Faithful readers know of my geeky love for tech policy books. I read lots of ’em. There’s a steady stream of Amazon.com boxes that piles up on my doorstop some days because my mailman can’t fit them all in my mailbox.  But I go pretty hard on all the books I review. It’s rare for me pen a glowing review. Occasionally, however, a book will come along that I think is both worthy of your time and which demands a place on your bookshelf because it is such an indispensable resource.  Access Controlled: The Shaping of Power, Rights, and Rule in Cyberspace is one of those books.

Smartly organized and edited by Ronald J. Deibert, John G. Palfrey, Rafal Rohozinski, and Jonathan Zittrain, Access Controlled is essential reading for anyone studying the methods governments are using globally to stifle online expression and dissent. As I noted of their previous edition, Access Denied: The Practice and Policy of Global Internet Filtering, there is simply no other resource out there like this; it should be required reading in every cyberlaw or information policy program.

The book, which is a project of the OpenNet Initiative (ONI), is divided into two parts. Part 1 of the book includes six chapters on “Theory and Analysis.”  They are terrifically informative essays, and the editors have made them all available online here (I’ve listed them down below with links embedded). The beefy second part of the book provides a whopping 480 pages(!) of detailed regional and country-by-country overviews of the global state of online speech controls and discuss the long-term ramifications of increasing government meddling with online networks.

In their interesting chapter on “Control and Subversion in Russian Cyberspace,” Deibert and Rohozinski create a useful taxonomy to illustrate the three general types of speech and information controls that states are deploying today. What I find most interesting is how, throughout the book, various authors document the increasing movement away from “first generation controls,” which are epitomized by “Great Firewall of China”-like filtering methods, and toward second- and third-generation controls, which are more refined and difficult to monitor. Here’s how Deibert and Rohozinski define those three classes (or “generations”) of controls:

• First-generation controls focus on denying access to specific Internet resources by directly blocking access to servers, domains, keywords, and IP addresses. This type of filtering is typically achieved by the use of specialized software or by implementing instructions manually into routers at key Internet choke points. First-generation filtering is found throughout the world, in particular among authoritarian countries, and is the phenomenon targeted for monitoring by the ONI’s methodology. In some countries, compliance with first-generation filtering is checked manually by security forces, who physically police cybercafes and ISPs. (p. 22)
• Second-generation controls aim to create a legal and normative environment and technical capabilities that enable state actors to deny access to information resources as and when needed, while reducing the possibility of blowback or discovery. Second-generation controls have an overt and a covert track. The overt track aims to legalize content controls by specifying the conditions under which access can be denied. Instruments here include the doctrine of information security as well as the application of existent laws, such as slander and defamation, to the online environment. The covert track establishes procedures and technical capabilities that allow content controls to be applied ‘‘just in time,’’ when the information being targeted has the highest value (e.g., during elections or public demonstrations), and to be applied in ways that assure plausible deniability. (p. 24)
• Unlike the first two generations of content controls, third-generation controls take a highly sophisticated, multidimensional approach to enhancing state control over national cyberspace and building capabilities for competing in informational space with potential adversaries and competitors. The key characteristic of third-generation controls is that the focus is less on denying access than successfully competing with potential threats through effective counter-information campaigns that overwhelm, discredit, or demoralize opponents. Third-generation controls also focus on the active use of surveillance and data mining as means to confuse and entrap opponents. (p. 27)

Again, the country-by-country discussions contained in Part 2 of the book document how several nations are moving toward those more sophisticated second- and third-generation information control efforts, although it appears that CIS states are on the cutting edge so far. As Deibert and Rohozinski note in their opening overview chapter: “the center of gravity of practices aimed at managing cyberspace has shifted subtly from policies and practices aimed at denying access to content to methods that seek to normalize control and the exercise of power in cyberspace through a variety of means.” (p. 6)  They also note that, just in the short time since their previous volume was published (in 2008):

a sea change has occurred in the policies and practices of Internet controls. States no longer fear pariah status by openly declaring their intent to regulate and control cyberspace. The convenient rubric of terrorism, child pornography, and cyber-security has contributed to a growing expectation that states should enforce order in cyberspace, including policing unwanted content. (p. 4)

