Posts tagged as:

new paper: The Perils of Classifying Social Media Platforms as Public Utilities

by on March 19, 2012 · 0 comments

The Mercatus Center at George Mason University has just released my new white paper, “The Perils of Classifying Social Media Platforms as Public Utilities.” [PDF] I first presented a draft of this paper last November at a Michigan State University conference on “The Governance of Social Media.” [Video of my panel here.]

In this paper, I note that to the extent public utility-style regulation has been debated within the Internet policy arena over the past decade, the focus has been almost entirely on the physical layer of the Internet. The question has been whether Internet service providers should be considered “essential facilities” or “natural monopolies” and regulated as public utilities. The debate over “net neutrality” regulation has been animated by such concerns.

While that debate still rages, the rhetoric of public utilities and essential facilities is increasingly creeping into policy discussions about other layers of the Internet, such as the search layer. More recently, there have been rumblings within academic and public policy circles regarding whether social media platforms, especially social networking sites, might also possess public utility characteristics. Presumably, such a classification would entail greater regulation of those sites’ structures and business practices.

Proponents of treating social media platforms as public utilities offer a variety of justifications for regulation. Amorphous “fairness” concerns animate many of these calls, but privacy and reputational concerns are also frequently mentioned as rationales for regulation. Proponents of regulation also sometimes invoke “social utility” or “social commons” arguments in defense of increased government oversight, even though these notions lack clear definition.

Social media platforms do not resemble traditional public utilities, however, and there are good reasons why policymakers should avoid a rush to regulate them as such. Continue reading →

SHARE: 0 comments

Did Google Defeat People’s Privacy Preferences?

by on February 19, 2012 · 3 comments

Given the importance of privacy self-help—that is, setting your browser to control what it reveals about you when you surf the Web—I was concerned to hear that Google, among others, had circumvented third-party cookie blocking that is a default setting of Apple’s Safari browser. Jonathan Mayer of Stanford’s Center for Internet and Society published a thorough and highly technical explanation of the problem on Thursday.

The story starts with a flaw in Safari’s cookie blocking. Mayer notes Safari’s treatment of third-party cookies:

Reading Cookies Safari allows third-party domains to read cookies.
Modifying Cookies If an HTTP request to a third-party domain includes a cookie, Safari allows the response to write cookies.
Form Submission If an HTTP request to a third-party domain is caused by the submission of an HTML form, Safari allows the response to write cookies. This component of the policy was removed from WebKit, the open source browser behind Safari, seven months ago by Google engineers. Their rationale is not public; the bug is marked as a security problem. The change has not yet landed in Safari.

Mayer says Google was exploiting this yet-to-be-closed loophole to install third-party cookies, the domain of which Safari would then allow to write cookies. After describing “(relatively) straightforward” cookie synching, Mayer says:

But we noticed a special response at the last step for Safari browsers. … Instead of responding with the “_drt_” cookie, the server sends back a page that includes a form and JavaScript to submit the form (using POST) to its own URL.

Third-party cookie blocking evaded, and users’ preferences frustrated.

Ars Technica has published Google’s response, which doesn’t seem to have gone up on any of its blogs, in full. Google says they created this functionality to deliver better services to their users, but doing so inadvertently allowed Google advertising cookies to be set on the browser.

I don’t know that I’m technically sophisticated enough to register a firm judgement, but it looks to me like Google was faced with an interesting dilemma: They had visitors who were signed in to their service and who had opted to see personalized ads and other content, such as ‘+1’s but those same visitors had set their browsers contrary to those desires. Google chose the route better for Google, defeating the browser-set preferences. That, I think, was a mistake.

I wonder if there isn’t some Occam’s Razor that a Google engineer might have applied at some point in this process, thinking, “Golly, we are really going to great lengths to get around a browser setting. Are we sure we should be doing this?” Maybe it would have been more straightforward to highlight to Safari users that their settings were reducing their enjoyment of Google’s services and ads, and to invite those users to change their settings. This, and urging Apple to fix the browser, would have been more consistent with the company’s credo of non-evil.

Now, to the ideological stuff, of which I can think of two items:

1) There is a battle for control of earth out there—well, a battle over whether third-party cookie blocking is good or bad. Have your way advocates. I think the consuming public—that is, the market—should decide.

2) There is a battle to make a federal case out of every privacy transgression. An advocacy group called Consumer Watchdog (which has been prone to privacy buffoonery in the past) hustled out a complaint to the Federal Trade Commission. I think the injured parties should be compensated in full for their loss and suffering, of which there wasn’t any. De minimis non curat lex, so this is actually just a learning opportunity for Google, for browser authors, and for the public.

