcoin and clarifying the law, not away from accepting Bitcoin in deference to legal ambiguity and free-ranging government power.

Bitcoin is a currency, and it trades on currency markets, so you would treat it like a donation tendered in non-U.S. currency. If EFF were to start getting contributions in soybean futures, or rights to free oil changes at JiffyLube, I think it would have figured out how to accept those contributions, the absence of caselaw notwithstanding.

EFF, of course, is not “creating” a new currency system—it’s just one user. Its potential liability drops off precipitously because of that, and because EFF would scrupulously ensure that it’s acceptance of Bitcoin—just like any contribution—should not violate money laundering laws (while such regulation exists).

But if the government argues that any use of Bitcoin is money laundering, well that’s worth fighting, isn’t it? Because that’s a huge claim to power. Bitcoin is a value transfer protocol, and it can be used for anything, good or bad. If you pay your taxes on Bitcoin transactions that would have been lawful if conducted in U.S. dollars, why should the use of this less expensive and faster value-transfer protocol be grounds for punishment?

Were this issue to have arisen in the context of a similarly decentralized domain name system EFF would probably have been there, full of effrontery to government power, both promoting and using such a system.

2. We don’t want to mislead our donors. When people make a donation to a nonprofit like EFF, they expect us to use their donation to support our work. Because the legal territory around exchanging Bitcoins into cash is still uncertain, we are not comfortable spending the many Bitcoins we have accumulated. Because of this, we’re giving the Bitcoins that have been accumulated, or that may accumulate in the future, in the account set up in our name to the Bitcoin faucet, so that they can continue to circulate in the community.

For the most part, this point just restates the first, retooling it to sound like a service to donors and not timidity in the face of legal ambiguity. Donors can expect good faith effort on EFF’s part to use their donations, however denominated, in support of its mission. It doesn’t undermine the mission if the form of donation is non-U.S.-dollars.

In fact, refusing donations in Bitcoin seems to detract from EFF’s mission because it denies the organization a source of funds. The donors who gave U.S. dollars expecting EFF to defend things like Bitcoin may feel mislead by EFF’s reluctance to do so.

3. People were misconstruing our acceptance of Bitcoins as an endorsement of Bitcoin. We were concerned that some people may have participated in the Bitcoin project specifically because EFF accepted Bitcoins, and perhaps they therefore believed the investment in Bitcoins was secure and risk-free. While we’ve been following the Bitcoin movement with a great degree of interest, EFF has never endorsed Bitcoin. In fact, we generally don’t endorse any type of product or service – and Bitcoin is no exception.

So put a disclaimer up that says “We don’t endorse any type of product or service – and Bitcoin is no exception.” That solves the problem with potential miscontrued inferences from accepting Bitcoin.

To be cheeky, I’ll wonder aloud whether EFF’s acceptance of U.S. dollars is an endorsement of that currency—with it’s relentless loss of value to inflation, heavy contribution to surveillance, and amenability to illegal government seizure. Well, of course they don’t. And there’s no real inference from accepting a currency that one endorses a currency. Similarly, if you send an email to EFF written in French, and they use the ideas in your email, EFF is not endorsing French.

The point here is not that EFF or any organization must use Bitcoin. There are plenty of reasons to be skeptical of its utility—it might not be convertible to other forms of value easily enough; it might not have enough reliable value; holding it might involve security risks that remain too great. But legal ambiguities around a novel technology are not a sound basis for a digital rights organization to decline using that technology. That’s a reason to embrace and protect that novel technology.

I look forward to EFF reversing course once again, invigorated in its fight for digital liberty by fear of my mighty blog wrath.

It seems peculiar to me that some of the same individuals and groups who so vociferously opposed a “broadcast flag” technological mandate in past years are now in a mad rush to have federal policymakers mandate a “Do Not Track” regulatory regime for privacy purposes. The broadcast flag debate, you will recall, centered around the wisdom of mandating a technological fix to the copyright arms race before digitized high-definition broadcast signals were effectively “Napster-ized.” At least that was the fear six or seven years ago. TV broadcasters and some content companies wanted the Federal Communications Commission (FCC) to recognize and enforce a string of code that would have been embedded in digital broadcast program signals such that mass redistribution of video programming could have been prevented.

Flash forward to the present debate about mandating a “Do Not Track” scheme to help protect privacy online. As I noted in my filing last week to the Federal Trade Commission, at root, Do Not Track is just another “information control regime.” Much like the broadcast flag proposal, it’s an attempt to use a technological quick-fix to solve a complex problem. When it comes to such information control efforts, however, there aren’t many good examples of simple fixes or silver-bullet solutions that have worked, at least not for very long. The debates over Wikileaks, online porn, Internet hate speech, and Spam all demonstrate how challenging it can be to put information back into the bottle once it is released into the digital wild.

To be clear, I am not opposed to technological solutions like broadcast flag or Do Not Track, but I am opposed to forcing them upon the Internet and digital markets in a top-down, centrally-planned fashion. While I am skeptical that either scheme would work well in practice (whether voluntary or mandated), my concern in these debates is that forcing such solutions by law will have many unintended consequences, not the least of which will be the gradual growth of invasive cyberspace controls in these or other contexts. After all, if we can have “broadcast flags” and “Do Not Track” schemes, why not “flag” mandates for objectionable speech or “Do Not Porn” browser mandates?

From 2002-2005, when the broadcast flag wars were really raging, groups like the Electronic Frontier Foundation and Center for Democracy & Technology made several legitimate legal and practical arguments against a mandatory broadcast flag regime. But their principled case against broadcast flag mandates came down to an underlying fear about government encroachment on the Internet and the specter of more far-reaching regulation of cyberspace. For example, in a December 2003 report, CDT noted that even if other details could be worked out, “the [broadcast] flag approach will still pose unresolved concerns regarding technical regulation of computers and the Internet by the government [and] the impact of regulations on innovation and future consumer uses” was also problematic.

Importantly, EFF and CDT hammered broadcast flag proponents on the question of jurisdictional authority. They rightly asked where the FCC  got the authority to impose such rules at all and worried about the spillover effects of such arbitrary mandates in other Internet contexts. (The broadcast flag scheme was eventually tossed out by the D.C. Court of Appeals because of the FCC’s lack of authority.)

So, why wouldn’t these same concerns and arguments apply to Do Not Track regulation? CDT and EFF seem to care little that the Federal Trade Commission is aggressively pushing this new information control regime on the Internet.  Indeed, CDT and EFF are two of the biggest cheerleaders for FTC action in this regard.  Sorry, but I just don’t get it.  If it was misguided for regulators to push a broadcast flag regime upon cyberspace, isn’t it just as misguided for them to be pushing Do Not Track? I suspect this inconsistency has something to do with CDT and EFF being inherently skeptical of the benefits of most online copyright protection schemes while being more sympathetic to legal efforts aimed at protecting personal privacy online. Simply stated, they think there’s something to the notion of privacy “rights” and will bend over backward to engineer an information control regime to protect against the “unauthorized” flow of personal information online. When it comes to the “unauthorized” flow of copyrighted bits of information online, however, they aren’t nearly as interested in inviting the code cops in.

But even if one sympathizes with that distinction — absolute privacy “rights”  vs. minimal copy-“rights” — all the same concerns and criticisms that CDT and EFF raised earlier about the broadcast flag regulatory scheme would seemingly apply to the Do Not Track regime. Both regimes face formidable enforcement challenges and raise the specter of broader government control of cyberspace. There’s just no getting around that reality, and Do Not Track defenders who deny it are basically hiding from the ugly truth that they are greasing the skids for future information control efforts and regimes — both here and abroad.

