The FCC’s transaction reviews have received substantial scholarly criticism lately. The FCC has increasingly used its license transaction reviews as an opportunity to engage in ad hoc merger reviews that substitute for formal rulemaking. FCC transaction conditions since 2000 have ranged from requiring AOL-Time Warner to make future instant messaging services interoperable, to price controls for broadband for low-income families, to mandating merging parties to donate $1 million to public safety initiatives.

In the last few months alone,

• Randy May and Seth Cooper of the Free State Foundation wrote a piece that the transaction reviews contravene rule of law norms.
• T. Randolph Beard et al. at the Phoenix Center published a research paper about how the FCC’s informal bargaining during mergers has become much more active and politically motivated in recent years.
• Derek Bambauer, law professor at the University of Arizona, published a law review article that criticized the use of informal agency actions to pressure companies to act in certain ways. These secretive pressures “cloak what is in reality state action in the guise of private choice.”

This week, in the Harvard Journal of Law and Public Policy, my colleague Christopher Koopman and I added to this recent scholarship on the FCC’s controversial transaction reviews.

We echo the argument that the FCC merger policies undermine the rule of law. Firms have no idea which policies they’ll need to comply with to receive transaction approval. We also note that the FCC is motivated to shift from formal regulation, which is time consuming and subject to judicial review, to “regulation by transaction,” which has fewer restraints on agency action. The FCC and the courts have put few meaningful limits on what can be coerced from merging firms. Many concessions from merging firms are policies that the FCC is simply unwilling to accomplish via formal rulemaking or, sometimes, is outright prohibited by law from regulating. Since a firm’s concessions in this coercive process are nominally voluntary, they typically can’t sue.

We point out, further, that the FCC has a potentially damaging legal issue on its hands. Since the agency is now extracting concessions related to content distribution and TV and radio programming, its transaction review authority may be presumptively unconstitutional and subject to facial First Amendment challenges. That means many parties can challenge the law, not simply the ones burdened by conditions (who fear FCC retaliation).

Content-neutral licensing laws, like the FCC’s transaction review authority, are presumptively unconstitutional when there’s a risk  that public officials will intimidate speakers about content. We cite for this proposition the Supreme Court’s decision in City of Lakewood v. Plain Dealer Publishing Co., a 1988 case striking down as unconstitutional a city requirement that newspapers seek a public interest determination from public officials before installing newsracks. As the Court said, for rules with a “nexus to expression,”

a facial [First Amendment] challenge lies whenever a licensing law gives a government official or agency substantial power to discriminate based on the content or viewpoint of speech by suppressing disfavored speech or disliked speakers.

The public officials in City of Lakewood hadn’t even pressured newspapers about content; the mere potential for intimidation was a constitutional violation. If the agency’s authority was challenged, the FCC would be in worse shape than the public officials in City of Lakewood. Unlike those local officials, the FCC has used licensing to pressure firms to add certain types of programming. So the law certainly has the nexus to expression that the Supreme Court requires for a facial challenge.

We highlight, for instance, the many concessions related to content in the 2010 Comcast-NBCU merger. Comcast-NBCU conceded to create children’s, public interest, and Spanish-language TV and video-on-demand programming, relinquish editorial control over Hulu programming, and spend millions of dollars on digital literacy and FDA nutritional TV public service announcements. In that merger and many others, the FCC conditioned approval on compliance with open access and net neutrality policies. As I and others have pointed out, net neutrality rules also threaten free speech rights.

We conclude with some policy recommendations to avoid a constitutional problem for the FCC, including congressional repeal of the FCC’s transaction review authority. We point out that the FCC actually has Clayton Act authority to review common carrier mergers, but the FCC refuses to use it, likely because the agency views traditional competition analysis as too constraining. In our view, unless or until the FCC promulgates predictable guidelines about what is relevant in a transaction review and stays away from content distribution issues, the FCC’s transaction review authority is vulnerable to legal challenge.

I’m pleased to announce the release of my latest law review article, “A Framework for Benefit-Cost Analysis in Digital Privacy Debates.” It appears in the new edition of the George Mason University Law Review. (Vol. 20, No. 4, Summer 2013)

This is the second of two complimentary law review articles I am releasing this year dealing with privacy policy. The first, “The Pursuit of Privacy in a World Where Information Control is Failing,” was published in Vol. 36 of the Harvard Journal of Law & Public Policy this Spring. (FYI: Both articles focus on privacy claims made against private actors — namely, efforts to limit private data collection — and not on privacy rights against governments.)

My new article on benefit-cost analysis in privacy debates makes a seemingly contradictory argument: benefit-cost analysis (“BCA”) is extremely challenging in online child safety and digital privacy debates, yet it remains essential that analysts and policymakers attempt to conduct such reviews. While we will never be able to perfectly determine either the benefits or costs of online safety or privacy controls, the very act of conducting a regulatory impact analysis (“RIA”) will help us to better understand the trade-offs associated with various regulatory proposals.

However, precisely because those benefits and costs remain so remarkably subjective and contentious, I argue that we should look to employ less-restrictive solutions — education and awareness efforts, empowerment tools, alternative enforcement mechanisms, etc. — before resorting to potentially costly and cumbersome legal and regulatory regimes that could disrupt the digital economy and the efficient provision of services that consumers desire. This model has worked fairly effectively in the online safety context and can be applied to digital privacy concerns as well.

The article is organized as follows. Part I examines the use of BCA by federal agencies to assess the utility of government regulations. Part II considers how BCA can be applied to online privacy regulation and the challenges federal officials face when determining the potential benefits of regulation. Part III then elaborates on the cost considerations and other trade-offs that regulators face when evaluating the impact of privacy-related regulations. Part IV discusses alternative measures that can be taken by government regulators when attempting to address online safety and privacy concerns. This article concludes that policymakers must consider BCA when proposing new rules but also recognize the utility of alternative remedies such as education and awareness campaigns, to address consumer concerns about online safety and privacy.

I’ve embedded the full article down below in a Scribd reader, but you can also download it from my SSRN page and my Mercatus author page.

A Framework for Benefit-Cost Analysis in Digital Privacy Debates by Adam Thierer

Ronald J. Deibert is the director of The Citizen Lab at the University of Toronto’s Munk School of Global Affairs and the author of an important new book, Black Code: Inside the Battle for Cyberspace, an in-depth look at the growing insecurity of the Internet. Specifically, Deibert’s book is a meticulous examination of the “malicious threats that are growing from the inside out” and which “threaten to destroy the fragile ecosystem we have come to take for granted.” (p. 14) It is also a remarkably timely book in light of the recent revelations about NSA surveillance and how it is being facilitated with the assistance of various tech and telecom giants.

The clear and colloquial tone that Deibert employs in the text helps make arcane Internet security issues interesting and accessible. Indeed, some chapters of the book almost feel like they were pulled from the pages of techno-thriller, complete with villainous characters, unexpected plot twists, and shocking conclusions. “Cyber crime has become one of the world’s largest growth businesses,” Deibert notes (p. 144) and his chapters focus on many prominent recent examples, including cyber-crime syndicates like Koobface, government cyber-spying schemes like GhostNet, state-sanctioned sabotage like Stuxnet, and the vexing issue of zero-day exploit sales.

Deibert is uniquely qualified to narrate this tale not just because he is a gifted story-teller but also because he has had a front row seat in the unfolding play that we might refer to as “How Cyberspace Grew Less Secure.” Indeed, he and his colleagues at The Citizen Lab have occasionally been major players in this drama as they have researched and uncovered various online vulnerabilities affecting millions of people across the globe. (I have previously reviewed and showered praise on a couple important books that Deibert co-edited with scholars from The Citizen Lab and Harvard’s Berkman Center, including: Access Controlled: The Shaping of Power, Rights, and Rule in Cyberspace and Access Denied: The Practice and Policy of Global Internet Filtering. They are truly outstanding resources worthy of your attention.)