Kudos and thanks are due to Jonathan Mayer, as well as ★★★★★ and Ashkan Soltani, for exposing this issue.

SHARE: 3 comments

The FTC, Mobile Apps, Kids’ Privacy, Prices & Competition

by on February 16, 2012 · 19 comments

Today the Federal Trade Commission released a new report entitled, “Mobile Apps for Kids: Current Privacy Disclosures Are Disappointing,” which concludes that “confusing and hard-to-find disclosures do not give parents the control that they need in this area. The FTC argues that “parents need consistent, easily accessible, and recognizable disclosures regarding in-app purchase capabilities so that they can make informed decisions about whether to allow their children to use apps with such capabilities.”

It’s hard to be against the FTC’s “the more disclosure, the better” policy recommendation and I’m not about to come out against it here. But the question is: how much disclosure is enough? Reading through the report and seeing how hard the FTC hammers this point home makes me think the agency wants our app store checkout process to be littered with the pages of fine print disclosure policies that now accompany our credit card statements and home mortgage payments! Seriously, would that make us better off?

As a parent of two kids who both download countless apps on my Android phone, my wife’s iPhone, and our family’s Android tablet, I appreciate a certain amount of disclosure about what sort of information apps are collecting and how they are using it. I think Google’s Android marketplace strikes a nice balance here, providing us with the most crucial facts about what the application will access or share. Apple could do more on disclosure but the company also prides itself (to the dismay of some!) on its rigorous pre-screening process to make sure the apps in the App Store are safe and don’t violate certain privacy and security policies. Yet, as the FTC correctly points out, “the details of this screening process are not clear.” Of course, most Apple users simply don’t give a damn. They’re all too happy to let Apple just take care of it for them even if they’re not really sure what’s happening to their data behind the scenes. The more privacy-sensitive crowd wants greater disclosure and control, of course, and I’m sympathetic to that plea.  But again, how much disclosure is enough? Are you going to wade through pages of disclosure policies and privacy opt-ins before downloading that latest iteration of “Angry Birds” or “Cut the Rope”? Yeah, I didn’t think so.

Anyway, I don’t want to dwell on that. The more interested findings in the survey relate to price and market dynamics and I am hoping people don’t ignore them. Continue reading →

SHARE: 19 comments

Filing to FTC Regarding Proposed COPPA Amendments

by on December 23, 2011 · 0 comments

Filings are due to the Federal Trade Commission (FTC) today as part of its review of the Children’s Online Privacy Protection Act (COPPA) and the COPPA rule that the FTC devised and enforces. I didn’t have time to pen as much as I wanted, but I did submit a short filing to the agency in the matter based on some of my previous work both with Berin Szoka and on my own.  Here’s the executive summary for my filing:

It goes without saying that the Children’s Online Privacy Protection Act (COPPA) is complicated law and rule. When considering the rule and proposals to amend it, it is easy to get lost in the weeds and ignore the bigger picture. That would be a mistake. There are broader, more important questions that need to be asked as part of the Federal Trade Commission’s effort to expand this regulatory regime. These questions involve not only the costs of increased regulation for online business interests, but the impact of expanded regulation on market structure, competition, and innovation. More importantly, these questions cut to the core of whether the public (including children) will be served with more and better digital innovations in the future. There is no free lunch. Regulation—even well-intentioned regulation like COPPA—is not a costless exercise. There are profound trade-offs for online content and culture that must always be considered.

Whatever one thinks about the effectiveness or sensibility of the COPPA regulatory model for the Web 1.0 world, it is clear that the regime is being strained by the unforeseen realities of the Web 2.0 world of hyper-ubiquitous connectivity and user-generated content creation and sharing. The digital genie cannot be put back in the bottle.  While COPPA may continue to have a marginal role to play in this rapidly evolving world, that role will likely be increasingly limited by the inherent realities of the information age.

Entire filing can be found on the Mercatus website, on SSRN, or via Scribd [Also embedded below in a Scribd reader.] Continue reading →

SHARE: 0 comments

Some Much-Needed Antitrust Skepticism on Senate Letter Urging FTC Google Investigation

by on December 20, 2011 · 2 comments

By Geoffrey Manne and Berin Szoka

Back in September, the Senate Judiciary Committee’s Antitrust Subcommittee held a hearing on “The Power of Google: Serving Consumers or Threatening Competition?” Given the harsh questioning from the Subcommittee’s Chairman Herb Kohl (D-WI) and Ranking Member Mike Lee (R-UT), no one should have been surprised by the letter they sent yesterday to the Federal Trade Commission asking for a “thorough investigation” of the company. At least this time the danger is somewhat limited: by calling for the FTC to investigate Google, the senators are thus urging the agency to do . . . exactly what it’s already doing.