I suppose that they might also argue that regulation is justified where it ensures more “choice” for consumers.  But forcing “choice” upon online markets isn’t exactly the same thing as allowing it evolve in a natural, non-destructive fashion. As I noted in my filing, many others besides me are concerned about what mandatory Do Not Track would mean for the online ecosystem of mostly “free” content and services. Lauren Weinstein, co-founder of People For Internet Responsibility (PFIR), worries that the “ability [of Do Not Track concepts] to cause major collateral damage to the Internet ecosystem of free Web services is being unwisely ignored or minimized by many Do Not Track proponents.” And in a brilliant Huffington Post column this week about the rise of a privacy techno-panic, Jeff Jarvis said, “I also worry that efforts to bring in a ‘Do Not Track’ list and other demonization of ad targeting could cripple the revenue of the media and news industries even as they struggle to find sustainability; it could kill news outlets and reduce journalism.”

Weinstein and Jarvis are right. There is no free lunch. While groups like EFF and CDT who support Do Not Track regulation are well-intentioned in their aims, the reality is that government regulation that attempts to create a cost-free opt-out for data collection and targeted online advertising will likely have damaging consequences for the future provision of online content and services. In terms of direct costs to consumers, Do Not Track could result in higher prices for service as paywalls go up or, at a minimum, advertising will become less relevant to consumers and, therefore, more “intrusive” in other ways.

Which leads to my final point. What is perhaps most perplexing about this is how many of the advocates of Do Not Track argue that such a regulatory scheme will slow the “arms race” in the privacy arena. For example, EFF has said “The header-based Do Not Track system appeals because it calls for an armistice in the arms race of online tracking.” And my favorite frenemy Chris Soghoian argues that “opt out mechanisms… [could] finally free us from this cycle of arms races, in which advertising networks innovate around the latest browser privacy control.”  At best, this is highly wishful thinking. At worst, it’s outright deceit aimed at sugar-coating the hard truth: If anything, a Do Not Track mandate will speed up the technological arms race and have many other unintended consequences. Online advertising will almost certainly become more “annoying” and even invasive as a result of such regulation.  And “tracking” techniques aren’t going to be stopped or even slowed as a result of Do Not Track. (Hello DPI!) Again, check out my filing to the FTC for more details.

The important point here is that one intervention will simply beget another and another in an attempt to address the “arms race” and to refine and rework Do Not Track to cover more and more online information flows. One wonders how expansive this new regulatory regime will need to be to deal with the growing scale and volume of online information flows. Really, does anyone think there will be less personal information online in coming years?  Unless we stop the unprecedented voluntary information-sharing and self-revelation of personal data that takes place on social networking sites and via user-generated content sites, there is simply no way in hell this problem is going to be curtailed. When 600 million people use Facebook as an open diary to the world (among many other examples I could cite), it’s hard to imagine we’ll ever be able to stop the mercurial flow of personal information across the Internet. Do Not Track certainly won’t stop it, but the cost of putting such a regulatory regime in place in an attempt to put the genie back in the bottle could be profound for the future of the Internet and online content and culture.

Again, this is essentially the same argument previously set forth against a broadcast flag mandate. As EFF once noted, “the technology mandate proposed… is unnecessary, ineffective, and unwise.”  I agree, and I invite Do Not Track defenders at CDT and EFF (or anyone else) to explain why, conceptually speaking, Do Not Track isn’t just broadcast flag in drag.

A headline in the USA Today earlier this week screamed, “Hello, Big Brother: Digital Sensors Are Watching Us.”  It opens with an all too typical techno-panic tone, replete with tales of impending doom:

Odds are you will be monitored today — many times over. Surveillance cameras at airports, subways, banks and other public venues are not the only devices tracking you. Inexpensive, ever-watchful digital sensors are now ubiquitous.

They are in laptop webcams, video-game motion sensors, smartphone cameras, utility meters, passports and employee ID cards. Step out your front door and you could be captured in a high-resolution photograph taken from the air or street by Google or Microsoft, as they update their respective mapping services. Drive down a city thoroughfare, cross a toll bridge, or park at certain shopping malls and your license plate will be recorded and time-stamped. Several developments have converged to push the monitoring of human activity far beyond what George Orwell imagined. Low-cost digital cameras, motion sensors and biometric readers are proliferating just as the cost of storing digital data is decreasing. The result: the explosion of sensor data collection and storage.

Oh my God! Dust off you copies of the Unabomber Manifesto and run for your shack in the hills!

No, wait, don’t. Let’s instead step back, take a deep breath and think about this. As the article goes on to note, there will certainly be many benefits to our increasing “sensor society.”  Advertising and retail activity will become more personalized and offer consumers more customized good and services.  I wrote about that here at greater length in my essay on “Smart-Sign Technology: Retail Marketing Gets Sophisticated, But Will Regulation Kill It First?”  More importantly, ubiquitous digital sensors and data collection/storage will also increase our knowledge of the world around us exponentially and do wonders for scientific, environmental, and medical research.

But that won’t soothe the fears of those who fear the loss of their privacy and the rise of a surveillance society in which our every move is watched or tracked. So, let’s talk about what those of you who feel that way want to do about it.

The Challenge of Information Control

The USA Today quotes some people I know fairly well and have great respect for (Lee Tien, Chris Wolf, & Ryan Calo) raising various concerns but not really offering any specific recommendations. I suspect that it’s only a matter of time before we hear calls for regulation — even bans — of digital sensor / surveillance technologies.  On the other hand, things might unfold the way they did when RFID chips/tags came on the scene.  There was a lot of hysteria then, but things died down and — unless I missed something — no major restrictions on their use were instituted and RFID is in widespread use today.

But the “creepiness” or intrusiveness factor gets ratcheted up a bit with next-gen digital sensor technology, especially because they have become highly decentralized and dirt cheap. Practically every teenager is walking around with a powerful digital “sensor” or surveillance technology in the pocket today.  It’s called their phone.  Except they rarely use it to make calls.  They do, however, use it to record audio and video of themselves and the world around them and instantaneously share it will the planet. They also use geolocation technologies to pinpoint the movement of themselves and others in real time.

Meanwhile, new translation tools and biometric technologies are becoming widely available to average folk. Those of you who have played with Google Goggles on your smartphone know what I am talking about. Incredibly cool stuff, but you can see where it is heading. In a couple of years, we’ll have biometric buttons on our shirts feeding live streams of our daily movements and interactions into social networking sites and databases. We’ll use them to record our days and play them back later, or perhaps to just instantly scan and recognize faces and places in case we can’t remember them using our noggins. As a result, mountains of intimate data we be created, collected, collated, and cataloged on a daily basis. 

And there isn’t much we can do to stop this. As I noted in my essays on “Privacy as an Information Control Regime: The Challenges Ahead, and “The IP & Porn Wars Give Way to the Privacy & Cybersecurity Wars,” today’s information control efforts are greatly complicated by problems associated with (1) convergence, (2) scale, (3) volume, and (4) unprecedented individual empowerment / user-generation of content.  Thus, for better or worse, the information genies — porn, hate speech, spam, state secrets, pirated content, personal information, etc. — are out of their bottles and getting them back in will be an enormous challenge.