Black Code’s Many Meanings

So, what is “black code” and why should we be worried about it? Deibert uses the term as a metaphor for many closely related concerns. Most generally it includes “that which is hidden, obscured from the view of the average Internet user.” (p. 6) More concretely, it refers to “the criminal forces that are increasingly insinuating themselves into cyberspace, gradually subverting it from the inside out.” (p. 7) “Those who take advantage of the Internet’s vulnerabilities today are not just juvenile pranksters or frat house brats,” Deibert notes, “they are organized criminal groups, armed militants, and nation states.” (p. 7-8) Which leads to the final way Deibert uses the term “black code.” It also, he says, “refers to the growing influence of national security agencies, and the expanding network of contractors and companies with whom they work.” (p. 8)

Deibert is worried about the way these forces and factors are working together to undermine online stability and security, and even delegitimize liberal democracy itself. His thesis is probably most succinctly captured in this passage from Chapter 7:

We live in an era of unprecedented access to information, and many political parties campaign on platforms of transparency and openness. And yet, at the same time, we are gradually shifting the policing of cyberspace to a dark world largely free from public accountability and independent oversight. In entrusting more and more information to third parties, we are signing away legal protections that should be guaranteed by those who have our data. Perversely, in liberal democratic countries we are lowering the standards around basic rights to privacy just as the center of cyberspace gravity is shifting to less democratic parts of the world. (p. 130-1)

What Deibert is grappling with in this book is the same fundamental problem that has long plagued the Internet: How do you preserve the benefits associated with the most open and interconnected “network of networks” the world has ever known while also remedying the various vulnerabilities and pathologies created by that same openness and interconnectedness?  Deibert acknowledges this problem, noting:

Ever since the Internet emerged from the world of academia into the world of the rest of us, its growth trajectory has been shadowed by a grey economy that thrives on opportunities for enrichment made possible by an open, globally connected infrastructure. (p. 141)

The Paradox of the Net’s Open, Interconnected Nature

Again, paradoxically, this inherent instability and vulnerability is due precisely to the Net’s open and globally interconnected nature. And many governments are looking to exploit that fact. “These unfortunate by-products of an open, dynamic network are exacerbated by increasing assertions of state power,” Deibert notes. (p. 233)

More generally, this uncomfortable fact—that the Net’s open, interconnected nature leads to both enormous benefits as well as huge vulnerabilities—isn’t just true for criminal online activity or the cyber-espionage activities that various nation-states are pursuing today. It is equally true for everything online today. There is a sort of yin and the yang to the Net that is simply undeniable and completely unavoidable. For one issue after another we find that the Net’s greatest blessing—its open, interconnected nature—is also its greatest curse.

For example, as I noted here recently in my review of Abraham H. Foxman and Christopher Wolf ‘s new book, Viral Hate: Containing Its Spread on the Internet, the open and interconnected Internet gives us “the most widely accessible, unrestricted communications platform the world has ever known” but also  means we have to tolerate a great many imbeciles “who use it to spew insulting, vile, and hateful comments.” The same is true for other types of online speech and content: You have access to an abundance of informational riches, but there’s also no avoiding all the garbage out there now, too.

Similarly, as I noted in my essay, “Privacy as an Information Control Regime: The Challenges Ahead,” the open and interconnected Internet has given us historically unparalleled platforms for social interaction and commerce. But that same openness and interconnectedness has left us with a world of hyper-exposure and a variety of privacy and surveillance threats—not just from governments and large corporations, but also from each other.

And then there’s the never-ending story of digital copyright. On one hand, the open and globally interconnected network or networks has provided us with an amazing platform for sharing knowledge, art, and expression. On the other hand, as I noted in this essay on “The Twilight of Copyright,” creators of expressive works have less security than ever before in terms of how they can control and monetize their artistic and scientific inventions.

I could go on and on—as I did in my essays on “Copyright, Privacy, Property Rights & Information Control: Common Themes, Common Challenges” and “When It Comes to Information Control, Everybody Has a Pet Issue & Everyone Will Be Disappointed”—but the moral of the story is pretty clear: The Internet giveth and the Internet taketh away. Openness and interconnectedness offer us enormous benefits but also force us to confront major risks as the price of admission to this wonderful network.

Will the Whole System Collapse?

The uncomfortable question that Deibert’s book tees up for discussion is: When will this balance get completely out of whack in terms of online security? Or, has it already? In some portions of the text, he hints that may already be the case. Consider this passage in Chapter 11 in which Deibert discusses whether the Chicken Little-ism of digital security worry-warts like Eugene Kaspersky and Richard Clarke is warranted:

Eugene Kaspersky, Richard Clarke, and others may sound like broken records or self-serving fear mongers, but there is no denying the evolving cyberspace ecosystem around us: we are building a digital edifice for the entire planet, and it sits above us like a house of cards. We are wrapping ourselves in expanding layers of digital instructions, protocols, and authentication mechanisms, some them open scrutinized, and regulated, but many closed, amorphous, and poised for abuse, buried in the black arts of espionage, intelligence gathering, and cyber and military affairs. Is it only a matter of time before the whole system collapses? (p. 186)

That sounds horrific, but is it really the case that the entire system really about to collapse? And, if so, what are we going to do about it?

This raises a small problem with Deibert’s book. He does such a nice job itemizing and describing these security vulnerabilities that by the time the reader wades through 230 pages and nears the end of the book, they are left in a highly demoralized state, searching for some hope and a concrete set of practical solutions. Unfortunately, they won’t find an abundance of either in Deibert’s brief closing chapter, “Toward Distributed Security and Stewardship in Cyberspace.”

Don’t get me wrong; I agree with the general thrust of Deibert’s framework, which I describe below. The problem is that it is highly aspirational in nature and lacks specifics. Perhaps that is simply because there are no easy answers here. Digital security is damn hard and, as with most other online pathologies out there, no silver-bullet solutions exist.

Deibert notes that some government officials will seek to exploit those vulnerabilities—many of which they created themselves—to expand their authority over the Internet. “Faced with mounting problems and pressures to do something, too many policy-makers are tempted by extreme solutions,” he notes. (p. 234) He worries about “a movement towards clamp down” that would be “antithetical to the principles of liberal democratic government” by undermining checks and balances and accountability. (p. 235) In turn, this will undermine the “mixed common-pool resource” that is the current Internet.

Deibert’s alternative cyber security strategy to counter the push to “clamp down” is based on three interrelated notions or components:

1. Principles of restraint or “mutual restraint”: “Securing cyberspace requires a reinforcement, rather than a relaxation, of restraint on power, including checks and balances on governments, law enforcement, intelligence agencies, and on the private sector,” he argues. (p. 239)
2. “Distributed security”: “The Internet functions precisely because of the absence of centralized control, because of thousands of loosely coordinated monitoring mechanisms,” Deibert notes. “While these decentralized mechanisms are not perfect and can occasionally fail, they form the basis of a coherent distributed security strategy. Bottom-up, ‘grassroots’ solutions to the Internet’s security problems are consistent with principles of openness, avoid heavy-handedness, and provide checks and balances against the concentrations of power,” he observes. (p. 240)
3. “Stewardship” which Deibert defines as “an ethic of responsible behavior in regard to shared resources” and which, he argues, “would moderate the dangerously escalating exercise of state power in cyberspace by defining limits and setting thresholds of accountability and mutual restraint.” (p. 243)

Again, as an aspirational vision statement this all generally sounds fairly sensible, but the details are lacking. I think Deibert would have been wise to spend a bit more time developing this alternative “bottom-up” vision of how online security should work and bolstering it with case studies.

Digital Security without Top-Down Controls

Luckily, as my Mercatus Center colleague Eli Dourado noted in an important June 2012 white paper, distributed security and stewardship strategies are already working reasonably well today. Dourado’s paper, “Internet Security Without Law: How Service Providers Create Order Online,” documented the many informal institutions that enforce network security norms on the Internet and shows how cooperation among a remarkably varied set of actors improves online security without extensive regulation or punishing legal liability. “These informal institutions carry out the functions of a formal legal system—they establish and enforce rules for the prevention, punishment, and redress of cybersecurity-related harms,” Dourado noted.

For example, a diverse array of computer security incident response teams (CSIRTs) operates around the globe and share their research and coordinate their responses to viruses and other online attacks. Individual Internet service providers (ISPs), domain name registrars, and hosting companies, work with these CSIRTs and other individuals and organizations to address security vulnerabilities. A growing market for private security consultants and software providers also competes to offer increasingly sophisticated suites of security products for businesses, households, and governments.