So one must wonder about the real aim of the letter. Unfortunately, the goal does not appear to be to offer an objective appraisal of the complex issues intended to be addressed at the hearing. That’s disappointing (though hardly surprising) and underscores what we noted at the time of the hearing: There’s something backward about seeing a company hauled before a hostile congressional panel and asked to defend itself, rather than its self-appointed prosecutors being asked to defend their case.

Senators Kohl and Lee insist that they take no position on the legality of Google’s actions, but their lopsided characterization of the issues in the letter—and the fact that the FTC is already doing what they purport to desire as the sole outcome of the letter!—leaves little room for doubt about their aim: to put political pressure on the FTC not merely to investigate, but to reach a particular conclusion and bring a case in court (or simply to ratchet up public pressure from its bully pulpit). Continue reading →

SHARE: 2 comments

New Study on the Unintended Consequences of COPPA

by on November 1, 2011 · 2 comments

I highly recommend this important new study on “Why Parents Help Their Children Lie to Facebook about Age: Unintended Consequences of the Children’s Online Privacy Protection Act” by danah boyd of New York University, Eszter Hargittai from Northwestern University, Jason Schultz from University of California, Berkeley, and John Palfrey from Harvard University. COPPA is a complicated and somewhat open-ended law and regulatory regime. COPPA requires that commercial operators of websites and services obtain “verifiable parental consent” before collecting, disclosing, or using “personal information” (name, contact inform­ation) of children under the age of 13 if either their website or service (or “portion thereof”) is “directed at children” or they have actual knowledge that they are collecting personal information from a child.

The new study, which surveyed over 1,000 parents of children between the ages of 10 and 14, reveals that, despite the best of intentions, COPPA is having many unintended costs and consequences:

Although many sites restrict access to children, our data show that many parents knowingly allow their children to lie about their age — in fact, often help them to do so — in order to gain access to age–restricted sites in violation of those sites’ ToS. This is especially true for general–audience social media sites and communication services such as Facebook, Gmail, and Skype, which allow children to connect with peers, classmates, and family members for educational, social, or familial reasons.

The authors conclude that “COPPA inadvertently undermines parents’ ability to make choices and protect their children’s data” and that their results “have significant implications for policy–makers, particularly in light of ongoing discussions surrounding COPPA and other age–based privacy laws.” Indeed, this paper could really shake up the debate over online kids’ privacy regulation. I will have more analysis of the paper in my weekly Forbes column this weekend.

Additional reading for COPPA background and current controversies: Berin Szoka & Adam Thierer, “COPPA 2.0: The New Battle over Privacy, Age Verification, Online Safety & Free Speech,” (May 21, 2009); and Adam Thierer, “Kids, Privacy, Free Speech & the Internet: Finding the Right Balance,” (August 12, 2011).

SHARE: 2 comments

Some Thoughts on FTC’s Proposed COPPA Revisions

by on September 16, 2011 · 4 comments

Yesterday, the Federal Trade Commission (FTC) released its long-awaited proposed revisions to the Children’s Online Privacy Protection rule (the “COPPA Rule”). Below I offer a few brief thoughts on the draft document. My remarks assume a basic level of knowledge about COPPA so that I don’t have to spend pages explaining the intricacies of this complex law and regulatory regime. If you need background on the COPPA law and rule, please check out this paper by Berin Szoka and me: “COPPA 2.0: The New Battle over Privacy, Age Verification, Online Safety & Free Speech.”

Dodging the COPA / Mandatory Age Verification Bullet

The most important takeaway from yesterday’s proposal involves something the FTC chose not to do: They agency very wisely decided to ignore some requests to extend the coverage of COPPA’s regulatory provisions from children under 13 all the way up to teens up to 18.  An effort to expand COPPA’s “verifiable parental consent” requirements to all teens would have raised thorny First Amendment issues as well as a host of practical enforcement concerns.  In essence, it would have required Internet-wide age verification of children and adults in order to ensure that everyone was exactly who they claimed to be online. We already had an epic decade-long legal battle over that issue when the constitutionality of the Children’s Online Protection Act (COPA), another 1998 law sometimes confused with COPPA, was tested many times over and always found to be in violation of the First Amendment.

