Wallach’s latest book is entitled, A Dangerous Master: How to Keep Technology from Slipping beyond Our Control. And, as I’ve noted here recently, the greatly expanded second edition of my latest book, Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom, has just been released.

Of all the books of technological criticism or skepticism that I’ve read in recent years—and I have read stacks of them!— A Dangerous Master is by far the most thoughtful and interesting. I have grown accustomed to major works of technological criticism being caustic, angry affairs. Most of them are just dripping with dystopian dread and a sense of utter exasperation and outright disgust at the pace of modern technological change.

Although he is certainly concerned about a wide variety of modern technologies—drones, robotics, nanotech, and more—Wallach isn’t a purveyor of the politics of panic. There are some moments in the book when he resorts to some hyperbolic rhetoric, such as when he frets about an impending “techstorm” and the potential, as the book’s title suggests, for technology to become a “dangerous master” of humanity. For the most part, however, his approach is deeper and more dispassionate than what is found in the leading tracts of other modern techno-critics.

Many Questions, Few Clear Answers

Wallach does a particularly good job framing the major questions about emerging technologies and their effect on society. “Navigating the future of technological possibilities is a hazardous venture,” he observes. “It begins with learning to ask the right questions—questions that reveal the pitfalls of inaction, and more importantly, the passageways available for plotting a course to a safe harbor.” (p. 7) Wallach then embarks on a 260+ page inquiry that bombards the reader with an astonishing litany of questions about the wisdom of various forms of technological innovation—both large and small. While I wasn’t about to start an exact count, I would say that the number of questions Wallach poses in the book runs well into the hundreds. In fact, many paragraphs of the book are nothing but an endless string of questions.

Thus, if there is a primary weakness with A Dangerous Master, it’s that Wallach spends so much time formulating such a long list of smart and nuanced questions that some readers may come away disappointed when they do not find equally satisfying answers. On the other hand, the lack of clear answers is also completely understandable because, as Wallach notes, there really are no simple answers to most of these questions.

Just Slow Down!

Moving on to substance, let me make clear where Wallach and I generally see eye-to-eye and where we part ways.

Generally speaking, we agree about the need to come up with better “soft governance” systems for emerging technologies, which might include multistakeholder process, developer codes of conduct, sectoral self-regulation, sensible liability rules, and so on. (More on those strategies in a moment.)

But while we both believe it is wise to consider how we might “bake-in” better ethics and norms into the process of technological development, Wallach seems much more inclined than me to expect that we will be able to pre-ordain (or potentially require?) all this happens before much of this experimentation and innovation actually moves forward. Wallach opens by asking:

Determining when to bow to the judgment of experts and whether to intervene in the deployment of a new technology is certainly not easy. How can government leaders or informed citizens effectively discern which fields of research are truly promising and which pose serious risks? Do we have the intelligence and means to mitigate the serious risks that can be anticipated? How should we prepare for unanticipated risks? (p. 6)

Again, many good questions here! But this really gets to the primary difference between Wallach’s preferred approach and my own: I tend to believe that many of these things can only be worked out through ongoing trial and error, the constant reformulation of the various norms that govern the process of innovation, and the development of sensible ex post solutions to some of the most difficult problems posed by turbulent technological change.

By contrast, Wallach’s generally attitude toward technological evolution is probably best summarized by the phrases: “Slow down!” and, “Let’s have a conversation about it first!” As he puts it in his own words: “Slowing down the accelerating adoption of technology should be done as a responsible means to ensure basic human safety and to support broadly shared values.” (p. 13)

But I tend to believe that it’s not always possible to preemptively determine which innovations to slow down, or even how to determine what those “shared values” are that will help us make this determination. More importantly, I worry that there are very serious potential risks and unintended consequences associated with slowing down many forms of technological innovation, which could improve human welfare in important ways. There can be no prosperity, after all, without a certain degree of risk-taking and disruption.

Getting Out Ahead of the Pacing Problem

Yet, what concerns Wallach most is the much-discussed issue from the field of the philosophy of technology, the so-called “pacing problem.” Wallach concisely defines the pacing problem as “the gap between the introduction of a new technology and the establishment of laws, regulations, and oversight mechanisms for shaping its safe development.” (p. 251) “There has always been a pacing problem,” he notes, but he is concerned that technological innovation—especially highly disruptive and potentially uncontrollable forms of innovation—is now accelerating at an absolutely unprecedented pace.

(Just as an aside for all the philosophy nerds out there…  Such a rigid belief in the “pacing problem” represents a techno-deterministic viewpoint that is, ironically, sometimes shared by technological skeptics like Wallach as well as technological optimists like Larry Downes and even many in the middle of this debate, like Vivek Wadhwa. See, for example, The Laws of Disruption by Downes and “Laws and Ethics Can’t Keep Pace with Technology” by Wadhwa. Although these scholars approach technology ethics and politics quite differently, they all seem to believe that the pace of modern technological change is so relentless as to almost be an unstoppable force of nature. I guess the moral of the story is that, to some extent, we’re all technological determinists now!)

Despite his repeated assertions that modern technologies are accelerating at such a potentially uncontrollable pace, Wallach nonetheless hopes we can achieve some semblance of control over emerging technologies before they reach a critical “inflection point.” In the study of history and science, an inflection point generally represents a moment when a situation and trend suddenly changes in a significant way and things begin moving rapidly in a new direction. These inflections points can sometimes develop quite abruptly, ushering in major changes by creating new social, economic, or political paradigms. As it relates to technology in particular, inflection points can refer to the moment with a particular technology achieves critical mass in terms of adoption or, more generally, to the time when that technology begins to profoundly transform the way individuals and institutions act.

Another related concept that Wallach discusses is the so-called “Collingridge dilemma,” which refers to the notion that it is difficult to put the genie back in the bottle once a given technology has reached a critical mass of public adoption or acceptance. The concept is named after David Collingridge, who wrote about this in his 1980 book, The Social Control of Technology. “The social consequences of a technology cannot be predicated early in the life of the technology,” Collingridge argued. “By the time undesirable consequences are discovered, however, the technology is often so much part of the whole economics and social fabric that its control is extremely difficult.”

On “Having a Discussion” & Coming Up with “a Broad Plan”

These related concepts of inflection points and the Collingridge dilemma constitute the operational baseline of Wallach’s worldview. “In weighing speedy development against long-term risks, speedy development wins,” he worries. “This is particularly true when the risks are uncertain and the perceived benefits great.” (p. 85)

Consequently, throughout his book, Wallach pleads with us to take what I will call Technological Time Outs. He says we need to pause at times so that we can have “a full public discussion” (p. 13) and make sure there is a “broad plan in place to manage our deployment of new technologies” (p. 19) to make sure that innovation happens only at “a humanly manageable pace” (p. 261) “to fortify the safety of people affected by unpredictable disruptions.” (p. 262) Wallach’s call for Technological Time Outs is rooted in his belief that “the accelerating pace [of modern technological innovation] undermines the quality of each of our lives.” (p. 263)

That is Wallach’s weakest assertion in the book and he doesn’t really offer much evidence to prove that the velocity of modern technological is hurting us rather than helping us, as many of us believe. Rather, he treats it as a widely accepted truism that necessitates some sort of collective effort to slow things down if the proverbial genie is about to exit the bottle, or to make sure those genies don’t get out of their bottles without a lot of preemptive planning regarding how they are to be released into the world. In the following passage on pg. 72, Wallach very succinctly summarizes his approach recommended throughout A Dangerous Master:

this book will champion the need for more upstream governance: more control over the way that potentially harmful technologies are developed or introduced into the larger society. Upstream management is certainly better than introducing regulations downstream, after a technology is deeply entrenched or something major has already gone wrong. Yet, even when we can access risks, there remain difficulties in recognizing when or determining how much control should be introduced. When does being precautionary make sense, and when is precaution an over-reaction to the risks? (p. 72)

Those who have read my Permissionless Innovation book will recall that I open by framing innovation policy debates in almost exactly the same way as Wallach suggests in that last line above. I argue in the first lines of my book that:

The central fault line in innovation policy debates today can be thought of as ‘the permission question.’  The permission question asks: Must the creators of new technologies seek the blessing of public officials before they develop and deploy their innovations? How that question is answered depends on the disposition one adopts toward new inventions and risk-taking, more generally.  Two conflicting attitudes are evident. One disposition is known as the ‘precautionary principle.’ Generally speaking, it refers to the belief that new innovations should be curtailed or disallowed until their developers can prove that they will not cause any harm to individuals, groups, specific entities, cultural norms, or various existing laws, norms, or traditions. The other vision can be labeled ‘permissionless innovation.’ It refers to the notion that experimentation with new technologies and business models should generally be permitted by default. Unless a compelling case can be made that a new invention will bring serious harm to society, innovation should be allowed to continue unabated and problems, if any develop, can be addressed later.

So, by contrasting these passages, you can see what I am setting up here is a clash of visions between what appears to be Wallach’s precautionary principle-based approach versus my own permissionless innovation-focused worldview.

How Much Formal Precaution?

But that would be a tad bit too simplistic because just a few paragraphs after Wallach makes the statement just above about “upstream management” being superior to ex post solutions formulated “after a technology is deeply entrenched,” Wallach begins slowly backing away from an overly-rigid approach to precautionary principle-based governance of technological processes and systems.

He admits, for example, that “precautionary measures in the form of regulations and governmental oversight can slow the development of research whose overall society impact will be beneficial,” (p. 26) and that can “be costly” and “slow innovation.” For countries, Wallach admits, this can have real consequences because “Countries with more stringent precautionary policies are at a competitive disadvantage to being the first to introduce a new tool or process.” (p. 74)

So, he’s willing to admit that what we might call a hard precautionary principle usually won’t be sensible or effective in practice, but he is far more open to soft precaution. But this is where real problems begin to develop with Wallach’s approach, and it presents us with a chance to turn the tables on him a bit and begin posing some serious questions about his vision for governing technology.

Much of what follows below are my miscellaneous ramblings about the current state of the intellectual dialogue about tech ethics and technological control efforts. I have discussed these issues at greater length in my new book as well as a series of essays here in past years, most notably: “On the Line between Technology Ethics vs. Technology Policy; “What Does It Mean to “Have a Conversation” about a New Technology?”; and, “Making Sure the “Trolley Problem” Doesn’t Derail Life-Saving Innovation.”

As I’ve argued in those and other essays, my biggest problem with modern technological criticism is that specifics are in scandalously short supply in this field! Indeed, I often find the lack of details in this arena to be utterly exasperating. Most modern technological criticism follows a simple formula:

TECHNOLOGY –>> POTENTIAL PROBLEMS –>> DO SOMETHING!

But almost all the details come in the discussion about the nature of the technology in question and the apparent many problems associated with it. Far, far less thought goes into the “DO SOMETHING!” part of the critics’ work. One reason for that is probably self-evident: There are no easy solutions. Wallach admits as much at many junctures throughout the book. But that doesn’t excuse the need for the critics to give us a more concrete blueprint for identifying and then potentially rectifying the supposed problems.

Of course, the other reason that many critics are short of specifics is because what they really mean when they quip how much we need to “have a conversation” about a new disruptive technology is that we need to have a conversation about stopping that technology.

Where Shall We Draw the Line between Hard and Soft Law?

But this is what I found most peculiar about Wallach’s book: He never really gives us a good standard by which to determine when we should look to hard governance (traditional top-down regulation) versus soft governance (more informal, bottom-up and non-regulatory approaches).

On one hand, he very much wants society to exercise greatly restraint and precaution when it comes to many of the technologies he and others worry about today. Again, he’s particularly concerned about the potential runaway development and use of drones, genetic editing, nanotech, robotics, and artificial intelligence. For at least one class of robotics—autonomous military robots—Wallach does call for immediate policy action in the form of an Executive Order to ban “killer” autonomous systems. (Incidentally, there’s also a major effort underway called the “Campaign to Stop Killer Robots” that aims to make such a ban part of international law through a multinational treaty.)

But Wallach also acknowledges the many trade-offs associated with efforts to preemptively controls on robotics and other technology. Perhaps for that reason, Wallach doesn’t develop a clear test for when the Precautionary Principle should be applied to new forms of innovation.

Clearly there are times when it is appropriate, although I believe it is only in an extremely narrow subset of cases. In the 2 ^nd Edition of my Permissionless Innovation book, I tried to offer a rough framework for when formal precautionary regulation (i.e., highly-restrictive policy defaults are necessary, such as operational restrictions, licensing requirements, research limitations, or even formal bans) might be necessary. I do not want to interrupt the flow of this review of Wallach’s book too much, so I have decided to just cut-and-paste that portion of Chapter 3 of my book (“When Does Precaution Make Sense?”) down below as an appendix to this essay.

The key takeaway of that passage from my book is that all of us who study innovation policy and the philosophy of technology—Wallach, myself, the whole darn movement—have done a remarkably poor job being specific about precisely when formal policy precaution is warranted. What is the test? All too often, we get lazy and apply what we might call an “I-Know-It-When-I-See-It” standard. Consider the possession of bazookas, tanks, and uranium. Almost all of us would agree that citizens should not be allowed to possess or use such things. Why? Well, it seems obvious, right? They just shouldn’t! But what is the exact standard we use to make that determination.

In coming years, I plan on spending a lot more time articulating a better test by which Precautionary Principle-based policies could be reasonably applied. Those who know me may be taken aback by what I just said. After all, I’ve spend many years explaining why Precautionary Principle-based thinking threatens human prosperity and should be rejected in the vast majority of cases. But that doesn’t excuse the lack of a serious and detailed exploration of the exact standard by which we determine when we should impose some limits on technological innovation.

Generally speaking, while I strongly believe that “permissionless innovation” should remain the policy default for most technologies, there certainly exists some scenarios where the threat of harm associated with a new innovation might be highly probable, tangible, immediate, irreversible, and catastrophic in nature. If so, that could qualify it for at least a light version of the Precautionary Principle. In a future paper or book chapter I’m just now starting to research, I hope to fuller develop those qualifiers and formulate a more robust test around them.

I would have very much liked to see Wallach articulate and defend a test of his own for when formal precaution would make sense. And, by extension, when should we default to soft precaution, or soft law and informal governance mechanisms for emerging technologies.

We turn to that issue next.

Toward Soft Governance & the Engineering of Better Technological Ethics

Even though Wallach doesn’t provide us with a test for determining when precaution makes sense or when we should instead default to soft governance, he does a much better job explaining the various models of soft law or informal governance that might help us deal with the potential negative ramifications of highly disruptive forms of technological change.

What Wallach proposes, in essence, is that we bake a dose of precautionary directly into the innovation process through a wide variety of informal governance/oversight mechanisms. “By embedding shared values in the very design of new tools and techniques, engineers improve the prospect of a positive outcome,” he claims. “The upstream embedding of shared values during the design process can ease the need for major course adjustments when it’s often too late.” (p. 261)

Wallach’s favored instrument of soft governance is what he refers to as “Governance Coordinating Committees” (GCCs). These Committees would coordinate “the separate initiatives by the various government agencies, advocacy groups, and representatives of industry” who would serve as “issue managers for the comprehensive oversight of each field of research.” (p. 250) He elaborates and details the function of GCCs as follows:

These committees, led by accomplished elders who have already achieved wide respect, are meant to work together with all the interested stakeholders to monitor technological development and formulate solutions to perceived problems. Rather than overlap with or function as a regulatory body, the committee would work together with existing institutions. (p. 250-51)

Wallach discussed the GCC idea in much greater detail in a 2013 book chapter he penned with Gary E. Marchant for a collected volume of essays on Innovative Governance Models for Emerging Technologies. (I highly recommend you pick up that book if you can afford it! Many terrific essays in that book on these issues.) In their chapter, Marchant and Wallach specify some of the soft law mechanisms we might use to instill a bit of precaution preemptively. These mechanisms include: “codes of conduct, statements of principles, partnership programs, voluntary programs and standards, certification programs and private industry initiatives.”

If done properly, GCCs could provide exactly the sort of wise counsel and smart recommendations that Wallach desires. In my book and many law review articles on various disruptive technologies, I have endorsed many of the ideas and strategies Wallach identifies. I’ve also stressed the importance of many other mechanisms, such as education and empowerment-based strategies that could help the public learn to cope with new innovations or use them appropriately. In addition, I’ve highlighted the many flexible, adaptive ex post remedies that can help when things go wrong. Those mechanisms include common law remedies such as product defects law, various torts, contract law, property law, and even class action lawsuits. Finally, I have written extensively about the very active role played by the Federal Trade Commission (FTC) and other consumer protection agencies, which have broad discretion to police “unfair and deceptive practices” by innovators.

Moreover, we already have a quasi-GCC model developing today with the so-called “multistakeholder governance” model that is often used in both informal and formal ways to handle many emerging technology policy issues.  The Department of Commerce (the National Telecommunications and Information Administration in particular) and the FTC have already developed many industry codes of conduct and best practices for technologies such as biometrics, big data, the Internet of Things, online advertising, and much more. Those agencies and others (such as the FDA and FAA) are continuing to investigate other codes or guidelines for things like advanced medical devices and drones, respectively. Meanwhile, I’ve heard other policymakers and academics float the idea of “digital ombudsmen,” “data ethicists,” and “private IRBs” (institutional review boards) as other potential soft law solutions that technology companies might consider. Perhaps going forward, many tech firms will have Chief Ethical Officers just as many of them today have Chief Privacy Officers or Chief Security Officers.

In other words, there’s already a lot of “soft law” activities going on in this space. And I haven’t even begun an inventory of the many other bodies or groups that already exist in each sector today that has set forth their own industry self-regulatory codes, but they exist in almost every field that Wallach worries about.

So, I’m not sure how much his GCC idea will add to this existing mix, but I would not be opposed to them playing the sort of coordinating “issue manager” role he describes. But I still have many questions about GCC’s, including:

• How many of them are needed and how we will know which one is the definitive GCC for each sector or technology?
• If they are overly formal in character and dominated by the most vociferous opponents of any particular technology, a real danger exists that a GCC could end up granting a small cabal a “heckler’s veto” over particular forms of innovation.
• Alternatively, the possibility of “regulatory capture” could be a problem for some GCCs if incumbent companies come to dominate their membership.
• Even if everything went fairly smoothly and the GCCs produced balanced reports and recommendations, future developers might wonder if and why they are to be bound by older guidelines.
• And if those future developers choose not to play by the same set of guidelines, what’s the penalty for non-compliance?
• And how are such guidelines enforced in a world where what I’ve called “global innovation arbitrage” is an increasing reality?

Challenging Questions for Both Hard and Soft Law

To summarize, whether we are speaking of “hard” or “soft” law approaches to technological governance, I am just not nearly as optimistic as Wallach seems to be that we will be able to find consensus on these three things:

(1) what constitutes “harm” in many of these circumstances;

(2) which “shared values” should prevail when “society” debates the shaping of ethics or guiding norms for emerging technologies but has highly contradictory opinions about those values (consider online privacy as a good example, where many people enjoy hyper-sharing while other demand hyper-privacy); and,

(3) that we can create a legitimate “governing body” (or bodies) that will be responsible for formulating these guidelines in a fair way without completely derailing the benefits of innovation in new fields and also remaining relevant for very long.

Nonetheless, as he and others have suggested, the benefit of adopting a soft law/informal governance approach to these issues is that it at least seeks to address these questions in more flexible and adaptive fashion. As I noted in my book, traditional regulatory systems “tend to be overly rigid, bureaucratic, inflexible, and slow to adapt to new realities. They focus on preemptive remedies that aim to predict the future, and future hypothetical problems that may not ever come about. Worse yet, administrative regulation generally preempts or prohibits the beneficial experiments that yield new and better ways of doing things.” ( Permissionless Innovation, p. 120)

So, despite the questions I have raised here, I welcome the more flexible soft law approach that Wallach sets forth in his book. I think it represents a far more constructive way forward when compared to the opposite “top-down” or “command-and-control” regulatory systems of the past. But I very much want to make sure that even these new and more flexible soft law approaches leave plenty of breathing room for ongoing trial-and-error experimentation with new technologies and systems.

Conclusion

In closing, I want to reiterate that not only did I appreciate the excellent questions raised by Wendell Wallach in A Dangerous Master, but I take them very seriously. When I sat down to revise and expand my Permissionless Innovation book last year, I decided to include this warning from Wallach in my revised preface: “The promoters of new technologies need to speak directly to the disquiet over the trajectory of emerging fields of research. They should not ignore, avoid, or superficially dampen criticism to protect scientific research.” (p. 28–9)

As I noted, in response to Wallach: “I take this charge seriously, as should others who herald the benefits of permissionless innovation as the optimal default for technology policy. We must be willing to take on the hard questions raised by critics and then also offer constructive strategies for dealing with a world of turbulent technological change.”

Serious questions deserve serious answers. Of course, sometimes those posing those questions fail to provide many answers of their own! Perhaps it is because they believe the questions answer themselves. Other times, it’s because they are willing to admit that easy answers to these questions typically prove quite elusive. In Wallach’s case, I believe it’s more the latter.

To wrap up, I’ll just reiterated that both Wallach and I share a common desire to find solutions to the hard questions about technological innovation. But the crucial question that probably separates his worldview and my own is this: Whether we are talking about hard or soft governance, how much faith should we place in preemptive planning vs. ongoing trial and error experimentation to solve technological challenges? Wallach is more inclined to believe we can divine these things with the sagacious foresight of “accomplished elders” and technocratic “issue managers,” who will help us slow things down until we figure out how to properly ease a new technology into society (if at all). But I believe that the only way we will find many of the answers we are searching for is by allowing still more experimentation with the very technologies that he and others seek to control the development of. We humans are outstanding problem-solvers and have the uncanny ability among all mammals to adapt to changing circumstances. We roll with the punches, learn from them, and become more resilient in the process. As I noted in my 2014 essay, “Muddling Through: How We Learn to Cope with Technological Change”:

we modern pragmatic optimists must continuously point to the unappreciated but unambiguous benefits of technological innovation and dynamic change. But we should also continue to remind the skeptics of the amazing adaptability of the human species in the face of adversity. [. . .] Humans have consistently responded to technological change in creative, and sometimes completely unexpected ways. There’s no reason to think we can’t get through modern technological disruptions using similar coping and adaptation strategies.

Will the technologies that Wallach fears bring about a “techstorm” that overwhelms our culture, our economy, and even our very humanity? It’s certainly possible, and we should continue to seriously discuss the issues that he and other skeptics raise about our expanding technological capabilities and the potential for many of them to do great harm. Because some of them truly could.

But it is equally plausible—in fact, some of us would say, highly probable—that instead of overwhelming us, we learn how to bend these new technological capabilities to our will and make them work for our collective benefit. Instead of technology becoming “a dangerous master,” we will instead make it our helpful servant, just as we have so many times before.

APPENDIX: When Does Precaution Make Sense?

[excerpt from chapter 3 of Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom. Footnotes omitted. See book for all references.]

But aren’t there times when a certain degree of precautionary policymaking makes good sense? Indeed, there are, and it is important to not dismiss every argument in favor of precautionary principle–based policymaking, even though it should not be the default policy rule in debates over technological innovation.

The challenge of determining when precautionary policies make sense comes down to weighing the (often limited) evidence about any given technology and its impact and then deciding whether the potential downsides of unrestricted use are so potentially catastrophic that trial-and-error experimentation simply cannot be allowed to continue. There certainly are some circumstances when such a precautionary rule might make sense. Governments restrict the possession of uranium and bazookas, to name just two obvious examples.

Generally speaking, permissionless innovation should remain the norm in the vast majority of cases, but there will be some scenarios where the threat of tangible, immediate, irreversible, catastrophic harm associated with new innovations could require at least a light version of the precautionary principle to be applied.  In these cases, we might be better suited to think about when an “anti-catastrophe principle” is needed, which narrows the scope of the precautionary principle and focuses it more appropriately on the most unambiguously worst-case scenarios that meet those criteria.

But most cases don’t fall into this category. Instead, we generally allow innovators and consumers to freely experiment with technologies, and even engage in risky behaviors, unless a compelling case can be made that precautionary regulation is absolutely necessary.  How is the determination made regarding when precaution makes sense? This is where the role of benefit-cost analysis (BCA) and regulatory impact analysis is essential to getting policy right.  BCA represents an effort to formally identify the tradeoffs associated with regulatory proposals and, to the maximum extent feasible, quantify those benefits and costs.  BCA generally cautions against preemptive, precautionary regulation unless all other options have been exhausted—thus allowing trial-and-error experimentation and “learning by doing” to continue. (The mechanics of BCA are discussed in more detail in section VII.)

This is not the end of the evaluation, however. Policymakers also need to consider the complexities associated with traditional regulatory remedies in a world where technological control is increasingly challenging and quite costly. It is not feasible to throw unlimited resources at every problem, because society’s resources are finite.  We must balance risk probabilities and carefully weigh the likelihood that any given intervention has a chance of creating positive change in a cost-effective fashion.  And it is also essential to take into account the potential unintended consequences and long-term costs of any given solution because, as Harvard law professor Cass Sunstein notes, “it makes no sense to take steps to avert catastrophe if those very steps would create catastrophic risks of their own.”  “The precautionary principle rests upon an illusion that actions have no consequences beyond their intended ends,” observes Frank B. Cross of the University of Texas. But “there is no such thing as a risk-free lunch. Efforts to eliminate any given risk will create some new risks,” he says.

Oftentimes, after working through all these considerations about whether to regulate new technologies or technological processes, the best solution will be to do nothing because, as noted throughout this book, we should never underestimate the amazing ingenuity and resiliency of humans to find creative solutions to the problems posed by technological change.  (Section V discusses the importance of individual and social adaptation and resiliency in greater detail.) Other times we might find that, while some solutions are needed to address the potential risks associated with new technologies, nonregulatory alternatives are also available and should be given a chance before top-down precautionary regulations are imposed. (Section VII considers those alternative solutions in more detail.)

Finally, it is again essential to reiterate that we are talking here about the dangers of precautionary thinking as a public policy prerogative—that is, precautionary regulations that are mandated and enforced by government officials. By contrast, precautionary steps may be far more wise when undertaken in a more decentralized manner by individuals, families, businesses, groups, and other organizations. In other words, as I have noted elsewhere in much longer articles on the topic, “there is a different choice architecture at work when risk is managed in a localized manner as opposed to a society-wide fashion,” and risk-mitigation strategies that might make a great deal of sense for individuals, households, or organizations, might not be nearly as effective if imposed on the entire population as a legal or regulatory directive.

Finally, at times, more morally significant issues may exist that demand an even more exhaustive exploration of the impact of technological change on humanity. Perhaps the most notable examples arise in the field of advance medical treatments and biotechnology. Genetic experimentation and human cloning, for example, raise profound questions about altering human nature or abilities as well as the relationship between generations.

The case for policy prudence in these matters is easier to make because we are quite literally talking about the future of what it means to be human.  Controversies have raged for decades over the question of when life begins and how it should end. But these debates will be greatly magnified and extended in coming years to include equally thorny philosophical questions.  Should parents be allowed to use advanced genetic technologies to select the specific attributes they desire in their children? Or should parents at least be able to take advantage of genetic screening and genome modification technologies that ensure their children won’t suffer from specific diseases or ailments once born?

Outside the realm of technologically enhanced procreation, profound questions are already being raised about the sort of technological enhancements adults might make to their own bodies. How much of the human body can be replaced with robotic or bionic technologies before we cease to be human and become cyborgs?  As another example, “biohacking”—efforts by average citizens working together to enhance various human capabilities, typically by experimenting on their own bodies —could become more prevalent in coming years.  Collaborative forums, such as Biohack.Me, already exist where individuals can share information and collaborate on various projects of this sort.  Advocates of such amateur biohacking sometimes refer to themselves as “grinders,” which Ben Popper of the Verge defines as “homebrew biohackers [who are] obsessed with the idea of human enhancement [and] who are looking for new ways to put machines into their bodies.”

These technologies and capabilities will raise thorny ethical and legal issues as they advance. Ethically, they will raise questions of what it means to be human and the limits of what people should be allowed to do to their own bodies. In the field of law, they will challenge existing health and safety regulations imposed by the FDA and other government bodies.

Again, most innovation policy debates—including most of the technologies discussed throughout this book—do not involve such morally weighty questions. In the abstract, of course, philosophers might argue that every debate about technological innovation has an impact on the future of humanity and “what it means to be human.” But few have much of a direct influence on that question, and even fewer involve the sort of potentially immediate, irreversible, or catastrophic outcomes that should concern policymakers.

In most cases, therefore, we should let trial-and-error experimentation continue because “experimentation is part and parcel of innovation” and the key to social learning and economic prosperity.  If we froze all forms of technological innovation in place while we sorted through every possible outcome, no progress would ever occur. “Experimentation matters,” notes Harvard Business School professor Stefan H. Thomke, “because it fuels the discovery and creation of knowledge and thereby leads to the development and improvement of products, processes, systems, and organizations.”

Of course, ongoing experimentation with new technologies always entails certain risks and potential downsides, but the central argument of this book is that (a) the upsides of technological innovation almost always outweigh those downsides and that (b) humans have proven remarkably resilient in the face of uncertain, ever-changing futures.