Darknet & the Decline of Practical Obscurity

In the context of personal privacy, the net result of all of this — to quote Jim Harper’s excellent 2006 book Identity Crisis — is the “decline of practical obscurity.”  “As practical obscurity declines,” Harper notes, “it becomes more likely that large quantities of data center on identified individuals  will be collected and more likely that it will be shared and used. With large collections if data highly correlated to precise identities, he consequences of being identified are changing.” (p. 163)  Harper rightly notes that may not be all bad. Again, there will be many benefits associated with this. But many others — especially those who are privacy fundamentalists and would have privacy trump most other values — won’t want to hear about possible benefits or trade-offs. It’s pretty much all bad from their perspective.

So, let’s get back to what we want to do about all this. Is “creepiness” enough of a harm to call in the code cops to undo progress?  If so, can we roll back the clock or put this particular technology back in the bottle?  I suppose that, with enough effort, we could.  But I can’t help but think about all the “darknet“-related critiques I’ve heard over the past decade about the futility of efforts to protect intellectual property or use DRM to secure IP against widespread dissemination. As I noted in my essay on “Two Paradoxes of Privacy Regulation,” many of these arguments have been set forth by the same people who now tell us they want to try to bottle up information in this context by “property-tizing” personal information.

But if the darknet critique holds for flows of copyrighted information, why would it not also hold for personal information?  Perhaps there is less incentive to push out personal information across the planet as aggressively as intellectual property, but that doesn’t mean there is no incentive to do so.  Many people will do it voluntarily each and every day when they put the most intimate details (and pictures / videos) of their lives online.  And, as they darknet critique informs us, once the information is out, it’s pretty much game over.

This is one reason why I’ve been mildly entertained by what some privacy regulatory advocates have said recently about “Do Not Track” regulation being able to stop or slow the technological arms race in the privacy arena.  “The header-based Do Not Track system appeals because it calls for an armistice in the arms race of online tracking,” says Rainey Reitman of EFF.  And the always provocative regulatory agitator Chris Soghoian argues that “opt out mechanisms… [could] finally free us from this cycle of arms races, in which advertising networks innovate around the latest browser privacy control.”  These guys should know better. There is no way in hell that Do Not Track would slow the technological “arms race” in this arena. If anything, a Do Not Track mandate will speed up that arms race and potentially just shift attention toward the development of Deep Packet Inspection (DPI) technologies or other, more invasive, forms of tracking.

I suppose they would argue that we’ll turn our attention to those technological developments as they happen, but that would make my point. There will be technological and marketplace responses to efforts to freeze current market structures, norms, and technologies in place. Again, for better or worse, progress happens.  It’s just that privacy advocates aren’t particularly fond of the consequences of technological progress in this regard and want to put a stop to it.  But they will fail.

Hyper-Transparency

At this point, some savvy readers might suspect I have fallen under the spell of David Brin and the vision he set forth in his 1997 book, The Transparent Society. There’s some truth to that, at least as it pertains to the empirical side of his argument. For those who forget his provocative thesis, Brin argued that:

While new surveillance and data technologies pose vexing challenges, we may be wise to pause and recall what worked for us so far. Reciprocal accountability — a widely shared power to shine light, even on the mighty — is the unsung marvel of our age, empowering even eccentrics and minorities to enforce their own freedom. Shall we scrap civilization’s best tool — light — in favor of a fad of secrecy?

Across the political spectrum, a “Strong Privacy” movement claims that liberty and personal privacy are best defended by anonymity and encryption, or else by ornate laws restricting what groups or individuals may be allowed to know. This approach may seem appealing, but there are no historical examples of it ever having worked.  Strong Privacy bears a severe burden of proof when they claim that a world of secrets will protect freedom… even privacy… better than what has worked for us so far — general openness.

Indeed, it’s a burden of proof that can sometimes be met! Certainly there are circumstances when/where secrecy is the only recourse… in concealing the location of shelters for battered wives, for instance, or in fiercely defending psychiatric records. These examples stand at one end of a sliding scale whose principal measure is the amount of harm that a piece of information might plausibly do, if released in an unfair manner. At the other end of the scale, new technologies seem to require changes in our definition of privacy. What salad dressing you use may be as widely known as what color sweater you wear on the street… and just as harmlessly boring.

The important thing to remember is that anyone who claims a right to keep something secret is also claiming a right to deny knowledge to others. There is an inherent conflict! Some kind of criterion must be used to adjudicate this tradeoff and most sensible people seem to agree that this criterion should be real or plausible harm… not simply whether or not somebody likes to keep personal data secret.

As a normative matter, I’m not entirely in league with Brin, but I do think he makes a very powerful case for transparency and openness trumping privacy and secrecy. (And isn’t it a delicious irony of information policy debates that the same crowd that is typically hammering on policymakers about the need for greater “openness” and transparency in all other matters suddenly wants to the opposite when our personal information is brought into the discussion?!)

But where I am entirely in agreement with Brin is with his empirical or practical case for understanding and, to some extent, accepting the world around us.  I wouldn’t necessarily label it the snarky “privacy is dead, just get over it,” but I would think it fair to call this philosophy “privacy is changing, and we need to learn how to live with it.”

Thinking about Concrete Harms & Targeted Solutions to Them

To be clear, I’m not against all forms of “privacy” law or regulation.  When it comes to government surveillance, I think we need more limitations on the State and the ability of public officials to access certain types of information, or act upon it. The key point here is that the solution to State surveillance concerns should not be bans on the technology. We instead need to shackle State actors and tightly delimit their power over our lives—such as by tightening up the Electronic Communications Privacy Act, as the Digital Due Process Coalition proposes, and by creating new protections for locational data, as Sen. Wyden has recently proposed.  And we should do so because the State possesses uniquely coercive powers over our lives and our property.

For privately aggregated data, it’s more complicated. I continue to think we can live with most forms of private data collection and aggregation since there are great benefits for society.  Most of the time, companies are just trying to sell us a more relevant product.  It’s hard for me to see the harm in that.  But there will be certain categories of personal information that will eventually need to be carved out of the mix.  I think health and financial information are the two primary categories in this case. It doesn’t mean we should take extreme steps to limit all data flows associated with them, but we will likely need to take some steps.  And most countries, including the U.S., already have targeted laws dealing with those two categories of personal information.  In this sense, I look at privacy regulation in much the same way I look at censorship.  The general default should be that openness and information sharing are permissible. But in some extreme cases — think child pornography — most of us can agree that the harm is quite tangible and significant enough to warrant repression of that information / content.

These are challenging issues and this is fertile ground for further academic investigation.  I think that we are only beginning to explore and understand the mechanics of information control regimes. As we continue that exploration, especially as we look to significantly broaden regulation of personal information flows, here are some questions for scholars to consider and debate:

• In the context of privacy and personal information, how far should law go to roll back digital progress or try to put the genie back in the bottle?
• Does the “darknet” theory have ramifications for the privacy debate?
• Can or should we have similar information control regimes for privacy, content control, defamation, intellectual property, cybersecurity, etc, or should each problem be treated/regulated differently?
• If, however, we adopt differing regulatory regimes for different classes of information, won’t the most restrictive regime become a model for the others?
• Finally, instead of attempting to stifle all information flows or block new technologies that facilitate information sharing, are we better off — as Brin suggests — channeling our energy in to increasing transparency across the board so that those who hold information about us are forced to reveal what they have or know?  Of course, that will lead some to suggest — as many privacy advocates do today — that we should be given more control over the uses of that information once it is in the wild.  Again, what I am assuming here is that that is increasingly an exercise in futility.