A great deal of security knowledge is also “crowd-sourced” today via online discussion forums and security blogs that feature contributions from experts and average users alike. University-based computer science and cyberlaw centers (like Citizen Lab) and experts have also helped by creating projects like “Stop Badware,” which originated at Harvard University but then grew into a broader non-profit organization with diverse financial support.

Dourado continues on in his paper to show how these informal, bottom-up efforts to coordinate security responses offer several advantages over top-down government solutions, such as administrative regulation or punishing liability regimes.

Dourado’s description of the ideal approach to online security is entirely consistent with Deibert’s vision in Black Code. In fact, Deibert notes, “It is important to remind ourselves that in spite of the threats, cyberspace runs well and largely without persistent disruption. On a technical level, this efficiency is founded on open and distributed networks of local engineers who share information as peers,” he observes. (p. 240) That is exactly right, but I wish Deibert would have spent more time discussing how this system works in practice today and how it can be tweaked and improved to head off the heavy-handed and very costly top-down solutions that we both dread.

Toward Resiliency

But there’s one other thing I wish Deibert would have explored in the book: resiliency, or how we have adapted to various cyber-vulnerabilities over time.

For example, in another recent Mercatus Center study entitled “Beyond Cyber Doom: Cyber Attack Scenarios and the Evidence of History,” Sean Lawson, an assistant professor in the Department of Communication at the University of Utah, has stressed the importance of resiliency as it pertains to cybersecurity and concerns about “cyberwar.” “Research by historians of technology, military historians, and disaster sociologists has shown consistently that modern technological and social systems are more resilient than military and disaster planners often assume,” he writes. “Just as more resilient technological systems can better respond in the event of failure, so too are strong social systems better able to respond in the event of disaster of any type.”

More generally, as I noted in my recent law review article on “technopanics” and “threat inflation” in information technology policy debates:

while it is certainly true that “more could be done” to secure networks and critical systems, panic is unwarranted because much is already being done to harden systems and educate the public about risks. Various digital attacks will continue, but consumers, companies, and others organizations are learning to cope and become more resilient in the face of those threats.

What Professor Lawson and I are getting at in our respective articles is that the ability of organizations, institutions, and individuals to bounce back from adversity is a frequently unheralded feature of various systems and that it deserves more serious study. (See Andrew Zolli and Ann Marie Healy’s nice book, Resilience: Why Things Bounce Back, for more on this general topic). In the context of online security, what is most remarkable to me is not that the Internet suffers from vulnerabilities due to its open and interconnected nature; it’s that we don’t suffer far more damage as a result.

This gets us back to that very profound question that Deibert poses in Black Code: “Is it only a matter of time before the whole system collapses?” The better question, I think, is: why hasn’t the system already collapsed? Perhaps the answer is, because things haven’t gotten bad enough yet. But I believe that the more realistic answer is that: individuals and institutions often learn how to cope and become resilient in the face of adversity. This is partially the case online because of the stewardship and distributed, decentralized security we already see at work today that makes digital life tolerable.

But it has to be something more than that. After all, many of the security problems that Deibert describes in his book are quite serious and already affect millions of us today. How, then, are we getting by right now? Again, I think the answer has to be that adaptation and resiliency are at work on many different levels of online life.

Consider, for example, how we have learned to deal with spam, viruses, online porn, various online advertising and privacy concerns, and so on. Our adaptation to these threats and annoyances has not been perfectly smooth, of course. No doubt, some people would still like “something to be done” about these things. But isn’t it remarkable how we have, nonetheless, carried on with online commerce and interactive social life even as these problems have persisted?

Conclusion

Going forward, therefore, perhaps there are some reasons for hope. Perhaps the various generic strategies that Deibert outlines in his book, coupled with the remarkable ability of humans to roll with the punches and adapt, will help us come out of this just fine (or at least reasonably well).

Of course, it could also be the case that these security concerns just multiply and that the Internet then morphs into sometime quite different than the interconnected “network of networks” we know today. As I noted in my 2009 essay on “Internet Security Concerns, Online Anonymity, and Splinternets,” we might be moving toward a world with more separate dis­connected digital networks and online “gated communities.” This could take place spontaneously over time and be driven by corporations seeking to satisfy the demand of some consumers for safer and more secure online experiences. As I noted in my review of Jonathan Zittrain’s book, The Future of the Internet, I am actually fine with some of that. I think we can live in a hybrid world of “walled gardens” alongside of the “Wild West” open Internet, so long as this occurs in a spontaneous, organic, bottom-up fashion. [For a more extensive discussion, see my book chapter, “The Case for Internet Optimism, Part 2 – Saving the Net From Its Supporters.”]

If, however, this “splintering” of the Net is done from the top-down through intentional (or even incidental) government action, then it is far more problematic. We already see signs, for example, that Russia is pushing even more strongly in that direction in the wake of the NSA leaks. (See “N.S.A. Leaks Revive Push in Russia to Control Net,” New York Times, July 14.) The Russians have been using amorphous security concerns to push for greater Internet control for some time now. Of course, China has been there for years. So have many Middle Eastern countries. Of course, there’s no guarantee that their respective “splinternets” are, or would be, any more secure than today’s Internet, but it sure would make those networks far more susceptible to state control and surveillance. If that’s our future, then it certainly is a dismal one.

Anyway, read Ron Deibert’s Black Code for an interesting exploration of these and other issues. It’s an excellent contribution to field of Internet policy studies and a book that I’ll be recommending to others for many years to come.

Additional resources:

• the official website for Black Code
• the Citizen Lab website at the University of Toronto
• follow Ronald Deibert and The Citizen Lab on Twitter
• video of Washington, D.C. book launch for Black Code (held at the National Endowment for Democracy on 6/24/13)

Other books you should read alongside “Black Code” (links are for my reviews of each book):

• Access Controlled: The Shaping of Power, Rights, and Rule in Cyberspace edited by Ronald J. Deibert, John G. Palfrey, Rafal Rohozinski, and Jonathan Zittrain
• Consent of the Networked: The Worldwide Struggle for Internet Freedom , by Rebecca MacKinnon
• Cyber War: The Next Threat to National Security and What to Do About It, by Richard A. Clarke and Robert K. Knake
• Liars & Outliers: Enabling the Trust that Society Needs to Thrive, by Bruce Schneier
• Regulating Code: Good Governance and Better Regulation in the Information Age, by Ian Brown & Christopher T. Marsden
• Networks and States: The Global Politics of Internet Governance, by Milton Mueller
• Resilience: Why Things Bounce Back, by Andrew Zolli & Ann Marie Healy

Defining “privacy” is a legal and philosophical nightmare. Few concepts engender more definitional controversies and catfights. As someone who is passionate about his own personal privacy — but also highly skeptical of top-down governmental attempts to regulate and/or protect it — I continue to be captivated by the intellectual wrangling that has taken place over the definition of privacy. Here are some thoughts from a wide variety of scholars that make it clear just how frustrating this endeavor can be:

• “Perhaps the most striking thing about the right to privacy is that nobody seems to have any very clear idea what it is.” – Judith Jarvis Thomson, “The Right to Privacy,” in Philosophical Dimensions of Privacy: An Anthology, 272, 272 (Ferdinand David Schoeman ed., 1984).
• privacy is “exasperatingly vague and evanescent.” – Arthur Miller, The Assault on Privacy: Computers, Data Banks, and Dossiers, 25 (1971).
• “[T]he concept of privacy is infected with pernicious ambiguities.” – Hyman Gross,  The Concept of Privacy, 42 N.Y.U. L. REV. 34, 35 (1967).
• “Attempts to define the concept of ‘privacy’ have generally not met with any success.” – Colin Bennett, Regulating Privacy: Data Protection and Public Policy In Europe and the United States,  25 (1992).
• “When it comes to privacy, there are many inductive rules, but very few universally accepted axioms.” – David Brin, The Transparent Society: Will Technology Force Us To Choose Between Privacy and Freedom? 77 (1998).
• “Privacy is a value so complex, so entangled in competing and contradictory dimensions, so engorged with various and distinct meanings, that I sometimes despair whether it can be usefully addressed at all.” – Robert C. Post, Three Concepts of Privacy, 89 GEO. L.J. 2087, 2087 (2001).
• “[privacy] can mean almost anything to anybody.” – Fred H. Cate & Robert Litan, Constitutional Issues in Information Privacy, 9 Mich. Telecomm. & Tech. L. Rev. 35, 37 (2002).
• privacy has long been a “conceptual jungle” and a “concept in disarray.” “[T]he attempt to locate the ‘essential’ or ‘core’ characteristics of privacy has led to failure.” – Daniel J. Solove, Understanding Privacy 196, 8 (2008).
• “Privacy has really ceased to be helpful as a term to guide policy in the United States.” – Woodrow Hartzog, quoted in Cord Jefferson, Spies Like Us: We’re All Big Brother Now, Gizmodo, Sept. 27, 2012.
• “for most consumers and policymakers, privacy is not a rational topic. It’s a visceral subject, one on which logical arguments are largely wasted.” – Larry Downes,  A Rational Response to the Privacy “Crisis,” Cato Institute, Policy Analysis No. 716 (Jan. 7, 2013), at 6.