In sum, when it comes to managing or coping with the risks associated with technological change, flexibility and patience is essential. One size most certainly does not fit all. And one-size-fits-all approaches to regulating technological risk are particularly misguided when the benefits associated with technological change are so profound. Indeed, “[t]echnology is widely considered the main source of economic progress”; therefore, nothing could be more important for raising long-term living standards than creating a policy environment conducive to ongoing technological change and the freedom to innovate.

Yesterday, the Federal Trade Commission (FTC) released its long-awaited report on “The Internet of Things: Privacy and Security in a Connected World.” The 55-page report is the result of a lengthy staff exploration of the issue, which kicked off with an FTC workshop on the issue that was held on November 19, 2013.

I’m still digesting all the details in the report, but I thought I’d offer a few quick thoughts on some of the major findings and recommendations from it. As I’ve noted here before, I’ve made the Internet of Things my top priority over the past year and have penned several essays about it here, as well as in a big new white paper (“The Internet of Things and Wearable Technology: Addressing Privacy and Security Concerns without Derailing Innovation”) that will be published in the Richmond Journal of Law & Technology shortly. (Also, here’s a compendium of most of what I’ve done on the issue thus far.)

I’ll begin with a few general thoughts on the FTC’s report and its overall approach to the Internet of Things and then discuss a few specific issues that I believe deserve attention.

Big Picture, Part 1: Should Best Practices Be Voluntary or Mandatory?

Generally speaking, the FTC’s report contains a variety of “best practice” recommendations to get Internet of Things innovators to take steps to ensure greater privacy and security “by design” in their products. Most of those recommended best practices are sensible as general guidelines for innovators, but the really sticky question here continued to be this: When, if ever, should “best practices” become binding regulatory requirements?

The FTC does a bit of a dance when answering that question. Consider how, in the executive summary of the report, the Commission answers the question regarding the need for additional privacy and security regulation: “Commission staff agrees with those commenters who stated that there is great potential for innovation in this area, and that IoT-specific legislation at this stage would be premature.” But, just a few lines later, the agency (1) “reiterates the Commission’s previous recommendation for Congress to enact strong, flexible, and technology-neutral federal legislation to strengthen its existing data security enforcement tools and to provide notification to consumers when there is a security breach;” and (2) “recommends that Congress enact broad-based (as opposed to IoT-specific) privacy legislation.”

Here and elsewhere, the agency repeatedly stresses that it is not seeking IoT-specific regulation; merely “broad-based” digital privacy and security legislation. The problem is that once you understand what the IoT is all about you come to realize that this largely represents a distinction without a difference. The Internet of Things is simply the extension of the Net into everything we own or come into contact with. Thus, this idea that the agency is not seeking IoT-specific rule sounds terrific until you realize that it is actually seeking something far more sweeping: greater regulation of all online / digital interactions. And because “the Internet” and “the Internet of Things” will eventually (if they are not already) be considered synonymous, this notion that the agency is not proposing technology-specific regulation is really quite silly.

Now, it remains unclear whether there exists any appetite on Capitol Hill for “comprehensive” legislation of any variety – although perhaps we’ll learn more about that possibility when the Senate Commerce Committee hosts a hearing on these issues on February 11. But at least thus far, “comprehensive” or “baseline” digital privacy and security bills have been non-starters.

And that’s for good reason in my opinion: Such regulatory proposals could take us down the path that Europe charted in the late 1990s with onerous “data directives” and suffocating regulatory mandates for the IT / computing sector. The results of this experiment have been unambiguous, as I documented in congressional testimony in 2013. I noted there how America’s Internet sector came to be the envy of the world while it was hard to name any major Internet company from Europe. Whereas America embraced “permissionless innovation” and let creative minds develop one of the greatest success stories in modern history, the Europeans adopted a “Mother, May I” regulatory approach for the digital economy. America’s more flexible, light-touch regulatory regime leaves more room for competition and innovation compared to Europe’s top-down regime. Digital innovation suffered over there while it blossomed here.

That’s why we need to be careful about adopting the sort of “broad-based” regulatory regime that the FTC recommends in this and previous reports.

Big Picture, Part 2: Does the FTC Really Need More Authority?

Something else is going on in this report that has also been happening in all the FTC’s recent activity on digital privacy and security matters: The agency has been busy laying the groundwork for its own expansion.

In this latest report, for example, the FTC argues that

Although the Commission currently has authority to take action against some IoT-related practices, it cannot mandate certain basic privacy protections… The Commission has continued to recommend that Congress enact strong, flexible, and technology-neutral legislation to strengthen the Commission’s existing data security enforcement tools and require companies to notify consumers when there is a security breach.

In other words, this agency wants more authority. And we are talking about sweeping authority here that would transcend its already sweeping authority to police “unfair and deceptive practices” under Section 5 of the FTC Act. Let’s be clear: It would be hard to craft a law that grants an agency more comprehensive and open-ended consumer protection authority than Section 5. The meaning of those terms — “unfairness” and “deception” — has always been a contentious matter, and at times the agency has abused its discretion by exploiting that ambiguity.

Nonetheless, Sec. 5 remains a powerful enforcement tool for the agency and one that has been wielded aggressively in recently years to police digital economy giants and small operators alike. Generally speaking, I’m alright with most Sec. 5 enforcement, especially since that sort of retrospective policing of unfair and deceptive practices is far less likely to disrupt permissionless innovation in the digital economy. That’s because it does not subject digital innovators to the sort of “Mother, May I” regulatory system that European entrepreneurs face. But an expansion of the FTC’s authority via more “comprehensive, baseline” privacy and security regulatory policies threatens to convert America’s more sensible bottom-up and responsive regulatory system into the sort of innovation-killing regime we see on the other side of the Atlantic.

Here’s the other thing we can’t forget when it comes to the question of what additional authority to give the FTC over privacy and security matters: The FTC is not the end of the enforcement story in America. Other enforcement mechanism exist, including: privacy torts, class action litigation, property and contract law, state enforcement agencies, and other targeted privacy statutes. I’ve summarized all these additional enforcement mechanisms in my recent law review article referenced above. (See section VI of the paper.)

FIPPS, Part 1: Notice & Choice vs. Use-Based Restrictions

Next, let’s drill down a bit and examine some of the specific privacy and security best practices that the agency discusses in its new IoT report.

The FTC report highlights how the IoT creates serious tensions for many traditional Fair Information Practice Principles (FIPPs). The FIPPs generally include: (1) notice, (2) choice, (3) purpose specification, (4) use limitation, and (5) data minimization. But the report is mostly focused on notice and choice as well as data minimization.

When it comes to notice and choice, the agency wants to keep hope alive that it will still be applicable in an IoT world. I’m sympathetic to this effort because it is quite sensible for all digital innovators to do their best to provide consumers with adequate notice about data collection practices and then give them sensible choices about it. Yet, like the agency, I agree that “offering notice and choice is challenging in the IoT because of the ubiquity of data collection and the practical obstacles to providing information without a user interface.”

The agency has a nuanced discussion of how context matters in providing notice and choice for IoT, but one can’t help but think that even they must realize that the game is over, to some extent. The increasing miniaturization of IoT devices and the ease with which they suck up data means that traditional approaches to notice and choice just aren’t going to work all that well going forward. It is almost impossible to envision how a rigid application of traditional notice and choice procedures would work in practice for the IoT.

Relatedly, as I wrote here last week, the Future of Privacy Forum (FPF) recently released a new white paper entitled, “A Practical Privacy Paradigm for Wearables,” that notes how FIPPs “are a valuable set of high-level guidelines for promoting privacy, [but] given the nature of the technologies involved, traditional implementations of the FIPPs may not always be practical as the Internet of Things matures.” That’s particularly true of the notice and choice FIPPS.

But the FTC isn’t quite ready to throw in the towel and make the complete move toward “use-based restrictions,” as many academics have. (Note: I have lengthy discussion of this migration toward use-based restrictions in my law review article in section IV.D.). Use-based restrictions would focus on specific uses of data that are particularly sensitive and for which there is widespread agreement they should be limited or disallowed altogether. But use-based restrictions are, ironically, controversial from both the perspective of industry and privacy advocates (albeit for different reasons, obviously).

The FTC doesn’t really know where to go next with use-based restrictions. The agency says that, on one hand, “has incorporated certain elements of the use-based model into its approach” to enforcement in the past. On the other hand, the agency says it has concerns “about adopting a pure use-based model for the Internet of Things,” since it may not go far enough in addressing the growth of more widespread data collection, especially of more sensitive information.

In sum, the agency appears to be keeping the door open on this front and hoping that a best-of-all-worlds solution miraculously emerges that extends both notice and choice and use-based limitations as the IoT expands. But the agency’s new report doesn’t give us any sort of blueprint for how that might work, and that’s likely for good reason: because it probably won’t work at that well in practice and there will be serious costs in terms of lost innovation if they try to force unworkable solutions on this rapidly evolving marketplace.

FIPPS, Part 2: Data Minimization

The biggest policy fight that is likely to come out of this report involves the agency’s push for data minimization. The report recommends that, to minimize the risks associated with excessive data collection:

companies should examine their data practices and business needs and develop policies and practices that impose reasonable limits on the collection and retention of consumer data. However, recognizing the need to balance future, beneficial uses of data with privacy protection, staff’s recommendation on data minimization is a flexible one that gives companies many options. They can decide not to collect data at all; collect only the fields of data necessary to the product or service being offered; collect data that is less sensitive; or deidentify the data they collect. If a company determines that none of these options will fulfill its business goals, it can seek consumers’ consent for collecting additional, unexpected categories of data…

This is an unsurprising recommendation in light of the fact that, in previous major speeches on the issue, FTC Chairwoman Edith Ramirez argued that, “information that is not collected in the first place can’t be misused,” and that:

The indiscriminate collection of data violates the First Commandment of data hygiene: Thou shall not collect and hold onto personal information unnecessary to an identified purpose. Keeping data on the off chance that it might prove useful is not consistent with privacy best practices. And remember, not all data is created equally. Just as there is low quality iron ore and coal, there is low quality, unreliable data. And old data is of little value.

In my forthcoming law review article, I discussed the problem with such reasoning at length and note:

if Chairwoman Ramirez’s approach to a preemptive data use “commandment” were enshrined into a law that said, “Thou shall not collect and hold onto personal information unnecessary to an identified purpose.” Such a precautionary limitation would certainly satisfy her desire to avoid hypothetical worst-case outcomes because, as she noted, “information that is not collected in the first place can’t be misused,” but it is equally true that information that is never collected may never lead to serendipitous data discoveries or new products and services that could offer consumers concrete benefits. “The socially beneficial uses of data made possible by data analytics are often not immediately evident to data subjects at the time of data collection,” notes Ken Wasch, president of the Software & Information Industry Association. If academics and lawmakers succeed in imposing such precautionary rules on the development of IoT and wearable technologies, many important innovations may never see the light of day.

FTC Commissioner Josh Wright issued a dissenting statement to the report that lambasted the staff for not conducting more robust cost-benefit analysis of the new proposed restrictions, and specifically cited how problematic the agency’s approach to data minimization was. “[S]taff merely acknowledges it would potentially curtail innovative uses of data. . . [w]ithout providing any sense of the magnitude of the costs to consumers of foregoing this innovation or of the benefits to consumers of data minimization,” he says. Similarly, in her separate statement, FTC Commissioner Maureen K. Ohlhausen worried about the report’s overly precautionary approach on data minimization when noting that, “without examining costs or benefits, [the staff report] encourages companies to delete valuable data — primarily to avoid hypothetical future harms. Even though the report recognizes the need for flexibility for companies weighing whether and what data to retain, the recommendation remains overly prescriptive,” she concludes.

Regardless, the battle lines have been drawn by the FTC staff report as the agency has made it clear that it will be stepping up its efforts to get IoT innovators to significantly slow or scale back their data collection efforts. It will be very interesting to see how the agency enforces that vision going forward and how it impacts innovation in this space. All I know is that the agency has not conducted a serious evaluation here of the trade-offs associated with such restrictions. I penned another law review article last year offering “A Framework for Benefit-Cost Analysis in Digital Privacy Debates” that they could use to begin that process if they wanted to get serious about it.

The Problem with the “Regulation Builds Trust” Argument

One of the interesting things about this and previous FTC reports on privacy and security matters is how often the agency premises the case for expanded regulation on “building trust.” The argument goes something like this (as found on page 51 of the new IoT report): “Staff believes such legislation will help build trust in new technologies that rely on consumer data, such as the IoT. Consumers are more likely to buy connected devices if they feel that their information is adequately protected.”

This is one of those commonly-heard claims that sounds so straight-forward and intuitive that few dare question it. But there are problems with the logic of the “we-need-regulation-to-build-trust-and boost adoption” arguments we often hear in debates over digital privacy.

First, the agency bases its argument mostly on polling data. “Surveys also show that consumers are more likely to trust companies that provide them with transparency and choices,” the report says. Well, of course surveys say that! It’s only logical that consumers will say this, just as they will always say they value privacy and security more generally when asked. You might as well ask people if they love their mothers!

But what consumers claim to care about and what they actually do in the real-world are often two very different things. In the real-world, people balance privacy and security alongside many other values, including choice, convenience, cost, and more. This leads to the so-called “privacy paradox,” or the problem of many people saying one thing and doing quite another when it comes to privacy matters. Put simply, people take some risks — including some privacy and security risks — in order to reap other rewards or benefits. (See this essay for more on the problem with most privacy polls.)

Second, online activity and the Internet of Things are both growing like gangbusters despite the privacy and security concerns that the FTC raises. Virtually every metric I’ve looked at that track IoT activity show astonishing growth and product adoption, and projections by all the major consultancies that have studied this consistently predict the continued rapid growth of IoT activity. Now, how can this be the case if, as the FTC claims, we’ll only see the IoT really take off after we get more regulation aimed at bolstering consumer trust? Of course, the agency might argue that the IoT will grow at an even faster clip than it is right now, but there is no way to prove one way or the other. In any event, the agency cannot possible claim that the IoT isn’t already growing at a very healthy clip — indeed, a lot of the hand-wringing the staff engages in throughout the report is premised precisely on the fact that the IoT is exploding faster that our ability to keep up with it!! In reality, it seems far more likely that cost and complexity are the bigger impediments to faster IoT adoption, just as cost and complexity have always been the factors weighing most heavily on the adoption of other digital technologies.

Third, let’s say that the FTC is correct – and it is – when it says that a certain amount of trust is needed in terms of IoT privacy and security before consumers are willing to use more of these devices and services in their everyday lives. Does the agency imagine that IoT innovators don’t know that? Are markets and consumers completely irrational? The FTC says on page 44 of the report that, “If a company decides that a particular data use is beneficial and consumers disagree with that decision, this may erode consumer trust.” Well, if such a mismatch does exist, then the assumption should be that consumers can and will push back, or seek out new and better options. And other companies should be able to sense the market opportunity here to offer a more privacy-centric offering for those consumers who demand it in order to win their trust and business.

Finally, and perhaps most obviously, the problem with the argument that increased regulation will help IoT adoption is that it ignores how the regulations put in place to achieve greater “trust” might become so onerous or costly in practice that there won’t be as many innovations for us to adopt to begin with! Again, regulation — even very well-intentioned regulation — has costs and trade-offs.

In any event, if the agency is going to premise the case for expanded privacy regulation on this notion, they are going to have to do far more to make their case besides simply asserting it.

Once Again, No Appreciation of the Potential for Societal Adaptation

Let’s briefly shift to a subject that isn’t discussed in the FTC’s new IoT report at all.

Regular readers may get tired of me making this point, but I feel it is worth stressing again: Major reports and statements by public policymakers about rapidly-evolving emerging technologies are always initially prone to stress panic over patience. Rarely are public officials willing to step-back, take a deep breath, and consider how a resilient citizenry might adapt to new technologies as they gradually assimilate new tools into their lives.

That is really sad, when you think about it, since humans have again and again proven capable of responding to technological change in creative ways by adopting new personal and social norms. I won’t belabor the point because I’ve already written volumes on this issue elsewhere. I tried to condense all my work into a single essay entitled, “Muddling Through: How We Learn to Cope with Technological Change.” Here’s the key takeaway:

humans have exhibited the uncanny ability to adapt to changes in their environment, bounce back from adversity, and learn to be resilient over time. A great deal of wisdom is born of experience, including experiences that involve risk and the possibility of occasional mistakes and failures while both developing new technologies and learning how to live with them. I believe it wise to continue to be open to new forms of innovation and technological change, not only because it provides breathing space for future entrepreneurialism and invention, but also because it provides an opportunity to see how societal attitudes toward new technologies evolve — and to learn from it. More often than not, I argue, citizens have found ways to adapt to technological change by employing a variety of coping mechanisms, new norms, or other creative fixes.

Again, you almost never hear regulators or lawmakers discuss this process of individual and social adaptation even though they must know there is something to it. One explanation is that every generation has their own techno-boogeymen and lose faith in the ability of humanity to adapt to it.

To believe that we humans are resilient, adaptable creatures should not be read as being indifferent to the significant privacy and security challenges associated with any of the new technologies in our lives today, including IoT technologies. Overly-exuberant techno-optimists are often too quick to adopt a “Just-Get-Over-It!” attitude in response to the privacy and security concerns raised by others. But it is equally unforgivable for those who are worried about those same concerns to utterly ignore the reality of human adaptation to new technologies realities.

Why are Educational Approaches Merely an Afterthought?

One final thing that troubled me about the FTC report was the way consumer and business education is mostly an afterthought. This is one of the most important roles that the FTC can and should play in terms of explaining potential privacy and security vulnerabilities to the general public and product developers alike.

Alas, the agency devotes so much ink to the more legalistic questions about how to address these issues, that all we end up with in the report is this one paragraph on consumer and business education:

Consumers should understand how to get more information about the privacy of their IoT devices, how to secure their home networks that connect to IoT devices, and how to use any available privacy settings. Businesses, and in particular small businesses, would benefit from additional information about how to reasonably secure IoT devices. The Commission staff will develop new consumer and business education materials in this area.

I applaud that language, and I very much hope that the agency is serious about plowing more effort and resources into developing new consumer and business education materials in this area. But I’m a bit shocked that the FTC report didn’t even bother mentioning the excellent material already available on the “On Guard Online” website it helped created with a dozen other federal agencies. Worse yet, the agency failed to highlight the many other privacy education and “digital citizenship” efforts that are underway today to help on this front. I discuss those efforts in more detail in the closing section of my recent law review article.

I hope that the agency spends a little more time working on the development of new consumer and business education materials in this area instead of trying to figure out how to craft a quasi-regulatory regime for the Internet of Things. As I noted last year in this Maine Law Review article, that would be a far more productive use of the agency’s expertise and resources. I argued there that “policymakers can draw important lessons from the debate over how best to protect children from objectionable online content” and apply them to debates about digital privacy. Specifically, after a decade of searching for legalistic solutions to online safety concerns — and convening a half-dozen blue ribbon task forces to study the issue — we finally saw a rough consensus emerge that no single “silver-bullet” technological solutions or legal quick-fixes would work and that, ultimately, education and empowerment represented the better use of our time and resources. What was true for child safety is equally true for privacy and security for the Internet of Things.

It’s a shame the FTC staff squandered the opportunity it had with this new report to highlight all the good that could be done by getting more serious about focusing first on those alternative, bottom-up, less costly, and less controversial solutions to these challenging problems. One day we’ll all wake up and realize that we spent a lost decade debating legalistic solutions that were either technically unworkable or politically impossible. Just imagine if all the smart people who were spending all their time and energy on those approaches right now were instead busy devising and pushing educational and empowerment-based solutions instead!

One day we’ll get there. Sadly, if the FTC report is any indication, that day is still a ways off.

The Mercatus Center at George Mason University has just released my latest working paper, “The Internet of Things and Wearable Technology: Addressing Privacy and Security Concerns without Derailing Innovation.” The “Internet of Things” (IoT) generally refers to “smart” devices that are connected to both the Internet and other devices. Wearable technologies are IoT devices that are worn somewhere on the body and which gather data about us for various purposes. These technologies promise to usher in the next wave of Internet-enabled services and data-driven innovation. Basically, the Internet will be “baked in” to almost everything that consumers own and come into contact with.

Some critics are worried about the privacy and security implications of the Internet of Things and wearable technology, however, and are proposing regulation to address these concerns. In my new 93-page article, I explain why preemptive, top-down regulation would derail the many life-enriching innovations that could come from these new IoT technologies. Building on a recent book of mine, I argue that “permissionless innovation,” which allows new technology to flourish and develop in a relatively unabated fashion, is the superior approach to the Internet of Things.

As I note in the paper and my earlier book, if we spend all our time living in fear of the worst-case scenarios — and basing public policies on them — then best-case scenarios can never come about. As the old saying goes: nothing ventured, nothing gained. Precautionary principle-based regulation paralyzes progress and must be avoided.  We instead need to find constructive, “bottom-up” solutions to the privacy and security risks accompanying these new IoT technologies instead of top-down controls that would limit the development of life-enriching IoT innovations.

The better alternative is to deal with concerns creatively as they develop, using a balanced, layered approach  involving many different solutions, including: educational efforts, technological empowerment tools, social norms, public and watchdog pressure, industry best practices and self-regulation, transparency, torts and products liability law, and targeted enforcement of existing legal standards as needed.

Generally speaking, patience, humility, and forbearance by policymakers is crucial to allowing greater innovation and consumer choice in this arena. Importantly, policymakers should not forget that societal and individual adaptation will play a role here, just as it has during so many other turbulent technological transformations.

This article can be downloaded on my Mercatus Center page, on SSRN, or at Research Gate. I am hoping to find a law or policy journal interested in publishing this paper soon. If you with a journal and are interested, please contact me. [UPDATE 12/3/14: This paper has been accepted for publication in the Richmond Journal of Law & Technology, Vol. 21, Issue 6 (2015).]

Finally, if you are interested in this topic, you might want to flip through these slides I prepared for a presentation on this topic that I made at the Federal Communications Commission in September:

The sharing economy is growing faster than ever and becoming a hot policy topic these days. I’ve been fielding a lot of media calls lately about the nature of the sharing economy and how it should be regulated. (See latest clip below from the Stossel show on Fox Business Network.) Thus, I sketched out some general thoughts about the issue and thought I would share them here, along with some helpful additional reading I have come across while researching the issue. I’d welcome comments on this outline as well as suggestions for additional reading. (Note: I’ve also embedded some useful images from Jeremiah Owyang of Crowd Companies.)

1) Just because policymakers claim that regulation is meant to protect consumers does not mean it actually does so.

1. Cronyism/ Rent-seeking: Regulation is often “captured” by powerful and politically well-connected incumbents and used to their own benefit. (+ Lobbying activity creates deadweight losses for society.)
2. Innovation-killing: Regulations become a formidable barrier to new innovation, entry, and entrepreneurism.
3. Unintended consequences: Instead of resulting in lower prices & better service, the opposite often happens: Higher prices & lower quality service. (Example: Painting all cabs same color destroying branding & ability to differentiate).

2) The Internet and information technology alleviates the need for top-down regulation & actually does a better job of serving consumers.

1. Ease of entry/innovation in online world means that new entrants can come in to provide better options and solve problems previously thought to be unsolvable in the absence of regulation.
2. Informational empowerment: The Internet and information technology solves old problem of lack of consumer access to information about products and services. This gives them monitoring tools to find more and better choices. (i.e., it lowers both search costs & transaction costs). (“To the extent that consumer protection regulation is based on the claim that consumers lack adequate information, the case for government intervention is weakened by the Internet’s powerful and unprecedented ability to provide timely and pointed consumer information.” – John C. Moorhouse)
3. Feedback mechanisms (product & service rating / review systems) create powerful reputational incentives for all parties involved in transactions to perform better.
4. Self-regulating markets: The combination of these three factors results in a powerful check on market power or abusive behavior. The result is reasonably well-functioning and self-regulating markets. Bad actors get weeded out.
5. Law should evolve: When circumstances change dramatically, regulation should as well. If traditional rationales for regulation evaporate, or new technology or competition alleviates need for it, then the law should adapt.

3) Sharing economy has demonstrably improved consumer welfare. It provides:

1. more choices / competition
2. more service innovation / differentiation
3. better prices
4. higher quality services  (safety & cleanliness /convenience / peace of mind)
5. Better options & conditions for workers

4) If we need to “level the (regulatory) playing field,” best way to do so is by “deregulating down” to put everyone on equal footing; not by “regulating up” to achieve parity.

1. Regulatory asymmetry is real: Incumbents are right that they are at disadvantage relative to new sharing economy start-ups.
2. Don’t punish new innovations for it: But solution is not to just roll the old regulatory regime onto the new innovators.
3. Parity through liberalization: Instead, policymakers should “deregulate down” to achieve regulatory parity. Loosen old rules on incumbents as new entrants challenge status quo.
4. “Permissionless innovation” should trump “precautionary principle” regulation: Preemptive, precautionary regulation does not improve consumer welfare. Competition and choice do better. Thus, our default position toward the sharing economy should be “innovation allowed” or permissionless innovation.
5. Alternative remedies exist: Accidents will always happen, of course. But insurance, contracts, product liability, and other legal remedies exist when things go wrong. The difference is that ex post remedies don’t discourage innovation and competition like ex ante regulation does. By trying to head off every hypothetical worst-case scenario, preemptive regulations actually discourage many best-case scenarios from ever coming about.

5) Bottom line = Good intentions only get you so far in this world.

1. Just because a law was put on the books for noble purposes, it does not mean it really accomplished those goals, or still does so today.
2. Markets, competition, and ongoing innovation typically solve problems better than law when we give them a chance to do so.

[P.S. On 9/30, my Mercatus Center colleague Matt Mitchell posted this excellent follow-up essay building on my outline and improving it greatly.]

Additional Reading

• Randolph J. May & Michael J. Horney, “The Sharing Economy: A Positive Shared Vision for the Future,” Free State Foundation, Perspectives from FSF Scholars, Vol. 9, No. 26, July 30, 2014.
• R.J. Lehmann, “The Sharing Economy Will Thrive Only If Government Doesn’t Strangle It,” Reason, August 2, 2014.
• Andrew Moylan and R.J. Lehmann, “Five Principles for Regulating the Sharing Economy,” R Street, Policy Study No. 26, July 2014.
• Eli Lehrer & Andrew Moylan, “Embracing the Peer-Production Economy,” National Affairs, 2014, p. 51-63.
• Arun Sundararajan, “Why the Government Doesn’t Need to Regulate the Sharing Economy,” Wired, October 22, 2012.
• Matthew Mitchell and Michael Farren, “If you Like Uber, You Would’ve Loved the Jitney,” LA Times, July 12, 2014.
• Daniel M. Rothschild, “How Uber and Airbnb Resurrect ‘Dead Capital,’” The Umlaut, April 9, 2014.
• Daniel M. Rothschild, “Renters and Rent-Seeking in San Francisco,” Technology Liberation Front, April 15, 2014.
• [podcast] Michael Munger on the Sharing Economy, EconTalk, July 7, 2014.
• video of Michael Munger talk on the Sharing Economy, September 25, 2014.
• John C. Moorhouse, “Consumer Protection Regulation and Information on the Internet,” in Fred E. Foldvary & Daniel B. Klein (eds), The Half-Life of Policy Rationales: How New Technology Affects Old Policy Issues (Cato Institute, 2003).
• Rachel Bostman, What’s Mine is Yours: The Rise of Collaborative Consumption (2010).
• Jeremiah Owyang, A Glossary of Emerging Terms in the Collaborative Economy, August 29, 2014

On Thursday, it was my great pleasure to present a draft of my forthcoming paper, “The Internet of Things & Wearable Technology: Addressing Privacy & Security Concerns without Derailing Innovation,” at a conference that took place at the Federal Communications Commission on “Regulating the Evolving Broadband Ecosystem.” The 3-day event was co-sponsored by the American Enterprise Institute and the University of Nebraska College of Law.

The 65-page working paper I presented is still going through final peer review and copyediting, but I posted a very rough first draft on SSRN for conference participants. I expect the paper to be released as a Mercatus Center working paper in October and then I hope to find a home for it in a law review. I will post the final version once it is released. [UPDATE:The final version of this working paper was released on November 19, 2014.]

In the meantime, however, I thought I would post the 46 slides I presented at the conference, which offer an overview of the nature of the Internet of Things and wearable technology, the potential economic opportunities that exist in this space, and the various privacy and security challenges that could hold this technological revolution back. I also outlined some constructive solutions to those concerns. I plan to be very active on these issues in coming months.

Additional Reading

• “The Growing Conflict of Visions over the Internet of Things & Privacy,” January 14, 2012
• “Can We Adapt to the Internet of Things?” IAPP Privacy Perspectives, June 19, 2013
• My Filing to the FTC in its ‘Internet of Things’ Proceeding, May 31, 2013
• Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom (2014)
• [Video] Cap Hill Briefing on Emerging Tech Policy Issues (June 2014)

My latest law review article is entitled, “Privacy Law’s Precautionary Principle Problem,” and it appears in Vol. 66, No. 2 of the Maine Law Review. You can download the article on my Mercatus Center page, on the Maine Law Review website, or via SSRN. Here’s the abstract for the article:

Privacy law today faces two interrelated problems. The first is an information control problem. Like so many other fields of modern cyberlaw—intellectual property, online safety, cybersecurity, etc.—privacy law is being challenged by intractable Information Age realities. Specifically, it is easier than ever before for information to circulate freely and harder than ever to bottle it up once it is released.