By Berin Szoka & Adam Thierer

Yesterday, the Progress & Freedom Foundation (PFF) and Electronic Frontier Foundation (EFF)  filed a joint amicus brief with the U.S. Supreme Court urging the Court to protect the free speech rights of videogame creators and users and asking the justices to uphold a ruling throwing out unconstitutional restrictions on violent videogames.  At issue is a California law that bans the sale or rental of “violent” videogames to anyone under the age of 18, among other regulations. While the law was passed in 2005, it has never taken effect, as courts have repeatedly ruled it unconstitutional. California appealed its loss at the Ninth Circuit Court of Appeals to the Supreme Court.  The case is Schwarzenegger vs. EMA.

This case has profound ramifications for the future of not just videogames, but all media, and the Internet as well. Although we’ve had 15 years of fairly solid Supreme Court case law on new media issues, a loss in the Schwarzenegger case could reverse that tide.  In the amicus brief, we explain how the current videogame content rating system empowers parents to make their own decisions without unconstitutionally restricting this new and evolving form of free speech.  Our brief is focused on three major arguments:

1. Parental Control Tools, Household Media Control Methods, Self-Regulation and Enforcement of Existing Laws Constitute Less Restrictive Means of Limiting Access to Objectionable Content than Government Regulation of Constitutionally Protected Speech
2. Videogame Content is Constitutionally Protected Speech Deserving Strict Scrutiny
3. The State Has Not Established a Compelling Government Interest in Restricting the Sale of Videogames to Minors

The filing can be found online here and it is embedded down below.  As always, the Media Coalition has done an outstanding job summarizing the case and listing all the major briefs filed with the Court in this matter, so check out their Schwarzenegger v. EMA page for everything you need to know about this case.  GamePolitics.com also offers excellent ongoing coverage of the case. In particular, check out briefs by:

• The Entertainment Software Association reply brief
• The Comic Book Legal Defense Fund by First Amendment legal wit Bob Corn-Revere
• The Center for Democracy & Technology, among others, focusing on the dangers of expanded age verification for the Internet, which PFF, CDT and EFF recently filed on in the FTC’s COPPA review proceeding.
• this brief by various First Amendment scholars led by Eugene Volokh
• the Media Coalition & several other groups

EFF – PFF Supreme Court Amicus Brief in SCHWARZENEGGER v EMA Video Game Case http://d1.scribdassets.com/ScribdViewer.swf

As a cyber-libertarian, I’ve been lucky enough to work with people of all ideological stripes in pursuit of various public policy objectives.  I’ve made selective alliances with people on the Right on economic policy issues (like opposing Net Neutrality regulation, Internet taxes, etc) and also worked closely with folks on the Left on speech and culture issues (content controls, anonymity, online safety concerns, etc).

While engaging with with people on both sides of the political fence, I’m often struck by some of their internal inconsistencies.  Conservatives, for example, talk about a big game about personal responsibility on some issues, but quickly abandon that notion when they claim media content or online speech should be regulated by the State (typically “for the children.”)  In this essay, I’d like to discuss interesting inconsistencies on the political Left, especially among advocates of strong privacy regulation (most of whom tend to be Left-leaning in their worldview).  In particular, here are the two things I find most interesting about modern privacy advocates:

(1) Most privacy advocates are vociferous First Amendment supporters, yet they abandon their free speech values and corresponding constitutional tests when it comes to privacy regulation.  When it comes to proposals to regulate media content or online speech, most folks on the Left have a very principled, clear-cut position: people (or parents) should take responsibility for unwanted information flows in their lives (or the lives of their children). In particular, they rightly argue that the many user empowerment tools on the market (filters, monitoring software, other parental control technologies) constitute a so-called “less-restrictive means” of controlling content when compared to government regulation.

Advocacy groups that I have a great deal of respect for and work with quite closely on these issues–such as EFF, CDT and ACLU—all take this position.  Generally speaking, they argue that, when it comes to speech regulation, “household standards” (user-level controls) should trump “community standards” (government regulation). And in Court—where I frequently file joint amicus briefs with them—they repeatedly employ the “less-restrictive means” test to counter government efforts to regulate information flows.

But when it comes to privacy, they throw all this out the window!  For some reason, when the topic of debate shifts from concerns about potentially objectionable content to the free movement of personal information, personal responsibility and self-regulation become the last option, not the first.  What’s most troubling about this is the way these advocates of privacy regulation are unwittingly undermining the power of the “less-restrictive means” test, which is a vitally important barrier to greatly enhanced government control of cyberspace.  That is, when privacy advocates ignore, downplay, or denigrate user-empowerment tools, they are essentially saying self-help is the right answer in one context, but not the other.

That’s a shame because self-help tool work well in both contexts.  Indeed, I’ve spent years documenting the wide variety of user-empowerment tools on the child safety front, and more recently I have worked with colleagues at PFF to provide a similar inventory of “privacy solutions” that can help users control personal information flows.  Can privacy tools be confusing at times or difficult to set up? Yes, they can. But no more so that parental control tools.  Are privacy tools as effective as parental control tools?  I think they are actually more effective because in the case of parental controls, the person you are trying to “protect” (namely, kids) often have a stronger incentive to evade / defeat those tools.  Moreover, privacy-enhancing controls can be very effective—perhaps even too effective—at shutting down unwanted information flows.  Whether it’s ad-blocking tools, cookie controls, or encryption techniques, these tools can actually be far more effective blocks on information flows than, say, Internet filters meant to block porn or hate speech, which is also more subjective by nature.

Of course, no tool is perfect. But as the Supreme Court held in United States v. Playboy, empowerment tools need not be perfect to be preferable to government regulation. “Government cannot ban speech if targeted blocking is a feasible and effective means of furthering its compelling interests,” the Court held.  Moreover, “It is no response that voluntary blocking requires a consumer to take action, or may be inconvenient, or may not go perfectly every time.  A court should not assume a plausible, less restrictive alternative would be ineffective; and a court should not presume parents, given full information, will fail to act.”

So, then, why doesn’t the exact same principle hold for privacy regulation?  I believe it should, and because of that I get in some pretty heated fights with friends at EFF, CDT and ACLU when they abandon the user-empowerment regime on the privacy front and instead invite the government to come in and establish an information control regime.  Which leads to the second thing I find interesting about advocates or privacy regulation…

(2) Most privacy advocates bash copyright and claim it is an information control regime, yet privacy regulation would constitute a stronger information control regime by creating the equivalent of copyright law for personal information (which would, in turn, conflict mightily with the First Amendment).

While many libertarians oppose any form of copyright protection, I still find much worth praising in America’s copyright system.  Nonetheless, I do admit to my libertarian friends, as well as anti-copyright advocates on the Left, that copyright places limits on the flow of certain types of information.  After all, quite literally, copy-right deals with rights to copy information.  Of course, that’s the nature of all property rights—they foreclose and constrain alternative uses. But there’s typically a good reason for that: In the case of intangible property, it’s because we want to promote the creation of content/information in the first place.

For many copyright critics, however, this is an intolerable trade-off. Any limits on reproduction/reuse—even if those rights incentivize artistic/scientific creativity—are regarded as an unjust form of information control.  But if they believe that to be the case for copyright, why do they not feel the same of privacy rights?  After all, there are some striking similarities between the regimes.