In my new Harvard Journal of Law & Public Policy article, “The Pursuit of Privacy in a World Where Information Control is Failing” I build on these insights to argue that:

1. precisely because privacy has always been a highly subjective philosophical concept;
2. and is also a constantly morphing notion that evolves as societal attitudes adjust to new cultural and technological realities;
3. America may never be able to achieve a coherent fixed definition of the term or determine when it constitutes a formal right outside of some narrow contexts.

That doesn’t mean the privacy isn’t profoundly important to many of us, but privacy is, first and foremost, an exercise of personal determination and personal responsibility. To some extent, we have to make our own privacy in this world. In this sense, we can liken it to our right to pursue happiness. Here’s how I put it in Part I of my Harvard JLPP article:

Even if agreement over the scope of privacy rights proves elusive, however, everyone would likely agree that citizens have the right to pursue privacy. In this sense, we might think about the pursuit of privacy the same way we think about the pursuit of happiness. Recall the memorable line from America’s Declaration of Independence: “We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.” Consider the importance of that qualifying phrase—“and the pursuit of”—before the mention of the normative value of happiness. America’s Founders obviously felt happiness was an important value, but they did not elevate it to a formal positive right alongside life, liberty, physical property, or even freedom of speech.

This framework provides a useful way of thinking about privacy. Even if we cannot agree whether we have a right to privacy, or what the scope of any particular privacy right should be, the right to pursue it should be as uncontroversial as the right to pursue happiness. In fact, pursing privacy is probably an important element of achieving happiness for most citizens. Almost everyone needs some time and space to be free with their own thoughts or to control personal information or secrets that they value. But that does not make it any easier to define the nature of privacy as a formal legal right, or any easier to enforce it, even if a satisfactory conception of privacy could be crafted to suit every context.

The most stable and widely accepted privacy rights in the United States have long been those that are tethered to unambiguous tangible or physical rights, such as rights in body and property, especially the sanctity of the home. Moreover, these rights have been focused on limiting the power of state actors, not private parties. By contrast, privacy claims premised on intangible or psychological harms have found far less support, and those claims have been particularly limited for private actors relative to the government. All this will likely remain the case for online privacy. Importantly, if privacy is enshrined as a positive right even in narrowly drawn contexts, it imposes obligations on the government to secure that right. These obligations create corresponding commitments and costs that must be taken into account since government regulation always entails tradeoffs.

Therefore, even as America struggles to reach political consensus over the scope of privacy rights in the information age, it makes sense to find methods and mechanisms—most of which will lie outside of the law—that can help citizens cope with social and technological changes that affect their privacy. Part III will outline some of the ways citizens can pursue and achieve greater personal privacy.

I fully realize that this way of thinking about privacy leaves many challenging questions at the margin and I also understand how it will be unsatisfactory to those who view privacy as a “dignity right” that trumps all other values and considerations. But, to reiterate, what I am suggesting here is that we will likely never be able to achieve a coherent fixed definition of the term or determine when it constitutes a formal right outside of some narrow contexts (such as for sensitive health or financial information, where the potential harms of collection, sharing, and use are more tangible).  The primary reason for this is that privacy primary comes down to assertions about “harms” that are primarily psychological in character. But precisely because such asserted harms (1) lack a tangible/physical/monetary nature and (2) also can come into conflict with other liberty rights (especially the right to freely gather information and speak about it; i.e., First Amendment rights), it makes it more difficult to classify psychological “harms” as harms at all.

I feel the same way about concepts like “safety” and “security.” Who among us doubts these values and goals are important? As the father of two young digital natives, I am living a constant struggle to mentor my kids and ensure they have safe and healthy online interactions. But that doesn’t mean I think anyone in this world — including my own children — has an amorphous “right to safety.” What they do have a right to is not to be harmed by others in their online interactions. Where things become sticky, however, is when some child safety advocates adopt an extremely expansive view of what constitutes “harm” in this context and suggest that hearing a single dirty word or seeing a fleeting dirty image somehow irrevocably “harms” their mental well-being and development, or perhaps just their personal morality. (I have written about this here in dozens of essays through the years such as this one on “The Problem of Proportionality in Debates about Online Privacy and Child Safety” as well in longer papers, such as my recent law review article about, “Technopanics, Threat Inflation, and the Danger of an Information Technology Precautionary Principle.”)

While I appreciate the diverse beliefs and values that drives sensitivities about potentially objectionable online content, it is an entirely different matter when one claims “rights” and actionable “harms” in this context. It means that politics will essentially answer what are fundamentally deeply personal “eye of the beholder” questions. It is better, I believe to educate and empower citizens about safe and sensible online interactions and then let them determine what works best for them. Again, whether we are talking about safety or privacy, this model relies upon a certain amount of personal (and parental) responsibility.

To be sure, real harms exist and, at times, law will need to be brought in to right certain wrongs. For example, in the online safety context I favor strong penalties for anyone attempting predatory behavior or extreme forms of incessant harassment. In the privacy context, we’ll still need laws to deal with identity/data theft and certain uses of highly sensitive health and financial information. Outside of those narrow contexts, however, it is better to let people define their own online experiences free of top-down, one-size-fits-all regulatory enactments that attempt to make those determinations for all of us. To reiterate, we all have the right to pursue the objectives we care about–safety, privacy, or just happiness more generally–according to our own value systems. But we should be careful about elevating such amorphous concepts to the level of “rights” and then expecting the State to enforce one set of values and choices on a diverse citizenry.

The Pursuit of Privacy in a World Where Information Control is Failing

I’m excited to announce the release of my latest law review article, “The Pursuit of Privacy in a World Where Information Control is Failing,” which appears in the next edition (vol. 36) of the Harvard Journal of Law & Public Policy. This is the first of two complimentary law review articles that I will be releasing this year dealing with privacy policy. The second, which will be published later this summer by the George Mason University Law Review, is entitled, “A Framework for Benefit-Cost Analysis in Digital Privacy Debates.” (FYI: Both articles focus on privacy claims made against private actors — namely, efforts to limit private data collection — and not on privacy rights against governments.)

The new Harvard Journal article is divided into three major sections. Part I focuses on some of normative challenges we face when discussing privacy and argues that there may never be a widely accepted, coherent legal standard for privacy rights or harms here in the United States. It also explores the tensions between expanded privacy regulation and online free speech. Part II turns to the many enforcement challenges that are often ignored when privacy policies are being proposed or formulated and argues that legislative and regulatory efforts aimed at protecting privacy must now be seen as an increasingly intractable information control problem. Most of the problems policymakers and average individuals face when it comes to controlling the flow of private information online are similar to the challenges they face when trying to control the free flow of digitalized bits in other information policy contexts, such as online safety, cybersecurity, and digital copyright.

If the effectiveness of law and regulation is limited by the normative considerations discussed in Part I and the practical enforcement complications discussed in Part II, what alternatives remain to assist privacy-sensitive individuals? I address that question in Part III of the paper and argue that the approach America has adopted to deal with concerns about objectionable online speech and child safety offers a path forward on the privacy front as well. A so-called “3-E” solution that combines consumer education, user empowerment, and selective enforcement of existing targeted laws and other legal standards (torts, anti-fraud laws, contract law, and so on), has helped society achieve a reasonable balance in terms of addressing online safety while also safeguarding other important values, especially freedom of expression.  That does not mean perfect online safety exists, not only because the term means very different things to different people, but because it would be impossible to achieve in the first instance as a result of information control complications. But the “3-E” approach has the advantage of enhancing online safety without sweeping regulations being imposed that could undermine the many benefits information networks and online services offer individuals and society.  This same framework can guide online privacy decisions—both at the individual household level and the public policy level.