This has not slowed efforts to fashion new rules aimed at bottling up those information flows. If anything, the pace of privacy-related regulatory proposals has been steadily increasing in recent years even as these information control challenges multiply.

This has led to privacy law’s second major problem: the precautionary principle problem. The precautionary principle generally holds that new innovations should be curbed or even forbidden until they are proven safe. Fashioning privacy rules based on precautionary principle reasoning necessitates prophylactic regulation that makes new forms of digital innovation guilty until proven innocent.

This puts privacy law on a collision course with the general freedom to innovate that has thus far powered the Internet revolution, and privacy law threatens to limit innovations consumers have come to expect or even raise prices for services consumers currently receive free of charge. As a result, even if new regulations are pursued or imposed, there will likely be formidable push-back not just from affected industries but also from their consumers.

In light of both these information control and precautionary principle problems, new approaches to privacy protection are necessary. We need to invert the process of how we go about protecting privacy by focusing more on practical “bottom-up” solutions—education, empowerment, public and media pressure, social norms and etiquette, industry self-regulation and best practices, and an enhanced role for privacy professionals within organizations—instead of “top-down” legalistic solutions and regulatory techno-fixes. Resources expended on top-down regulatory pursuits should instead be put into bottom-up efforts to help citizens better prepare for an uncertain future.

In this regard, policymakers can draw important lessons from the debate over how best to protect children from objectionable online content. In a sense, there is nothing new under the sun; the current debate over privacy protection has many parallels with earlier debates about how best to protect online child safety. Most notably, just as top-down regulatory constraints came to be viewed as constitutionally-suspect and economically inefficient, and also highly unlikely to even be workable in the long-run for protecting online child safety, the same will likely be true for most privacy related regulatory enactments.

This article sketches out some general lessons from those online safety debates and discusses their implications for privacy policy going forward.

Read the full article here [PDF].

Related Material:

• Book: Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom
• Law review article: “The Pursuit of Privacy in a World Where Information Control Is Failing,” Harvard Journal of Law & Public Policy, 36 (2013): 409–55.
• Law review article: “A Framework for Benefit-Cost Analysis in Digital Privacy Debates,” George Mason University Law Review, 20, no. 4 (Summer 2013): 1055–105.
• Law review article: “Technopanics, Threat Inflation, and the Danger of an Information Technology Precautionary Principle,” Minnesota Journal of Law, Science & Technology, 14 (2013): 309–86.

Adam Thierer – Privacy Law’s Precautionary Problem (Maine Law Review, 2014) by Adam Thierer

I’m pleased to announce the release of my latest law review article, “A Framework for Benefit-Cost Analysis in Digital Privacy Debates.” It appears in the new edition of the George Mason University Law Review. (Vol. 20, No. 4, Summer 2013)

This is the second of two complimentary law review articles I am releasing this year dealing with privacy policy. The first, “The Pursuit of Privacy in a World Where Information Control is Failing,” was published in Vol. 36 of the Harvard Journal of Law & Public Policy this Spring. (FYI: Both articles focus on privacy claims made against private actors — namely, efforts to limit private data collection — and not on privacy rights against governments.)

My new article on benefit-cost analysis in privacy debates makes a seemingly contradictory argument: benefit-cost analysis (“BCA”) is extremely challenging in online child safety and digital privacy debates, yet it remains essential that analysts and policymakers attempt to conduct such reviews. While we will never be able to perfectly determine either the benefits or costs of online safety or privacy controls, the very act of conducting a regulatory impact analysis (“RIA”) will help us to better understand the trade-offs associated with various regulatory proposals.

However, precisely because those benefits and costs remain so remarkably subjective and contentious, I argue that we should look to employ less-restrictive solutions — education and awareness efforts, empowerment tools, alternative enforcement mechanisms, etc. — before resorting to potentially costly and cumbersome legal and regulatory regimes that could disrupt the digital economy and the efficient provision of services that consumers desire. This model has worked fairly effectively in the online safety context and can be applied to digital privacy concerns as well.

The article is organized as follows. Part I examines the use of BCA by federal agencies to assess the utility of government regulations. Part II considers how BCA can be applied to online privacy regulation and the challenges federal officials face when determining the potential benefits of regulation. Part III then elaborates on the cost considerations and other trade-offs that regulators face when evaluating the impact of privacy-related regulations. Part IV discusses alternative measures that can be taken by government regulators when attempting to address online safety and privacy concerns. This article concludes that policymakers must consider BCA when proposing new rules but also recognize the utility of alternative remedies such as education and awareness campaigns, to address consumer concerns about online safety and privacy.

I’ve embedded the full article down below in a Scribd reader, but you can also download it from my SSRN page and my Mercatus author page.

A Framework for Benefit-Cost Analysis in Digital Privacy Debates by Adam Thierer

Today I’ll be testifying at a Senate Commerce Committee hearing on online privacy and commercial data collection issues. In my remarks, I make three primary points:

1. First, no matter how well-intentioned, restrictions on data collection could negatively impact the competitiveness of America’s digital economy, as well as consumer choice.
2. Second, it is unwise to place too much faith in any single, silver-bullet solution to privacy, including “Do Not Track,” because such schemes are easily evaded or defeated and often fail to live up to their billing.
3. Finally, with those two points in mind, we should look to alternative and less costly approaches to protecting privacy that rely on education, empowerment, and targeted enforcement of existing laws. Serious and lasting long-term privacy protection requires a layered, multifaceted approach incorporating many solutions.

The testimony also contains 4 appendices elaborating on some of these themes.

Down below, I’ve embedded my testimony, a list of 10 recent essays I’ve penned on these topics, and a video in which I explain “How I Think about Privacy” (which was taped last summer at an event up at the University of Maine’s Center for Law and Innovation). Finally, the best summary of my work on these issues can be found in this recent Harvard Journal of Law & Public Policy article, “The Pursuit of Privacy in a World Where Information Control is Failing.” (This is the first of two complimentary law review articles I will be releasing this year dealing with privacy policy. The second, which will be published early this summer by the George Mason University Law Review, is entitled, “A Framework for Benefit-Cost Analysis in Digital Privacy Debates.”)

Testimony of Adam D. Thierer before the Senate Committee on Commerce, Science & Transportation hearing…

Some of My Recent Essays on Privacy & Data Collection

1. A Better, Simpler Narrative for U.S. Privacy Policy – March 19, 2013
2. On the Pursuit of Happiness… and Privacy – March 31, 2013 (condensed from Harvard Journal of Law & Public Policy article, “The Pursuit of Privacy in a World Where Information Control is Failing”)
3. Isn’t “Do Not Track” Just a “Broadcast Flag” Mandate for Privacy? – Feb. 20, 2011
4. Two Paradoxes of Privacy Regulation – Aug. 25, 2010
5. Privacy as an Information Control Regime: The Challenges Ahead – Nov. 13, 2010
6. When It Comes to Information Control, Everybody Has a Pet Issue & Everyone Will Be Disappointed – Apr. 29, 2011
7. Lessons from the Gmail Privacy Scare of 2004 – March 25, 2011
8. Who Really Believes in “Permissionless Innovation”? – March 4, 2013 (condensed from Minnesota Journal of Law, Science & Technology law review article, “Technopanics, Threat Inflation, and the Danger of an Information Technology Precautionary Principle”)
9. The Problem of Proportionality in Debates about Online Privacy and Child Safety – Nov. 28, 2009
10. Obama Admin’s “Let’s-Be-Europe” Approach to Privacy Will Undermine U.S. Competitiveness– Jan. 5, 2011

Last week on his personal blog, Peter Fleischer, Global Privacy Counsel for Google, posted an interesting essay entitled “We Need a Better, Simpler Narrative of US Privacy Laws.” Fleischer says that Europe has done a better job marketing its privacy regime to the world than the United States and argues that “The US has to figure out how to explain its privacy laws on the global stage” since “Europe is convincing many countries around the world to implement privacy laws that follow the European model.” He notes that “in the last year alone, a dozen countries in Latin America and Asia have adopted euro-style privacy laws [while] not a single country, anywhere, has followed the US model.” Fleischer argues that this has ramifications for long-term trade policy and global Internet regulation more generally.

I found this essay very interesting because I deal with some of these issues in my latest law review article, “The Pursuit of Privacy in a World Where Information Control is Failing” (Harvard Journal of Law & Public Policy, vol. 36, no. 2, Spring 2013). In the article, I suggest that the U.S. does have a unique privacy regime and it is one that is very similar in character to the regime that governs online child safety issues. Whether we are talking about online safety or digital privacy, the defining characteristics of the U.S. regime are that it is bottom-up, evolutionary, education-based, empowerment-focused, and resiliency-centered. It focuses on responding to safety and privacy harms after exhausting other alternatives, including market responses and the evolution of societal norms.

The EU regime, by contrast, is more top-down in character and takes a more static, inflexible view of privacy rights. It tries to impose a one-size-fits-all model on a diverse citizenry and it attempts to do so through heavy-handed data directives and ongoing “agency threats.” It is a regime that makes more sweeping pronouncements about rights and harms and generally recommends a “precautionary principle” approach to technological change in which digital innovation is more “permissioned.”

Put simply, the U.S. regime is reactive in character while the E.U. regime is more preemptive.  The U.S. system focuses on responding to safety and privacy problems using a more diverse toolbox of solutions, some of which are governmental in character while others are based on evolving social and market norms and responses. To be clear, law does enter the picture here in the U.S., but it does so in a very different way than it does in the E.U.  Fleischer actually explains that point quite nicely in his essay:

[W]hat is the US model?  People in the privacy profession know that the US has a dense “patchwork” model of privacy laws: every individual US State has numerous privacy laws, the Federal government has numerous sectoral laws, and numerous other “non-privacy” laws, like consumer protection laws, are regularly invoked in privacy matters.  Regulators in many corners of government, ranging from State attorneys general, to the Federal Trade Commission, and armies of class action lawyers inspect every privacy issue for possible actions.

Indeed, in my new law review article, I summarize the litany of cases the FTC has brought recently on the data security and privacy front using its authority under Section 5 of the Federal Trade Commission Act to police “unfair and deceptive” practices. State AGs are active on this front as well, and there is plenty of class action activity every time there’s a privacy or data security screw-up.

Meanwhile, public officials continue to work collaboratively with privacy advocates, corporations, and educators to develop better education and awareness-building efforts, including “best practices” on safety, security, and privacy issues.

For more details on this U.S. model, please consult pages 436-454 of my article, in which I provide a comprehensive overview of what I refer to as America’s “3-E Approach” to dealing with online safety and digital privacy concerns. The “3-Es” refer to education, empowerment, and targeted enforcement of existing legal standards. As I note in the article:

[America’s “3-E Approach”] does not imagine it is possible to craft a single, universal solution to online safety or privacy concerns. It aims instead to create a flexible framework that can help individuals cope with a world of rapidly evolving technological change and constantly shifting social and market norms as they pertain to information sharing.

But what frustrates Fleischer is that the U.S model still doesn’t translate into a simple narrative for international audiences:

How on earth do you explain US privacy laws to an international audience?  How do you explain the role of class action litigation to people in countries where it doesn’t even exist?  The US privacy law narrative is convoluted. That’s a pity, since almost all of the global privacy professionals with whom I’ve discussed this issue agree with me that the sum of all the individual parts of US privacy laws amounts to a robust legal framework to protect privacy.  (I didn’t say “perfect”, since laws never are, and I’m not grading them either.) By contrast, Europe’s privacy narrative is simple and appealing.  Its laws are very general, aspirational, horizontal and concise.  Critics could say they’re also inevitably vague, as any high-level law would have to be.  But, like the US Bill of Rights, they have a sort of simple and profound universality that has inspired people around the world.  And they are enforced (at least, on paper) by a single, identifiable, specialist regulator.

I understand the frustration Fleischer is expressing here regarding how to frame the U.S. model for broader audiences. But the crucial point here is that, as he correctly notes, “the sum of all the individual parts of US privacy laws amounts to a robust legal framework to protect privacy,” even if it is the case that we will never achieve anything near perfection when it comes to online privacy (or online safety for that matter). But it is unfortunate that Fleischer ignores the many other moving pieces at work here that are important to the U.S. system, especially the diverse array of educational and awareness-building efforts as well as the astonishing array of empowerment tools that currently exist to help user protect their privacy to the degree they desire.

Of course, it should also be obvious that the U.S. regime is never going to appeal to a global audience as much as Europe’s privacy regime for the same reason that many other U.S. policy regimes don’t appeal to certain countries or their leaders: Our systems aren’t regulatory enough in character for them! But while those top-down, centralized, preemptive regulatory regimes will almost always be more “aspirational, horizontal and concise” — and, therefore, have greater appeal to activist-minded lawmakers and regulators — that also means those regimes will likely leave less breathing room for social evolution (i.e., evolving norms about safety and privacy) and economic innovation (new digital goods and services that potentially disrupt those regulatory expectations). That has real consequences for long-term growth and overall consumer welfare.

Regardless, to the extent we need “a better, simpler narrative for U.S. privacy policy” as Fleischer suggests, I believe we can boil it down to a few words: bottom-up, evolutionary, flexible, and reactive. What this means for public policy is clear: We need diverse tools and solutions for a diverse citizenry, while leaving plenty of breathing room for ongoing innovation and the evolution of social norms and market responses. Whether it’s online safety or digital privacy, public policy should take into account the extraordinary diversity of citizen needs and tastes and leave the ultimate decision about acceptable online content and interactions to them. We should look to educate and empower citizens so that they can make decisions about their online safety and privacy for themselves so that policymakers are not constantly trying to make decisions on their behalf.

This is a model worth defending, even if it is sometimes hard to delineate its contours.  Please read my HJLPP article for a fuller exploration of that model and a defense of it.

I’m excited to announce the release of my latest law review article, “The Pursuit of Privacy in a World Where Information Control is Failing,” which appears in the next edition (vol. 36) of the Harvard Journal of Law & Public Policy. This is the first of two complimentary law review articles that I will be releasing this year dealing with privacy policy. The second, which will be published later this summer by the George Mason University Law Review, is entitled, “A Framework for Benefit-Cost Analysis in Digital Privacy Debates.” (FYI: Both articles focus on privacy claims made against private actors — namely, efforts to limit private data collection — and not on privacy rights against governments.)

The new Harvard Journal article is divided into three major sections. Part I focuses on some of normative challenges we face when discussing privacy and argues that there may never be a widely accepted, coherent legal standard for privacy rights or harms here in the United States. It also explores the tensions between expanded privacy regulation and online free speech. Part II turns to the many enforcement challenges that are often ignored when privacy policies are being proposed or formulated and argues that legislative and regulatory efforts aimed at protecting privacy must now be seen as an increasingly intractable information control problem. Most of the problems policymakers and average individuals face when it comes to controlling the flow of private information online are similar to the challenges they face when trying to control the free flow of digitalized bits in other information policy contexts, such as online safety, cybersecurity, and digital copyright.

If the effectiveness of law and regulation is limited by the normative considerations discussed in Part I and the practical enforcement complications discussed in Part II, what alternatives remain to assist privacy-sensitive individuals? I address that question in Part III of the paper and argue that the approach America has adopted to deal with concerns about objectionable online speech and child safety offers a path forward on the privacy front as well. A so-called “3-E” solution that combines consumer education, user empowerment, and selective enforcement of existing targeted laws and other legal standards (torts, anti-fraud laws, contract law, and so on), has helped society achieve a reasonable balance in terms of addressing online safety while also safeguarding other important values, especially freedom of expression.  That does not mean perfect online safety exists, not only because the term means very different things to different people, but because it would be impossible to achieve in the first instance as a result of information control complications. But the “3-E” approach has the advantage of enhancing online safety without sweeping regulations being imposed that could undermine the many benefits information networks and online services offer individuals and society.  This same framework can guide online privacy decisions—both at the individual household level and the public policy level.

I’ve embedded the full article down below in a Scribd reader, but you can also download it from my SSRN page and it should be available on the HJLPP website shortly. [Update 4/16: It is now live on the site.] In coming weeks, I hope to do some blogging that builds on the themes and arguments I develop in this article.

The Pursuit of Privacy in a World Where Information Control is Failing

Andrew Orlowski of The Register (U.K.) recently posted a very interesting essay making the case for treating online copyright and privacy as essentially the same problem in need of the same solution: increased property rights. In his essay (“‘Don’t break the internet’: How an idiot’s slogan stole your privacy“), he argues that, “The absence of permissions on our personal data and the absence of permissions on digital copyright objects are two sides of the same coin. Economically and legally they’re an absence of property rights – and an insistence on preserving the internet as a childlike, utopian world, where nobody owns anything, or ever turns a request down. But as we’ve seen, you can build things like libraries with permissions too – and create new markets.” He argues that “no matter what law you pass, it won’t work unless there’s ownership attached to data, and you, as the individual, are the ultimate owner. From the basis of ownership, we can then agree what kind of rights are associated with the data – eg, the right to exclude people from it, the right to sell it or exchange it – and then build a permission-based world on top of that.”

And so, he concludes, we should set aside concerns about Internet regulation and information control and get down to the business of engineering solutions that would help us property-tize both intangible creations and intangible facts about ourselves to better shield our intellectual creations and our privacy in the information age. He builds on the thoughts of Mark Bide, a tech consultant:

For Bide, privacy and content markets are just a technical challenges that need to be addressed intelligently.”You can take two views,” he told me. “One is that every piece of information flowing around a network is a good thing, and we should know everything about everybody, and have no constraints on access to it all.” People who believe this, he added, tend to be inflexible – there is no half-way house. “The alternative view is that we can take the technology to make privacy and intellectual property work on the network. The function of copyright is to allow creators and people who invest in creation to define how it can be used. That’s the purpose of it. “So which way do we want to do it?” he asks. “Do we want to throw up our hands and do nothing? The workings of a civilised society need both privacy and creator’s rights.”  But this a new way of thinking about things: it will be met with cognitive dissonance. Copyright activists who fight property rights on the internet and have never seen a copyright law they like, generally do like their privacy. They want to preserve it, and will support laws that do. But to succeed, they’ll need to argue for stronger property rights. They have yet to realise that their opponents in the copyright wars have been arguing for those too, for years. Both sides of the copyright “fight” actually need the same thing. This is odd, I said to Bide. How can he account for this irony? “Ah,” says Bide. “Privacy and copyright are two things nobody cares about unless it’s their own privacy, and their own copyright.”

These are important insights that get at a fundamental truth that all too many people ignore today: At root, most information control efforts are related and solutions for one problem can often be used to address others. But there’s another insight that Orlowski ignores: Whether we are discussing copyright, privacy, online speech and child safety, or cybersecurity, all these efforts to control the free flow of digitized bits over decentralized global networks will be increasingly complex, costly, and riddled with myriad unintended consequences. Importantly, that is true whether you seek to control information flows through top-down administrative regulation or by assigning and enforcing property rights in intellectual creations or private information.

Let me elaborate a bit (and I apologize for the rambling mess of rant that follows).

Parallels in Debates over Copyright & Privacy Protection

In several essays here over the past few years I have attempted to draw parallels between the battles over protecting digital copyright and online privacy, as well as battle over online safety/speech and cybersecurity. Here are a few of those essays in case you’re interested in seeing the evolution of my thinking about this:

• When It Comes to Information Control, Everybody Has a Pet Issue & Everyone Will Be Disappointed
• And so the IP & Porn Wars Give Way to the Privacy & Cybersecurity Wars
• SOPA & Selective Memory about a Technologically Incompetent Congress
• Privacy as an Information Control Regime: The Challenges Ahead
• Isn’t “Do Not Track” Just a “Broadcast Flag” Mandate for Privacy?

In those essays I have argued that a combination of selective morality and wishful thinking are at work in the information policy world these days. In essence, people hate Internet regulation… until they love it! Here’s how I summarized that fact during the debate over SOPA:

… conservatives rush out and breathlessly denounce each and every effort to impose Net neutrality regulation because of the danger of empowering an already over-zealous bunch of bumbling bureaucrats at the FCC. (And I agree with them.) Yet, with their next breath many conservatives praise SOPA even though it also empowers government to muck with the inner workings of the Internet. Some of those conservatives are also turning a blind eye to the growing appetite of the defense/security community to meddle with the Net’s architecture in the name of avoiding any number of non-catastrophes. Meanwhile, the liberals decry SOPA and want it stopped at all costs. There’s never been a copyright protection measure they liked, of course, but each time one pops up we hear them claim that our analog era Congress is not well-positioned to be designing industrial policy schemes for the Internet. (And I generally agree with them.) But most liberals do a complete 180 whenever online privacy or Net neutrality regulations are the subject of congressional inquiry. Suddenly, the cyber-oafs in Congress are considered veritable technocratic philosopher kings who we should trust to guard our cyber-freedoms to lead us to the digital promised land.

Again, it’s both selective morality and wishful thinking. It’s selective morality in that some folks think certain values are sacrosanct and deserving of a “by-any-means-necessary” enforcement attitude, yet they are often just as likely to denounce similar information control efforts when it comes to issues or values they don’t give a damn about.  And it is wishful thinking in that you can’t run around insisting that “information wants to be free” in some contexts but then express outrage when something that you want to bottle up turns out to “just want to be free” as well!

But the important takeaway here is that, consistent with what Orlowski argues, I believe that online copyright and privacy are essentially the same problem: It’s an information control problem.

Potential Costs of Control

Once you start thinking about Internet policy debates as a single issue — namely, information control — you can begin to investigate the potential costs of control in a somewhat more objective fashion. Of course, challenging issues remain:

1. Which method of control should we choose? On one hand, there are many varieties of administrative regulation, technical infrastructure controls, and device mandates. On the other hand, there are property rights and liability / tort schemes. And there are many hybrid enforcement models, such as increasingly popular “co-regulation” models, government standard-setting, and “nudging” of system defaults. Each method will entail different costs and trade-offs.
2. What metric(s) should we use when attempting to determine whether the benefits of control exceed the costs? Ask any advocate of information control about whether the costs might exceed the benefits of regulation for their pet issue and they will typically suggest that either (a) there are no costs or that (b) the benefits dwarf any costs that may exist. But all too often the benefits they identify are extremely subjective and amorphous in character (“privacy,” “safety,” and “security” are hard to quantify, after all) while the costs are very real and increasingly substantial.

In my view, these practical questions are increasingly the most interesting issues to explore in the field of cyberlaw and digital economics. We can debate the normative or ethical considerations until we’re all blue in the face and ready to rip each other’s heads off, but I am less and less interested in such squabbles. Instead, I keep coming back to the question of how we’ll go about controlling info flows and how much effort and resources it makes sense to expend in pursuit of each of the values identified above. Some of the specific considerations I find myself asking in every paper I write these days include:

(A) Will the proposed form of information control tie us up in the courts forever, lead to increasingly onerous and unworkable liability norms, and end up yielding outrageous litigation costs?

(B) Will the proposed form of information control require a significant increase in regulatory bureaucracy? How many levels of government will need to be involved in the proposed enforcement scheme? How many new offices and officials will need to be empowered in the hope of achieving some measure of control?

(C) What are the alternatives to the proposed form of information control? Are there less costly or less restrictive means of addressing the concern in question? For example, education and empowerment effort are often an effective way to address many online safety and digital privacy concerns. Can we use those methods in conjunction with social norms, public pressure, self-regulation, informal contracting, and other methods to address these and other concerns?

For me, the costs associated with the A & B are increasing so rapidly that I almost always default to C as the better approach. Importantly, although A & B will be less onerous or costly when the solution is of the increased property-ization variety than of the administrative regulation variety, that does not mean property rights-based solutions for information are costless. Indeed, I increasingly find myself concluding that C solutions are more cost-effective even compared to increased property rights.

Practical Advice Once You Accept the Increasing Costs & Complications of Control

At this point, readers may be thinking: “Wait a minute, this dude is just some kooky libertarian who doesn’t want any form of information control, so he’s just trying to rationalize anarchy here.” No, I’m not. I certainly favor less control across the board than most people, but I also understand that there are times, at the margin, when some forms of “control” are necessary. But my views on the wisdom of control are heavily influenced by the costs of control. The costs of control — broadly defined — are a key factor in every cost-benefit analysis I do related to the wisdom of Net regulation and information control methods — even when one of those methods is increased “property-ization.” And because I have come to believe that those costs are going up and that most information control efforts will not work well in practice, I have boiled down my advice on this front to two simple principles:

1. Choose your info control battles wisely. Figure out where the most serious harms or threats lie and then target the info control solution accordingly and forget about the rest. For example, in child safety debates, that would mean going after child porn rings but leaving run-of-the-mill adult porn alone entirely. In copyright, it would mean nailing the largest commercial mass piracy sites but accepting a certain amount of casual sharing. In the field of personal info, it means singling out health and financial information and data for special protections and likely giving up on most other forms of info control. And so on. In essence, these are where the greatest potential harms lie that most people would consider intolerable. As you move further away from such issues, the case for control becomes harder and harder and the costs will almost certainly exceed the benefits.
2. Have a good backup plan in mind when those info control plans fail anyway. That backup plan should generally be based on education, empowerment, coping strategies, and resiliency. Again, these are the “C” solutions mentioned above. [I developed this model more robustly in the second half of this recent paper.] This approach won’t be perfect but it will likely be what you’ll end up relying on anyway, so you better start thinking about plowing more resources into this alternative approach even while you’re trying to devise info control mechanisms.

Let me just say a brief word to my market-oriented friends who are dismayed by my inclusion of property rights in the mix of “information control” efforts. I’m a big believer in the importance of property rights in many contexts, but context does matter. More specifically, physicality matters. It is easy to create property rights in tangible goods and almost always right to do so. Property rights in intangible ideas and creations raise special issues, however. Because ideas are non-rivalrous and have public good qualities, it makes property-ization more complicated and less effective. Property rights in facts can also come into conflict with other values and more well-established rights, especially freedom of speech and expression.

On the privacy front, Eugene Volokh made this point in his famous 2000 law review article, “Freedom of Speech, Information Privacy, and the Troubling Implications of a Right to Stop People from Speaking About You,” when he noted that, “The difficulty[with] the right to information privacy — the right to control other people’s communication of personally identifiable information about you — is a right to have the government stop people from speaking about you. And the First Amendment (which is already our basic code of “fair information practices”) generally bars the government from “control[ling the communication] of information,” either by direct regulation or through the authorization of private lawsuits.” That doesn’t mean free speech values should always trump privacy values, but denying this tension is just plain silly. If you want to propertytize all personal information, then you better be prepared to explain how that plays out in practice. How far are you prepared to go to ban the dissemination of facts? Would you place prior restraint on the press to accomplish it? Would you ban a historian from writing a biographies that reveal intimate facts about the subject? Would you shut down all the online sites and services that rely on a certain amount of personal information to fuel their free offerings?

Likewise, copyright law was far more effective in the analog age when we were still pressing music on vinyl and plastic. As soon as digitization become widespread, it was pretty much game over for traditional copyright law and now we are off and running with all sorts of convoluted and increasingly costly regulatory regimes. It’s not that I don’t want these some of these schemes to work — I’ve been a long-time copyright defender — but, again, the practicality of control simply must be considered here. I am not will to “pay any price, bear any burden” in defense of protecting intellectual property rights even as I remain outraged by the staggering amount of free-riding at work every single second of the day on the Internet. So, adopting the framework I outlined about, we might try targeted solutions to go after the biggest of those freeloaders — commercial mass piracy hubs — but we should generally avoid the sort of ham-handed technical control methods we saw in SOPA and other fights, like the broadcast flag battle among others. But, generally speaking, property rights just aren’t going to work as well in this space going forward. I’ve come to believe that the best hope lies in massive consolidation of content and conduit. In other words, pipe and device owners need to buy out all the content-creating industries and just embed a small fee in their monthly services to cross-subsidize content. This is essentially a private collective licensing solution and it is not unprecedented. Nor is it perfect. It will be very leaky. Plenty of piracy will still take place. But it will probably offer creators a better chance of finding a sustainable revenue stream than the current system does. The old copyright system that served them and us so well is dying and they had better start thinking of alternatives like this. Of course, antitrust law may never allow it, so I could be wasting my breath here. (Just look at all the grief that antitrust officials both here and abroad are giving Apple and eBook sellers for working together even though that it probably the best scheme devised in recent memory to sustain publishing in an age of mass piracy. Policymakers should be encouraging more of that sort of thing, not punishing it.)