I don’t agree with all the conclusions in the book, of course. In particular, I don’t share the somewhat lugubrious outlook most of the contributors seem to hold toward the long-term prospects for “technologies of freedom” relative to “technologies of control.” I think it’s vital to put things in some historical context in this regard. It’s important to recall that, as a communications medium, the Net is still quite young.  So, is the Net really more susceptible to State control and manipulation than previous communications technologies and platforms?  I’m not so sure, although it’s hard to find a metric to compare them in an analytically rigorous fashion. However, I’m still quite bullish on the prospect for the “technologies of freedom” that are already out there (and those yet to be developed) to help people evade many of the technologies of control being utilized by States across the globe today.

The contributors in Access Controlled don’t really come to any definitive conclusion on this issue, but some of them seem to imply that the Net is more easily manipulated than past technologies. For example, in Chapter 3, Hal Roberts and John Palfrey speak of the Internet as “surveillance-ready technology.” (p. 35).  It’s certainly true that the State has access to more data about its citizens than in the past, but it’s also true that we have more information about the State than ever before, too!  And, again, we also have access to more of those “technologies of freedom” than ever before to at least try to fight back. Compare, for example, the plight of a dissident in a Cold War-era Eastern Bloc communist state to a dissident in China or Iran today. Which one had a better chance of getting their words (or audio and video) out to the local or global community?  But let me be clear about something: I am not one of those quixotic utopians who thinks that the whole world is going to magically become more democratic and free overnight because of the existence of blogs, mobile phones, wireless networks, SMS, Twitter, YouTube, encryption, proxy servers, etc.  Nonetheless, aren’t we citizens of the modern world at least a little better off for having such technologies at our potential disposal?

Moreover, what about the scale and volume problem that would-be censors increasingly face?  Again, let’s remember how young the Net is and how many people aren’t using it aggressively (or at all) yet. The challenge of bottling-up information — or even tracking / monitoring it — is going to grow exponentially more difficult as more people get online, networks expand, digital technologies fall in cost and grow more ubiquitous, and the overall volume of data flows continues to expand.  What sort of armies of censors and surveillance officers are going to be needed going forward to keep up with this pace of change?  Ethan Zuckerman’s chapter on “Intermediary Censorship” in Access Controlled discusses one answer that many nation-states are turning to in an effort to solve that problem: Make the middleman do it. Deputizing the middleman has been used in many contexts before, of course, but the problem for the State is that (a) the middlemen typically resent doing that sort of censoring / surveillance and (b) it is only going to grow more costly and convoluted for those middlemen to carry out the will of the State as the scale and volume problems identified above manifest themselves.

Of course, one could argue that the censoring & surveillance technologies are going to continue to grow more robust, too, and that the middlemen will always fall in line with the State’s desires if the penalties for non-compliance are steep enough.  But I can’t believe that’s how it will play out over the long haul.  At some point, something’s got to give. The technological arms race between the State and its citizens will continue to escalate, but I remain optimistic that we will live not in an “access controlled” world, but more like a “access-sorta-controlled-but-with-lots-of-holes-in-it” kind of world.

Anyway, these are not major reservations that should keep you from reading Access Controlled. Indeed, it may have been for the best that the editors and contributors chose not to go down this line of inquiry since it would have made a long book even longer and forced the contributors to divert from their generally objective positions.