I’ve embedded the full article down below in a Scribd reader, but you can also download it from my SSRN page and it should be available on the HJLPP website shortly. [Update 4/16: It is now live on the site.] In coming weeks, I hope to do some blogging that builds on the themes and arguments I develop in this article.

The Pursuit of Privacy in a World Where Information Control is Failing

[UPDATE 4/30/13: This article was subsequently published in Volume 65, Issues 2 of the Federal Communications Law Journal in April 2013. The links below now point to the final FCLJ version.]

The Mercatus Center at George Mason University has just released a new paper by Brent Skorup and me entitled, “Uncreative Destruction: The War on Vertical Integration in the Information Economy.”  Brent, who is the research director for the Information Economy Project at the George Mason University School of Law, and I have been working on this paper since the Spring and we are looking forward to getting it published in a law review shortly. The paper focuses on Tim Wu’s “separations principle” for the digital economy, something I’ve spent some time critiquing here in the past. Here’s the introduction from the 44-page paper that Brent and I just released:

Are information sectors sufficiently different from other sectors of the economy such that more stringent antitrust standards should be applied to them preemptively? Columbia Law School professor Tim Wu responds in the affirmative in his book The Master Switch: The Rise and Fall of Information Empires. Having successfully pushed net-neutrality regulation into the policy spotlight, Wu has turned his attention to what he regards as excessive market concentration and threats to free speech throughout the entire information economy.To support his call for increased antitrust intervention, Wu explains his view of competition in the information economy—a view that deviates substantially from current mainstream antitrust theory. First, Wu contends that “information monopolies” are pervasive in the information economy. Wu’s “monopolists” include Facebook, Apple, Google, and even Twitter. In The Master Switch and essays like “In the Grip of the New Monopolists,” Wu argues that these so-called monopolies are increasing their market power and require more aggressive oversight and regulation.Second, Wu argues that traditional antitrust analysis is not sufficient for information systems because they carry speech. He claims, “Information industries… can never be properly understood as ‘normal’ industries,”and traditional forms of regulation, including antitrust enforcement, “are clearly inadequate for the regulation of information industries.”Wu believes that because information industries “traffic in forms of individual expression” and are “fundamental to democracy,” they should be subject to greater regulatory treatment.Third, in contrast to current competition law’s focus on horizontal relationships, Wu desires a reinvigorated regulatory enforcement that addresses “the corrupting effects of vertically integrated power” in the information sectors.He is particularly concerned about private threats to free speech arising from such vertical integration.The solution, he says, is preventing vertical mergers in the information economy and the mandatory divestiture of vertically integrated companies. To implement this, Wu proposes a Separations Principle for the information economy, which would segregate information providers into three buckets, which we have labeled information creators, information distributors, and hardware makers.This article outlines Wu’s separations proposal, explains why his fears regarding vertical relationships should be rejected by regulatory and antitrust policymakers, and illustrates the legal and practical problems his Separations Principle poses. Wu justifies his Separations Principle by citing monopolies and market power in the information economy. He also advocates using U.S. antitrust authorities to enforce his Principle. We argue that the antitrust harms he fears are not present, and we highlight scholarship on the accepted benefits of vertically integrated firms. We show that Wu’s remedies are policy preferences wrapped in the language of competition law. In fact, the information economy is largely competitive and does not warrant interventionist regulatory enforcement. Since much of American economic vitality flows from the information economy and technology, policymakers should reject a radical antitrust remedy like Wu’s preemptive Separations Principle.

The paper can be downloaded from the Mercatus website, SSRN, or Scribd.

There was an important article about online age verification in The New York Times yesterday entitled, “Verifying Ages Online Is a Daunting Task, Even for Experts.” It’s definitely worth a read since it reiterates the simple truth that online age verification is enormously complicated and hugely contentious (especially legally). It’s also worth reading since this issue might be getting hot again as Facebook considers allowing kids under 13 on its site.

Just five years ago, age verification was a red-hot tech policy issue. The rise of MySpace and social networking in general had sent many state AGs, other lawmakers, and some child safety groups into full-blown moral panic mode. Some wanted to ban social networks in schools and libraries (recall that a 2006 House measure proposing just that actually received 410 votes, although the measure died in the Senate), but mandatory online age verification for social networking sites was also receiving a lot of support. This generated much academic and press inquiry into the sensibility and practicality of mandatory age verification as an online safety strategy. Personally, I was spending almost all my time covering the issue between late 2006 and mid-2007. The title of one of my papers on the topic reflected the frustration many shared about the issue: “Social Networking and Age Verification: Many Hard Questions; No Easy Solutions.”

Simply put, too many people were looking for an easy, silver-bullet solution to complicated problems regarding how kids get online and how to keep them safe once they get there. For a time, age verification became that silver bullet for those who felt that “we must do something” politically to address online safety concerns. Alas, mandatory age verification was no silver bullet. As I summarized in this 2009 white paper, “Five Online Safety Task Forces Agree: Education, Empowerment & Self-Regulation Are the Answer,” all previous research and task force reports looking into this issue have concluded that a diverse toolbox and a “layered approach” must be brought to bear on these problems. There are no simple fixes. Specifically, here’s what each of the major online child safety task forces that have been convened since 2000 had to say about the wisdom of mandatory age verification:

2000 – Commission on Online Child Protection (“COPA Commission”)

“[Age verification] imposes moderate costs on users, who must get an I.D. It imposes high costs on content sources that must install systems and might pay to verify I.D.s. The adverse effect on privacy could be high. It may be lower than for credit card verification if I.D.s are separated from personally-identifiable information. Uncertainty about the application of a harmful to minors standard increases the costs incurred by harmful to minors sites in connection with such systems.  An adverse impact on First Amendment values arises from the costs imposed on content providers, and because requiring identification has a chilling effect on access. Central collection of credit card numbers coupled with the “embarrassment effect” of reporting fraud and the risk that a market for I.D.s would be created may have adverse effect on law enforcement.”

2002 – Youth, Pornography, and the Internet (“Thornburgh Commission”)

“In an online environment, age verification is much more difficult because a pervasive nationally available infrastructure for this purpose is not available. […] Note that each of these [age verification] methods imposes a cost in convenience of use, and the magnitude of this cost rises as the confidence in age verification increases.” (p. 63-4)

2008 – Safer Children in a Digital World (“Byron Review”)

“[N]o existing approach to age verification is without its limitations, so it is important that we do not fixate on age verification as a potential ‘silver bullet.’” (p. 99)

2009 – Internet Safety Technical Task Force (ISTTF)”

Age verification and identity authentication technologies are appealing in concept but challenged in terms of effectiveness.  Any system that relies on remote verification of information has potential for inaccuracies.  For example, on the user side, it is never certain that the person attempting to verify an identity is using their own actual identity or someone else’s.  Any system that relies on public records has a better likelihood of accurately verifying an adult than a minor due to extant records.  Any system that focuses on third-party in-person verification would require significant political backing and social acceptance.  Additionally, any central repository of this type of personal information would raise significant privacy concerns and security issues.” (p. 10)

2009 – “Point Smart. Click Safe” Blue Ribbon Working Group

“The task force acknowledges that the issues of identity authentication and age verification remain substantial challenges for the Internet community due to a variety of concerns including privacy, accuracy, and the need for better technology in these areas.”