An Uncertain Future

So, to wrap up… I can imagine a future in which both heavy-handed, top-down info control efforts and property / liability solutions are failing almost universally because of the ubiquitous, instantaneous, quicksilver-like flow of information across decentralized digital networks. Some utopians will argue that such a world will be better in every way than the one we live in today. I do not share such hyper-optimism. While I believe that, on balance, the free flow if information generally benefits society, I also understand how it creates enormous angst and intractable challenges for many. It’s a world in which copyright is a hollow shell of its former self that offers creators very little protection for their expressive works. And it’s a world in which personal privacy is harder to safeguard with each passing day because no matter how hard we try to property-tize facts about ourselves, that enforcement model simply breaks down at some point or becomes socially and economically intolerable. As with copyright, efforts to property-tize personal information will lose the battle against data sharing. As computer scientist Ben Adida argued in his essay, “(Your) Information Wants to be Free,” “unfortunately, information replication doesn’t discriminate: your personal data, credit cards and medical problems alike, also want to be free. Keeping it secret is really, really hard.”

Indeed, and it is growing harder by the day. Contrary to what Orlowski suggests, therefore, this isn’t a simple engineering problem. I wish it were as easy as he suggests to build “permissions-based markets” because they could have real benefits for individuals and society. But it is most certainly not that simple. It is far more costly and complicated than ever to devise workable information control schemes on one hand and “permissions-based” property rights schemes on the other. In some cases, I might still be willing to try the latter, but unlike Orlowski, I just don’t place much faith in the success of the endeavor.

In his latest weekly Wall Street Journal column, Gordon Crovitz has penned a review of the new Jeff Jarvis book, Public Parts: How Sharing in the Digital Age Improves the Way We Work and Live . Gordon’s review closely tracks my own thoughts on the book, which I laid out last week in my Forbes essay, “Is Privacy Overrated?”  Gordon’s essay is entitled “Are We Too Hung Up on Privacy” and he finds, like I do, that Jarvis makes compelling case for understanding the benefits of publicness as the flip-side of privacy. Instead of repeating all the arguments we make in our reviews here, I’ll just ask people go check out both of our essays if they are interested.

I did, however, want to elaborate on one thing I didn’t have time to discuss in my review of the Jarvis book. While I like the approach he used in the book, I thought Jarvis could have spent a bit more time exploring some the thorny legal issues in play when advocates of privacy regulation look to enshrine into law quite expansive views of privacy “rights.”

One of the things that both Crovitz and I appreciated about the Jarvis book was the way he tries to get us to think about privacy in the context of ethics instead of law. “Privacy is an ethic governing the choices made by the recipient of someone else’s information,” Jarvis argues, while “publicness is an ethic governing the choices made by the creator of one’s own information,” he says. In my review, I explained why this was so important:

Jarvis’ approach to thinking about privacy and publicness in terms of ethics is particularly smart precisely because privacy is such a subjective human condition—a “conceptual jungle” and a “concept in disarray,” says law professor Daniel J. Solove, author of Understanding Privacy. Thus, a good case can be made for restraint when it comes to legislating to define and protect privacy. That doesn’t mean privacy isn’t important—it is. But how we go about “protecting” it needs to be balanced against other rights and responsibilities. For example, we’d all agree with Thomas Jefferson and the Founders that we have a “right to pursue happiness,” but a right to happiness would be a different matter altogether. Government can’t guarantee happiness. It wouldn’t even be able to define it. The same is largely true of privacy. We certainly have the right to pursue private lives and take steps to secure facts about ourselves. At the margins, law can sometimes help us do so—most often by safeguarding us against fraudulent activities. And there are plenty of tools on the market that can help people protect their personal data. By contrast, legalistic efforts to define privacy as a strict “right” leads us back into that “conceptual jungle,” which is full of unintended consequences.

Let’s unpack this a bit more because if one agrees with the argument that Jarvis makes–that privacy is better thought of as a matter of ethics and social norms–it has important ramifications for ongoing efforts to speak of privacy in legalistic ways. It’s not that I’m against any sort of privacy “rights,” but I do believe it is important to acknowledge that other important values are at stake here and we must appreciate how increased privacy controls could conflict with them.  “Recognizing that we are legislating in the shadow of the First Amendment suggests a powerful guiding principle for framing privacy regulations,” argues Kent Walker, a privacy expert who now serves as a general counsel at Google. “Like any laws encroaching on the freedom of information, privacy regulations must be narrowly tailored and powerfully justified.”

Ironically, many privacy advocates are strongly critical of copyright law and claim that, as currently structured, it represents an unjust or excessive information control regime. Yet, privacy regulation would constitute a stronger information control regime by creating the equivalent of copyright law for personal information, which would, in turn, conflict mightily with the First Amendment. [See my essays, “Two Paradoxes of Privacy Regulation” and “Privacy as an Information Control Regime: The Challenges Ahead.” The rest of this essay borrows from those pieces as well as this big filing I submitted to the FTC in February.]

In his recent book Skating on Stilts, Stewart Baker reminds us that the famous 1890 Samuel Warren and Louis Brandeis Harvard Law Review essay on “The Right to Privacy”—which is tantamount to a sacred text for many modern privacy advocates—was heavily influenced by copyright law.  As Baker explains:

Brandeis wanted to extend common law copyright until it covered everything that can be recorded about an individual. The purpose was to protect the individual from all the new technologies and businesses that had suddenly made it easy to gather and disseminate personal information: “the too enterprising press, the photographer, or the possessor of any other modern device for rewording or reproducing scenes or sounds.”  […] Brandeis thought that the way to ensure the strength of his new right to privacy was to enforce it just like state copyright law. If you don’t like the way “your” private information is distributed, you can sue everyone who publishes it.

Incidentally, it is important to recall that their call for such a regime was essentially driven by a desire to censor the press. In their article, Warren and Brandeis argued that:

The press is overstepping in every direction the obvious bounds of propriety and of decency. Gossip is no longer the resource of the idle and of the vicious, but has become a trade, which is pursued with industry as well as effrontery. To satisfy a prurient taste the details of sexual relations are spread broadcast in the columns of the daily papers. To occupy the indolent, column upon column is filled with idle gossip, which can only be procured by intrusion upon the domestic circle.

So angered were Warren and Brandeis by reports in daily papers of specifics from their own lives that they were led to conclude that:

man, under the refining influence of culture, has become more sensitive to publicity, so that solitude and privacy have become more essential to the individual; but modern enterprise and invention have, through invasions upon his privacy, subjected him to mental pain and distress, far greater than could be inflicted by mere bodily injury.

It is unclear how one could have greater “pain and distress” inflicted by words than “by mere bodily injury,” and yet the law review article that essentially gave birth to American privacy law articulated such a theory of harm.  And it only follows, then, that they would advocate fairly draconian controls on speech and press rights if they felt this strongly.

Taken to the extreme, however, giving such a notion the force of law would put privacy rights on a direct collision course with the First Amendment and freedom of speech.  As Eugene Volokh argued in a 2000 law review article entitled, “Freedom of Speech, Information Privacy, and the Troubling Implications of a Right to Stop People from Speaking about You”:

The difficulty is that the right to information privacy—the right to control other people’s communication of personally identifiable information about you—is a right to have the government stop people from speaking about you. And the First Amendment (which is already our basic code of “fair information practices”) generally bars the government from “control[ling the communication] of information,” either by direct regulation or through the authorization of private lawsuits.

This is what makes efforts to untether privacy regulation from a harms-based model or mode of analysis so troubling. For example, the Federal Trade Commission’s recent privacy review says that “the FTC’s harm-based approach also has limitations [because] it focuses on a narrow set of privacy-related harms—those that cause physical or economic injury or unwarranted intrusion into consumers’ daily lives.”  The Commission then suggests that “for some consumers, the actual range of privacy-related harms is much wider and includes reputational harm, as well as the fear of being monitored or simply having private information ‘out there,’” and suggests “consumers may feel harmed when their personal information… is collected, used, or shared without their knowledge or consent or in a manner that is contrary to their expectations.”

Not only does the Commission fail to offer any data on how this supposed harm manifests itself, how severe it is, or what trade-offs it presents to society, but it utterly fails to account for the dangerous slippery slope of speech control it puts us on. If appeals for regulation are based on emotion instead of concrete evidence of consumer harm, where will this take us next? If, for example, the Commission is to regulate based upon the fact that “consumers may feel harmed… when their personal information… in a manner that is contrary to their expectations,” how long will it be before some suggest this standard should trump First Amendment rights in other contexts?

For example, this more emotional approach to privacy regulation brings us one step closer to a “right not to be offended” or a “right to be forgotten,” as some in Europe favor. Here in the U.S., we see a similar effort underway with the so-called “Internet Eraser Button” idea, which has even been floated in federal legislation. How could a journalist even conduct their business in such a world? By their very nature, good reporters are nosy and, to some extent, disregard the privacy of the people and institutions they report on.

This is why privacy regulation must not be reduced to amorphous claims of “dignity” rights, where an assertion by a small handful that they “feel harmed” comes to replace a strict showing of actual harm to persons or property. To go down that path would have grave consequences for the future of freedom of speech, transparency, openness, and accountability.

Of course, there are many different types of privacy concerns, each of which demands its own analysis and legal consideration.  While I think most privacy concerns should be left to the realm of personal responsibility, user empowerment, and industry self-regulation, other privacy issues are more serious and should be elevated to the level of “rights.” When we speak of government search and seizure or surveillance concerns, “rights” talk certainly makes more sense. Likewise, identity theft is more than just a violation of privacy, it’s a violation of personal property rights.

With such notable exceptions, however, I prefer we speak of privacy in terms of ethics and norms. Legalistic, rights-based conceptions of privacy invite excessive government interventions with myriad unintended consequences.

[UPDATE Feb. 2012: This little essay eventually led to an 80-page working paper, “Technopanics, Threat Inflation, and the Danger of an Information Technology Precautionary Principle.”]

In this essay, I will suggest that (1) while “moral panics” and “techno-panics” are nothing new, their cycles seem to be accelerating as new communications and information networks and platforms proliferate; (2) new panics often “crowd-out” or displace old ones; and (3) the current scare over online privacy and “tracking” is just the latest episode in this ongoing cycle.

What Counts as a “Techno-Panic”?

First, let’s step back and define our terms. Christopher Ferguson, a professor at Texas A&M’s Department of Behavioral, Applied Sciences and Criminal Justice, offers the following definition: “A moral panic occurs when a segment of society believes that the behavior or moral choices of others within that society poses a significant risk to the society as a whole.” By extension, a “techno-panic” is simply a moral panic that centers around societal fears about a specific contemporary technology (or technological activity) instead of merely the content flowing over that technology or medium. In her brilliant 2008 essay on “The MySpace Moral Panic,” Alice Marwick noted:

Technopanics have the following characteristics. First, they focus on new media forms, which currently take the form of computer–mediated technologies. Second, technopanics generally pathologize young people’s use of this media, like hacking, file-sharing, or playing violent video games. Third, this cultural anxiety manifests itself in an attempt to modify or regulate young people’s behavior, either by controlling young people or the creators or producers of media products.

While protection of youth is typically a motivating factor, some techno-panics transcend the old “It’s For the Children” rationales for information control. What all panics share in common, however, is a general desire by the public, media pundits, and policymakers to “do something” to rid ourselves of the apparent menace. Thus, an effort to control the particular content or technology in question is what really defines a true “panic.”

It’s impossible to be scientific about this but there seems to be a cycle of such moral panics or techno-panics at work in our society.  Indeed, looking back over the past few decades, it seems that we experience a new panic roughly every 3 to 5 years. Consider this chronological breakdown of some notable techno-panics since the 1980s on:

• mid-1980s: music lyrics and music videos
• early to mid-1990s: violent video games
• mid- to late 1990s: Internet porn
• late 1990s to early 2000s: browser cookies + kids privacy
• mid-2000: TV & movie violence
• mid- to late 2000: online predators / “stranger danger”
• late 2000s to present: cyberwar
• late 2000s to present: online privacy / web “tracking”

Of course, there were other “mini-panics” that occurred during this stretch and, again, some of them did not involve child safety rationales. There was a brief panic over RFID chips and even the Y2K scare in the late 1990s, for example. Some might argue we also had a bit of panic with copyright and file-sharing back in the early 2000s, and perhaps even one back in the early 1980s when the VCR came on the scene, although that seemed to be more industry-driven. Wireless geo-location and geo-tagging has also been getting more attention recently and still may blossom into a full-blown techno-panic.   And you could make the case that we experienced a different type of techno-panic last year over the supposed “Death of the Web,” although few took that one all that seriously.

Why Do Techno-Panics Pass?

To be clear, there are no clear boundaries with techno-panics.  They do not just suddenly begin and end, and it is impossible to gauge their relative severity since no metric or yardstick exists to measure them against.  Nonetheless, these techno-panics certainly seem to have peaks and valleys in terms of public / political / media attention.

Just a few years ago, for example, the online predator panic reached a fever pitch and “stranger danger” reports were all over the media. As a result, legislation banning social networking sites in publicly funded schools and libraries was introduced, and state attorneys general proposed mandatory online age verification schemes for the Internet to segregate adults and children online. And then, it seems, the fever passed. I couldn’t tell you exactly what week or month it happened — and in many ways some of those fears still exist out there — but it’s clear that the panic about online predation has subsided greatly. I’d like to think that education and awareness helped debunk some of the myths that were fueling that particular panic, just as I’d like to believe that education and awareness helped deflate the fear bubbles that surrounded previous panics.

While I don’t want to entirely discount that possibility, I’m convinced another more cynical explanation may exist: New techno-panics simply crowd-out old techno-panics. There may be several explanations for this:

• Perhaps there is only so much fear-mongering our minds can handle at any given time.
• Perhaps it is becuase the media gets myopically focused on one panic and then hammers it till all the fear has been squeezed out of it such that they have to move on.
• Perhaps it is because a new technology comes along that spooks politicians and the media even more than the previous one they were demonizing.
• Or perhaps all of those factors combine to limit the duration of panics.

Regardless, it seems evident that moral panics and techno-panics have always been with us and will always be with us. From the waltz to rock and roll to rap music, from movies to comic books to video games, from radio and television to the Internet and social networking websites — every new media format or technology spawns a fresh debate about the potential negative effects it might have on society or our kids in particular. An excellent recent report by the U.K. government entitled Safer Children in a Digital World noted that “New media are often met by public concern about their impact on society and anxiety and polarisation of the debate can lead to emotive calls for action.” Indeed, each of the media technologies or communications platforms mentioned above was either regulated or threatened with regulation at some point in its history.

The Cycle is Accelerating but is the Severity of Each Panic Diminished as a Result?

However, it seems like these cycles are now accelerating somewhat.  They peak and fizzle out faster, that is. Perhaps that is a natural outgrowth of the technological explosion we have witnessed in recent years.  Digital innovation is unfolding at a breakneck pace and each new development gives rise to a new set of concerns. Going forward, this could mean we experience more “mini-panics” and fewer of those sweeping “the-world-is-going-to-hell” type panics.

This brings me to the current debate over online advertising, web “tracking,” and personal privacy. What’s interesting about this debate is that, unlike many of the other moral or techno-panics mentioned above, this debate is not being driven by the mantra that “It’s For the Children.”  Today’s privacy panic reflects a more widespread unease with the notion that our digital footprints are somehow being “tracked” for nefarious purposes.  In reality, there isn’t anything nefarious going on here at all. Online sites and service providers are simply using data collection to improve our web experience and better target ads to us in an attempt to cross-subsidize all that wonderful free stuff we enjoy online today. This is truly one of the great pro-innovation, pro-consumer success stories of modern times.  Yet, irrational fears about data collection and targeted marketing have given rise to the second major privacy techno-panic of the past dozen years. (Again, the first privacy-related panic was the “cookie craze” that took place back in the late-90s but then subsided). It is also somewhat ironic that many of the same people and groups who have done yeoman’s work debunking techno-panics in other contexts are driving this modern privacy panic.

I want to make it clear that I am not oblivious to the fact that there are occasionally some legitimate concerns behind some of these moral panics or techno-panics.  For example, I certainly don’t want my young children (ages 9 & 6) viewing hard-core porn, playing extremely violent video games, or even reading graphic comics. And I understand that some forms of personal information are quite sensitive and a legitimate topic for policy discussions.  But, again, these concerns are typically greatly over-hyped, and to the extent that they represent more legitimate concerns, I would argue that education and empowerment-based solutions typically represent a more sensible approach than regulation. Although I sometimes question whether the “harm” that people fear is legitimate, I would hope we could work together to find more sensible ways to address people’s concerns without calling for comprehensive control of the media, content, technology, or the Internet more generally.

Resiliency, Responsibility & Common Sense

Finally, in these discussion, I believe many people overlook the importance of human adaptability and resiliency.  The amazing thing about humans is that we adapt so much better than other creatures. When it comes to technological change, resiliency is hard-wired into our genes.  “The techno-apocalypse never comes,” notes Slate’s Jack Shafer, because “cultures tend to assimilate and normalize new technology in ways the fretful never anticipate.” We learn how to use the new tools given to us and make them part of our lives and culture.  Indeed, we have lived through revolutions more radical than the Information Revolution.  We can adapt and learn to live with some of the legitimate difficulties and downsides of the Information Age. [See my recent book chapter on, “The Case for Internet Optimism, Part 1: Saving the Net From Its Detractors.”]

A healthy does of humility, patience, personal responsibility, and good ‘ol common sense will usually get us through these things. Quite literally, there is no need to panic!

Related Reading

• Techno-Panic Cycles (and How the Latest Privacy Scare Fits In)
• Against Techno-Panics
• Collier on “Why Technopanics are Bad”
• Kids, Media, Commercialism & Moral Panic
• The Next Great Technopanic: Wireless Geo-Location / Social Mapping
• Technopanics and the Great Social Networking Scare
• Sen. Klobuchar Stirs Up Facebook Child Safety Technopanic
• A Rarity: Newspaper Argues Against Techno-panic, Cites Constitution
• Google Street View/Wi-Fi Privacy Technopanic Continues
• Digital Sensors, Darknets, Hyper-Transparency & the Future of Privacy

This week, we’ve seen reports in both The New York Times (“Stage Set for Showdown on Online Privacy“) and The Wall Street Journal (“Watchdog Planned for Online Privacy“) that the Obama Administration is inching closer toward adopting a new Internet regulatory regime in the name of protecting privacy online.  In this essay, I want to talk about information control regimes, not from a normative perspective, but from a practical one.  In doing so, I will compare the relative complexities associated with controlling various types of information flows to protect against four theoretical information harms: objectionable content, defamation, copyright, and privacy.

From a normative perspective, there are many arguments for and against various forms of information control.  Here, for example, are the reasons typically given for why society might want to impose regulations on the Internet (or other communications channels) to address each of the four issues identified above:

1. Content control / Censorship: We must control information flows to protect children from objectionable content or all citizens against some other form of supposedly harmful speech (hate speech, terrorist recruitment, etc).
2. Defamation control: We must control information flows to protect people’s reputations.
3. Copyright control: We must control information flows to protect the property rights of creators against unauthorized use / distribution.
4. Privacy control: We must control information flows to protect against information flows that include information about individuals.

Again, there are plenty of good normative arguments in the opposite direction, many of which are based on free speech considerations since, by definition, information control regimes limit the flow of forms of speech.  For privacy, I discussed such speech-related considerations in my essay on “Two Paradoxes of Privacy Regulation.”  But what about the administrative or enforcement burdens associated with each form of information control?  I increasingly find that question as interesting as the normative considerations.

Let’s begin with a self-evident statement about which most of us can (hopefully) agree: Information control can be complex and costly.  This was true even in the scarcity era with its physical and analog distribution methods of information dissemination.  All things considered, however, the challenge of controlling information in the past paled in comparison to the far more formidable challenges nation-states face in the digital era when they seek to limit information flows.

The movement of bits across electronic networks and digital distribution systems creates unique problems I have previously discussed in my essay on “The End of Censorship.” To recap, efforts to control information today are greatly complicated by problems associated with:

• Convergence: Media content and information distribution outlets are blurring together today thanks to the rise of myriad new technologies and competitors. These new technologies and competitors generally ignore or reject the distribution-based distinctions and limitations of the past. In other words, convergence means that media content is increasingly being “unbundled” from its traditional distribution platforms and finding many paths to the consumers. As a result of these developments, it is now possible to disseminate, find, or consume the same content / information via multiple devices or distribution networks.  In this way, convergence complicates efforts to create effective information control regimes.
• Scale: In the past, the reach of speech and information was limited by geographic, technological, and cultural / language considerations. Today, by contrast, media can now flow across the globe at the click of a button because of the dramatic expansion of Internet access and broadband connectivity.  While restrictions by nation-states are still possible, the scale of modern digital speech and content dissemination greatly complicates government efforts to control information flows.
• Volume:  The sheer volume of media and communications activity taking place today also complicates regulatory efforts. In simple terms, there is just too much stuff for regulators to police today relative to the past. As a 2002 blue ribbon panel assembled by the National Research Council to examine the regulation objectionable content concluded: “The volume of information on the Internet is so large — and changes so rapidly — that it is simply impractical for human beings to evaluate every discrete piece of information for inappropriateness.”  While it may have been possible to oversee a handful of newspapers or TV and radio stations in each community or country in the past, today’s electronic media universe is so diverse and enormous—and evolving so quickly—that content controls significantly complicate enforcement burdens.
• Unprecedented individual empowerment / user-generation of content: In this new world in which every man, woman and child can be a one-person publishing house or self-broadcaster, restrictions on viewing, listening or uploading and downloading will be become increasingly difficult to devise and enforce.   By comparison, few of those opportunities were available to the citizenry in the past.

Now, let’s go back to the four issues I identified above and think abut the implications.  In terms of content controls, defamation, and copyright, it’s fairly clear how these considerations complicate enforcement efforts.  Of course, some regulatory efforts have succeeded after governments pushed back aggressively enough, and I certainly don’t mean to suggest that governments are powerless to control information flows in the Informati0n Age.  Read through Access Controlled and you’ll find plenty of examples of how nations across the globe are doing so using various methods of control: Surveillance, centralized filtering, strict liability regimes, government ownership of key facilities / companies, etc.   Let me also make clear that  I am not entirely against all information control efforts.  Generally speaking, I want strict limits placed on governments efforts to control information flows, but I’ve also endorsed efforts to use some of these regulatory approaches to deal with child pornography and extreme forms of copyright piracy.

Anyway, I want to just make two more points here about how this relates to privacy regulation as an information control regime.  First, while I think most people understand the complexities associated with information control efforts in the content, defamation, and copyright fields, I don’t think scholars or policymakers are spending nearly enough time considering the complexities of enforcing an information control regime for privacy.  All too often, privacy advocates seem to suggest that privacy regulation will be frictionless and cost-free.  Once they jump to the assumption that privacy is a “human right,” or must be protected in the name of “human dignity,” any discussion of enforcement hassles or the costs of regulation seemingly goes right out the window.  In reality, of course, privacy regulation will have profound consequences for online sites and services by potentially undermining the goose that lays the Internet’s golden (and mostly free) eggs: online advertising and the data collection that powers it.  Again, this is somewhat secondary to my point in this essay, which is just to suggest that the complexities associated with the mechanics of information control are not being fully considered in the privacy context.  Either way, it’s time we stop pretending privacy regulation is a free lunch.

Second, I would like to suggest — but I cannot prove at this time — that enforcing a privacy information control regime will be more complex than the regimes needed to control information flows for content, defamation, and copyright.  Now how can that possibly be, you ask?  It requires a much deeper dive into the specifics of various privacy regulatory proposals, but consider two recent privacy-related regulatory regimes: a “Do Not Track” list and a “right to be forgotten.” Both sound simple enough in theory, but the details are quite devilish.

How, for example, would government go about verifying proper compliance with such regulations without also ensuring some sort of online authentication system is in place to verify people are who they say they are?  Must every browser be retooled to comply and then regulated accordingly?  What about apps downloaded on tablets or smartphones that don’t require browsers at all?  Are IP addresses “personal information” that are also subject to regulation? Which agencies are responsible for creating authentication systems, policing online data flows, and reviewing new innovations and sites to ensure they are complying?  Who in government has access to the data about individuals that is collected for such purposes, and what else are they doing with it?  What systems will need to be put into place by online operators, large and small alike, to ensure compliance?  And so on.  Enforcement problems will also be complicated by the subjectivity of privacy norms from one individual to another as well as the fact that these norms change over time (and seem to be changing quite rapidly in recent years).

Again, more research needs to be done to better document the potential costs associated with a privacy information control regime, but I would hope we could begin by accepting that fact that it is an information control regime and that it will be complicated to enforce and will have costs — both in economic and speech-related terms.  Advocates of such a regulatory regime for the Internet should at least be mature enough to admit that what they are proposing is comparable in complexity and cost to the censorship and copyright regulatory regimes they typically oppose.

In a post here last month on “Two Paradoxes of Privacy Regulation,” I discussed some of the interesting — and to me, troubling — similarities between rising calls for online privacy regulation and ongoing attempts to enact various types of controls on online speech or expression.  In that essay, I argued that while most privacy advocates are First Amendment supporters as it pertains to content regulation, they abandon their free speech values and corresponding constitutional tests when it comes to privacy regulation. When the topic of debate shifts from concerns about potentially objectionable content to the free movement of personal information, personal responsibility and self-regulation become the last option, not the first.  Privacy advocates typically ignore, downplay, or denigrate user-empowerment tools, even though many of those same advocates endorse “self-help” efforts as the superior method of dealing with objectionable speech or media content. In essence, therefore, they are claiming self-help is the right answer in one context, but not the other.  Ironically, therefore, privacy advocates and moral conservatives actually share much in common in that they are using the same playbook to advance their goals:  They are rejecting personal responsibility and user-empowerment tools and techniques in favor or government control for their respective issues.

Keeping that insight in mind, I want to take this comparison a step further and suggest that what really unites these two movements is a general conservatism about how our online lives and online business should be governed.  For the moral conservatives, that instinct is well-understood. They want hold the line against what they believe is a decaying moral order by restricting access to potentially objectionable speech or content — dirty words, violent video games, online porn, or whatever else.   The conservatism of the modern privacy movement is less obvious at first blush.  I suspect that many privacy conservatives would not consider themselves “conservative” at all, and they might even be highly offended at being grouped in with moral conservatives who seek to wield government power to control online speech and expression. Nonetheless, the two groups share a common trait — an innate hostility to the impact of technological / social change within the realm of “rights” or values they care about.  In their respective arenas, they both rejected the evolutionary dynamism of the free marketplace and they long for a return to a simpler and supposedly better time.

For the privacy conservatives, we see this instinct on display in discussions about “targeted advertising” and “behavioral marketing.”   Most privacy regulation advocates want to slow or stop the advancement of online advertising techniques for a variety of reasons.  Some say privacy — however they define it — is an inalienable human right and that data collection and targeted marketing betrays “human dignity.”  Others just despise commercialism and advertising in all its forms and hope to take steps to stop its spread or evolution. Still others say they want regulation to help give users more control over their personal information. Or, some combination of all of the above factors motivates their desire to see advertising and marketing practices curtailed.

On Defining Harm

Privacy conservatives and moral conservatives share another common trait: The struggle to identify or prove a tangible harm exists that justifies government regulation that would foreclose the evolution or markets and/or speech. “Privacy” has long been a controversial, ambiguous term, much like the terms “obscenity” or “indecency” in the speech context. My response in both cases is not that “harm” never exists, but rather that:

1. “harm” is extremely user-specific;
2. such “harms” should not necessarily be elevated to actionable legal / regulatory matters; especially when..
3. the better approach is user-empowerment and personal responsibility instead of collectivized political responsibility for such matters.

Stated differently, precisely because of the eye-of-the-beholder problem we face in both speech and privacy contexts, I believe the better approach is to rely on “household standards” (user-level controls + personal responsibility) instead of “community standards” (government regulation for the entire universe of consumers / users).  Thus, in light of the diverse nature of the citizenry and the importance of the evolution of online markets and speech, freedom should generally trump control.

Journalism provides a good case study for why that should be the general rule.  When it comes to the concerns about what should or should not be aired or reported by journalists, most of us would come down in favor of press freedoms and greater freedom of speech.  We don’t allow concerns about violent media images or salty language to trump the rights of journalists to report on wars, for example.  In a similar sense, we don’t allow privacy rights to trump freedom of speech as it relates to the collection of private facts about individuals by journalists.  Think about it; the job of a good journalist is to be a nosy son-of-a-bitch.  They pry into every corner of the private lives of individuals. They not only get paid to do, but they win awards for doing it well!  The First Amendment generally protects their ability to gather and reveal all this information about individuals and organizations.  Again, speech rights trump privacy rights.  That isn’t always the case, of course, but it is 9 times out of 10.  So, for purposes of our discussion here, the interesting question is: How far would privacy conservatives be willing to go to undermine speech rights since — if enforced aggressively — a privacy “right” would essentially become “a right to stop people from speaking about you” (to borrow the memorable subtitle of a 2000 Eugene Volokh law review article)?

The Case for Transparency, and the Futility of It

Like moral conservatives, privacy conservatives are on their strongest footing in advocating greater transparency.  Before jumping to direct government regulation of speech or content, some moral conservatives are willing to give greater transparency a shot.  For example, they push for content creators to reveal more details about the nature of their products using labels or ratings so that consumers can better understand what they will see or hear. Similarly, before advocating comprehensive Internet regulation, some privacy conservatives at least give lip service to the idea of industry self-regulation and they encourage sites and services to be more transparent about the information they collect about users for advertising / marketing purposes.