I have only two other little nitpicks with the Access Controlled. First, I do not understand why the editors decided to dump the excellent old chapter from Access Denied on “Tools and Technologies of Net Filtering,” which contained some very useful schematics explaining how technologies of control work. [You can see what I mean here.]  I used to recommend that chapter to students and journalists all the time as the first stop in their investigation of online censorship issues. I hope the editors decide to update that chapter and include it in the next version of the book.  Second, I was quite surprised there wasn’t more discussion of HerdictWeb in the book. Herdict, which I have praised here in the past, “seeks to present a real-time picture of Web site accessibility and inaccessibility… by crowdsourcing data from individuals around the world.”  I think I only saw one mention of Herdict in Access Controlled.  I thought it would figure more prominently in this version of the book.

Those small quibbles aside, I want to congratulate all the editors and contributors to the marvelous volume.  Access Controlled is an indispensable resource that I can wholeheartedly endorse as a “must-have” for your info-tech policy bookshelf.  Buy it now.

Chapter 1

• Beyond Denial: Introducing Next Generation Information Access Controls Ron Deibert and Rafal Rohozinski

Chapter 2

• Control and Subversion in Russian Cyberspace Ron Deibert and Rafal Rohozinski

Chapter 3

• The EU Data Retention Directive in an Era of Internet Surveillance Hal Roberts and John Palfrey

Chapter 4

• Barriers to cooperation: An analysis of the origins of international efforts to protect children online Nart Villeneuve

Chapter 5

• Intermediary Censorship Ethan Zuckerman

Chapter 6

• Protecting Privacy and Expression Online: Can the Global Network Initiative embrace the character of the Net? Colin Maclay

The latest edition (Version 4.0) of my PFF special report on “Parental Controls and Online Child Protection: A Survey of Tools & Methods” is now up.  For those not familiar with the report, it explores the market for parental control tools, rating schemes, education and media literacy efforts, and various other tools, methods, and initiatives aimed at promoting online child safety.  After evaluating that state of this market, I conclude: “There has never been a time in our nation’s history when parents have had more tools and methods at their disposal to help them decide what constitutes acceptable media content in their homes and in the lives of their children.”  Moreover, I believe that the parental controls and content management tools cataloged in the report represent a better, less restrictive alternative to government regulation.

Version 4.0 of the report is now over 250 pages long (up from 200 pages in Version 3.0) and it contains almost 70 exhibits (up from 50), 725 references (up from roughly 500), and numerous updates in all five sections of the book. Major updates have been made to the Internet, social networking, and mobile media sections, reflecting the growing importance of those sectors and issues. Other new sections or appendices have also been added to the report, including:

• a new section examining how many households really need parental control tools;
• a new appendix on the downsides of mandatory parental controls and restrictive default settings;
• a new section on the dangers of “deputizing the online middleman” solution as an approach to solving child safety concerns;
• a new appendix reviewing the findings of 5 past online safety task forces;
• … and much more.

I issue major updates once a year and 1 or 2 minor tweaks during the course of the year to reflect the evolution of the parental control and online child safety marketplace and debate. The report is available free-of-charge on the PFF website, and the previous editions of the report are housed there too in case you want to see how it has evolved over the past couple of years. For those interested in taking a quick look at the report, I have embedded it down below the fold as a Scribd file. Finally, as is always the case, I encourage readers to send me updates and suggestions for how to improve the report and I will incorporate them into future versions.

Over at Ars, Ryan Paul has an appropriately sharp-tongued response to the Mozilla Foundation’s troubling move to become a cheerleader for the European Commission’s ongoing antitrust efforts against Microsoft. Apparently Mozilla will assist the EC’s investigation “by offering expertise about the browser market.”

Paul focuses on what’s wrong with this in both a micro and macro sense. He rightly points out that the potential remedies here do not bode well for the future of this sector, since regulatory tinkering with high-tech product standards is bound to end badly and create a terrible precedent for future interventions. “It’s hard to find a rational argument in favor of mandatory standards enforcement,”  Paul says. “It would be punitive and unhelpful to the advancement of the web.” Moreover, Paul notes that things have never looked better on the browser front:

Claims that Microsoft’s monopoly status has eliminated competition in the browser market sound hollow in the face of the profoundly vibrant browser market that exists today. The record-setting launch of Firefox 3 added up to over 8 million downloads in the first 24 hours alone. Firefox’s global market share continues to climb every month and the browser has grabbed almost 30 percent of the European market.