2010 – Youth Safety on a Living Internet: Repost of the Online Safety and Technology Working Group (“OSTWG“)

“There is no quick fix or “silver bullet” solution to child safety concerns, especially given the rapid pace of change in the digital world. A diverse array of protective tools are currently available today to families, caretakers, and schools to help encourage better online content and communications. They are most effective as part of a “layered” approach to child online safety. The best of these technologies work in tandem with educational strategies, parental involvement, and other approaches to guide and mentor children, supplementing but not supplanting the educational and mentoring roles.”  […] “age verification is not only not effective but not necessarily advisable. There was some evidence presented to the (ISTTF) Task Force that it might actually endanger youth by keeping adult guidance or supervision out of online spaces where peer-on-peer harassment or cyberbullying could occur.” (p. 7, 27)

This makes it clear that there is near-universal consensus that mandatory age verification is not the smart path forward. In my closing statement to the Harvard Berkman Center Internet Safety Technical Task Force, of which I was a member, I actually went even further and argued that mandatory age verification represents a dangerous solution to concerns about online child safety because it:

1. Won’t Work: Mandatory age verification will not work as billed. For the reasons detailed below, it will fail miserably and create more problems than it will solve.
2. Will Create a False Sense of Security: Because it will fail, mandatory age verification will create a false sense of security for parents and kids alike. It will lead them to believe they are entering “safe spaces” simply because someone has said users are “verified.”
3. Is Not a Background Check: Moreover, even if age verification did work as billed, it is important to realize it is not synonymous with a complete background check. In other words, even if the verification process gets the age part of the process right, that tells us little else about the person being verified.
4. Is a Grave Threat to Privacy: Mandatory age verification is dangerous because it would require that even more personal information (about kids, no less) be put online at a time when identity theft and privacy violations continue to be a major concern.
5. Will Seriously Misallocate Resources: Devising and enforcing age verification regulations might also divert valuable time and resources that could be better used to focus on education and awareness-building efforts, especially K-12online safety and media literacy education. Moreover, it might divert law enforcement energy and resources away from policing serious crimes or more legitimate threats to children

I went on to post  “10 Questions about Age Verification that the AGs Must Answer” if they continued their foolish pursuit of this misguided silver bullet (non-)solution. Instead of repeating them all here, I have simply appended my closing statement to this post. [see Scribd embed below].

In closing, I remain convinced that nothing on the ground has changed since back then. All the traditional age verification schemes remain highly flawed, and the more sophisticated age verification systems (tapping school records and using biometric identifiers to create “digital passports,” for example), would have rather obvious downsides and still not likely be effective in practice. In the end, there is simply no substitute for an education and awareness-based approach to online safety that relies on parental mentoring, digital literacy / digital citizenship, and better social norms and self-regulation.  Techno-silver bullets will always fail.

ISTTF Thierer Closing Statement

Harvard Berkman Center professor Jonathan Zittrain has published another pessimistic, Steve-Jobs-is-Taking-Us-Straight-To-Cyber-Hell editorial building on the gloomy thesis he set forth in his 2008 book, The Future of the Internet and How to Stop It. His latest piece appears in the Financial Times and it’s entitled, “A Fight over Freedom at Apple’s Core. Concerning the recent Apple iPad announcement, Zittrain warns: “Mr Jobs ushered in the personal computer era and now he is trying to usher it out.”

I’m not going to go into yet another lengthy dissertation about what it so misguided about his thesis that cyberspace is becoming more “regulable” and that digital “generativity” is dying because of the rise of devices like the iPhone & iPad, or sites like Facebook.  Instead, I will just point you to the many things I’ve written before explaining just how far off the mark Prof. Zittrain is on this point. [See the complete list down below + video of our debate.]

But let me just say this… Ignoring that fact that he is an iPhone user himself — which makes no sense considering that he thinks of Apple as the font of all cyber-evil — he can’t muster any substantive empirical evidence proving that the Net and digital devices are being more “closed, sterile, and tethered,” as he repeatedly claims in his book and editorials.  And that’s not surprising because the reality is that the digital world is more open and generative than ever, and even if there are some “closed” devices and systems out there, they are actually quite innovative and not perfectly closed as Zittrain suggests. The spectrum of “open vs. closed” systems and devices is incredible diverse and nothing is perfectly “open” or “closed.”  We can have the best of both worlds: many open systems with some partial “walled gardens” here and there (or hybrid systems combining both). Regardless, we are witnessing greater digital “generativity” and innovation with each passing year. Until Zittrain can prove the opposite, his thesis must be considered a failure.

Finally, I want to associate myself with this excellent critique of the Zittrain thesis by Prof. Ed Felten, who points out that Zittrain’s argument doesn’t even work for the iPad, which I would agree is a fairly “closed appliance” in the Zittrainian scheme of the things:

For the iPad to become a Zittrain-type appliance, two things must happen. First, Apple must remain picky about which apps are available in the App Store. Second, Apple must limit the device’s browser so that it lacks the features that make today’s browsers viable application platforms. Will Apple be able to limit their product in this way, despite competition from other, more general-purpose tablets? I doubt it. But even this — even an appliance-style iPad — would not be enough to prove Zittrain’s thesis. Zittrain argued not just that appliances would exist, but that they would replace general purpose computers. Amazon’s kindle is an appliance, but it doesn’t prove Zittrain’s thesis because nobody is ditching their laptop in favor of a Kindle. Instead, the Kindle is an extra device which is used for its purpose, while the general-purpose device is used for everything else. If the iPad ends up like the Kindle — a complement to the laptop or netbook, rather than a replacement for it — this will not prove Zittrain’s thesis. It seems unlikely, then, that the iPad, even if it succeeds, will provide strong support for Zittrain’s thesis. General-purpose computers are so useful that we’re not likely to abandon them.

Exactly right. And here’s a few more things you might want to read to see why Zittrain’s thesis doesn’t add up (the first and the last one probably provide the best overview):

• Review of Zittrain’s “Future of the Internet” (3/23/08)
• Apple, Openness, and the Zittrain Thesis (3/30/08)
• Another Problem for the Zittrain Thesis — Old People! (4/12/08)
• [AUDIO] NPR “On Point” Debate over The Future of the Internet (5/13/08)
• iPhone 2.0 Cracked in Hours… What Was that Zittrain Thesis Again? (7/10/08)
• Enough anti-iPhone rants… just get another phone! (8/11/08)
• Another Review of Zittrain’s “Future of the Internet” (9/20/08)
• [VIDEO] My Debate with Jonathan Zittrain at New America Foundation (11/6/08)
• Zittrain’s Pessimistic Predictions and Problematic Prescriptions for the Net (7/20/09)
• Code, Pessimism, and the Illusion of “Perfect Control” (5/8/09)[1st part of Cato Unbound Debate “Ten Years of Code“ (featuring Lessig, Zittrain, Declan McCullagh, and me]
• Our Conflict of Cyber-Visions (5/14/09) [part 2 of the Cato Unbound debate]
• Cyber-Libertarianism: The Case for Real Internet Freedom (8/12/09)
• You’d Have to Be Smoking Dope to Believe the Zittrain-Lessig Thesis (9/15/09)
• Oh Farts! The Droid, the iPhone & the Lessig-Zittrain Thesis (11/12/09)

Seems like everywhere I turn someone is gushing about their new Droid phone, including my TLF colleagues Berin Szoka, Braden Cox, and Ryan Radia, who all had great fun rubbing their new toys in my nose over the past couple of days. And why not, it’s a very cool little device.  It makes my HTC Touch seems positively archaic in some ways, and it’s only a year old.  Apparently, 100,000 people already picked up a Droid in just its first weekend on the market.

But here’s the first thing that pops in my mind every time I see someone showing off their new Droid: How can a device like this even exist when America’s leading cyberlaw experts have been telling us that the whole digital world is increasingly going to hell because of “closed” devices, proprietary code, and managed networks?  I’m speaking, of course, about the lamentations of Harvard professors Lawrence Lessig, Jonathan Zittrain, and their many disciples.  As faithful readers will recall, I have relentlessly hammered this crew for their unwarranted cyber-Chicken Little-ism and hyper techno-pessimism. (See my many battles with Zittrain [1, 2, 3, 4, 5, 6 + video] and my 2-part debate with Lessig earlier this year).

“Left to itself,” Lessig warned in Code, “cyberspace will become a perfect tool of control.”  He went on to forecast a dystopian future in which nefarious corporate schemers would quash our digital liberties unless benevolent public philosopher kings stepped in to save our poor souls. Code was the Old Testament of cyber-collectivism. The New Testament arrived last year with Zittrain’s The Future of the Internet and How to Stop It. In it, we hear the grim prediction that “sterile and tethered” digital technologies and networks will triumph over the more “open and generative” devices and systems of the past.  The iPhone and TiVo are cast as villains in Zittrain’s drama since they apparently represent the latest manifestations of Lessig’s “perfect control” paranoia.