Such transparency generally doesn’t restrict innovation and progress. In fact, in some ways, it can help create a more vibrant market if consumers act upon the information they are given.  However, whether we are talking about objectionable media content or privacy-related matters, it doesn’t seem like many consumers are willing to do much to change their behavior once supplied with better product or service information — at least not in the way the regulatory advocates desire. In both cases, moral conservatives and privacy conservatives can’t seem to come to grips with the fact that the world isn’t made of people who share their hostile knee-jerk reaction to these things.

For example, there are some outstanding rating and labeling systems out there for movies and games, and those content descriptors really do give people (especially parents) a good idea of what they can expect to see, hear or play.  But the existence of those ratings and labels doesn’t deter millions upon millions of people from rushing to watch or buy a controversial new movie or video game that many moral conservatives probably find offensive.  Same goes for language.  We can warn people nasty talk is coming, or even channel it to later hours of the day, but a lot of people will still consume it anyway.  Many people probably recoiled upon first hearing a George Carlin monologue back in the 70s.  But while the moral conservatives couldn’t get over it — and still enforce regulations based on one particularly famous Carlin monologue — the rest of the world moved on. In fact, in 2008, Carlin was awarded the Mark Twain Prize for American Humor as one of our country’s most revered satarists.  Society evolved not just to accept, but embrace, Carlin’s wicked wit and even much of his billingsgate.

Similarly, privacy conservatives — who tend to think the multitudes share their general aversion to almost any form of data collection or commercial advertising — often seem mystified that the masses aren’t in open revolt against the likes of Facebook, Google, or online advertising networks.  To hear many privacy regulatory advocates talk, you’d think online advertising innovation should have been frozen in the pop-up ad era.  Some of them still can’t get over the fact that cookies weren’t regulated out of existence a decade ago.  Yet, despite their fundamentalist views about privacy rights and supposed violations of those rights, progress has marched on. Privacy expectations — much like cultural / speech expectations — have evolved. New baselines have emerged. And while there’s an occasional flashpoint over something particularly inflammatory — for speech, think of the Janet Jackson incident or the Grand Theft Auto “Hot Coffee” incident; and for privacy, think Facebook Beacon and Google Buzz — the reality is that most people have adapted to technological and social change.  Stated differently, regardless of what any poll or survey might suggest, citizens have generally rejected the fundamental conservatism of both the moral conservatives on content issues and the privacy conservatives on advertising / marketing issues.

Strange Bedfellow Alliances?

Are formal alliances between privacy conservatives and moral conservatives likely?  I think they are possible, but highly unlikely.  On occasion, some moral conservatives will reach across the aisle and work with Left-leaning groups when it works to their advantage.  A prime example came back in 2003-04 during the media ownership reform debates, when social conservatives like Brent Bozell aligned the Parents Television Council with the radical regulatory group Free Press and its neo-Marxist founder Robert McChesney.  Bozell’s contempt for entertainment companies was so extreme that he was willing to make peace with extremists like Free Press, who are always happy to string up the capitalists in the content community.

But that’s an unusual example.  It’s unlikely we’ll see the extreme poles of moral and privacy conservatism making many alliances because they generally don’t play well together.  That is, most moral conservatives don’t necessarily have a big beef with online advertisers, and few privacy conservatives care about free speech issues (and, to the extent they do care, they probably favor greater First Amendment freedoms).

However, whether they broker formal alliances or not, what should be clear is that moral conservatives and privacy conservatives are unwittingly working together as they both strive to bring greater government control to cyberspace and end evolutionary dynamism in their respective arenas.

Sen. Amy Klobuchar just released a letter to Facebook demanding the site require “a prominent safety button or link on the profile pages of users under the age of 18″—akin to the so-called “panic button” app launched earlier this week by the UK’s Child Exploitation & Online Protection Centre (CEOP). She doesn’t seem to realize that this app is available to all Facebook users, not just those in the UK. But her focus on empowerment tools and education is admirable, and it’s certainly a fair question to ask what sites like Facebook and MySpace are doing in these areas.

Unfortunately, Klobuchar’s letter also engages in blatant fear-mongering:

Recent research has shown that one in four American teenagers have been victims of a cyber predator.  And when teens experience abusive behavior online, only ten percent discuss it with their parents and even fewer report the misconduct to law enforcement.  It’s clear that teenagers need to know how to respond to a cyber attack and I believe we need stronger reporting mechanisms to keep our kids safe.

Klobuchar doesn’t actually cite anything, so it’s not clear what research she’s relying on. The 25% statistic is particularly incendiary, suggesting a nationwide cyber-predation crisis—perhaps leading the public to believe 8 or 9 million teens have been lured into sexual encounters offline. Perhaps the Senator considers every cyber-bully a cyber predator—which might get to the 25% number. But there are two serious problem with that moral equivalence.

First, to equate child predation with peer bullying is to engage in a dangerous game of defining deviancy down. Predation and bullying are radically different things. The first (sexual abuse) is a clear and heinous crime that can lead to long-term psychological damage. The second might be a crime in certain circumstances, but generally not.  And it is even less likely to be a crime when it occurs among young peers, which research shows constitutes the vast majority of cases. As Adam Thierer and I noted in our Congressional testimony last year, there are legitimate concerns about cyberbullying, but it’s something best dealt with by parents and schools rather than prosecutors (like Klobuchar in her pre-Senate career).

Second, a series of official taskforces have concluded that the cyberpredator technopanic is vastly overblown. NTIA’s Online Safety and Technology Working Group final 2010 report concluded that “several studies, including some funded by the U.S. Department of Justice, have shown that the statistical probability of a young person being physically harmed by an adult who they first met online is extremely low,” (OSTWG Report at 10-11). Harvard’s 2009 Berkman Center Internet Safety Technical Task Force report concluded:

cases [of adult to child sexual encounters on social networks] typically involved post-pubescent youth who were aware that they were meeting an adult male for the purpose of engaging in sexual activity…. the risk profile for the use of different genres of social media depends on the type of risk, common uses by minors, and the psychosocial makeup of minors who use them…. Youth identify most sexual solicitors as being other adolescents (48%; 43%) or young adults between the ages of 18 and 21 (20%; 30%) and that youth typically ignore or deflect solicitations without experiencing distress.

A number of other task force reports have reached similar conclusions, all agreeing that education and empowerment are the answer. In particular, a 2008 study found that use of popular social networking sites such as MySpace and Facebook does not appear to increase their risk of being victimized by online predators. In particular, the study noted that the 500 arrests made nation-wide for Internet-initiated sex crimes accounted for just 7% of all statutory rapes”—i.e., for adult-on minor sex.

The letter goes on to ask about Facebook’s Internet safety page (she could have just Googled “Facebook Safety” and found it and its wealth of resources) and whether Facebook has a report abuse system—see the “Report Abuse” button at the bottom of any profile, page or group, which produces this dialogue box for user profiles:

And this box for pages:

MySpace has similar reporting mechanisms (and this form) and resources for kids & parents. Both sites employ hundreds of people to respond to such requests, decide when to take down content, and when to bring in law enforcement—which is a pretty big commitment from sites that don’t charge users a penny.

If the good Senator or her staff had had Googled (or Binged) “Facebook safety advisory board,” she would have found a number of press releases about the group, which Facebook launched last December to interface with child safety experts.

Again, it’s a fair question whether Facebook could do even more than it’s already done. For example, the “report abuse” link could probably be moved to a more prominent location on the page. But with its incendiary rhetoric and easily answered questions, Klobuchar’s letter seems intended more to make headlines and score political points than to really move the ball forward on her stated objective, which we should all share: enhancing education and empowerment solutions. Playing fast and loose with the facts—and throwing more fuel on the fire of a technopanic in the process—is unwise and unconstructive.

The Online Safety and Technology Working Group (OSTWG) has just released its final report to Congress entitled, “Youth Safety on a Living Internet.”  As I mentioned here last year, this government task force was established by the “Protecting Children in the 21st Century Act,” (part of the ‘‘Broadband Data Improvement Act’,’ Pub. L. No. 110-385) and its mission was to review and evaluate:

• The status of industry efforts to promote online safety through educational efforts, parental control technology, blocking and filtering software, age-appropriate labels for content or other technologies or initiatives designed to promote a safe online environment for children;
• The status of industry efforts to promote online safety among providers of electronic communications services and remote computing services by reporting apparent child pornography, including any obstacles to such reporting;
• The practices of electronic communications service providers and remote computing service providers related to record retention in connection with crimes against children; and,
• The development of technologies to help parents shield their children from inappropriate material on the Internet.

The task force included over 30 experts from academia, industry, advocacy groups, and think tanks. It was my great honor to be a member of OSTWG and to serve as the chair of 1 of the 4 subcommittees. The four subcommittees addressed: data retention, child pornography reporting, educational efforts, and parental controls technologies. I chaired that last subcommittee on parental controls.

Our conclusions will not be surprising to those who have read previous online safety task force reports, which I have summarized in 2009 white paper, “Five Online Safety Task Forces Agree: Education, Empowerment & Self-Regulation Are the Answer.”  Generally speaking, we concluded that there is no silver-bullet technical solution to online child safety concerns. Instead – and again in agreement with previous research and task force reports – we have concluded that a diverse toolbox and a “layered approach” must be brought to bear on these problems and concerns. Here’s how we put it in the report:

• There’s no one-size-fits-all, once-and-for-all solution to providing children with every aspect of online child safety. Rather, it takes a comprehensive “toolbox” from which parents, educators, and other safety providers can choose tools appropriate to children’s developmental stages and life circumstances, as they grow. That toolbox needs to include safety education, “parental control” technologies such as filtering and monitoring, safety features on connected devices and in online services, media ratings, family and school policy, and government policy. In essence, any solution to online safety must be holistic in nature and multi-dimensional in breadth.
• To youth, social media and technologies are not something extra added on to their lives; they’re embedded in their lives. Their offline and online lives have converged into one life. They are socializing in various environments, using various digital and real-life “tools,” from face-to-face gatherings to cell phones to social network sites, to name just a few.
• Because the Internet is increasingly user-driven, with its “content” changing in real-time, users are increasingly stakeholders in their own well-being online. Their own behavior online can lead to a full range of experiences, from positive ones to victimization, pointing to the increasingly important role of safety education for children as well as their caregivers. The focus of future task forces therefore needs to be as much on protective education as on protective technology.
• The Internet is, in effect, a “living thing,” its content a constantly changing reflection not only of a constantly changing humanity but also its individual and collective publications, productions, thoughts, behaviors, and sociality.

I encourage everyone to check out the entire report, which I have also embedded down below. I very much hope policymakers will heed the advice found in this and the previous task force reports, which have uniformly found that only such a layered, multi-dimensional approach to online child safety can be effective. The three key prongs to that strategy — or what I call the “3-E Strategy” — are education, empowerment and law enforcement efforts.

Importantly, OSTWG accomplished our charge without resorting to the “moral panic” tone that some have adopted when approaching these issues and concerns. While there are serious challenges and concerns surrounding discussions about child safety, it’s important to acknowledge the important benefits of new media and communications technologies to us and our children. We have done so in this report.

We also were careful not to try to unsettle any settled First Amendment law. One of the most regrettable developments of the past 15 years is that so much time has been wasted passing and then litigating legislative and regulatory enactments that have been so clearly unconstitutional under the First Amendment. If the time and resources that were squandered in those legal skirmishes would have instead been plowed into education, empowerment, and enforcement-based efforts, it could have made a lasting difference.

More generally, we should always remember the sage advice offered by the Supreme Court in 2000: “Technology expands the capacity to choose; and it denies the potential of this revolution if we assume the Government is best positioned to make these choices for us.” OSTWG has charted a sensible way forward in the final report that should hopefully avoid those problems. It is my hope that policymakers take our findings and recommendations seriously and adopt the sort of constructive, practical approach we have outlined in this report.

Finally, I want to send out a big THANK YOU! to Hemanshu Nigam and Anne Collier, who very ably and patiently co-chaired the OSTWG. They did a terrific job herding a lot of cats and bringing this report to a successful completion. Well done Hemu and Anne!

Online Safety and Technology Working Group Final Report http://d1.scribdassets.com/ScribdViewer.swf

By Adam Thierer & Berin Szoka

Short but very important essay here from Santa Clara University Law School Prof. Eric Goldman about calls to alter Sec. 230 of the Communications Decency Act (CDA) to address concerns about online harassment. Generally speaking, Sec. 230 immunizes online intermediaries from punishing liability for the content that travels over their networks / services. Specifically, Sec. 230 stipulates that “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” In other words: Don’t shoot the messenger!

As we’ve noted here before, it is probably not an overstatement to think of Sec. 230 as the very cornerstone of Internet Freedom, since it makes possible an online “utopia for utopias,” to borrow a phrase from our favorite modern political philosopher, the late Robert Nozick. Without Sec. 230, intermediaries would likely be forced to shut down many avenues of communication and would have to become deputized conduct and morality police for every cyber-street corner.

Goldman, America’s leading expert on Sec. 230-related jurisprudence, correctly notes that, “Frequently, § 230’s critics do not attack the immunization generally, but instead advocate a new limited exception for their pet concern.” He’s got that right. Indeed, we are increasingly hearing calls from numerous quarters these days to “tweak 230” for one pet concern after another. We’ve illustrated some of those concerns in this exhibit.

Deputization of the Middleman http://d1.scribdassets.com/ScribdViewer.swf Regulatory advocates can be found for each of these issues who like to see the protections afforded by Sec. 230 scaled back by Congress or he courts. But Goldman rightly warns:

by Adam Thierer & Berin Szoka, Progress Snaphot 6.1

Stephanie Clifford of the  New York Times posted a very interesting article this week summarizing a recent “on-the-record chat” the Times staff had with Federal Trade Commission (FTC) chairman Jon Leibowitz and FTC Bureau of Consumer Protection chief David Vladeck.  The interview [discussed by Braden here] is profoundly important in that it reveals an alarming disconnect regarding the relationship between “privacy” regulation and the future of media, which were the subjects of their discussion with Times staff.  Namely, Leibowitz and Vladeck apparently fail to appreciate how the delicate balance between commercial advertising and journalism is at risk precisely because of the sort of regulations they apparently are ready to adopt.  Because the value of online advertising depends on data about its effectiveness and consumers’ likely interests, and because advertising is indispensable to funding media, what’s ultimately at stake here is nothing short of the future of press freedom.

The “Day of Reckoning” Is Upon Us

Leibowitz and Vladeck spend the first half of The Times interview wringing their hands about “privacy policies,” the declarations made by websites and advertising networks about their data collection and use practices (for which the FTC can and must hold them accountable).  But the two feel that privacy policies don’t adequately inform consumers.  Chairman Leibowitz claims that online companies “haven’t given consumers effective notice, so they can make effective choices.”  And Mr. Vladeck states that advise-and-consent models “depended on the fiction that people were meaningfully giving consent.” But he and the FTC seem ready to abandon the notice and choice model because the “literature is clear” that few people read privacy policies, Vladeck told the Times.  He and Leibowitz continue:

“Philosophically, we wonder if we’re moving to a post-disclosure era and what that would look like,” Mr. Vladeck said. “What’s the substitute for it?” He said the commission was still looking into the issue, but it hoped to have an answer by June or July, when it plans to publish a report on the subject. Mr. Leibowitz gave a hint as to what might be included: “I have a sense, and it’s still amorphous, that we might head toward opt-in,” Mr. Leibowitz said.

This clearly foreshadows the regulatory endgame we have long suspected was coming.  When the FTC released its “Self-Regulatory Principles for Online Behavioral Advertising” eleven months ago, we asked: “What’s the Harm & Where Are We Heading?”  Their answers to both questions have become clearer with each new calculated comment—all apparently intended to slowly “turn up the heat” on the advertising industry so that the proverbial frog will stay in the pot until the water finally boils.  Leibowitz’s FTC has simply dodged the “harm” question with a four-part strategy:

1. Cobble together a “record” full of sympathy-evoking anecdotes submitted by advocates of regulation in comments and the FTC’s ongoing “Exploring Privacy” Roundtables;
2. Let the most extreme Chicken Littles fulminate about the grand conspiracy of “neuromarketing manipulation” and the like (and sometimes even shout down FTC staff in panel discussions) in order to redefine the “reasonable center” of the debate;
3. Define-down “harm” as purely a matter of “consumer expectations” or consumers’ “dignity interests” (whatever that vague and infinitely elastic term means); and
4. Attack the effectiveness of “consent” itself by suggesting that consumers cannot be trusted to understand privacy policies or be expected to make any effort to protect their own privacy.

Conveniently, this strategy leads right back to the “day of reckoning” Chairman Leibowitz threatened was coming last February: We are heading precisely where he told us we would be—to full-on, opt-in regulation.  The writing on the wall becomes more apparent every day: Leibowitz set out to bring online advertising to heel even before becoming Chairman, and his Commission is reprising almost precisely the same approach that led to the passage of the Children’s Online Privacy Protection Act (COPPA) of 1998: building a case for new authority, dismissing industry self-regulation as ineffective, and finally presenting a report to Congress intended to produce a rapid legislative response.  After the FTC presented its report on the need for regulation in congressional testimony in June 1998, it took Congress just four months to pass COPPA—and much of that time was consumed by the summer recess.  In short, Leibowitz is mounting a carefully choreographed campaign for increased regulation.

The only real question is whether Leibowitz will somehow try to use the FTC’s existing authority over “unfair or deceptive” trade practices or wait for expanded authority from Congress.  While most observers typically assume that such expanded authority would come in the form of a privacy-specific bill—be it a broad “baseline” privacy bill or one specifically focused on online data collection for advertising purposes—the authority Leibowitz yearns for could just as easily come in the form of increased rulemaking authority as part of a broader bill that allows the FTC to preemptively regulate practices that are not deceptive but merely deemed “unfair.”

This would take the agency “ Back to the Future”—to the late 1970s, when the agency reached the height of its efforts to regulate purely on “unfairness” grounds by trying to ban advertising to children.  The agency’s behavior earned it the moniker “National Nanny” from the Washington Post, hardly a bastion of regulatory skepticism.[1] That outpouring of popular resentment caused a heavily Democratic Congress to cut-off the Democratic-led agency’s regular funding and prohibit it from regulating advertising merely on the grounds of “unfairness.”  In essence, they told the agency to “go back to its knitting” and focus on protecting consumers from demonstrated harms.^[2] Duly chastened (and actually shut down for several days), the FTC formulated a meaningful legal standard for “unfairness,” which Congress codified in 1994: for a practice to be unfair, the injury it causes must be (1) substantial, (2) without offsetting benefits, and (3) one that consumers cannot reasonably avoid.

Under this statutory standard, as FTC Commissioner Thomas Rosch has argued, the commission must carefully consider:

[the] legitimate pro-consumer and pro-competitive benefits that result from [targeted advertising]. Absent hard data weighing these benefits against the limited “invasion of privacy interests” involved, it would seem difficult to conclude that treating that practice as an actionable violation of the “unfairness” prong of Section 5 will pass muster.[3]

So Leibowitz and Vladeck either need to get serious about weighing the costs and benefits of targeted advertising—or, in the absence of such actually measuring these trade-offs, get Congress to give them the authority to regulate.  But one thing is clear from their past statements: they are in a hurry to do  something. As Vladeck told The Times last August, “There is a sense of urgency around here… Consumers, I don’t think are sufficiently protected under the current regime.”  Apparently, the case is closed in their minds.

“Left Hand, Meet Right Hand”

The second half of the  Times interview concerns the future of news. Chairman Leibowitz is not optimistic:

“There are some areas where you clearly see positive creative destruction,” Mr. Leibowitz said, giving the example of travel agents who were replaced by Orbitz and other online-booking systems. The news, he said, was not one of those. “When you’re dealing with something as critical as news is to a democracy, you need to ensure, certainly, that it’s independent, but also that it’s vibrant going forward,” he said. Areas like investigative reporting, foreign and domestic bureaus, and state-house reporting, he said, would likely falter under blog operations because of “economies of scale.”

He said he wasn’t sure what the solution was, but threw out a few ideas discussed at the conference: maybe special tax treatment for newspapers, a Corporation for Public Broadcasting-like fund, or for the newspaper industry to charge fees for the re-use of its content, similar to the model that the American Society of Composers, Authors and Publishers uses. [emphasis added]

Mr. Chairman, with all due respect, haven’t you forgotten about the solution that has powered private media for a few centuries in this country?  You know— advertising!  Indeed, what’s stunning about these comments is the complete disconnect with what Leibowitz and Vladeck said earlier in the interview.  It certainly may be the case that they said more on the subject than what The Times has reported, but given their escalating rhetoric, it seems likely that significantly increased FTC regulation is on the horizon.  And, yet, as Chairman Leibowitz marches us into this brave new world of regulating Internet media through their key funding source, he and Mr. Vladeck seem to have little appreciation of the vital role played by advertising in sustaining a truly free and vibrant press.

An Attack on Advertising Is an Attack on Media Itself

Let’s step back and revisit Media Economics 101.  Almost every serious scholar in the field acknowledges this truism: Advertising cross-subsidizes media platforms and the creation of valuable information—especially news.  “Advertising is the mother’s milk of all the mass media,”  Wall Street Journal technology columnist Walt Mossberg has noted.  Similarly, Harold L. Vogel, author of Entertainment Industry Economics, the leading text in the field, has noted, “Advertising is the key common ingredient in the tactics and strategies of all entertainment and media company business models.  Indeed, it might further be said that advertising has substantively subsidized the production and delivery of news and entertainment throughout the last century.”[4] Mossberg agrees and notes, “Without ads, most editorial products and other programming would be either unavailable or prohibitively expensive.”

The reason for the indispensability of advertising is simple: Information (including news and other forms of “content”) has “public good” characteristics that make it is very difficult (and occasionally impossible) for information-publishers to recoup their investments.  Simply put, they quite literally lack pricing power: Whatever they charge, someone else will charge less for a close substitute, inevitably leading to “free” distribution of the content, even though the content is anything but free to produce.  Advertising is the one business model that has traditionally saved the day by rewarding publishers for attracting the attention of an audience.

Which raises another under-appreciated point: Private advertising promotes press independence.  “Newspapers, magazines, radio, television, and many websites all receive their primary income from advertising,” notes William F. Arens, author of  Contemporary Advertising, another leading textbook in the field. “This facilitates freedom of the press and promotes more complete information” he concludes.[5] Why?  Because, contrary to what some critics claim, advertising and marketing help keep private media providers independent of the need for taxpayer subsidies or private patrons.  This begs an even more profound question: If not advertising, then what else?

A “Public Option” for the Press?

What’s most troubling about Chairman Leibowitz’s comments to the Times is that he has apparently found his alternative to advertising: a “public option” for the press! He mentions special tax treatment for newspapers or a new CPB-like fund (don’t we already have one?) as two possibilities.  That certainly will be music to the ears of radical, pro-regulatory activist groups like the ironically-named “Free Press,” which wants to see a massive “public works” program for the media sector.

Free Press recently filed comments with the FTC in the agency’s recent workshop, “Can Journalism Survive the Internet Age?” and proposed a far-reaching industrial policy for “saving the news.”  They call for over $50 billion in subsidies for the Corporation for Public Broadcasting and other bureaucracies, a “journalism jobs program” for that would be part of AmeriCorps, a variety of new tax incentives for struggling media operations or individuals who support favored institutions, and an assortment of government incentives to encourage local ownership and media divestiture (by handing over control to smaller operators or minority-owned groups).  Ironically, “Free Press” has also floated the concept of “a small tax on advertising” as one way to pay for a press bailout.

The organization’s founder Robert W. McChesney, the prolific neo-Marxist media scholar, penned an essay with John Nichols of The Nation last year, claiming that saving journalism essentially requires that media become an appendage of the State.  Although advertising has supported journalism as a “public good” for centuries, the only way they can conceive to provide a public good is to socialize its means of production.  Thus, journalism, like education and national defense, requires constant government oversight and support: “A moment has arrived at which we must recognize the need to invest tax dollars to create and maintain news gathering, reporting and writing with the purpose of informing all our citizens.”  They ask us to consider the $60 billion in government spending they propose as a “free press ‘infrastructure project,’” which would “keep the press system alive.”

Some in Congress seem willing to listen.  The Senate has already held hearings about the future of journalism.  And Senator Benjamin L. Cardin (D-MD) recently introduced what he has called the “Newspaper Revitalization Act,” which would allow newspapers to become nonprofit organizations in an effort to help them stay afloat.  Importantly, however, the bill would also disallow political endorsements on newspaper editorial pages—which, like campaign finance restrictions, would be a boon for incumbent politicians.  That bill should serve as fair warning to journalists about the sort of strings lawmakers will attach to press-welfare efforts going forward.  What other “golden shackles” might come with media subsidies?

To be clear, Chairman Leibowitz hasn’t called for a complete press takeover along the lines of the Free Press plan.  Yet, he hasn’t answered a key question in this debate: Who pays for news?  He appears ready to endorse a bold new regulatory scheme for the Internet and online media that, in the name of “protecting privacy” would put at risk the one traditionally successful method of supporting private media operations—advertising.  As the Pew Research Center’s Project for Excellence in Journalism noted in its latest State of the News Media report, “The problem facing American journalism is not fundamentally an audience problem or a credibility problem.  It is a revenue problem—the decoupling… of advertising from news.”  There’s probably no way policymakers can stop this process, nor should they try.  But they shouldn’t be creating new obstacles to the survival of traditional media creators, either.

Unfortunately, that’s exactly what Chairman Leibowitz’s new regulatory scheme would do.  The revenue “delta” between “smart” advertising (tailored to consumers’ likely interests and measured for effectiveness in producing clicks, purchases, etc.) and “dumb advertising” (based purely on surrounding keywords or demographics of users presumed to visit the site) is difficult to measure but potentially enormous—even 10 times as great for some sites.[6] The difference between opt-in and opt-out could be nearly as dramatic, because it’s difficult to get consumers to opt-in for anything, especially for small players—which means that opt-in regulation could, perversely, force consolidation in the online advertising and content markets.  If the FTC cares about its statutory responsibility to safeguard competition, they should take this dynamic seriously and be hyper-cautious about heavy-handed mandates that could derail smarter advertising.

Finally, to be fair, in his interview, the Chairman also suggests the newspaper industry might want to find new way “to charge fees for the re-use of its content.”  We’re certainly not opposed to the notion and think that, if it could somehow be made to work (especially by removing antitrust obstacles), it could part of a diverse revenue mix for digital journalism.  But, there’s the rub.  Micropayments inevitably face the problem of “mental transaction costs”  that likely swamp the perceived value of most content and, like pay-walls, have generally worked only in media environments characterized by a scarcity of providers and a uniqueness of a sufficiently valuable product.  These cold, hard economic realities are why advertising remains indispensable.

The Principled Alternative to Regulation

Convinced that privacy policies simply don’t work, Leibowitz and Vladeck are asking what a “post-disclosure era” would look like.  We appreciate the continued sensitivities expressed by certain groups and individuals about online privacy and data use more generally.  But there is another way forward.  We have proposed the following “5-E” layered approach to concerns about online privacy, focusing on restraining government access to data as a clear harm, rather than crippling the private sector uses of data that directly benefit consumers:

1. Erect a higher “Wall of Separation between Web and State” by increasing Americans’ protection from government access to their personal data—thus bringing the Fourth Amendment into the Digital Age.
2. Educate users about privacy risks and data management in general as well as specific practices and policies for safer computing.
3. Empower users to implement their privacy preferences in specific contexts as easily as possible.
4. Enhance self-regulation by industry sectors and companies to integrate with user education and empowerment.
5. Enforce existing laws against unfair and deceptive trade practices as well as state privacy tort laws.

Such a layered approach would not only be a “less restrictive” alternative to top-down, one-size-fits-all government regulation, but also potentially more effective in key respects than government data use/collection mandates.  In an ideal world, adults would be fully empowered to tailor privacy decisions, like speech decisions, to their own values and preferences (“household standards”).  Consumers would have (1) the information necessary to make informed decisions and (2) the tools and methods necessary to act upon that information. Importantly, those tools and methods would give them the ability to block the things they don’t like—annoying ads or the collection of data about them, as well as objectionable content—while also helping them find the information and content they desire.

But of course, the devil’s in the details.  Leibowitz and Vladeck would set the bar so high as to what constitutes “effective” consumer choice that current privacy policies necessarily fail their test—if only because most users don’t care enough to make the “right” privacy choices.  Privacy policies, even if read by relatively few consumers, nonetheless allow privacy advocates, journalists and watchdog-bloggers to scrutinize what companies say they’re doing—promises to which the FTC should hold companies stringently.  That’s clearly not good enough for Leibowitz and Vladeck, who want to give up on “notice and choice” and move on to “opt-in” mandates.  But why not first try to make “notice” more effective?  The advertising industry is currently developing standardized interfaces that could communicate key information about privacy practices in a single icon, label or other easily-digested “consumer touch point.”