In his new book, Skating on Stilts, Stewart Baker reminds us that the famous 1890 Brandeis and Warren Harvard Law Review essay on “The Right to Privacy“–which is like a sacred text to many modern privacy advocates–was heavily influenced by copyright law.  As Baker explains:

Brandeis wanted to extend common law copyright until it covered everything that can be recorded about an individual. The purpose was to protect the individual from all the new technologies and businesses that had suddenly made it easy to gather and disseminate personal information: “the too enterprising press, the photographer, or the possessor of any other modern device for rewording or reproducing scenes or sounds.”  […] Brandeis thought that the way to ensure the strength of his new right to privacy was to enforce it just like state copyright law. If you don’t like the way “your” private information is distributed, you can sue  everyone who publishes it.

Incidentally, it’s important to recall that the Brandeis and Warren’s call for such a regime was essentially driven by their desire to control the press. In their article, they argued that:

The press is overstepping in every direction the obvious bounds of propriety and of decency. Gossip is no longer the resource of the idle and of the vicious, but has become a trade, which is pursued with industry as well as effrontery. To satisfy a prurient taste the details of sexual relations are spread broadcast in the columns of the daily papers. To occupy the indolent, column upon column is filled with idle gossip, which can only be procured by intrusion upon the domestic circle.

So angered were Brandeis and Warren by reports in daily papers of specifics from their own lives that they were led to conclude that:

man, under the refining influence of culture, has become more sensitive to publicity, so that solitude and privacy have become more essential to the individual; but modern enterprise and invention have, through invasions upon his privacy, subjected him to mental pain and distress, far greater than could be inflicted by mere bodily injury.

Let’s ignore their hyperbolic claim that invasions of privacy could cause more harm than “mere bodily injury.”  No, wait, let’s not!  Seriously, can you believe men of this stature could utter such nonsense?  I’d love to hear a modern privacy advocate defend this notion and explain how, exactly, one could have greater “pain and distress” inflicted by words than “by mere bodily injury.”  That’s a doozy of a claim.  Nonetheless, they said it—in the law review article that quite literally gave birth to American privacy law.  And it only follows, then, that they would want fairly draconian controls on free speech / press rights if they felt this strongly.

Taken to the extreme, however, giving such a notion the force of law would put privacy “rights” on a direct collision course with the First Amendment and freedom of speech/communication.  As Eugene Volokh argued in a 2000 law review article entitled, “Freedom of Speech, Information Privacy, and the Troubling Implications of a Right to Stop People from Speaking About You“:

The difficulty is that the right to information privacy — the right to control other people’s communication of personally identifiable information about you — is a right to have the government stop people from speaking about you. And the First Amendment (which is already our basic code of “fair information practices”) generally bars the government from “control[ling the communication] of information,” either by direct regulation or through the authorization of private lawsuits.

Indeed, how could a journalist even conduct their business in such a world? By their very nature, good reporters are nosy and disregard the privacy rights of the people and institutions they report on. But in a world where privacy “rights” trump other rights, free speech would be forced to take a back seat.

To be clear, I’m not opposed to all privacy “rights.” But as I noted in my lengthy review of Daniel Solove’s Understanding Privacy, we need to begin with a theory of rights and then figure out what privacy “harms” we are trying address/rectify.  Generally speaking, I am skeptical of most claims about harms coming from people talking about us or knowing more about us and I believe that freedom of speech / communications should trump such rights claims. But that’s because I subscribe to a libertarian theory of rights/justice that–as the name implies–places human liberty at the core of that theory of rights.  If liberty isn’t your cup of tea, I can see how “privacy” might be viewed as co-equal in your theory of rights.  Nonetheless, I would hope such people would acknowledge that, at the end of the day, such a theory requires trade-offs and that, much like making an allowance for copyright in a libertarian system, information flows might be limited by these assertion of privacy rights.   What I’m asserting here, however, is that privacy regulation would entail far greater restrictions on liberty–especially freedom of speech/communication–than copyright law. After all, as Volokh notes, we are talking about “a right to have the government stop people from speaking about you.”

Addendum: I failed to mention that my fellow TLF blogger Tom Bell has said all of this much more elloquently in his 2001 Cato white paper, “Internet Privacy and Self-Regulation: Lessons from the Porn Wars.”

Common Sense Media (CSM) is a media “watchdog” group that provides a terrifically useful service to the public through independent reviews of popular media content (movies, music, TV, games, and more). As a parent, I find their service indispensable and, as a policy analyst, I have praised their rating system and their media literacy / digital citizenship programs again and again, including numerous endorsements in my special report on Parental Controls & Online Child Protection and other testimony and filings before Congress and federal regulatory agencies.

Thus, being such a big fan of CSM, I was quite dismayed to see the comments they just submitted to the Federal Trade Commission (FTC) as part of the agency’s review of the Children’s Online Privacy Protection Act (COPPA). They advocate not just expanded educational efforts, which are great, but also expanding COPPA’s age scope to cover all kids under 18 as well as opt-in mandates for the collection and use of any “personal information” or “behavioral marketing.”  For all the background on the law and the FTC’s resulting COPPA rule, see this beefy paper Berin Szoka and I authored last year and this testimony and follow-up submission Berin did for the Senate Commerce Committee. And then read the joint submission made by PFF, CDT, and EFF in the same FTC proceeding that CSM just filed in.

Sadly, it’s clear to me that Common Sense Media didn’t take anything we warned about in those papers or filings seriously—or perhaps that they just didn’t bother to read them very carefully, if at all. Their filing is a classic example of good intentions gone wrong. I understand that they want to take additional steps to protect children online, but they completely ignore the practical realities of COPPA expansion and its associated trade-offs:

1. CSM never clearly identifies or quantifies the supposed harm that requires such a significant expansion of Internet regulation. Why the need for a massive expansion of federal regulation in this area?  CSM never makes it clear. Of course, this is becoming old hat here in Washington. Just whisper the word “privacy” and people scream “the sky is falling” and start calling for regulation of all sorts. But are there real harms here? Are there corresponding benefits to be considered? Aren’t other values or principles at stake here. No answer from CSM.
2. CSM never stops to consider the profound free speech implications of their proposals. Don’t they realize that simply extending COPPA to cover older teens will require websites used by large numbers of adults to age verify all users? This raises the same First Amendment concerns about government interference with anonymous communication that caused the 1998 Child Online Protection Act (COPA) to be struck down by the courts as unconstitutional.
3. CSM doesn’t acknowledge that — in the name of protecting privacy – they are essentially demanding a massive amount of additional information be collected to facilitate the regulatory regime they would apparently endorse. Expanded age verification mandates would mean more information has to be collected about kids and their parents, but also about adults who have to prove they aren’t children!
4. CSM never acknowledges that COPPA covers any potential site or tool that allows sharing of personal information by children and that expansion of this regulatory regime in an era of widespread user-generated content, online gaming, texting, and other forms of digital interaction make “expanded verifiable parental consent” a formidable regulatory problem.
5. CSM is essentially treating older teens as if they have no speech rights and are utterly incapable of making decisions for themselves until the day they turn 18.  Never mind that most U.S. states set their age of consent at 16 or 17, for example.  In other words, these aren’t Dora and Diego fans we’re talking about here. These are people who will shortly be in college and eligible to vote and serve in our Armed Forces.
6. CSM never bothers exploring the profound economic impact their proposal will likely have on smaller websites that cater to kids & teens. If expanded regulation crowds out smaller start-ups, the resulting level of creativity and innovation in this market will suffer. Thus, COPPA expansion could lead to unnecessary industry consolidation as smaller operators are forced to sell to bigger player who can cover regulatory compliance costs.
7. CSM never bothers exploring the potential cost to consumers / parents. Expanding verifiable parental consent requirements will no doubt burden the creators or various sites and services, but those costs will ultimately be borne by the public when they are passed along in the form of a fee for services, many of which were previously free of charge.
8. Finally, and perhaps most surprisingly, CSM spends little time focusing on the many beneficial steps being taken by site operators today that make kids safer online. I have said it again and again and again here and elsewhere: If we assume that COPPA is the most important approach to keeping kids safe online, we are making a huge mistake. COPPA is probably one of the least important things that keeps kids safe online. It’s what sites do after kids get into their communities that is really important because—guess what!—kids are going to get in to social networking communities and other sites.  There are many important steps being taken by countless online sites and communities take to make sure they offer more safe and secure environments for kids. In particular, beyond basic parental controls, moderation and intervention efforts by site operators are increasing within social networking sites, virtual worlds, and many other sites to ensure that they offer such “well lit” neighborhoods. We should be encouraging a lot more of that and working to find new “oversight and intervention” methods to deal with problems when they pop up. Common Sense Media has done a lot of great work on this front and should have focused on how those methods could be improved instead of how the create a more cumbersome, intrusive, expensive, and ultimately unworkable age verification regulatory regime for the Internet.