Apple’s “Angel of Death”

How completely out-of-control has this thinking gotten?  Well, here’s David Weinberger — another Harvard Berkman Center worrywart — talking about that supposed satanic font of all evil, the Apple AppStore:

The AppStore is the seductive angel of death for computing. It enables Apple to keep quality up and, more important, to keep support costs down. But a computer that can’t be programmed except by its manufacturer (or with the permission of its manufacturer) isn’t a real computer. The success of the AppStore is a gloomy, scary harbinger. From controlling the apps that can go on its mobile phone, it’s a short step for Apple to decide to control the apps that can go on its rumored slate/netbook device. And since so much of the future of computing will occur on mobiles and netbooks, this portends a serious de-generation of computing, as predicted by Jonathan Zittrain in The Future of the Internet and How to Stop It.

The “angel of death”? A “gloomy, scary harbinger”? Wow, who knew!  In Weinberger’s world, Apple is guilty of the heinous crime of “keep[ing] quality up and, more important, [keeping] support costs down.”  OH MY GOD, how dare they.  Somebody make them stop!  No, seriously, how silly is all this? It’s like those Republicans who, in their zeal to do anything to defeat health care nationalization, decide it’s OK to make up spooky stories about “death panels” hidden deep inside congressional bills.

I find Weinberger’s claim that “a serious de-generation of computing” is looming because of the iPhone to be especially ridiculous. It’s the same sort of rubbish Lessig was spewing in Code when he predicted that AOL’s walled garden model was going to take over the entire cyber-world and ensure “perfect control,” just one of the many things Lessig got wrong in the book.  And it’s the same silliness we see at work in Zittrain’s work when he claims that we’re doomed to live in a world of closed “sterile and tethered” digital technologies and networks. Similarly, last year, Public Knowledge analyst Alex Curtis managed to reach the zenith of this rhetorical insanity when he likened the Apple App Store to an Orwellian Big Brother that was bringing us a “1984 kind of total control.”  You know, because Apple is forcing us all to own iPhones and locking us into re-education camps.  Right.

I Fart, Therefore I Am (Generative)

Which brings me back to the Droid.  If all these dour predictions about the death of digital generativity and the rise of closed networks and walled gardens were true, how in the world does a phone with an open source operating system and a completely open applications process for developers even exist? (Android devices like the Droid don’t require users to rely exclusively on the Android Marketplace for apps; you can run other apps if you like).

Moreover, it’s not just that a remarkably innovative and generative device like the Droid gets widespread release and praise, it’s the fact that there are countless other mobile devices and applications on the market today much like it. On the Zittrainian “generative-vs.-sterile appliance” spectrum, the range of mobile devices just continues to grow and grow in both directions. You can decide exactly what type of device you want.  But here’s the more important point: How much of a difference does it even make how “open” these phones and app stores are?  You’ve got more “closed” systems like Apple’s iPhone and Palm’s Pre on one end of the spectrum and then more “open” systems like the Droid and even many Windows Mobile devices on the other end, but do these competing models really result in many difference in terms of functionality and innovation?  The reality is this: tons of innovation is occurring across all of these devices and platforms regardless of how “open” or “closed” they may be.

For example, when I go to Handango, a terrific mobile application marketplace, and search for “all apps” available for my HTC Touch (which runs a Windows Mobile OS), my senses are assaulted with 6,677 choices.  It’s all a bit overwhelming.  Luckily, a quick search can get me right to the important applications I really need — like the “Pocket Fart” app.  Folks, let me tell you, no “generative” device is worth its salt without a good farting application.  I don’t care how bad of a mood my kids are in, when I fire up a fart app, it puts an instant smile on their faces!

But hey, guess what… that “angel of death,” the iPhone Store, offers fart apps, too!  Dozens and dozens of fart apps, in fact.  In terms of Zittrainian generativity, the iPhone is positively fart-tastic. Just check out that video below. And in addition to those dozens of flatulence apps, the Apple AppStore has another 100,000 apps available for downloading, making it the largest applications store in the world. And back in September, Apple announced that more than two billion apps had been downloaded from the App Store in its short existence. That’s Billion with a “B”.  Does this sound like it “portends a serious de-generation of computing” as Weinberger suggests?  Incidentally, if he’s so frightened that Steve Jobs is the Grim Reaper incarnate he can always go find another phone. Seriously, Steve Jobs doesn’t force anybody to buy one of these expensive toys.

If the iPhone is Good Enough for Zittrain, Why Isn’t It Fine for the Rest of Us?

Incidentally, despite all the fear and loathing about Steve Jobs and the iPhone that one finds in Future of the Internet, I was very entertained to discover that Jonathan Zittrain is an iPhone user himself!  I used some shameless McCarthyite tactics during our debate at New America Foundation last year — “Are you now, or have you ever been, an iPhone user!” — to publicly out him. [Go to the 55:00 minute mark of the video to see.]  But my point to him that day was a serious one: If you so fear the death of generativity because of that little demonic device, than why carry one in your coat pocket?  Why not use a device that lets you break all the rules because it essentially has no rules?  There are multiple open source mobile operating systems and a thriving community of “homebrew” developers. Go spend a few minutes at PCC Geeks or Howard’s Forums and see what I mean.

But the Berkman boys don’t seem content with all that.  And I wouldn’t usually give a damn about the lunacy of these hyper-pessimistic prognostications from the Harvard crew if it was all just harmless cyber-sourpuss ramblings from the ivory tower geeks with too much time on their hands.  But the problem is that these people want regulators to take steps to correct these supposed “code failures,” as Lessig calls them.  Zittrain calls for “API neutrality” in his book, which would force net neutrality-like mandates on digital devices. And in a New York Times editorial this summer entitled “Lost in the Cloud,” he made it clear that cloud neutrality regulation was next on the list. [Others are joining that call.] I’ve got a serious problem with that, as I detailed extensively in earlier essays (here and here), and Berin Szoka and I have discussed how these escalating neutrality wars are bound to lead to the digital equivalent of “mutually assured destruction” within the tech community before it’s all over.

Finally, when the Berkman gang, which is the most respected cyberlaw shop in the land, go around casting these debates with terms like “evil” applications and “angels of death,” then I have a serious problem because the game you are playing becomes hazardous to the health of the digital economy.  This poisons the public policy debate by using absurd moralistic rhetoric about something as fundamentally agnostic as digital platforms and protocols.  These things are neither good nor evil; they are just choices.  They represent different ways of promoting innovation.  And we should be happy that our current digital marketplace is offering us a rich mosaic of business models and options that can fill almost any need and fit almost any picky user’s desires.  If that ain’t progress, I don’t what is.

Last night here on the TLF, Bret Swanson raised a number of objections with this FCC-commissioned report about international broadband comparisons, which was conducted by some folks at Harvard University’s Berkman Center. Meanwhile, over at the Digital Society blog, George Ou also offers a hard-nosed look at the Berkman broadband report and concludes “The underlying data cited by Berkman study is simply too flawed to be of any use.”  I recommend everyone check out both essays.  It will be interesting to hear how the Berkman folks respond.  Some of these international broadband comparisons are really fishy.  [Here’s a podcast we did on that issue two years ago.]

One quick point… Like Bret, I also found it shocking that–even though the report reads like an ode to forced access regulation–the Berkman folks didn’t spend much time discussing the result of America’s previous open-access regime. “The gaping, jaw-dropping irony of the report,” Bret argues, “was its failure even to mention the chief outcome of America’s previous open-access regime: the telecom/tech crash of 2000-02. We tried this before. And it didn’t work!”  Indeed, America’s regulatory experiment with forced access regulation involved a lot of well intentioned laws and regulation, and too many acronyms to count–CLECs, TELRIC, UNE-P, etc– but it did not result in serious, facilities-based competition.  Instead it offered us the fiction of competition through network-sharing, or what Peter Huber once referred to as building “networks out of paper.” The results were disastrous for investment during that period since regulatory uncertainly led to a lot of stunted innovation.