More radically, why focus on tinkering with consumer interfaces, when standardized data disclosure formats like the Protocol for Privacy Preferences (P3P) could distill legalistic privacy policies into “machine-readable” code?  Such disclosures could provide a powerful form of “notice” that the ordinary consumer could “use”: simply setting their own privacy preferences in a browser tool that automatically implements those preferences by blocking tracking that users object to.  Such a privacy disclosure format could also allow the FTC to automate enforcement of its existing authority to punish unfair or deceptive trade practices.

Conclusion

And so we return to the question the FTC asked in its recent workshop, “Can Journalism Survive the Internet Age?”  Answer: Not if the FTC kills the golden goose that lays the golden eggs through onerous advertising regulations and data controls in the name of “privacy.”  Chairman Leibowitz and Bureau Chief Vladeck shouldn’t foreclose the possibility that advertising can play a central role in the future of a free press in the Digital Age—just as it has done historically in the United States.  Indeed, they would be wise to remember that advertising has always been with us.  As the Supreme Court noted in its 1996 decision, 44 Liquormart, Inc. v. Rhode Island.

Advertising has been a part of our culture throughout our history. Even in colonial days, the public relied on “commercial speech” for vital information about the market. Early newspapers displayed advertisements for goods and services on their front pages, and town criers called out prices in public squares. Indeed, commercial messages played such a central role in public life prior to the founding that Benjamin Franklin authored his early defense of a free press in support of his decision to print, of all things, an advertisement for voyages to Barbados.[7]

Of course, for advertising to continue to play the role as sustainer of the press, it must be allowed to evolve.  Media operators—large and small alike—must be allowed to craft new strategies, some of which may require data collection and marketing practices that will make some privacy-sensitive users uncomfortable, but will also ensure that the goose keeps on laying golden eggs for them and everyone else.

While Chairman Leibowitz may decry the creative destruction at work in the news sector and information industries today, that shakeup will continue and, no doubt, be painful for incumbent players.  Advertising alone may not “save the day” for media as it has in the past, but it will likely remain essential to sustaining private media platforms and providers going forward— if federal policymakers allow it.  The alternative—massive government intervention into the news and media sectors—is too horrifying to think about.

[1] Washington Post, March 1, 1978.

[2] Congress terminated the FTC’s efforts to prohibit advertising to children, and barred the agency from issuing any advertising regulation predicated solely on unfairness for three years.  FTC Improvements Act, Pub. L. No. 96-252, § 11 (May 1980).  See generally J. Howard Beales, Director of the Bureau of Consumer Protection, Federal Trade Commission, The FTC’s Use of Unfairness Authority: Its Rise, Fall, and Resurrection, www.ftc.gov/speeches/beales/unfair0603.shtm.

[3] Thomas Rosch, Some Reflections on the Future of the Internet: Net Neutrality, Online Behavioral Advertising, and Health Information Technology, Remarks at U.S. Chamber of Commerce Telecommunications & E-Commerce Committee Fall Meeting, October 26, 2009, 13, www.ftc.gov/speeches/rosch/091026chamber.pdf.

[4] Harold L. Vogel, Entertainment Industry Economics (Cambridge, MA: Cambridge University Press, 7th Edition, 2007), at 46.

[5] William F. Arens, Contemporary Advertising (McGraw-Hill Irwin, 10^th Ed., 2006) at 50.

[6] See Berin Szoka & Mark Adams, The Benefits of Online Advertising & Costs of Privacy Regulation, PFF Working Paper, Nov. 8, 2009, www.scribd.com/doc/22445754/Benefits-of-Online-Advertising-Paper.

[7] 517 U.S. 484, 495 (1996), http://www.law.cornell.edu/supct/html/94-1140.ZO.html

______________________________

Related PFF Publications

• Privacy Trade-Offs: How Further Regulation Could Diminish Consumer Choice, Raise Prices, Quash Digital Innovation & Curtail Free Speech, Berin Szoka, Comments to the Federal Trade Commission “Exploring Privacy” Roundtable, November 10, 2009.
• Online Advertising & User Privacy: Principles to Guide the Debate, Berin Szoka & Adam Thierer, Progress Snapshot 4.19, Sept. 2008.
• Targeted Online Advertising: What’s the Harm & Where Are We Heading?, Berin Szoka & Adam Thierer, Progress on Point 16.2, April 2009.
• Privacy Polls v. Real-World Trade-Offs, Berin Szoka, Progress Snapshot 5.10, Oct. 2009.
• The Benefits of Online Advertising & Costs of Privacy Regulation, Berin Szoka & Mark Adams, PFF Working Paper, Nov. 8, 2009.
• Benefits of Online Advertising, Berin Szoka, Mark Adams, Howard Beales, Thomas Lenard & Jules Polonetsky, PFF Capitol Briefing, July 2009.
• Public Option for Press Should Get the Red Pen, Adam Thierer, The Daily Caller, Jan. 12, 2010.

I really enjoyed my Second Life appearance on “Government’s Place in Virtual Worlds and Online Communities,” which was hosted by Metanomics.  You can watch the entire segment on the Metanomics site.  But the folks at Metanomics have also posted 6 clips from the show at YouTube that highlight some of the topics we discussed.  Here’s the list of clips and the videos:

Part 1: Are the Feds about to Regulate Second Life & Virtual Worlds?

Part 2: Global Communities, Local Values, Internet Governance & The Dangers of “Harmonization”

Part 3:  Virtual Child Pornography & Our Virtual Reality Future

Part 4: Why Speech Controls & Privacy Regulations are Two Sides of the Same Coin

Part 5: Privacy, Advertising, User Empowerment, and the “Free” Internet

Part 6: Virtual World Self-Governance and a “Utopia of Utopias”

Finally, here’s some of the background material I referenced during the show:

• “Parental Controls and Online Child Protection: A Survey of Tools & Methods [VERSION 4.0]“
• “Parents, Kids & Policymakers in the Digital Age: Safeguarding Against ‘Techno-Panics’“, Inside ALEC, July 2009.
• “Five Online Safety Task Forces Agree: Education, Empowerment & Self-Regulation Are the Answer,” PFF Progress on Point 16.13, July 8, 2009
• “Cyberbullying Legislation:  Why Education is Preferable to Regulation,” by Berin Szoka and Adam Thierer, PFF Progress on Point 16.12, June 19, 2009
• “COPPA 2.0: The New Battle over Privacy, Age Verification, Online Safety & Free Speech,” by Berin Szoka and Adam Thierer, PFF Progress on Point 16.11, May 21, 2009
• Web 2.0, Section 230, and Nozick’s “Utopia of Utopias”, Jan. 13, 2009, Tech Liberation Front

Progress Snapshot 5.10 from The Progress & Freedom Foundation

A recent telephone poll conducted by professors at Berkeley and the University of Pennsylvania concluded, “Contrary to what many marketers claim, most adult Americans (66%) do not want marketers to tailor advertisements to their interest.” The study’s authors claim that their poll is the “the first nationally representative telephone (wireline and cell phone) survey to explore Americans’ opinions about behavioral targeting by marketers.” They also assert that the poll indicates that “if Americans could vote on behavioral targeting today, they would shut it down.” Advocates of regulating online data collection have trumpeted this poll as evidence consumers demand legislation to protect their privacy. “This research gives the F.T.C. and Congress a political green light to go ahead and enact effective, but reasonable, rules and policies,” declared Jeff Chester, a leading critic of online advertising.

But what is most surprising about this poll is not that 66% of users said they do not want tailored online ads, but that 34% of users said they did! The key, initial question of “whether or not you want the websites you visit to show you ads that are tailored to your interests,” presents no trade-off. The fact that anyusers said “yes” indicates that many users paused to do the rough mental math about the unarticulated trade-off between the benefits of receiving tailored ads and the costs of that tailoring.

The methodology of opinion polls necessarily affects respondents’ mental calculations, rendering polls not just easily manipulated, but inherently unreliable as indicators of real preferences. Every poll reflects the bias of its authors to some degree by the way questions are worded, the order in which they are asked, the sample surveyed, etc. The easiest way to bias the results of a poll is to omit any mention of the trade-offs at issue. This poll simply buried the issue of trade-offs in a heavily loaded follow-up question: After telling respondents that marketers “often use technologies to follow the websites you visit and the content you look at in order to better customize ads,” the interviewer asked whether the respondent would allow advertisers to “follow [them] online in an anonymous way in exchange for free content.” Only 10% of users said they would allow this voluntary exchange.

What does this tell us about whether, and how, government should further regulate online advertising? Precious little: Not only does this poll overstate the costs of targeted advertising, understate its benefits, and ignore the tools available to users to address their privacy concerns but, like any opinion poll, this one tells us more about the psychology of decision-making under the artificial uncertainty of polls than about the choices users would actually make in the real world.

User Uncertainty About Concepts Like “Tailoring” and “Following”

Even the word “tailoring”—though benign compared to other words the study’s authors could have used ( e.g., “track,” “monitor,” “record”)—is so vague as to leave respondents wondering what it really entails. One can only speculate as to what users thought the word meant (since the poll did not ask), but it seems likely that some of these scarier words probably flashed through the minds of respondents in the instant before they answered the question. Indeed, the word “tailoring” conflates both the costs and benefits of personalized advertising in a single, vague word. Given this ambiguity, it’s hardly surprising that most users would say “no”—not just to receiving tailored advertising (66%), but also to receiving tailored discounts (49%) and news (57%). If users had been asked about receiving “relevant” (rather than “tailored”) ads, the responses probably would have turned out somewhat differently—just as an additional 17% of users agreed to receiving tailored “discounts,” whose value to users is more readily apparent: saving money on potential purchases.

The second set of questions asked users whether it “Would be OK… if these ads [discounts/news] were tailored for you based on following what you do on the website you are visiting… [24% said yes] OTHER websites you have visited… [34% said yes] and OFFLINE—for example, in stores? [25% said yes].” Again, the term “follow” was not defined. A third set of questions explained to respondents that marketers “often use technologies to follow the websites you visit and the content you look at in order to better customize ads.” The interviewer then asked whether the respondent would “definitely allow, probably allow, probably NOT allow, or definitely not allow advertisers” to “follow you online in an anonymous way in exchange for free content”—and only 10% of users said yes. Thus, it appears that users are more, not less, hostile to tailored advertising when reminded of the trade-offs involved (35% yes in the first set of questions, 10% yes in the third). What explains this paradox?

The most obvious explanation is that, by the time the respondent got to the critical question about “allowing” tailored advertising, they had heard the word “follow” at least five times: once in each of the three questions about whether tailoring was OK, once in the introduction about how marketers customize ads and once in the question itself—each time increasing uncertainty as to how “tailoring” really works and more than negating any suggestion of “anonymity.” Furthermore, asking users whether something should be “allowed” implies that there are undisclosed reasons why it should not be. This much is simple psychology—obvious to anyone who wanted to craft a poll that would support a particular regulatory agenda.

But behavioral economics research tells us something even more profound about the way our brains work: human beings hate making choices, and loathe uncertainty even more. Indeed, such “mental accounting” or “mental transaction” costs appear to be the primary reason why, after a decade of efforts to develop a micropayments system that can fund online content and services, no such system has emerged—and thus why Internet publishers instead rely primarily on advertising revenues ($23.5 billion in 2008) to fund “free” offerings for consumers. In this case, merely forcing consumers to consider the costs of “tailoring” and being “followed,” and decide whether these things are “OK” or should even be “allowed” strongly tips the scales in favor of the outcome desired by the study’s authors because these considerations and decisions are significant psychological costs in themselves, which likely outweigh the diffuse benefits of tailored advertising, which users simply do not appreciate.

Indeed, the scale tips so strongly that the study suggests that 73% of Americans object to having ads tailored based on “what you do on the website you are visiting.” Would not this objection apply to purely contextual advertising “tailored” to the keywords entered by a user in a search engine or to the keywords that appear on a particular page to which a user has navigated within a site? If so, this study isn’t just about the bogeyman of “behavioral” advertising, but about essentially all online advertising, which is to some degree “tailored.” Indeed, must lawmakers protect us from the tailoring of news (71%) and discounts (62%) within websites? Or, if data collection is the real harm to consumers, what about the fact that hundreds of millions of people happily share far more personal information every day on social networks or using grocery discount cards? Opinion polls simply cannot answer these questions.

The Direct Benefit of Tailored Ads: Relevance

Whatever Americans tell pollsters about “tailored” ads, they also complain about irrelevant ads: A previous poll found that 72% of consumers “find online advertising intrusive and annoying when the products and services being advertised are not relevant to [their] wants and needs” and 85% say that less than 25% of the ads they see while browsing online are relevant to their wants and needs. Real-world experiments confirm that users reveal a clear preference for more relevant advertising. In a 2004 experiment, click-through rates (CTR) for behaviorally targeted ads were between 94% and 225% higher than for contextually targeted ads. A 2009 study found that the difference could be between 670% and 1000% percent, depending on how well-tailored the ads were. In other words, users in the real world were two to eleven times more likely to click on highly-tailored ads. Truly, actions speak louder than words: Users clearly “vote with their clicks” for ads they find relevant—i.e., they vote for “tailoring.”

Further reinforcing this conclusion is the fact that better tailoring increases not only click-through rates but also “conversion rates”—the percentage of users who actually complete the action desired by the advertiser, whether that be making a purchase or signing up for a list. A 2008 experiment found increased conversion rates of 400-900% (2008). This indicates that relevant ads really do help consumers find things they like—and that they like the fruits of tailoring, however they respond when asked about “tailoring” as an abstract concept that conflates costs (“How are they following me?”) and benefits (“What’s in it for me?”).

The Indirect Benefit of Tailored Ads: Free Content & Services

Even less apparent to poll respondents than the direct benefit of tailoring (increased relevance) are the indirect benefits: In particular, greater relevance to the user means more effective communication for the advertiser, and increased ad revenue for most online publishers per ad on their sites. Thus, there exists a clear quid pro quo: in effect, users “pay” for content and services by sharing information about their interests. Even more fundamentally, users “pay” for content by seeing ads. But both quid pro quos are implicit: Users can simply choose not to “pay” by using readily available tools in their browser to blocking ads and/or tracking. In essence, today’s system allows users who don’t like ads—tailored or otherwise—to opt out at little or no cost, much as if they simply decided not to pay for a product they bought at their local grocery store.

This creates a serious dilemma, given that advertising increasingly stands alone as the lifeblood of online content and services. Indeed, ads have long funded the costs of generating content for radio, television, and newspapers (with subscriptions paying only for distribution). The basic reason is simple economics: In competitive markets, prices tend to fall to the marginal cost of production. The Internet has simply borne this theory out in full:

1. Producing the first unit of content (e.g., a news story or video) remains costly, so while the marginal cost of every additional unit is essentially zero,average cost is not.
2. The failure of micropayments online seems to confirm that, no matter how low the technological transaction costs are, the mental transaction costs involved combined with even tiny payments will exceed the perceived value of most content.
3. The world of media scarcity in which consumers could choose from only a few sources of content (e.g., news, entertainment) has given way to a world of staggering media abundance and the choices of users are no longer constrained by the tyranny of physical limitations like distance and printing costs.
4. Because pure information cannot be copyrighted (and fair use allows significant referencing and quotation), very little content is so unique that users cannot find a ready substitute elsewhere if a site (or even cartel of sites) attempted to charge.

These forces have given birth to the world of “Free,” where few (if any) users will pay for something they can get for nothing. While there are a number of ways to fund content and services, advertising is far and away the leading business model for the new economy: Indeed, overall advertising market is expected nearly to double its share of total U.S. ad spending from 8.7% in 2008 ($23.4 billion) to 15.2% ($37.2 billion). But with 44% of advertising revenue going to search engines (which show highly “tailored” ads simply based on search terms), hundreds of thousands of publishers—from the mightiest to the tiniest—rely on $7.6 billion (33% of the total) in “display” ad revenue. Yet this base is tiny: Most websites earn a fraction of the revenue generated by offline ads: roughly $0.60 to $1.10 per thousand impressions (CPM) online versus average CPMs of $4.54 (radio) to $10.25 (broadcast). This unprofitability of online advertising, and the fact that certain kinds of online content (e.g., video and online services) does not provide the textual keywords necessary for basic contextual targeting is driving publishers to ad networks that offer behavioral targeting, which is expected to grow from $525 million in 2007 to $4.4 billion in 2012—when it will represent 25% of all display ad spending.

In short, advertising is indispensable to the future of online media, but it is also currently inadequate to sustain “Free” culture. As Adam Thierer and I warnedearlier this year: “The advocates of regulation pay lip service to the importance of advertising in funding online content and services but don’t seem to understand that this quid pro quo is a fragile one: Tipping the balance, even slightly, could have major consequences for continued online creativity and innovation… Something must give because there is no free lunch.” In 2001, long before Google mattered and before he worked for them, Kent Walker (now Google’s general counsel) put it best in a seminal law review article:

Privacy is both an individual and a social good. Still, the no-free-lunch principle holds true. Legislating privacy comes at a cost: more notices and forms, higher prices, fewer free services, less convenience, and, often, less security. More broadly, if less tangibly, laws regulating privacy chill the creation of beneficial collective goods and erode social values… Such regulation would likely increase both direct and indirect costs to the individual consumer, reduce consumer choice, and inhibit the growing trend of personalization and tailoring of goods and services.

Thus, as Jim Harper and Solveig Singleton concluded in their 2001 paper With a Grain of Salt: What Privacy Surveys Don’t Tell Us:

privacy surveys in particular… suffer from the “talk is cheap” problem. It costs a consumer nothing to express a desire for federal law to protect privacy. But if such law became a reality, it will cost the economy as a whole, and consumers in particular, significant amounts that surveys do not and cannot reveal.

We Need a Behavioral Economics Experiment, Not Just Another Poll

The Berkeley-Penn poll could certainly have done more to present these trade-offs to respondents and less to color their responses by inflating mental transaction costs. But even the most “fair” poll cannot meaningfully simulate the trade-offs inherent in the real world. If we really want to know how muchsubjective value consumers place on a particular aspect of their privacy, we must look to the preferences they reveal in the process of making real choices.

Of course, the best experiment is the one being conducted in the real world every day. No laboratory experiment can ever fully replicate all of the conditions of the real world, but a behavioral economics experiment could tell us more about the revealed preferences of Internet users than any poll. Unlike the real world, an economist could vary certain conditions in a lab experiment to tell us how various changes to current industry practice, user empowerment, or user education might actually affect real consumer choices. At a minimum, any experiment would require the following to inform policymaking about online advertising and privacy.

First, the experiment should vary the mechanisms by which notice is provided to users as to how tailoring works ( e.g., placement, interface, wording) and what those notices actually say.

Second, test subjects must make real choices in real use of the Internet with trade-offs in real money and their own time between either paying for access to a particular site or getting access for free in exchange for receiving tailored ads based on at least the three variables presented as questions in the Berkeley-Penn study: (i) users’ browsing activity on that site; (ii) their browsing activity on other sites; and (iii) offline activity or demographic information.

The second variable is critical because it addresses the value created by behaviorally tailored ads, which could be wiped out by regulation. Search engines are able to sell highly effective advertising based solely on information provided directly to the site (search keywords, which are highly indicative of user interest), and some sites can sell lucrative advertising based on purely contextual targeting because their content contains keywords that advertisers value highly ( e.g., a site for digital camera enthusiasts). But the vast majority of websites, and especially non-commercial websites, would produce little ad revenue if advertisers could only guess at the likely interests of visitors based on the keywords on that site. This, in a nutshell, is why so many sites stand to gain so much from behavioral targeting—particularly in the Internet’s “Long Tail.” To be useful, an experiment must reflect this dynamic.

In the real world, of course, it might be possible for the user to opt-out of tracking without losing access to content because today’s quid pro quo is implicit and most sites operate on a “No Cost Opt-Out” basis for tracking and even seeing ads. But in order to tell us how much consumers really care about tracking, the experiment must place some value on access to content that is supported by free content and services.

Third, the experiment must examine the extent to which user empowerment affects user choice: If some users are uncomfortable with having their browsing activity tracked, is it because they are concerned about all tracking or only tracking of certain sensitive activities, such as researching medical issues or—everyone’s favorite—viewing pornography? How does the availability of privacy management tools change user choices about ad-tailoring? Do Americans really want tailoring banned, or do they just want the ability to exercise easy choice about when they want to participate? How would those choices change when they come at a cost (e.g., seeing more ads) and privacy-sensitive users cannot simply free-ride off the value created by users whodon’t opt-out of targeted advertising (and also don’t block ads)?

Such an experiment would, by its very nature, be imperfect—but far less imperfect than any poll about opinions on privacy. Until a proper experiment is conducted by trained behavioral economists, all we can say with confidence is the following:

1. Users don’t understand exactly how ads are tailored;
2. Users seem to be concerned about “tailoring” or “following” in the abstract;
3. Users are generally unwilling to pay for online content and services; and
4. Better tailoring of ads means more funding for content and services.

There is only one approach that can address all these concerns: educate users about how online advertising works and how they can implement their own privacy preferences, while constantly striving to further empower users to make privacy management easier.

I’ll be heading to Oxford University this week to participate in an Oxford Internet Institute (OII) forum on the subject of “Child Protection, Free Speech and the Internet: Mapping the Territory and Limitations of Common Ground.”  It’s being led by several experts from the OII as well as my good friends John Morris and Leslie Harris of the Center for Democracy & Technology (CDT).  The aims of this forum are:

• To facilitate a dialogue between NGOs campaigning to protect respectively, child protection and children’s rights online, and freedom of speech and other civil liberties online.
• To promote a better understanding of each others’ positions, to share perspectives and information with a view to identifying areas of common ground and areas of disagreement.
• To identify any shared policy goals, and possible tools to support the achievement of those goals.
• To publicize the findings of the forum in international policy debates about Internet governance and regulation.

Conference participants were asked to submit a 2-3 pg summary of their views on a couple of questions that will be discussed at this event.  I have listed those questions, and my answers, down below the fold.  It’s my best attempt to date to succinctly outline my views about how to balance content concerns and free speech issues going forward. 

What is the nature of your interest or experience in this field?

I have spent the last 18 years covering the intersection of child safety concerns and free speech issues at four different think tanks.  In recent years, I have tied together all my research in a constantly updated Progress & Freedom Foundation special report entitled, “Parental Controls & Online Child Protection: A Survey of Tools & Methods.” The 4^th edition of this 250-page report was released in August.

Are there particular values or principles which underlie your work?

The goal of my research has been to explore the tension between free speech and child protection and to identify methods of striking a sensible balance between these two important values.   It is my hope and belief that we are now in a position to more fully empower parents such that government regulation of content and communications will be increasingly unnecessary.

In the past, it was thought to be too difficult for families to enforce their own “household standard” for acceptable content. Thus, many believed government needed to step in and create a baseline “community standard” for the entire citizenry.  Unfortunately, those “community standards” were quite amorphous and sometimes completely arbitrary when enforced through regulatory edicts.  Worse yet, those regulatory standards treated all households as if they had the same tastes or values—which is clearly not the case in most pluralistic societies.

If it is the case that families now have the ability to effectively tailor media consumption and communications choices to their own preferences—that is, to craft their own “household standard”—then the regulatory equation can and should change.  Regulation can no longer be premised on the supposed helplessness of households to deal with content flows if families have been empowered and educated to make content determinations for themselves.  Luckily, that is the world we increasingly live in today. Parents have more tools and methods at their disposal to help them decide what constitutes acceptable media content in their homes and in the lives of their children.

Going forward, our goal should be to ensure that parents or guardians have (1) the information necessary to make informed decisions and (2) the tools and methods necessary to act upon that information.  Optimally, those tools and methods would give them the ability to not only block objectionable materials, but also to more easily find content they feel is appropriate for their families. In my work, I refer to this as the “household empowerment vision.”

Will we ever be able to achieve a world of perfect parental control over all online content and communications?  That is unlikely since both content and technology will continuously evolve and make that goal elusive. But government regulation of speech should yield where less restrictive alternatives such as household-based controls and strategies exist.  Given the value associated with free speech and the danger of government censorship, these alternatives need not be perfect to be preferable to government regulation.

What are the issues/policies or laws which you see as most problematic in terms of creating or illustrating a conflict between online child protection and free speech?

It is essential that policymakers resist the temptation to extend traditional broadcast industry regulatory statutes and standards to new media outlets and digital technologies.  In a world of media convergence and increasing user empowerment, traditional regulatory rationales make increasingly less sense.  Nonetheless, many ongoing social problems and challenges remain to achieving the “household empowerment vision” I outlined above, including:

• The “lack of awareness” problem: Some parents remain unaware of empowerment tools.
• The “bad parent” problem: Some parents don’t use tools even when aware of them.
• The “bad neighbor” problem: “Good” parents fear what happens when their kids visit other kids with more permissive parents.
• The “generation gap” problem: Kids sometimes know more about new digital technologies than their parents.
• The “technological surprise” problem: Rapid emergence and diffusion of new digital technologies can catch some parents by surprise.
• The “bad corporate actor” problem: Most companies self-regulate, but a handful push the boundaries of good taste in ways that create social concerns that reflect on industry generally.
• The “user-generated content” problem: Even when “professional” content can be managed, it is difficult to control “amateur” expression and creations.
• The “peer-on-peer bullying” problem: While many are concerned about predators, the real online safety problem turns out to be cyber-bullying among peers.

Because of these ongoing social challenges or concerns, legal and regulatory proposals will continue to be put forward. But each has serious downsides:

• Future of filtering: Centralized, network-based or decentralized, user-based?  The former creates serious censorship threats, as we see in China and other repressive states. The latter is more consistent with the household empowerment vision.
• Middleman deputization: Should online intermediaries be required to police the Net for various social ills?  If so, as hand-maidens of the state, they could become over-zealous speech regulators.
• Universal content ratings: Can policymakers mandate unified (or “scientific”) content media ratings?  Doing so puts regulators in a position to dictate content standards—for better or worse.  Moreover, this does nothing to address user-generated “amateur” content.
• Mandatory online age / identity verification: Potentially threatens anonymity, privacy, and free speech rights.  Moreover, to the extent “bad guys” continue to get into “secured” environments it creates a false sense of security for parents and kids.
• Expanded data retention: Although it would help facilitate some law enforcement goals, it also gives rise to new privacy and data breach risks.

Might any of these conflicts be avoidable, e.g. through the use of improved legislative instruments or greater clarity and accountability in processes of self-regulation?

For the above reasons, it makes more sense to put our energies into finding new self-regulatory mechanisms, social norms, and user empowerment strategies to solve ongoing social problems instead of focusing on regulatory solutions or mandates.  Instead of providing greater clarity, legislative instruments are more likely to instead create greater ambiguity, or at least uncertainty, for content creators and consumers alike. This is because, as was noted above, “community standards” are notoriously subjective; they are ham-handed attempts to gloss over the diverse needs and values of a diverse citizenry. By contrast, self-regulation, social norms, and empowerment strategies are evolutionary in character and more responsive to differences among cultures and households.

What are the issues where you think there might be most scope for finding some common ground?

In two words: empowerment and education. Because reliance on legislation is perilously difficult and enforcement of regulatory mandates is complicated (and sometimes impossible in an increasingly borderless world), efforts to better empower families and educate both kids and parents offer the most sensible path forward.  All stakeholders involved in child safety and free speech debates can generally agree that empowerment efforts, media literacy programs, awareness-building programs, and so on, are both effective and unobjectionable.

At the international level, are there certain key principles which we ought to be defending above all others?

Because of the “values clash” at the international level, it’s hard to imagine we’ll ever achieve consensus on some of these issues.  Countries vary widely in their sensitivities about speech, making any attempt to devise “universal principles” complicated.  For example, Europeans generally deride America’s prudish ways when it comes to matters of sexuality or “indecency.”  By contrast, most Americans cannot understand European concerns about “hate speech” or violently-themed media.  Meanwhile, governments in many other parts of the world are still busy trying to quell political or religious dissent.  “Harmonization” among those competing cultural norms remains complicated, therefore, and it would be a mistake if international harmonization was accomplished by sacrificing free speech rights for countries and cultures who cherish them.

Google today unveiled the Data Liberation Front, a team of engineers in Chicago dedicated to ensuring that Google build “liberated products”—ones that have “built in features that make it easy (and free) to remove your data from the product in the event that you’d like to take it elsewhere.” We’ve spent a lot of time here warning about the dangers of Googlephobia, but now that Google has brazenly appropriated the TLF’s unique mock-Communist iconography, we’re starting to think that Jeff Chester and Scott Cleland may be right: Maybe Google really is trying to take over the world!

So we regret to announce our filing of a lawsuit in the Twelfth Circuit Court of Appeals to challenge Google’s infringement of our mark. We demand 50% of the $0.00 Google earns every time they “allow” users to port their application data out of Google to a competitor’s services! We will, of course, dedicate these royalties to the important project of educating and empowering users about how they can determine their own destiny online.