And there are many, many other issues left unexplored by the CSM filing. They’ve simply called for expansion of a regulatory regime without any reference to these challenges, costs, and trade-offs. Again, good intentions can’t excuse sloppy, half-hearted policy analysis.

I’m really quite troubled by this filing and I hope my friends at Common Sense Media will take the time to take a second look at the paper Berin Szoka and I authored last year (“COPPA 2.0: The New Battle over Privacy, Age Verification, Online Safety & Free Speech”) as well as the CDT-EFF-PFF joint filing we just submitted to the FTC.  Regulation has consequences and in this case those consequences will be quite profound. CSM has utterly failed to acknowledge them in this filing.

By Berin Szoka & Adam Thierer

This morning, The Progress & Freedom Foundation (PFF) and the Electronic Frontier Foundation (EFF) filed joint comments with the Federal Communications Commission (FCC) in the inquiry “Empowering Parents and Protecting Children in an Evolving Media Landscape.” (MB Docket No. 09-194)  As Adam summarized here before, the stated purpose of this FCC Notice of Inquiry is to:

seek information on the extent to which children are using electronic media today, the benefits and risks these technologies bring for children, and the ways in which parents, teachers, and children can help reap the benefits while minimizing the risks [and] to gather data and recommendations from experts, industry, and parents that will enable us to identify actions that all stakeholders can take to enable parents and children to navigate this promising electronic media landscape safely and successfully.

In our joint comments with Lee Tien and Seth David Schoen of EFF, we warned that the FCC should tread carefully when considering taking action on areas described in their inquiry. The agency simply has no authority to act on many of the topics discussed throughout the NOI, and it should not attempt to preempt successful private sector solutions. Congress never authorized the Commission to regulate Internet media, nor asked the agency to consider doing so.  In fact, Congress plainly declared that the Internet should be kept “unfettered by Federal or State regulation.”

Any regulation of online media would also fail to pass First Amendment scrutiny, as there are less restrictive means than government regulation to control minors’ access to objectionable content.  In addition, any mandate on content creators or access providers to rate or tag content would constitute compelled speech.

In response to the agency’s request for comments on the awareness and adoption of parental control technologies, we catalog the diverse array of tools and methods available to parents to tailor their exposure to potentially objectionable media and advertising, but advise that only a small percentage of U.S. households potentially need such technologies.  We also warn against a government-run content ratings system because of the overwhelming volume of content available online and because content outside the U.S. would be outside the government’s jurisdiction but just as easily accessible.

Finally, we also respond to the agency’s questions concerning children and advertising, explaining that, in addition to jurisdictional and First Amendment concerns, increased regulation of advertisements could have a negative impact on the production of children’s programming and content, since the majority of this content is supported by advertising or, on the Internet, flows over platforms like YouTube and Facebook that are supported by advertising.

In light of such concerns, “the Commission should continue what it began with its Child Safe Viewing Act Notice by expanding information and education about existing tools and ratings systems and encouraging parents to use these tools and methods and to talk to their children about appropriate media use,” we conclude.  “Beyond that narrow Congressionally-sanctioned mission, the Commission should tread cautiously.”

Read the entire filing here or down below in the Scribd reader.

PFF-EFF Response to FCC Empowering Parents Protecting Children NOI MB 09-194 http://d1.scribdassets.com/ScribdViewer.swf

September 8 — this Tuesday — is the deadline for filing objections against the Google Book Settlement. A number of trade associations, corporations, authors, and advocacy groups have weighed in, including the Electronic Frontier Foundation and the American Civil Liberties Union. They argue that approving the Google Book Settlement in its current form, without explicitly spelling out data collection practices, would endanger user privacy. EFF and ACLU have threatened to file an objection to the Settlement unless Google commits to a stringent privacy policy for Google Book Search.

I think the privacy risks posed by Google Book Search are being blown out of proportion, as I explained in the Examiner Opinion Zone last month. While EFF and others have raised some legitimate fears about the possibility of government getting its hands on Google Book Search user data, these privacy concerns are not unique to Google Book Search, nor are they legitimate grounds for the court to reject the Google Book Settlement.

In a letter I submitted yesterday as an amicus curiae brief to U.S. District Judge Denny Chin, who is presiding over the Google Books case, I argue that privacy concerns should not determine the court’s evaluation of the Settlement:

Competitive Enterprise Institute Letter http://d.scribd.com/ScribdViewer.swf?document_id=19440943&access_key=key-2o4o6jm42x4fvx9dyiwp&page=1&version=1&viewMode=

Berin has already done a fine job tearing apart this latest effort by 10 activist groups to break the Internet by imposing burdensome regulation or punishing legal liability on Internet operators for the crime of trying to deliver relevant advertising to users that can actually pay for the content and services given away to users for free. To that, I would add my deep disappointment that the Electronic Freedom Foundation (EFF) choose to join this cabal.  After all, the other members of the coalition are frequently heard calling for regulation of one variety or another. But EFF always prides itself on supposedly avoiding online regulatory schemes.  That’s what makes it so surprising that they chose to jump on this bandwagon for an Internet industrial policy in the name of “protecting privacy.”

EFF’s embrace of regulation is particularly inconsistent given their excellent filing in the FCC’s “Child Safe Viewing Act” proceeding this summer.  As I’ve previously noted, this proceeding raises the specter of “convergence-era content regulation” with Congress authorizing the FCC to look into “advanced blocking controls” for “wired, wireless, and Internet” platforms.  EFF’s comments rightly stressed dangers of expanded content controls or Internet regulation, and noted the many “less-restrictive means” available to the public that provide compelling alternatives to government regulation:  “Blocking technologies are widely available in the market and do not require further government support.”  And EFF has been instrumental throughout the years of making the case in courts for applying the less-restrictive means test and strict scrutiny when it comes to government efforts to regulate speech.

Why, then, does EFF take the diametrically opposite position when privacy concerns enter the picture? Berin and I appreciate the concerns some people have about their online privacy, just as we appreciate the concerns others have about media content or online child safety. But the only really important question here from a legal perspective is: Do people have tools and methods at their disposal to handle these concerns for themselves, or must government intervene and play Big Momma for them?