Regardless, the FTC didn’t go there yesterday, so this concern is off the table for now. The agency deserves credit for avoiding this constitutional thicket. Continue reading →

SHARE: 4 comments

Let me say something good about DOJ’s AT&T/T-Mobile decision …

by on August 31, 2011 · 5 comments

I can’t help but think that there might be  a big advantage of having the AT&T-T-Mobile merger go to court.  For once, the high-profile action everyone pays attention to will occur in an antitrust forum where the decision criterion is the effects of the merger on consumer welfare, period.   Regardless of what one thinks about the merger, it’s nice to see that we’ll finally have a knock-down, drag-out fight based on whether a big telecommunications merger harms consumers and competition.  That’s the antitrust standard the Department of Justice has to satisfy in order to prevent the merger. 

This will be a refreshing change from the Federal Communications Commission’s “public interest” standard, which allows the commission to object on grounds other than consumer welfare and demand all manner of concessions that have nothing to do with remedying anticompetitive effects of a deal. Case in point: Comcast must now offer broadband service for $9.95 per month to low-income households as a condition for getting approval to buy 51 percent of NBCUniversal. Now, I’m all for seeing low-income households get access to broadband, but subsidizing one subset of customers has little to do with mitigating any possible anticompetitive effects of allowing a cable company to own NBCUniversal. As FCC Commissioners McDowell and Baker said in their statement on that transaction, “Any proposed remedies should be narrow and transaction specific, tailored to address particular anti-competitive harms. License transfer approvals should not serve as vehicles to extract from petitioners far-reaching and non-merger specific policy concessions that are best left to broader rulemaking or legislative processes.” 

In short, if AT&T wins in court, the FCC should approve the merger promptly without additional conditions.

SHARE: 5 comments

New Paper on Online Child Safety, Kids’ Privacy & Internet Free Speech

by on August 18, 2011 · 0 comments

My latest Mercatus Center white paper is entitled “Kids, Privacy, Free Speech & the Internet: Finding The Right Balance.” From the intro:

Concerns about children’s privacy are an important part of [the ongoing privacy debate]. The Children’s Online Privacy Protection Act of 1998 (COPPA) already mandates certain online-privacy protections for children under the age of 13. The goal of COPPA was to enhance parents’ involvement in their children’s online activities and better safeguard kids’ personal information online. The FTC is currently considering an expansion of COPPA, and lawmakers in the House of Representatives introduced legislation that would expand COPPA and apply additional FIPPS regulations to teenagers. Some state-based measures also propose expanding COPPA While well-intentioned, efforts to expand privacy regulation along these lines would cause a number of unintended consequences of both a legal and economic nature. In particular, expanding COPPA raises thorny issues about online free speech and anonymity. Ironically, it might also require that more information about individuals be collected to enforce the law’s parental-consent provisions. There are better ways to protect the privacy of children online than imposing burdensome new regulatory mandates on the Internet and online consumers. Education, empowerment, and targeted enforcement of unfair and deceptive practice policies represent the better way forward.

The paper can be downloaded on SSRN, Scribd, or directly from the Mercatus website at the link above.

SHARE: 0 comments

Vivek Wadhwa on High-Tech’s “Best Regulator”

by on July 8, 2011 · 7 comments

Vivek Wadhwa, who is affiliated with Harvard Law School and is director of research at Duke University’s Center for Entrepreneurship, has a terrific column in today’s Washington Post warning of the dangers of government trying to micromanage high-tech innovation and the Digital Economy from above.

For reasons I have never been able to understand, the Washington Post uses different headlines for its online opeds versus its print edition. That’s a shame, because while I like the online title of Wadhwa’s essay, “Uncle Sam’s Choke-Hold on Innovation,” the title in the print edition is better: “Google, Twitter and the Best Regulator.” By “best regulator” Wadhwa means the marketplace, and this is a point we have hammered on here at the TLF relentlessly: Contrary to what some critics suggest, the best regulator of “market power” is the market itself because of the way it punishes firms that get lethargic, anti-innovative, or just plain cocky. Wadhwa notes:

The technology sector moves so quickly that when a company becomes obsessed with defending and abusing its dominant market position, countervailing forces cause it to get left behind. Consider: The FTC spent years investigating IBM and Microsoft’s anti-competitive practices, yet it wasn’t government that saved the day; their monopolies became irrelevant because both companies could not keep pace with rapid changes in technology — changes the rest of the industry embraced. The personal-computer revolution did IBM in; Microsoft’s Waterloo was the Internet. This — not punishment from Uncle Sam — is the real threat to Google and Twitter if they behave as IBM and Microsoft did in their heydays.

Continue reading →

SHARE: 7 comments

← Previous Entries

Next Entries →