But seriously… We heartily agree with our Data Liberation Front comrades that users should be fully empowered to switch from one service to another online. This kind of competition is clearly the best protection for consumers in the Digital Age. Making switching easy should assuage not just antitrust concerns, but also concerns about how much privacy or security each web service offers to its users, no matter how big its market share: If you don’t like what a service offers, just take your data and leave! Who needs the government micro-managing the Internet when users have that kind of control?

Viva la (Technology) Revolution!

P.S. In case you haven’t seen it the Monty Python video we’re all riffing on:

http://www.youtube.com/v/gb_qHP7VaZE

Texting while driving is generally a bad idea, since it involves taking one’s hands off the wheel and eyes off the road. While not wearing your seatbelt in a car or a helmet on a motorcycle probably only risks your own life, there’s a good argument to be made that distracted drivers put the lives of others at risk. The WSJ reports that 17 states have banned texting while driving outright. But is such regulation really the best way to address the problem?

Technological Empowerment. The WSJ highlights innovative technological solutions that:

1. Block calls and texts while the user is driving; OR
2. Let drivers “speak” their texts using voice-to-text technology.

Those who consider even hands-free cell phone use unsafe will probably insist on the more draconian blocking solution—and want government to mandate it! Such mandates would indeed probably be more effective than relying on the police write tickets to drivers they see texting while driving (especially since such offenses, like calling while driving, usually require some other, more serious offense before an officer can pull over a driver). But do we really need the government telling us when we can use a technology that really might be essential in certain circumstances, or totally safe in others (say, when we’re behind the wheel but stopped at a long light or in a traffic jam)?

The fascinating thing is that these solutions need not be mandated by government: At least some users will actually pay for them! Why? Because, sometimes we’re better off by being able to “bind” our future selves—just as Ulysses asked his crew to tie him to his ship’s mast so he could enjoy the Siren’s enchanting song without giving in to their spell. Similarly, these texting-blocking technologies empower users in three senses:

1. Some users know they shouldn’t text while driving but—like smokers and people who casually pick their noses—just can’t stop, so they want external discipline;
2. Others just want the monthly discount on their car insurance; and
3. Parents want to make sure they can discipline their children, who have a hard time resisting the impulse to pick up the phone.

Obviously, there are limits to how far reasons 1 and 3 can go.  Reason #1 requires at least a desire to change: As the young playboy Saint Augustine prayed, “Lord, make me chaste—but not yet!” Reason #3 requires private sector paternalism in the most literal sense. But reason #2 requires nothing more than the self-interest of users and insurance companies, which can happily coincide with road safety given the right technology. I suspect this solution is much more likely to be effective than simple government mandates, much as insurance company discounts for having smoke detectors, fire extinguishers and sprinkler systems in your home or office are probably more effective at promoting such technologies than the threat of a fine from a government inspector.

Education. Here, as elsewhere, the “less restrictive” alternative to regulation isn’t technological empowerment alone, but empowerment in combination with education. As Adam said in 2007 of anti-cell phone effort: “Banning In-Car Technologies Won’t Work.”

The proper solution here is education, not regulation. During driver training education, teenagers and other new drivers need to be taught the importance of keeping both hands on the wheel and their eyes pointed straight ahead at the road. Operating a vehicle is serious business with serious repercussions if you ignore basic rules of driving safety. But that doesn’t mean you shouldn’t have access to communications / entertainment devices while in your car. We just need to teach new drivers how (and when) to use them properly. For example, set up playlists in your iPod and start them running before you pull out of the driveway. And program the preset buttons on your car stereo or satellite radio device so you can switch stations without looking. If you have to scroll to find something new to listen to, try to do it when you’re at a stop light, not when you’re driving down a busy street with a lot of pedestrians around.

If governments really want to “do something” for road safety, they should build awareness of technological empowerment solutions, especially among parents and kids. They can also fund public service announcements like this one, which is not for the faint of heart:

http://www.youtube.com/v/DGE8LzRaySk&eurl

What Unites Advocates of Speech Controls & Privacy Regulation? [pdf]

by Adam Thierer & Berin Szoka The Progress & Freedom Foundation, Progress on Point No. 16.19

Anyone who has spent time following debates about speech and privacy regulation comes to recognize the striking parallels between these two policy arenas. In this paper we will highlight the common rhetoric, proposals, and tactics that unite these regulatory movements. Moreover, we will argue that, at root, what often animates calls for regulation of both speech and privacy are two remarkably elitist beliefs:

1. People are too ignorant (or simply too busy) to be trusted to make wise decisions for themselves (or their children); and/or,
2. All or most people share essentially the same values or concerns and, therefore, “community standards” should trump household (or individual) standards.

While our use of the term “elitism” may unduly offend some understandably sensitive to populist demagoguery, our aim here is not to launch a broadside against elitism as Time magazine culture critic William H. Henry once defined it: “The willingness to assert unyieldingly that one idea, contribution or attainment is better than another.”^[1] Rather, our aim here is to critique that elitism which rises to the level of political condescension and legal sanction. We attack not so much the beliefs of some leaders, activists, or intellectuals that they have a better idea of what it in the public’s best interest than the public itself does, but rather the imposition of those beliefs through coercive, top-down mandates.

That sort of elitism—elitism enforced by law—is often the objective of speech and privacy regulatory advocates. Our goal is to identify the common themes that unite these regulatory movements, explain why such political elitism is unwarranted, and make it clear how it threatens individual liberty as well as the future of free and open Internet. As an alternative to this elitist vision, we advocate an empowerment agenda: fostering an environment in which users have the tools and information they need to make decisions for themselves and their families.

I. The Elitism of Speech Regulation

First, consider how those two elitist beliefs identified above are on display when lawmakers or regulatory advocates make efforts to control speech or content.^[2] Calls to regulate free speech are often premised on the belief that something must be done to “protect The Children.”^[3] Personal and parental responsibility ^[4] are regarded as inadequate safeguards ^[5] since some parents will inevitably fall down on the job by not adequately shielding their children’s eyes and ears from potentially objectionable (or supposedly harmful) speech. Therefore, government must regulate content that is indecent, profane, excessively violent, and so on. The definition of those things is then left to unelected bureaucrats and judges to make on our behalf.

But it’s not just about “The Children.” Some regulatory advocates believe that even the choices made by consenting adults must be disregarded because some people fail to understand the supposedly destructive nature of the speech they are consuming. Government must act to protect people from making what some regulatory advocates regard as destructive or even immoral choices that could bring harm to them or their loved ones.

In sum, regulatory advocates are essentially saying that people cannot be trusted or left to their own devices and, therefore, government must intervene and establish a baseline “community standard” on behalf of the entire citizenry to tell them what‘s best for them.^[6] Even if those citizens have tools and information at their disposal to make sensible decisions about objectionable content, that’s not good enough because they might not do the job properly. Government must do it for them!

II. The Elitism of Privacy Regulation

This same mentality motivates calls for privacy regulations. Those who call for government interventions to “protect privacy” often claim that people too willingly surrender personal information about themselves and that they don’t understand the adverse consequences of those actions.^[7] Alternatively, regulatory advocates claim that advertising and marketing efforts are inherently “manipulative” and that people do not realize they are being duped into surrendering personal information or into buying products or services they supposedly don’t need.^[8] Of course, those regulatory advocates rarely pause to explain to us how it is that they were not also duped and manipulated by the same things—again revealing their deeply-rooted elitism! (As discussed below, this makes it clear how the psychological phenomenon of “third-person effect hypothesis” is driving much of this debate.)

“Protecting The Children” is also used as a rhetorical cover for regulation here, but not as often in debates over speech controls.^[9] Instead, regulatory advocates mostly focus on adults who are presumed not to know what is in their own best interest—necessitating paternalistic government intervention on their behalf.

III. Intellectual Schizophrenia on Both the Left & Right

What is particularly interesting about all this is the way these two issues expose a sort of intellectual schizophrenia at work on both the Left and Right of the political spectrum. Left-leaning policymakers and intellectuals typically decry censorship efforts (except where “commercial speech,” “hate speech” and “bias” are at issue), but are quick to rally around proposals to layer privacy regulations on the Internet. The opposite is often true of many on the Right of the political spectrum: They typically declare privacy regulations to be paternalistic and antithetical to free enterprise (or perhaps just erosive of efforts to legislate morality),^[10] but in the next breath advocate controls on content they find objectionable.

Few on either side stop to consider the relationship between speech and privacy. In fact, they are but two sides of the same coin. After all, what is your “right to privacy” but a right to stop me from observing you and speaking about you?^[11] “Protecting privacy,” therefore, typically means restricting speech rights in the process. Advocates of privacy regulation often insist that the use, processing and collection of information are “conduct” unprotected by the First Amendment, but in fact, the First Amendment broadly protects the gathering and distribution of information as part of the process of communication (“speech”).^[12] Similarly, attempts to “clean up” speech or “protect The Children,” often require regulations that would betray the privacy of adults by expanding the role of government, and impose serious burdens on businesses and markets—such as age verification mandates ^[13] or extensive data retention requirements.^[14]

IV. Common Tactics & Regulatory Mechanisms

The two movements also share common political tactics and regulatory approaches. Privacy advocates generally favor “opt-in” mandates as the federal “baseline standard” for any website collecting information about users, especially their browsing habits (regardless of whether the information is “personally identifiable”). In other words, the law would create a property right in such “personal information” (ironically, many advocates of this approach criticize or reject intellectual property.) In a similar vein, many advocates of speech controls push for mandatory parental control tools or restrictive default settings.^[15] That is, if government won’t censor speech outright, regulatory advocates want lawmakers to at least (1) require that media, computing and communications devices be shipped to market with parental controls embedded or included (as proposed in Australia and with China’s “Green Dam” filter),^[16] and possibly, (2) that such controls be defaulted to their most restrictive position—forcing users to opt-out of the controls later if they want to consume media rated above a certain threshold.

More sophisticated advocates of speech controls and privacy regulation will likely argue that their paternalism is less elitist or intrusive because they merely want to “nudge” the public into making “better” decisions. Economist Richard Thaler and legal scholar Cass Sunstein (director of President Obama’s Office of Information and Regulatory Affairs, responsible for analyzing most new federal regulations) popularized this approach with their 2008 book Nudge: Improving Decisions about Health, Wealth, and Happiness. Based on behavioral economics studies, they argue that both government and private actors must inevitably make decisions about “choice architecture” and that, by setting defaults, incentives and rules smartly, “choice architects” can and should improve decision-making without blocking, fencing-off or significantly burdening choices.^[17]

In this regard, Sunstein and Thaler’s approach parallels the work of Lawrence Lessig, one of the most influential Internet policy thinkers. Lessig has argued that the “architecture” of “code” (how software is written) “regulates” all online activities and requires government oversight and intervention to keep in check. Otherwise, he warned ominously a decade ago, “Left to itself, cyberspace will become a perfect tool of control.”^[18] Lessig’s hyper-pessimistic predictions have proven unwarranted, however. Far from fostering a world of “perfect control,” code and cyberspace have proven remarkably difficult to regulate, but nonetheless has generally benefited consumers and citizens without centralized direction.^[19] Still, Lessig, Sunstein, and others of this ilk persist in their advocacy of “nudges” of many varieties to impose their will on cyberspace through mandates from above.

But while it might be possible to define “better decisions” and argue that poor choice architecture leads people to choose things they clearly don’t want in contexts like investment decisions and mortgages, how can elites know what other people really want in highly subjective contexts like privacy and speech? Should they rely on opinion polls—the highly subjective results of which depend heavily on “choice architecture” of question-crafting—to guess what the right default should be?^[20] Was the Chinese proposal to mandate deployment of “Green Dam” just a harmless “nudge” because users weren’t barred from uninstalling the filtering software that must accompany their computers (i.e., “opting-out”)? The problem becomes even more difficult where trade-offs among competing values are inevitable. For example, data collection about Internet users raises privacy concerns for some but benefits all, creating more funding for “free” content (i.e., speech) and services users prefer by making more valuable the advertising that supports online publishers. In short, regulations of speech and privacy are likely to be pure paternalism, even when billed as “libertarian paternalism as Thaler and Sunstein label their approach.^[21]

What might be called “regulatory blackmail” is also a time-honored tradition among both advocates of speech controls and privacy regulation. When censorship advocates have previously been impeded by the First Amendment, they have worked behind the scenes with lawmakers or regulatory agencies to use indirect pressure and strong-arming tactics to extract “voluntary concessions” from companies or others.^[22] For example, in 2004, the FCC strong-armed radio giant Clear Channel into agreeing to a “voluntary” consent decree that involved taking Howard Stern off the air.^[23] Similarly, in 2008, XM and Sirius Satellite Radio finally agreed to set aside 4% of their system capacity for use by politically favored racial minorities (a kind of speech control) as a “voluntary condition” of their merger—after the FCC had sat on their application for nearly 16 months.^[24] This race-based preference would have been unconstitutional if the FCC had imposed it directly.^[25] While the FTC has been far less prone to such abuse and actually plays a key role in holding companies to their promises, its current Chairman, Jon Leibowitz, has hung the “regulatory sword of Damocles” over the heads of the online advertising industry, threatening them with a “day of reckoning” if he doesn’t get what he wants from industry self-regulatory efforts.”^[26] The sword could actually fall if the FTC turns self-regulation into the European model of “co-regulation,” where the government steers and industry simply rows.^[27]

V. The Crisis Mentality that Drives Regulation

Speech and privacy regulatory advocates share another trait in common: an affinity for the use of a crisis mentality as a method of spurring political action. In his 1995 book The Vision of the Anointed: Self-Congratulation as a Basis for Social Policy, political philosopher and economist Thomas Sowell formulated a model that he argued drives ideological crusades to expand government power over our lives and economy. “The great ideological crusades of the twentieth-century intellectuals have ranged across the most disparate fields,” noted Sowell. But what they all had in common, he argued, was “their moral exaltation of the anointed above others, who are to have their different views nullified and superseded by the views of the anointed, imposed via the power of government.”^[28] These government-expanding crusades shared several key elements, which Sowell identified as follows:

1. Assertion of a great danger to the whole society, a danger to which the masses of people are oblivious.
2. An urgent need for government action to avert impending catastrophe.
3. A need for government to drastically curtail the dangerous behavior of the many, in response to the prescient conclusions of the few.
4. A disdainful dismissal of arguments to the contrary as either uninformed, irresponsible, or motivated by unworthy purposes.

We see this model at work on a daily basis today with our government’s various efforts to reshape our economy, but the model is equally applicable to debates over speech controls and privacy regulation. In particular, the various “technopanics”^[29] we have witnessed in recent years fit this model. For example, consider how this model plays out in the debate over online social networking:

1. Assertion of a great danger to the whole society [online sexual predators], a danger to which the masses of people are oblivious.
2. An urgent need for government action [such as mandatory online age verification ^[30] or the Deleting Online Predators Act ^[31]] to avert impending catastrophe.
3. A need for government to drastically curtail the dangerous behavior of the many [must stop kids and adults from being online together on same sites], in response to the prescient conclusions of the few [some state Attorneys General].^[32]
4. A disdainful dismissal of arguments to the contrary as either uninformed, irresponsible, or motivated by unworthy purposes [child safety researchers and others are told that their research is meaningless or offbase].^[33]

We also see this model in play in other debates, such as efforts to regulate “excessively violent” video games and television programming.^[34] And consider how this model plays out on the privacy front:

1. Assertion of a great danger to the whole society [amorphous privacy violations], a danger to which the masses of people are oblivious.
2. An urgent need for government action [“baseline federal privacy regulation”] to avert impending catastrophe.
3. A need for government to drastically curtail the dangerous behavior of the many [anyone who shares information online], in response to the prescient conclusions of the few [a handful of privacy advocacy groups].
4. A disdainful dismissal of arguments to the contrary as either uninformed, irresponsible, or motivated by unworthy purposes [any suggestion that privacy concerns are being overblown and that most information-sharing is socially beneficial is dismissed out-of-hand].

Worse yet, regulatory intervention in these cases simply begets more and more intervention to correct the inevitable failures of, or dissatisfaction with, previous interventions.^[35] Thus, the “crisis” cycle never ends.

VI. Third-Person Effect Hypothesis as an Explanation

Something more profound than simple political elitism seems to be at work here, however. A phenomenon psychologists refer to as the “third-person effect hypothesis” can explain many calls for government intervention, especially in the media world.^[36] Simply stated, speech and privacy critics sometimes seem to only see and hear in media or communications what they want to see and hear—or what they don’t want to see or hear. When they encounter perspectives or preferences that are at odds with their own, they are more likely to be concerned about the impact of those things on others throughout society and come to believe that government must “do something” to correct those perspectives. Many people desire regulation because they think it will be good for others, not necessarily for themselves. The regulation they desire has a very specific purpose in mind: “re-tilting” speech or market behavior in their desired direction.

The third-person effect hypothesis was first formulated by W. Phillips Davison in a seminal 1983 article:

In its broadest formulation, this hypothesis predicts that people will tend to overestimate the influence that mass communications have on the attitudes and behavior of others. More specifically, individuals who are members of an audience that is exposed to a persuasive communication (whether or not this communication is intended to be persuasive) will expect the communication to have a greater effect on others than on themselves.^[37]

Davison used this hypothesis to explain how media critics on both the Left and Right seemed to simultaneously find “bias” in the same content or reports when they couldn’t possibly both be correct. In reality, their own personal preferences were biasing their ability to fairly evaluate that content. Davison’s article prompted further research by many other psychologists, social scientists, and public opinion experts to test just how powerful this phenomenon was in explaining calls for censorship and other social phenomena.^[38] In these studies, third-person effect has been shown to be the primary explanation for why many people fear—or even want to ban—various types of speech or expression, including news,^[39] misogynistic rap lyrics,^[40] television violence,^[41] video games,^[42] and pornography.^[43] In each case, the subjects surveyed expressed strong misgivings about allowing others to see or hear too much of the speech or expression in question, but greatly discounted the impact of that speech on themselves. Such studies thus reveal the strong paternalistic instinct behind proposals to regulate speech. As Davison notes:

Insofar as faith and morals are concerned… it is difficult to find a censor who will admit to having been adversely affected by the information whose dissemination is to be prohibited. Even the censor’s friends are usually safe from the pollution. It is the general public that must be protected. Or else, it is youthful members of the general public, or those with impressionable minds.^[44]

It’s easy to see how this same phenomenon is at work in debates about privacy. Regulatory advocates imagine their preferences are “correct” (right for everyone) and that the masses are being duped by external forces beyond their control or comprehension, even though the advocates themselves are somehow immune from the brain-washing and privy to some higher truth that the hoi polloi simply cannot fathom. Again, this is Sowell’s “Vision of the Anointed” at work.

Consider the flare-up in 2004 over the introduction of Gmail, Google’s free email service. At a time when Yahoo! mail (then as now the leading webmail provider) offered customers less than 10 megabytes of email storage, Gmail offered an astounding gigabyte of storage that would grow over time (now over 7 GB). Rather than charging some users for more storage or special features, Google paid for the service by showing advertisements next to each email “contextually” targeted to keywords in that email—a far more profitable form of advertising than “dumb banner” ads previously used by other webmail providers.^[45] Self-appointed (or, to extend Sowell’s framework, “self-anointed”) privacy advocates howled that Google was going to “read users’ email,” and led a crusade to ban such algorithmic contextual targeting.^[46] Thierer responded to these critics by pointing out that the service was purely voluntary and noted:

you don’t speak for me and a lot of other people in this world who will be more than happy to cut this deal with Google. So do us a favor and don’t ask the government to shut down a service just because you don’t like it. Privacy is a subjective condition and your value preferences are not representative of everyone else’s values in our diverse nation. Stop trying to coercively force your values and choices on others. We can decide these things on our own, thank you very much.^[47]

Interestingly, however, the frenzy of hysterical indignation about Gmail was followed by a collective cyber-yawn: Users increasingly understood that algorithms, not humans, were doing the “reading” and that, if they didn’t like it, they didn’t have to use it. Today, nearly 150 million of people around the world use Gmail, and it has a steadily growing share of the webmail market. Even though cyber-consumers have embraced the service, some privacy advocates persist in their effort to shut down Gmail. They appear determined to stop at nothing to impose their will on others—the essence of political elitism—even if that means cutting off free email service for 150 million people!^[48]

A similar debate has played out more recently regarding targeted online advertising in general. Advertising on search engines is, much like Gmail, targeted “contextually” based on search terms entered by users and most advertising on other websites is based on the nature of content on a site or page. But certain data is collected about users as they browse to make that advertising more effective—by measuring its performance, reducing fraud, preventing over-exposure, etc. Some privacy advocates have insisted that industry self-regulation of such practices (even if enforced by the FTC) is inadequate and have called for preemptive regulation. They are even more offended by “behavioral advertising” which allows publishers whose content would have little value as the basis for contextually targeting advertising on their own sites to compete for more highly valued advertising by showing ads to users based on other sites they’ve visited. In both cases, data collection can increase the funding available to publishers to produce more of the content and services preferred by users, thus conferring an enormous indirect benefit on users, but also directly benefits users by increasing the relevance of the advertising they see.^[49] For some of the more extreme advocates of privacy regulation, however, there are no trade-offs, only absolutist “solutions:” To them, privacy is so obviously desirable that they feel at ease in deciding what’s best for everyone else. Such absolutists often respond with righteous indignation and conspiratorial fulmination when challenged to identify the harm against which they’re protecting consumers, while disdainfully dismissing all talk of the benefits of online advertising as self-serving industry propaganda.^[50]

VII. The Principled Alternative: Trust People & Empower Them

There is an alternative to this elitist mentality: freedom and personal responsibility. Individuals should be permitted to live a life of their own, even if they sometimes make mistakes or choices that are at odds with what elites think is best for them. ^[51]

Of course, the world isn’t perfect. In an ideal world, adults would be fully empowered to tailor speech and privacy decisions to their own values and preferences. Specifically, in an ideal world, adults (and parents) would have (1) the information necessary to make informed decisions and (2) the tools and methods necessary to act upon that information. Importantly, those tools and methods would give them the ability to not only block the things they don’t like—objectionable content, annoying ads or the collection of data about them—while also finding the things they want.

Achieving that ideal is likely impossible, but the good news is that we are moving closer to it with each passing day. Citizens have more tools and methods at their disposal than ever before which enable them to make decisions for themselves and their families. And this is true for both parental controls ^[52] and privacy controls.^[53]

Of course, some speech and privacy elitists will argue that we can’t trust empowerment tools ( e.g., filters, rating systems, or other controls) that are created by companies or other affected parties. But rather than trying to enhance those tools and educate users about how to use them, these elitists skip right past user empowerment and channel their energies into regulations that would impose a top-down, one-size-fits all standard on all adults and families—or even into trying to craft the perfect “nudge” that will help users make what elites believe to be the “right” decisions. Of course, these tools can, and should, be improved. Those groups worried about speech/content and privacy issues should focus on how we might drive such protections from the bottom-up by empowering individuals instead of government bureaucrats. The goal in both cases should be a “let-a-thousand-flowers-bloom” approach, which offers diverse tools and strategies for our diverse citizenry.^[54] We need not accept “one-size-fits” all approaches, whether they be regulatory mandates or “nudges,” based on the presumption that elites know best.

Finally, it is vital not to lose sight of what’s ultimately at stake here. If regulatory approaches trump the empowerment agenda we have described, the future of a free and open Internet—indeed, as technology converges, the future of all media—is at risk.^[55] By imposing technological solutions from the top-down that can never keep pace with technological change, regulation necessarily forecloses freedom and innovation.^[56] By contrast, individual empowerment allows innovation to flourish. The better approach across the board is education, not regulation.^[57] Empowerment, not elitism, is the path forward. The digital elite should be leading this effort by developing and promoting technologies of empowerment, not crafting regulatory mandates to force their will upon us.^[58]

#

Adam Thierer is a Senior Fellow with The Progress & Freedom Foundation and the director of its Center for Digital Media Freedom. Berin Szoka  is a Senior Fellow with PFF and the Director of PFF’s Center for Internet Freedom.

[1] . William A. Henry, In Defense of Elitism (1995) at 2-3.

[2] . See Adam Thierer, The Progress & Freedom Foundation, Congress, Content Regulation, and Child Protection: The Expanding Legislative Agenda, Progress Snapshot 4.4, Feb. 2008, www.pff.org/issues-pubs/ps/2008/ps4.4childprotection.html. Like American courts, we use the term “speech” as a broad catch-all for communications, including both actual speaking as well as other forms of transmitting, as well as receiving, information (“content”).

[3] . See generally Adam Thierer, Don’t Scapegoat Media, USA Today, Dec. 4, 2008, www.pff.org/issues-pubs/ps/2008/ps4.24scapegoatmedia.html; Marjorie Heins, Not in Front of the Children, “Indecency,” Censorship, and the Innocence of Youth (2001); Karen Sternheimer, It’s Not the Media: The Truth about Pop Culture’s Influence on Children (2003); Karen Sternheimer, Kids These Days: Facts and Fictions about Today’s Youth (2006).

[4] . See Adam Thierer, The Progress & Freedom Foundation, FCC Violence Report Concludes that Parenting Doesn’t Work, PFF Blog, Apr. 26, 2007, http://blog.pff.org/archives/2007/04/fcc_violence_re.html.

[5] . See Adam Thierer, The Progress & Freedom Foundation, Sen. Rockefeller Gives Up on Parenting at Senate Violence Hearing, PFF Blog, June 26, 2007, blog.pff.org/archives/2007/06/sen_rockefeller_1.html.

[6] . Adam Thierer, Conservatives, Porn, and “Community Standards,” The Technology Liberation Front, March 2, 2009, http://techliberation.com/2009/03/02/conservatives-porn-and-community-standards.

[7] . Berin Szoka & Adam Thierer, The Progress & Freedom Foundation, Online Advertising & User Privacy: Principles to Guide the Debate, Progress Snapshot 4.19, Sept. 2008, www.pff.org/issues-pubs/ps/2008/ps4.19onlinetargeting.html.

[8] . Jeff Chester, for decades the great gadfly of American advertising, has decried “the system … developed to track each and every one of us and our behavior for one-on-one marketing efforts” as “manipulative, intrusive and un-democratic.” Wendy Melillo, Q&A: Chester Writes the Book on Privacy, Dec. 11, 2007, www.gfem.org/node/227. For instance, Chester and other leading “privacy advocates” ridicule the idea of smart phones as a “liberating technology” and insist that,

Despite the glowing words about customization and personalized service, what marketers and advertisers are increasingly offering consumers is merely the illusion of free choice. Mobile operators offer their various options and services, not on an individual basis, but preconfigured according to segmented demographic profiles.

Center for Digital Democracy and U.S. Public Interest Research Group, Complaint and Request for Inquiry and Injunctive Relief Concerning Unfair and Deceptive Mobile Marketing Practices, Jan. 13, 2009 (emphasis original), www.democraticmedia.org/files/FTCmobile_complaint0109.pdf. See generally Berin Szoka & Adam Thierer, The Progress & Freedom Foundation, Targeted Online Advertising: What’s the Harm & Where Are We Heading?, Progress on Point 16.2, Feb. 2009, www.pff.org/issues-pubs/pops/2009/pop16.2targetonlinead.pdf.

[9] . Berin Szoka & Adam Thierer, The Progress & Freedom Foundation, COPPA 2.0: The New Battle over Privacy, Age Verification, Online Safety & Free Speech, Progress on Point 16.11, May 2009, www.pff.org/issues-pubs/pops/2009/pop16.11-COPPA-and-age-verification.pdf.

[10] . The Supreme Court has used a “right to privacy” to strike down laws against the use of contraception by married couples, Griswold v Connecticut, 381 U.S. 479 (1965), and abortion, Roe v. Wade, 410 U.S. 113 (1973).

[11] . Eugene Volokh, Freedom of Speech and Information Privacy: The Troubling Implications of a Right to Stop People From Speaking About You, 52 Stanford L. Rev. 1049 (2000), available at www.pff.org/issues-pubs/pops/pop7.15freedomofspeech.pdf.

[12] . See , Amicus Brief for Association Of National Advertisers, Cato Institute, Coalition For Healthcare Communication, Pacific Legal Foundation And The Progress & Freedom Foundation In Support Of Appellants, IMS Health v. Sorrell, No. 09-1913-cv(L), 09-2056-cv(CON) (2nd Cir. 2009), available at www.pff.org/issues-pubs/filings/2009/071309-Brief-Amici-Curiae-ANA-et-al-Second-Circuit-(09-1913-cv).pdf.

[13] . See Adam Thierer, The Progress & Freedom Foundation, Social Networking and Age Verification: Many Hard Questions; No Easy Solutions, Progress on Point No. 14.5, March 2007, www.pff.org/issues-pubs/ pops/pop14.8ageverificationtranscript.pdf; www.pff.org/issues-pubs/pops/pop14.5ageverification.pdfAdam Thierer, The Progress & Freedom Foundation, Statement Regarding the Internet Safety Technical Task Force’s Final Report to the Attorneys General, Jan. 14, 2008, www.pff.org/issues-pubs/other/090114ISTTFthiererclosingstatement.pdf; Nancy Willard, Why Age and Identity Verification Will Not Work—And is a Really Bad Idea, Jan. 26, 2009, www.csriu.org/PDFs/digitalidnot.pdf; Jeff Schmidt, Online Child Safety: A Security Professional’s Take, The Guardian, Spring 2007, www.jschmidt.org/AgeVerification/Gardian_JSchmidt.pdf.