Berin and I have argued that citizens have more tools and methods at their disposal than ever before that enable them to make decisions for themselves and their families—both for parental controls and privacy-protecting technologies. In fact, we believe a good case can be made that privacy controls are actually superior to parental controls in terms of providing protection against the concerns at issue. That doesn’t mean privacy controls are perfect, but when properly configured, they can actually do a better job protecting user privacy than parental controls can against objectionable content.

So then, if current-generation privacy controls represent superior “less-restrictive means” to current generation parental control technologies, why does EFF support government regulation for privacy but not for child safety? It doesn’t make any sense to me.  They should be consistent in their support for real Internet freedom.

We’ve discussed extensively the controversy that recently erupted when Apple rejected Google Voice applications from the iPhone App Store. With the FCC sniffing around and tech pundits around the blogosphere weighing in on the merits of possible government intervention, it’s important to remember that jailbreaking an iPhone may be illegal under the Digital Millenium Copyright Act (DMCA). In other words, if you use a hack or workaround that enables you to run banned apps like Google Voice on your iPhone, you could be violating federal law.

The DMCA hasn’t stopped millions of iPhone owners from jailbreaking their phones and installing Cydia, an unofficial alternative to the official iPhone App Store. Cydia, which lets users download banned iPhone apps like Google Voice, has been installed on a whopping one in ten iPhones, according to its developers.

But jailbreaking programs and applications like Cydia are in risky legal territory. Developers who circumvent the iPhone’s copy protection systems are at risk of being sued by Apple, as are users who run jailbreaking software. Apple maintains that jailbreaking software is illegal under federal law, though it has not taken legal action against any unauthorized iPhone developers to date.

To clear up the muddy legal waters surrounding iPhone jailbreaking, Fred von Lohmann of the Electronic Frontier Foundation has asked the U.S. Copyright Office to grant a legal exemption to iPhone jailbreaking on the grounds that users should be able to install apps of their choice on the phone without risking civil or criminal sanctions. In a recent DeepLinks post, von Lohmann argues that the FCC should throw its weight behind EFF’s call for exempting jailbreaking from anti-circumvention rules.

Von Lohmann has a point. Unofficial software that reverse engineers copyrighted software for interoperability purposes shouldn’t be illegal. As former TLFer Tim Lee puts it, “Because reverse engineering is so important in transforming closed standards into open ones, we should be especially worried about laws that stand in the way of that process.”

Jailbreaking should be legal, but that doesn’t mean that Apple should have to make it easy for iPhone owners to jailbreak their phones. Rather, iPhone owners should be able develop and use jailbreaking software free from undue governmental interference. If Apple manages to concoct a bulletproof method of locking down the iPhone, or if AT&T wants to ban jailbreaking in its wireless terms of service, that’s fine. But the burden rests on Apple and AT&T to design adequate technical countermeasures against jailbreaking. At worst, the penalties for jailbreaking should not exceed the contractual terms that users accept when they buy an iPhone.

On the flip side, however, if independent developers devise a method of jailbreaking iPhones that Apple cannot block or detect, that’s Apple’s problem — not government’s. As Ed Felten argues:

The best policy is for government to stay out DRM decisionmaking altogether. Let companies like Apple develop DRM schemes. Let others interoperate with those schemes, if they can figure out how. Ensure competition, and let the market decide which products will succeed, and which DRM schemes are viable.

Granting a DMCA exemption for iPhone jailbreaking is a good start. Fundamentally, though, the real culprit here is the DMCA itself. Congress should reform the DMCA by overhauling its ban on circumvention technologies. Doing so would allow developers to freely distribute iPhone jailbreaking apps without running the risk of getting in legal trouble.

A good example of what DMCA reform ought to look like comes from the Digital Media Consumers’ Rights Act (DMCRA), a bill which was introduced unsuccessfully in Congress in 2003 and again in 2005. The bill would re-establish the legality of breaking copy-protection schemes for legal, non-infringing uses. It would also protect scientific research into copy protection technologies. (The DMCRA also contains some troubling provisions that deal with CD labeling, but that’s a separate matter).

Facebook has been at the center of a controversy involving its moderation policies and The Pirate Bay, a popular Bittorrent tracker that was found guilty of copyright infringement by a Swedish court last month. Since early April, Facebook has enforced a “site-wide” ban on links to The Pirate Bay – including those in private messages.

This practice may run afoul of federal wiretapping statutes that bar service providers from “intercepting” private messages, according to an article that appeared on Wired Threat Level last week. Wired quotes Kevin Bankston, a senior attorney for the Electronic Frontier Foundation, who explains that Facebook’s filtering raises “serious questions about whether Facebook is in compliance with federal wiretapping law.”

It’s important to draw a distinction between the traditional notion of “wiretapping” and Facebook’s “interception” of user messages, which doesn’t involve any human intervention. Regardless of how the courts may interpret ancient laws like the 1986 Electronic Communications Privacy Act, an automated computer system flagging and deleting certain strings from user messages simply isn’t comparable to a third party secretly listening in on a private phone conversation.

Besides, Facebook makes clear to its users from the get-go that their messages and postings are subject to a set of rules (which Facebook lays out in plain English). If Facebook believes a message or posting is against the rules, it can block or remove it. This is not an unreasonable rule; many online discussion forums have enforced similar policies since the Web’s early days. Such filtering is possible only if sites can “examine” messages to identify misconduct.

Critics of Facebook’s filtering policies have rightly pointed out that even legal Pirate Bay links are being blocked. While this is a valid argument, it belongs on the feedback section of Facebook’s Site Governance page – not in a court of law. It isn’t the role of government to second-guess content judgments reached in good faith by social networking sites. Facebook must weigh a range of competing concerns in deciding how to cater to its hundreds of millions of diverse users. The same message that one user might consider “spammy” or malicious might be seen in a totally different light by another user. Add into the equation concerns over reputation and even potential copyright infringement liability, and it’s easy to see why Facebook has to make tough – and controversial – decisions all the time.

While I agree with Bankston that the legal ramifications of Facebook’s practices are far from clear, I’m concerned about the prospect of wiretapping laws being used against websites that moderate communications between users. If filtering Pirate Bay links from user messages constitutes illegal wiretapping, then it would seem that any social network or discussion forum that monitors and removes content from user-to-user communications would be in violation of federal law.

What would it mean for the Internet if websites were barred from moderating messages sent between users? AOL might not be able to “kids only” chat rooms; instant messaging services might be even more spam-ridden than they already are; and yoursphere, a social-networking site “just for kids,” likely wouldn’t even be able to exist.

Decisions about how to operate private online ecosystems are best left to individual firms competing in an open marketplace. Prohibiting website operators from moderating user messages may not bother people who don’t mind spam or porn (or Pirate Bay links), but what about people who desire a social network in which certain kinds of speech are off-limits?

One of the best aspects of the Web is that choices are abundant. If you don’t like one social networking site’s policies, you can go someplace else. Users can already send around links to Pirate Bay torrents through countless other social networking sites, email providers, and instant messaging services. Gmail, AIM, Ning, and Skype are just some examples of free online services that do not censor Pirate Bay links. Heck, if none of these options are satisfactory, you can even build your very own social network with free software like BoonEx and spread around all the Pirate Bay links you want.

I’m finishing up Stanford Law School professor Lawrence Lessig’s latest book, Remix: Making Art and Commerce Thrive in the Hybrid Economy and wanted to make a brief comment about his call for a “simple blanket license” to solve online music piracy.