And let’s not forget about those two little companies called Google and Apple who have competing products in the field! They’re making serious inroads in the browser wars. Moreover, Microsoft is struggling to hold on to whatever “dominance” they have left in their core market: OS. As Paul concludes:

To the observant tech enthusiast, all signs seem to indicate that Microsoft’s monopoly is on its way out. The Redmond giant is in no danger of annihilation, but it’s definitely not positioned to dictate terms to the rest of the industry anymore.

But what is perhaps most shocking about Mozilla’s call for intervention is the way that Mozilla Foundation chairperson Mitchell Baker minimizes the importance of not just Firefox, but the entire open source movement, when justifying EC intervention in this marketplace.

“The success of Mozilla and Firefox does not indicate a healthy marketplace for competitive products,” she wrote. “I am convinced that we could not have been, and will not be, successful except as a public benefit organization living outside the commercial motivations. And I certainly hope that neither the EU nor any other government expects to maintain a healthy Internet ecosystem based on nonprofits stepping in to correct market deficiencies.”

As Paul points out in his Ars story, “[Mozilla’s] position on this matter is highly questionable.” Indeed, I believe it’s more than just highly questionable, it’s a bit of insult to an entire community of developers. Paul is generally correct in his response that:

There are quite a few open source software enthusiasts who would argue that, for a broad range of software products, the emergence of a Mozilla-like model is actually desirable and highly advantageous for consumers. A point will eventually arrive for many kinds of software where there is simply no point in trying to derive value from shrink-wrapping it, and then efforts will converge around collaboratively-developed open source implementations that will displace and eliminate the need for proprietary commercial implementations. Why should that be viewed as unhealthy?

Indeed, but it actually goes beyond that. The message that Mozilla’s Baker seems to sending to the open source community is: You can’t change the world. Your voluntary, collaborative actions cannot correct market deficiencies or fulfill unmet needs.

Geez, isn’t that what the open source movement is all about?!  I’m hardly some sort of open source / free software fanatic — indeed, I envision a future full of plenty of open source AND proprietary types of software and service — but the beauty of the open source movement to me is the way it has so nicely filled unsatisfied niches of demand in the software universe.  And, here’s the really important point, as Paul points out in his Ars article:

The popularization of the open source development model arguably emerged as a response to Microsoft’s monopoly. Developers had to find innovative ways to compete with an entrenched product. If the government had intervened in the software industry at an early stage and those conditions hadn’t existed, the browser market could arguably be a lot less rich and competitive than it is today. If Internet Explorer had never gained the dominant marketshare to necessitate a change in the status quo, the only browser choices we would have today might be between an ad-encumbered Opera and a proprietary Netscape.

That is exactly right. I have been making the argument for many years that it is at a market’s supposedly darkest hour that we are likely seeing some of the most exciting innovation being spawned. People don’t innovate most when they are completely happy with the world around them. It’s when they are pissed-off that they get cracking!!  Mozilla’s Firefox is the perfect example of that. And so is just about everything that Google and Apple have developed in response to Microsoft over the past 10 years.

And yet, sadly, the folks at the Mozilla Foundation want to now become handmaidens to the state — and the European Commission, no less — in their pathetic effort to stick it to a competitor using the law instead of using more marketplace innovation and competition. SHAME ON YOU MOZILLA!  I would dump your browser today if I didn’t love it so much! And thank you to all the brilliant, dedicated people behind the scenes who do keep innovating and making Firefox even better. I sincerely hope that the Mozilla Foundation doesn’t speak for you on this matter.