[14] . Adam Thierer, The Progress & Freedom Foundation, Mandatory Data Retention: How Much is Appropriate, PFF Blog, June 26, 2006, http://blog.pff.org/archives/2006/06/mandatory_data.html

[15] . Adam Thierer, The Progress & Freedom Foundation, The Perils of Mandatory Parental Controls and Restrictive Defaults, Progress on Point 14.4, Apr. 11, 2008, www.pff.org/issues-pubs/pops/2008/pop15.4defaultdanger.pdf.

[16] . Adam Thierer, China’s Green Dam Filter and the Threat of Rising Global Censorship, PFF Blog, June 17, 2009, http://blog.pff.org/archives/2009/06/chinas_green_dam_filter_and_threat_of_rising_globa.html

[17] . They define choice architecture as follows: “A structure designed by a choice architect(s) to improve the quality of decisions made by homo sapiens. Often invisible, choice architecture is the specific user-friendly shape of an organization’s policy or physical building when homo sapiens come into contact with it. Examples of choice architecture include a voter ballot, a procedure for handling well-meaning people who forget a deadline, or a skyscraper.” Nudge Glossary of Terms, www.nudges.org/glossary.cfm.

[18] . Lawrence Lessig, Code and Other Laws of Cyberspace (1999) at 6.

[19] . See Adam Thierer, Code, Pessimism, and the Illusion of “Perfect Control,” Cato Unbound, May 2009, www.cato-unbound.org/2009/05/08/adam-thierer/code-pessimism-and-the-illusion-of-perfect-control

[20] . See Solveig Singleton & Jim Harper, With A Grain of Salt: What Consumer Privacy Surveys Don’t Tell Us, 2001, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=299930.

[21] . As Cato Institute scholar Will Wilkinson has argued, the book’s “agreeably banal doctrine of choice-preserving helpfulness” blurs the lines between paternalism and libertarianism, and thus “the thrust of the conceptual renovation behind the term libertarian paternalism is to empower, not limit, political elites.” Why Opting Out Is No “Third Way,” Reason, October 2008, www.reason.com/news/show/128916.html. See also Adam Thierer, The Progress & Freedom Foundation, Sunstein’s “Libertarian Paternalism” is Really Just Paternalism, PFF Blog, April 7, 2008, http://blog.pff.org/archives/2008/04/sunsteins_liber.html.

[22] . See Robert Corn-Revere, “’Voluntary’ Self-Regulation and the Triumph of Euphemism,” in Rationales & Rationalizations: Regulating the Electronic Media (Robert Corn-Revere, ed., 1997), at 183-208.

[23] . Telecom Policy Report, Commission Settles Indecency Charges, But At What Cost?, June 30, 2004, http://findarticles.com/p/articles/mi_m0PJR/is_25_2/ai_n6091525.

[24] . See Adam Thierer, XM-Sirius, Regulatory Blackmail, and Diversity, June 17, 2008, http://blog.pff.org/archives/2008/06/xmsirius_regula.html.

[25] . See Comments of W. Kenneth Ferree on Implementation of Sirius-XM Merger Condition, The Progress & Freedom Foundation, MB Docket No. 07-57, March 30, 2009, www.pff.org/issues-pubs/filings/2009/033009siriusXMconditionfiling.pdf.

[26] . See Szoka & Adam Thierer, supra note 8 at 3.

[27] . See id. at 2.

[28] . Thomas Sowell, The Vision of the Anointed: Self-Congratulation as a Basis for Social Policy (1995) at 5.

[29] . Alice Marwick, To Catch a Predator? The MySpace Moral Panic, First Monday, Vol. 13, No. 6-2, June 2008, www.uic.edu/htbin/cgiwrap/bin/ojs/index.php/fm/article/view/2152/1966; Wade Roush, The Moral Panic over Social Networking Sites, Technology Review, Aug. 7, 2006, www.technologyreview.com/communications/17266; Anne Collier, Why Techopanics are Bad, Net Family News, April 23, 2009, www.netfamilynews.org/2009/04/why-technopanics-are-bad.html; Adam Thierer, Parents, Kids & Policymakers in the Digital Age: Safeguarding Against ‘Techno-Panics,’ Inside ALEC, July 2009, at 16-17, www.alec.org/am/pdf/Inside_July09.pdf; Adam Thierer, Progress & Freedom Foundation, Technopanics and the Great Social Networking Scare, PFF Blog, June 10, 2008, http://techliberation.com/2008/07/10/technopanics-and-the-great-social-networking-scare.

[30] . Supra note 13.

[31] . In the 109th Congress, former Rep. Michael Fitzpatrick (R-PA) introduced the Deleting Online Predators Act (DOPA), which proposed a ban on social networking sites in public schools and libraries. DOPA passed the House of Representatives shortly thereafter by a lopsided 410-15 vote, but failed to pass the Senate. The measure was reintroduced just a few weeks into the 110th Congress by Senator Ted Stevens (R-AK), the ranking minority member and former chairman of the Senate Commerce Committee. It was section 2 of a bill that Sen. Stevens sponsored titled the “Protecting Children in the 21st Century Act” (S. 49), but was later removed from the bill. See Declan McCullagh, Chat Rooms Could Face Expulsion, CNet News.com, July 28, 2006, http://news.com.com/2100-1028_3-6099414.html?part=rss&tag=6099414&subj=news.

[32] . See Emily Steel & Julia Angwin, MySpace Receives More Pressure to Limit Children’s Access to Site, Wall Street Journal, June 23, 2006, online.wsj.com/public/article/SB115102268445288250-YRxkt0rTsyyf1QiQf2EPBYSf7iU_20070624.html; Susan Haigh, Conn. Bill Would Force MySpace Age Check, Yahoo News.com, March 7, 2007, www.msnbc.msn.com/id/17502005.

[33] . See, e.g., Letter of Henry McMaster, Attorney General, South Carolina to Attorney General Richard Blumenthal and Attorney General Roy Cooper Regarding Internet Safety Task Force (“ISTTF”) Report, January 14, 2009, www.scag.gov/newsroom/pdf/2009/internetsafetyreport.pdf

[34] . See Adam Thierer, The Progress & Freedom Foundation, Video Games and “Moral Panic,” PFF Blog, Jan. 23, 2009, http://blog.pff.org/archives/2009/01/video_games_and_moral_panic.html ; Adam Thierer, The Progress & Freedom Foundation, Fact and Fiction in the Debate over Video Game Regulation, Progress Snapshot 13.7, March 2006, www.pff.org/issues-pubs/pops/pop13.7videogames.pdf.

[35] . “All varieties of interference with the market phenomena not only fail to achieve the ends aimed at by their authors and supporters, but bring about a state of affairs which—from the point of view of their authors’ and advocates’ valuations—is less desirable than the previous state affairs which they were designed to alter. If one wants to correct their manifest unsuitableness and preposterousness by supplementing the first acts of intervention with more and more of such acts, one must go farther and farther until the market economy has been entirely destroyed and socialism has been substituted for it.” Ludwig von Mises, Human Action, at 858 (3rd ed. 1963) (1949).

[36] . See generally Adam Thierer, The Progress & Freedom Foundation, Media Myths: Making Sense of the Debate over Media Ownership (2005) at 119-123, www.pff.org/issues-pubs/books/050610mediamyths.pdf (Explaining how the third-person effect serves as a powerful explanation for the heated backlash that followed an FCC effort to moderately liberalize media ownership rules in 2003-04).

[37] . W. Phillips Davison, The Third-Person Effect in Communication, 47 Public Opinion Quarterly 1, Spring 1983, at 3.

[38] . For the best overview of third-person effect research, see Douglas M. McLeod, Benjamin H. Detenber, and William P. Eveland., Jr., Behind the Third-Person Effect: Differentiating Perceptual Processes for Self and Other, 51 Journal of Communication, Vol. 51, No. 4, 2001, at 678-695.

[39] . Vincent Price, David H. Tewksbury & Li-Ning Huang, Third-person Effects of News Coverage: Orientations Toward Media, Journalism & Mass Communications Quarterly, Vol. 74, at 525-540.

[40] . Douglas M. McLeod, William P. Eveland & Amy I. Nathanson, Support for Censorship of Violent and Misogynic Rap Lyrics: And Analysis of the Third-Person Effect, Communications Research, Vol. 24, 1997, at 153-174.

[41] . Hernando Rojas, Dhavan V. Shah, and Ronald J. Faber, For the Good of Others: Censorship and the Third-Person Effect, International Journal of Public Opinion Research, Vol. 8, 1996, at 163-186.

[42] . James D. Ivory, Addictive, But Not For Me: The Third-Person Effect and Electronic Game Players’ Views Toward the Medium’s Potential for Dependency and Addiction, University of North Carolina at Chapel Hill, School of Journalism and Mass Communication, Aug. 2002.

[43] . Albert C. Gunther, Overrating the X-rating: The Third-person Perception and Support for Censorship of Pornography, Journal of Communication, Vol. 45, No. 1, 1995, at 27-38

[44] . Supra note 37 at 14. Along these lines, a December 2004 Washington Post article documented the process by which the Parents Television Council, a vociferous censorship advocacy group, screens various television programming. One of the PTC screeners interviewed for the story talked about the societal dangers of various broadcast and cable programs she rates, but then also noted how much she personally enjoys HBO’s “The Sopranos” and “Sex and the City,” as well as ABC’s “Desperate Housewives.” Apparently, in her opinion, what’s good for the goose is not good for the gander! See Bob Thompson, Fighting Indecency, One Bleep at a Time, The Washington Post, Dec. 9, 2004, at C1, www.washingtonpost.com/wp-dyn/articles/A49907-2004Dec8.html.

[45] . See Chris Anderson, Free: The Future of a Radical Price at 112-118 (2009).

[46] . See Letter from Chris Jay Hoofnagle, Electronic Privacy Information Center, Beth Givens, Privacy Rights Clearinghouse, Pam Dixon, World Privacy Forum, to California Attorney General Lockyer, May 3, 2004, http://epic.org/privacy/gmail/agltr5.3.04.html.

[47] . See email from Adam Thierer to Declan McCullaugh on Politech Email discussion group, April 30, 2004, http://lists.jammed.com/politech/2004/04/0083.html (emphasis added).

[48] . See Complaint and Request for Injunction of the Electronic Privacy Information Center against Google, Inc., March 17, 2009, http://epic.org/privacy/cloudcomputing/google/ftc031709.pdf; see also Ryan Radia, Should the FTC Shut Down Gmail and Google Docs Because of an Already-Fixed Bug?, Technology Liberation Front Blog, March 18, 2009, http://techliberation.com/2009/03/18/should-the-ftc-shut-down-gmail-and-google-docs-because-of-an-already-fixed-bug/.

[49] . See Berin Szoka & Mark Adams, The Progress & Freedom Foundation, The Benefits of Online Advertising & the Costs of Regulation, PFF Working Paper, forthcoming.

[50] . Anti-advertising crusader Jeff Chester often resorts to questioning the motives of those who question whether his regulatory prescriptions would actually benefit consumers, see, e.g., http://techliberation.com/2009/06/17/behavioral-advertising-industry-practices-hearing-some-issues-that-need-to-be-discussed/#comment-11698840. See generally Jeff Chester, Digital Destiny: New Media and the Future of Democracy (2007).

[51] . “The only freedom which deserves the name is that of pursuing our own good in our own way, so long as we do not attempt to deprive others of theirs or impede their efforts to obtain it. Each is the proper guardian of his own health, whether bodily or mental and spiritual.” John Stuart Mill, On Liberty (Penguin Classics, 1859, 1986) at 72.

[52] . Adam Thierer, The Progress & Freedom Foundation, Parental Controls & Online Child Protection, Special Report, Version 4.0, Summer 2009, www.pff.org/parentalcontrols.

[53] . Adam Thierer, Berin Szoka & Adam Marcus, The Progress & Freedom Foundation, Privacy Solutions, PFF Blog, Ongoing Series, http://blog.pff.org/archives/ongoing_series/privacy_solutions.

[54] . Comments of Adam Thierer, The Progress & Freedom Foundation, In the Matter of Implementation of the Child Save Viewing Act; Examination of Parental Control Technologies for Video or Audio Programming; MB Docket No. 09-26, April 16, 2009, www.pff.org/issues-pubs/filings/2009/041509-%5bFCC-FILING%5d-Adam-Thierer-PFF-re-FCC-Child-Safe-Viewing-Act-NOI-(MB-09-26).pdf.

[55] . See Adam Thierer, FCC v. Fox and the Future of the First Amendment in the Information Age, Engage, Feb. 20, 2009, www.fed-soc.org/doclib/20090216_ThiererEngage101.pdf

[56] . “To act on the belief that we possess the knowledge and the power which enable us to shape the processes of society entirely to our liking, knowledge which in fact we do not possess, is likely to make us do much harm.” Friedrich von Hayek, “The Pretence of Knowledge,” in The Essence of Hayek, (Hoover Inst., 1984), at 276.

[57] . Adam Thierer, The Progress & Freedom Foundation, Two Sensible, Education-Based Legislative Approaches to Online Child safety, Progress Snapshot 3.10, Sept. 2007, www.pff.org/issues-pubs/ps/2007/ps3.10safetyeducationbills.pdf.

[58] . See, e.g., Berin Szoka, Google, CDT, Online Advertising & Preserving Persistent User Choice Across Ad Networks Through Plug-ins, Technology Liberation Front Blog, March 13, 2009, http://techliberation.com/2009/ 03/13/google-cdt-online-advertising-preserving-persistent-user-choice-across-ad-networks-through-plug-ins/.

The latest edition (Version 4.0) of my PFF special report on “Parental Controls and Online Child Protection: A Survey of Tools & Methods” is now up.  For those not familiar with the report, it explores the market for parental control tools, rating schemes, education and media literacy efforts, and various other tools, methods, and initiatives aimed at promoting online child safety.  After evaluating that state of this market, I conclude: “There has never been a time in our nation’s history when parents have had more tools and methods at their disposal to help them decide what constitutes acceptable media content in their homes and in the lives of their children.”  Moreover, I believe that the parental controls and content management tools cataloged in the report represent a better, less restrictive alternative to government regulation.

Version 4.0 of the report is now over 250 pages long (up from 200 pages in Version 3.0) and it contains almost 70 exhibits (up from 50), 725 references (up from roughly 500), and numerous updates in all five sections of the book. Major updates have been made to the Internet, social networking, and mobile media sections, reflecting the growing importance of those sectors and issues. Other new sections or appendices have also been added to the report, including:

• a new section examining how many households really need parental control tools;
• a new appendix on the downsides of mandatory parental controls and restrictive default settings;
• a new section on the dangers of “deputizing the online middleman” solution as an approach to solving child safety concerns;
• a new appendix reviewing the findings of 5 past online safety task forces;
• … and much more.

I issue major updates once a year and 1 or 2 minor tweaks during the course of the year to reflect the evolution of the parental control and online child safety marketplace and debate. The report is available free-of-charge on the PFF website, and the previous editions of the report are housed there too in case you want to see how it has evolved over the past couple of years. For those interested in taking a quick look at the report, I have embedded it down below the fold as a Scribd file. Finally, as is always the case, I encourage readers to send me updates and suggestions for how to improve the report and I will incorporate them into future versions.

In an earlier post, I mentioned an important new online child safety task force report that has just been released from the “Point Smart. Click Safe.” Blue Ribbon Working Group. It’s a great report and I encourage you to read the whole thing. It was my great pleasure to serve on this task force, and as we started finalizing our conclusions and recommendations, I started thinking about how much of what we were finding and recommending was consistent with what past online safety task forces had also concluded.

By way of background, over the past decade, five major online safety task forces or blue ribbon commissions have been convened to study online safety issues. Two of these task forces were convened in the United States and issued reports in 2000 (“COPA Commission”) and 2002 (“Thornburgh Commission“). Another was commissioned by the British government in 2007 and issued in a major report in March 2008 (“Byron Review“). Finally, two additional online safety task forces were formed in the U.S. in 2008 and concluded their work, respectively, in January (“Internet Safety Technical Task Force“) and July (“Point Smart. Click Safe.“) of 2009. [And yet another task force — the Online Safety Technology Working Group — was recently formed and has now gotten underway.]

In a new PFF white paper, ” Five Online Safety Task Forces Agree: Education, Empowerment & Self-Regulation Are the Answer,” I walk through a chronological summary of each of these past task forces [click on covers of each report below to read them in their entirety] and highlight some of the similar themes and recommendations from them.

Altogether, these five task forces heard from hundreds of experts and produced thousands of pages of testimony and reports on a wide variety of issues related to online child safety. While each of these task forces had different origins and unique membership, what is striking about them is the general unanimity of their conclusions. Among the common themes or recommendations of these five task forces:

• Education is the primary solution to most online child safety concerns. These task forces consistently stressed the importance of media literacy, awareness-building efforts, public service announcements, targeted intervention techniques, and better mentoring and parenting strategies.
• There is no single “silver-bullet” solution or technological “quick-fix” to child safety concerns. That is especially the case in light of the rapid pace of change in the digital world.
• Empowering parents and guardians with a diverse array of tools, however, can help families, caretakers, and schools to exercise more control over online content and communications.
• Technological tools and parental controls are most effective as part of a “layered” approach to child safety that views them as one of many strategies or solutions.
• The best technical control measures are those that work in tandem with educational strategies and approaches to better guide and mentor children to make wise choices. Thus, technical solutions can supplement, but can never supplant, the educational and mentoring role.
• Industry should formulate best practices and self-regulatory systems to empower users with more information and tools so they can make appropriate decisions for themselves and their families. And those best practices, which often take the form of an industry code of conduct or default control settings, should constantly be refined to take into account new social concerns, cultural norms, and technological developments.
• Government should avoid inflexible, top-down technological mandates. Instead, policymakers should focus on encouraging collaborative, multifaceted, multi-stakeholder initiatives and approaches to enhance online safety. Additional resources for education and awareness-building efforts are also crucial. Finally, governments should ensure appropriate penalties are in place to punish serious crimes against children and also make sure law enforcement agencies have adequate resources to police crimes and punish wrong-doers.

The consistency of these findings from those five previous task forces is important and it should guide future discussions among policymakers, the press, and the general public regarding online child safety.  As I note in the paper, the findings are particularly relevant today since Congress and the Obama Administration — including 3 federal agencies (NTIA, FCC, & FTC) are actively studying these issues. So, in light of all that, I hope this short paper can shed some light on the collective wisdom of the past task forces. While more study of online child safety issues is always welcome — including additional task forces or working groups if policymakers deem them necessary — thanks to the work of these five task forces, we now have better vision of what is needed to address online safety concerns.

Five Online Safety Task Forces Agree [PFF – Adam Thierer] http://d.scribd.com/ScribdViewer.swf?document_id=17181137&access_key=key-z6cxfgrjkqaqtxbix&page=1&version=1&viewMode=

The Federal Communications Commission (FCC) has just released a Notice of Inquiry (NOI) in the matter of “Implementation of the Child Safe Viewing Act; Examination of Parental Control Technologies for Video or Audio Programming.” (MB Docket No. 09-26)  This NOI was required by S. 602, the “Child Safe Viewing Act of 2007,” which Congress passed last October and President Bush signed into law on December 2nd.  The measure requires the FCC to examine:

(1) the existence and availability of advanced blocking technologies that are compatible with various communications devices or platforms; (2) methods of encouraging the development, deployment, and use of such technology by parents that do not affect the packaging or pricing of a content provider’s offering; and (3) the existence, availability, and use of parental empowerment tools and initiatives already in the market.

The Act defines the term “advanced blocking technologies” as “technologies that can improve or enhance the ability of a parent to protect his or her child from any indecent or objectionable video or audio programming, as determined by such parent.”  Importantly, the Act also directs the agency to look into blocking technologies that “may be appropriate across a wide variety of distribution platforms, including wired, wireless, and Internet platforms” and which “operate independently of ratings pre-assigned by the creator of such video or audio programming.”   The Act requires that the FCC issue a report to Congress about these technologies no later than August 29, 2009.

When writing about the Child Safe Viewing Act shortly after its introduction in the summer of 2007, I noted that the measure potentially represented the beginning of “convergence-era content regulation” at the FCC.  Those two clauses highlighted above are of particular importance in that regard.  Congress has essentially invited the FCC to engage in unprecedented oversight of media platforms and ratings systems that the agency previously had very little ability to influence. 

First, the Act’s stipulation that the FCC examine advanced content blocking technologies that “operate independently of ratings pre-assigned by the creator,” seems to imply that existing voluntary rating and labeling systems cannot be trusted. That is a dangerous presumption that suggests the FCC might be able to come up with better media ratings on its own. But the fact that the agency has been empowered to look into rating systems for media content outside its area of authority (ex: movies, mobile media, online video) means that the agency might now be potentially placing greater pressure on media providers and distributors in those fields to “clean up” their content that same way that the agency pressures TV and radio broadcasters.

Similarly, the Act’s requirement that the agency look into blocking technologies on “wired, wireless, and Internet platform” is an open-ended invitation for the FCC to oversee content on platforms and mediums that the agency previously had no control over.  This clause on page 4 of the FCC’s NOI is telling in that regard:

The Senate Report also explains that the Act requires the Commission to consider technologies that may be appropriate across a variety of content distribution platforms “[i]n recognition of the fact that television content is currently being made available over the Internet and over mobile devices.” This language suggests that Congress intended that we focus on television content and the variety of platforms over which such content can be displayed and consider technologies capable of blocking inappropriate audio or video content transmitted as part of such programming.

In some ways, this makes all the sense in the world. The fact that Congress and the FCC have long been engaged in the regulation of content by its means of transmission to the viewer or listener has always been a bit silly. Basing regulation on what Randy May has called “techno-functional constructs” has resulted in a jurisprudential Twilight Zone in terms of speech regulation: identical words and images transmitted over one medium end up being regulated different than when transmitted over another. (See my article “Why Regulate Broadcasting?” for more discussion.)  Traditionally, this has meant broadcasting drew the short straw when it came to First Amendment treatment, with their analog signals or digital bits being deemed worthy of less First Amendment protection than the signals or bits transmitted over cable, satellites, fiber, or even print media.

As lawmakers increasingly realize that an age of media abundance and technological convergence has made those silly techno-functional constructs even more preposterous, we can expect Congress to introduce more legislation like the Child Safe Viewing Act and encourage FCC scrutiny of content regardless of its means of transmittal.  But such proposals raise a number of interesting questions, including:

(1) Does the FCC have the statutory authority to be regulating (or even investigating) speech on those other platforms?  What are the First Amendment issues at stake here?

(2) Assuming it has some authority, if the FCC finds that “advanced blocking controls” are not present, or do not work effectively, what remedies would the agency pursue?  (Can you say “universal ratings”?)

(3) Just what sort of resources will be required to allow the FCC to police all “wired, wireless, and Internet platforms”?

I don’t want to go overboard here and suggest that the agency is going to jump right onto the censorship bandwagon and start regulating everything under the sun thanks to S. 602.  Again, to be clear, the Child Safety View Act only authorizes the agency to study to market for advanced blocking tools.  It’s hard to argue against “the study” of anything.  But what concerns me here is the specter of regulatory creep. As I concluded in an earlier essay about the measure:

We have to hope that the FCC doesn’t use this “study” as an excuse to undermine existing voluntary parental controls and private content rating efforts or, worse yet, embark on an effort to impose new speech controls or mandatory rating and labeling schemes on media content. If they follow that path, a serious First Amendment battle awaits.

Is that a valid concern, or am I over-stating things? Well, consider this.  Between pages 15-20 of the NOI, in a section on”Content Available over the Internet,” the agency poses dozens of questions about new digital technologies and services including: Hulu,YouTube, TiVo, iTunes and the iPhone, iPod and Mp3 players, peer-to-peer networks, wi-fi hot spots, Teen Second Life, and even video game consoles.  In fact, on page 16 of the NOI the agency asks: “What impact, if any, does the interface between video gaming systems and the Internet have on children’s online safety?”  It’s certainly a legitimate question for public debate, but is anyone else besides me uncomfortable with the fact that the Federal Communications Commission is asking it?  If, like me, you’ve spent you’re life fighting over-zealous FCC content regulation, then you might appreciate my concern.  Will the FCC soon be fielding complaints about the next installment of “Grand Theft Auto”?  Are uncensored “Saturday Night Live” clips on Hulu suddenly going to be subjected to broadcast TV-like indecency fines?  Is my iTunes podcast fair game for federal regulators?  Again, I hope none of this paranoia is justified, but I think there are reasons to be concerned.

The more constructive path forward for the FCC is to help highlight the useful tools and rating systems already on the market and encourage parents to take advantage of them if they feel so compelled. As FCC Commissioner Jonathan Adelstein noted in his statement about the NOI, “Blocking technology strikes a balance beneficial to all parties involved: it allows us to protect our children while respecting the creative and expressive rights of content creators.”  Indeed, as I have argued in my book on “Parental Controls and Online Child Protection:”

The ideal state of affairs, therefore, would be a nation of fully empowered parents who have the ability to perfectly tailor their family’s media consumption habits to their specific values and preferences. Specifically, parents or guardians would have (1) the information necessary to make informed decisions and (2) the tools and methods necessary to act upon that information. Importantly, those tools and methods would give them the ability to not only block objectionable materials, but also to more easily find content they feel is appropriate for their families.

If the FCC can help build public awareness about such user-empowerment tools, that’s wonderful. I’m all for that. But it’s what the agency might do above and beyond that which has my spider sense tingling.

Anyway, you can read the bill and the NOI below and judge for yourself. [Note: The version of S. 602 below is the version passed by the Senate. The final version agreed to by the House stripped out Sec. 2, the findings section, and Sec. 3 became the new Sec. 2. For some reason, the GPO never produced a final PDF version of the bill as passed by the full Congress. If someone else has it, please forward it to me so I can post it here.]

S602 Child Safe Viewing Act http://d.scribd.com/ScribdViewer.swf?document_id=12963165&access_key=key-1uqqvj45uwpa1z9qihzq&page=1&version=1&viewMode=list

FCC NOI for Child Safe Viewing Act (MB 09-26) http://d.scribd.com/ScribdViewer.swf?document_id=12963105&access_key=key-12ctxrbeq6b7cuh98m6t&page=1&version=1&viewMode=list

Just FYI, the latest update of my booklet on “Parental Controls and Online Child Protection: A Survey of Tools & Methods” is now live. The new version, Version 3.1, provides minor updates to all sections of the book and a new appendix of relevant research in the field. I issue major updates early each year and 1 or 2 tweaks during the course of the year to reflect the evolution of the parental control and online child safety market and debate.

For those not familiar with the report, it explores the market for parental control tools, rating schemes, education efforts, and initiatives aimed at promoting online child safety. I believe that the parental controls and content management tools cataloged in the report represent a better, less restrictive alternative to government regulation. As I conclude after evaluating that state of the market: “There has never been a time in our nation’s history when parents have had more tools and methods at their disposal to help them decide what constitutes acceptable media content in their homes and in the lives of their children.”

The report is available free-of-charge on the PFF website, and the previous editions of the report are housed there too in case you want to see how it has evolved over the past two years. For those interested in taking a quick look at the report, I have embedded it down below the fold as a Scribd file. Finally, as is always the case, I encourage readers to send me updates and suggestions for how to improve the report and I will incorporate them into future versions.

PFF has just releasing an updated edition of my booklet on “Parental Controls and Online Child Protection: A Survey of Tools & Methods.” The new version, Version 3.0, includes two new appendixes and updates to each section to reflect new parental control tools and programs developed in the last nine months.

The updated report is timely as it comes on the heels of the recently-announced Internet Safety Technical Task Force, which is being chaired by the Berkman Center for Internet & Society at Harvard Law School. I am privileged to serve as a member of the Task Force, which is evaluating various online safety technologies and strategies and then reporting back to state attorneys general with our findings.

Those issues and much more are covered in the latest edition of my report. The report explores the market for parental control tools, rating schemes, education efforts, and initiatives aimed at promoting online child safety. I believe that the parental controls and content management tools cataloged in the report represent a better, less restrictive alternative to government regulation. As I conclude after evaluating that state of the market: “There has never been a time in our nation’s history when parents have had more tools and methods at their disposal to help them decide what constitutes acceptable media content in their homes and in the lives of their children.”

Version 3.0 of the special report, now over 200 pages, contains over fifty exhibits and numerous updates in all five sections of the book. Major updates have been made to the Internet, social networking, and mobile media sections, reflecting the growing importance of those sectors and issues. A greatly expanded section on video empowerment technologies has also been included. Finally, two appendices have also been added: a comprehensive legislative index cataloging over thirty bills introduced in Congress on these issues (complied with John Morris of Center for Democracy & Technology), and a glossary of 35 relevant terms and cases.

The report is available free-of-charge on the PFF website, as are the previous editions. And I am happy to provide hard copies to those who are interested.