Overall, I thought Prof. Lessig made a good case regarding the benefits of “remix culture” and why copyright law should leave breathing room for the various derivative works of amateur creators. On the other hand, Lessig still too often blurs remix culture with “ripoff culture” (i.e., those who aren’t out to create anything new but instead just take something without paying a penny for it).

To solve that latter problem, Lessig again endorses a proposal that William Fisher, Electronic Frontier Foundation, and others have made for collective licensing of all online music, but he fails to drill down into the devilish details. He says, for example, that “by authorizing a simple blanket licensing procedure, whereby users could, for a low fee, buy the right to freely file-share” we could “decriminalize file sharing.” (p. 271)

I respect the fact that Lessig is at least acknowledging a problem exists and proposing a solution to it, but the collective licensing approach will be anything but “simple” in practice. As I have pointed out here before, collective licensing proposals and efforts almost always become compulsory in practice.  They inevitably involve government mandates to determine (1) who pays in, (2) how much they pay in, as well as (3) how much gets paid out and, (4) who gets the money.

That final part is the most challenging: How do we determine who should get paid what under a blanket licensing system for the Net? What formula shall we use to determine why one artists gets more than another? After all, counting downloads won’t be simple, and it can be gamed. Lessig says that “there are plenty of ways that we might tag and trace particular uses of copyrighted material.” (p. 272)  Really? If that was the case today, then we would have a fully functioning copyright clearance and compensation system in place already. But “tagging and tracing” is easier said than done. The fact is, the same complexities we face trying to enforce such tagging and tracing systems under the present copyright system would be present in any compulsory licensing system.

And there are still more questions to consider about collective licensing. For example, how do we restrict free-riders who attempt to evade the blanket charge the rest of us are paying? How would we deal with ISPs who refused to play along and embed such a fee in their monthly bills? (Of course, if the fee was reasonable, many ISPs would likely be willing to pass it along to their customers in exchange for freedom from future copyright liability. After all, some ISPs have already expressed an unwillingness to play the role of copyright cop, so they might initially look favorably on a blanket licensing system. But they might still need to engage in some filtering efforts to determine who is downloading what).

There are many thorny questions about the fairness of imposing a blanket fee on all online users even if they don’t listen to any music, or those who would be offended at the prospect of being forced to pay for certain types of music (think of grandmas paying for gangsta rap). On the opposite end of the equation, there’s the question of fairness to artists who may not want to surrender the rights to their musical creations at government-set terms and rates. Finally, what about other types of media creators and distributors? If we’re going to have a blanket fee for online music, why not movies, television content, video games, and everything else?

Thus, while I appreciate Lessig’s argument in the conclusion of the book about “recognizing the limits of regulation,” it’s important to realize that collective / compulsory licensing introduces a different layer of regulatory complexity and that we will need to deal with many of the same challenges we’re trying to deal with under the existing copyright system. I would have liked to see Prof. Lessig explore these challenges in greater detail in Remix.

Is there any other issue under the tech policy sun today that creates stranger intellectual bedfellows than collective licensing of online music? After all, as I noted here before, on the pro-collective licensing side we find mortal enemies EFF and RIAA (at least Warner) in league. And on the anti-collective licensing side, we have Mike Masnick and Andrew Orlowski. If you locked those two guys in a room and tossed out any other copyright topic, they’d probably end up killing each other with their bare hands. But somehow they agree on this one (albeit for somewhat different reasons).

Anyway, I continue to have mixed, but generally skeptical, feelings about online collective licensing. There are countless thorny fairness issues on both the artist and consumer side of things. What’s the pay-in rate? How is it set? Who all pays in? Who gets paid out, how much, and by what formula? And God only knows how you deal with those parties (whether they be ISPs, consumers, or even artists) who don’t want to be a part of the scheme.

For these reasons, I’ve always felt a voluntary collective licensing scheme for the Internet is challenging, if not impossible. It would have to be compulsory to be a truly blanket license that covered all music, all users, and all platforms. I’m not too fond of that approach, but I think that’s where we are likely heading in the copyright wars. After all, that’s how it has been resolved in many other contexts historically. But that doesn’t give me any comfort since those other systems have been a mess in practice. This 2004 Cato study by Robert Merges provides some details and makes the case against apply the compulsory licensing approach to the online music marketplace.

We’ve failed to keep our podcast alive here at the TLF — and I apologize about that — but there are still a lot of good tech policy-related podcasts out there for you to listen to. Here’s a new one that sounds very promising. It’s called the “Intellectual Property Colloquium” podcast, and it’s hosted by the brilliant Doug Lichtman, a professor of law at UCLA Law School.

The first show features a discussion that took place in one of Prof. Lichtman’s classes in which the always-interesting Fred Von Lohmann of the Electronic Frontier Foundation (EFF) begins by talking about the controversial Cablevision DVR case and then transitions into copyright law and infringement more generally. Doug jumps into the conversation about 12 minutes and needles Fred with a litany of excellent questions that really get the debate going. Whenever Doug and Fred go at it, it is a real intellectual clash of the titans.

The upcoming shows look just as good. Next up is a debate between Stacey Byrnes of NBC-Universal and Tim Wu of Columbia University about the DMCA notice-and-takedown process. The November show will include Dan Solove talking about “Privacy in a Networked World.” [I am just finishing up his important new book, Understanding Privacy, and I will be posting a review of it here soon.] And the December show is called “Everyone Hates DRM,” and is set to include Ed Felton of Princeton University versus Dean Marks of Warner Brothers. That should be a interesting conversation.

At first glance, it seems to me that this big settlement announced today between Google and the book publishers regarding Google Book Search sounds a lot like an ASCAP model for online book transactions. Specifically, of the key provisions of the agreement, it’s this last one about the Book Rights Registry that makes me think of ASCAP:

Compensation to Authors and Publishers and Control Over Access to Their Works – Distributing payments earned from online access provided by Google and, prospectively, from similar programs that may be established by other providers, through a newly created independent, not-for-profit Book Rights Registry that will also locate rightsholders, collect and maintain accurate rightsholder information, and provide a way for rightsholders to request inclusion in or exclusion from the project.

That’s basically what ASCAP does today, and I think this sounds like a pretty good plan for books going forward. But I also find myself wondering: Could this be the beginning of a move toward a more comprehensive online collective licensing system for other types of content as everything moves online. For example, could this model work for music? EFF has argued it could. And some in the music industry appear to be moving in that direction. (Talk about your strange bedfellows… EFF and the RIAA potentially on the same side of an issue!)

Of course, you’d need to get a lot more companies than just Google to play ball to make it work for music — specifically, you’d need all the ISPs on board. For books, by contrast, the reason today’s deal will likely work is because Google has been the only online operator with the scale and interest in putting the entire contents of so many books online. But all music is already online and much video is heading online, too. So, I think it would be much, much more challenging to make collective licensing work for music and video the way it appears it might work for books. (We’d probably need compulsory licensing instead, which I am no fan of). The key to these voluntary collective licensing systems is large, trusted intermediaries that can clear a massive volume of transactions. Google can do that for books as today’s deal makes clear. It will be interesting to see if others suggest that music and video can and should work the same way. I’m skeptical, and I’m also a bit hung up on some fairness issues about how it would work, which I might touch upon in a future essay.

But I’m no copyright expert so I’d be interested in hearing what my colleagues and others think.

Update: Looks like someone beat me to the punch with the ASCAP comparison. I just starting reading through my RSS feed and finding reaction from others and came across Mathew Ingram’s post arguing that, “In effect, Google is setting up a body that does what ASCAP and similar groups do for musicians.”