In sum, sharing is not competing.  You can socialize and commoditize old pipes for awhile and get decent results in the short-term, but you’ll sacrifice long-run investment and innovation if you do.  [For more background, see my recent essay on “The Fiction of Forced Access ‘Competition’ Revisited” and this old Cato piece on “UNE-P and the Future of Telecom “Competition” as well as Jeff Eisenach’s PFF white paper, “Broadband Policy: Does the U.S. Have It Right After All?”]

In a post earlier this week, I discussed Randy Cohen’s “guideline” for anonymous blogging. Specifically, Cohen argued in a recent New York Times piece that, “The effects of anonymous posting have become so baleful that it should be forsworn unless there is a reasonable fear of retribution.  By posting openly, we support the conditions in which honest conversation can flourish.”  While sympathetic to that guideline, I noted I agreed with it as an ethical principle, not a legal matter.  In others words, what might make sense as a “best practice” for the Internet and its users would not make sense as a regulatory standard.  I prefer using social norms and public pressure to drive these standards, not regulation that could have an unintended chilling effect on beneficial forms of anonymous online speech.

Dan Gillmor of the Center for Citizen Media of the Harvard Berkman Center has a new column up at the UK Guardian in which he takes a slightly different cut at a new standard or social norm for dealing with some of the more caustic anonymous speech out there:

One of the norms we’d be wise to establish is this: People who don’t stand behind their words deserve, in almost every case, no respect for what they say. In many cases, anonymity is a hiding place that harbours cowardice, not honour. The more we can encourage people to use their real names, the better. But if we try to force this, we’ll create more trouble than we fix.  But we don’t want, in the end, to turn everything over to the lawyers. The rest of us — the audience, if you will — need to establish some new norms as well.

Specifically, Gillmor argues that, ” We need to readjust our internal BS meters in a media-saturated age,” because “We are far too prone to accepting what we see and hear.”  I think Gillmor has too little faith in most digital denizens; most of us take anonymous comments with a grain of salt and assume that the ugliest of those comments are often untrue.  And that’s generally the “principle” he recommends each of us adopt going forward:

When you read or hear an anonymous or pseudonymous attack on someone else, you should not just assume — barring persuasive evidence of the charge — that it’s false. Assume that the accuser is an outright, contemptible liar.

I am generally sympathetic to Gillmor’s principle, but I think he goes a bit overboard in asking us to assume that all anonymous or pseudonymous attacks are false. So, here’s a reformulation of it: We should discount, by at least some small measure, anonymous online speech that attacks others in a heated manner and which lacks supporting evidence for the assertions made or charges levied. However, the more heated or vicious the attack, the greater we should discount the veracity of the claims asserted.

Of course, this is simply a guideline for readers, not speakers or the sites that host online speech.  Each speaker will have to decide for themselves whether to post anonymously or reveal their identities. As I noted in my previous essay, however, I think it makes sense to generally encourage people to reveal their true identities when blogging or commenting.  I have always lived by that rule personally when blogging or posting comments on other sites, whether they are blogs, discussion boards, or even shopping sites.

For sites that host speech, things get trickier.  Luckily, we have Section 230 of the CDA to protect online operators from onerous forms of liability for the content they host on their sites, although some would like to change that. Also, as I’ve discussed here before, some critics of online anonymity would like to see “civility check” or “cooling off periods” instituted that would prevent instantaneous comments from being posted without some sort of human or automated review of the content.  But tweaking Sec. 230 liability norms or requiring “cooling off periods” for comments could have a profoundly chilling effect on many beneficial forms of online speech. As Gillmor wisely notes in his essay:

anonymity has crucially important value. We need it for whistleblowers, for political dissidents in dictatorships — for those who have important stories to tell but whose lives or livelihoods would be in jeopardy if their identities were exposed.

And one has to think through the mechanics of regulation before willy-nilly proposing to “ban anonymity” online.  As Gillmor points out, that could lead to some troubling outcomes:

People who’d ban anonymity don’t seem to realise that it’s technically impossible unless we’re willing to turn over all of our communications in every venue to a central authority — a system that would herald the end of liberty. They can’t really want such a regime, can they? Meanwhile, even that kind of structure could and would be hacked by motivated types, though with more difficulty.

That’s exactly right. Nonetheless, online speakers and websites shouldn’t just treat Sec. 230 as a “get-out-of-jail-free” card or let their anonymous speech rights go to their heads.  There’s nothing wrong with a little sensible site policing and self-regulation to deal with the baser elements of the blogosphere.

On July 27th, The Progress & Freedom Foundation hosted a Capitol Hill panel discussion entitled “Online Child Safety, Privacy, and Free Speech: An Overview of Challenges in Congress & the States.” The event featured remarks from:

• Parry Aftab, Executive Director, WiredSafety.org
• Todd Haiken, Senior Manager of Policy, Common Sense Media
• Jim Halpert, Partner, DLA Piper
• Berin Szoka, Senior Fellow, The Progress & Freedom Foundation

We’ve just released the transcript of the event, which I have also pasted down below the fold in a Scribd document reader. Also, the audio for this event can be heard by clicking below:

Download mp3

Here is the full event description:

Online child safety, privacy, and free speech remain hotly debated issues at both the federal and state level. Bills introduced in Congress to address cyberbullying concerns propose either educational initiatives or a criminalization approach. Access to objectionable content also remains a concern and a new, government-mandated task force is looking into those issues. Meanwhile, state officials, including many state attorneys general, continue to explore age verification mandates for social networking sites and some have considered building on the federal Children’s Online Privacy Protection Act (COPPA) to expand “parental notification” mandates. The Federal Trade Commission (FTC) has recently announced an expedited review of COPPA to see if it is keeping up with new developments. The FTC is also exploring child safety in virtual worlds. New concerns about “sexting,” or the sending of sexual explicit images over mobile devices, has also raised new concerns led some lawmakers to ponder penalties.

How serious are these concerns? Is legislation or regulation needed to address them? What free speech issues are at stake? Should Congress take the lead or leave it to the States to experiment with different models? These and other issues were discussed by a panel of leading experts in the field of online safety and privacy policy.

Transcript PFF Online Child Safety Privacy Hill Event (7-27-2009) http://d.scribd.com/ScribdViewer.swf?document_id=18756666&access_key=key-1blb7az1ag406howibuk&page=1&version=1&viewMode=

by Adam Thierer & Berin Szoka — (Ver. 1.0 — Summer 2009)

We are attempting to articulate the core principles of cyber-libertarianism to provide the public and policymakers with a better understanding of this alternative vision for ordering the affairs of cyberspace. We invite comments and suggestions regarding how we should refine and build-out this outline. We hope this outline serves as the foundation of a book we eventually want to pen defending what we regard as “Real Internet Freedom.” [Note:  Here’s a printer-friendly version, which we also have embedded down below as a Scribd document.]

I. What is Cyber-Libertarianism?

Cyber-libertarianism refers to the belief that individuals—acting in whatever capacity they choose (as citizens, consumers, companies, or collectives)—should be at liberty to pursue their own tastes and interests online.

Generally speaking, the cyber-libertarian’s motto is “Live & Let Live” and “Hands Off the Internet!”  The cyber-libertarian aims to minimize the scope of state coercion in solving social and economic problems and looks instead to voluntary solutions and mutual consent-based arrangements.

Cyber-libertarians believe true “Internet freedom” is freedom from state action; not freedom for the State to reorder our affairs to supposedly make certain people or groups better off or to improve some amorphous “public interest”—an all-to convenient facade behind which unaccountable elites can impose their will on the rest of us.

B.  Application in Social & Economic Contexts

The cyber-libertarian draws no distinction between social and economic freedom when applying this vision:

• Social Freedom: Individuals should be granted liberty of conscience, thought, opinion, speech, and expression in online environments.
• Economic Freedom: Individuals should be granted liberty of contract, innovation, and exchange in online environments.

Cyber-libertarians also argue that social and economic freedoms are inextricably intertwined:  It is not enough to support liberty of action in one sphere; foreclosing freedom in one sphere will eventually affect freedom in the other.

C.  How “Code Failures” Are to Be Addressed

The cyber-libertarian believes that “code failures” (the digital equivalent of so-called “market failures”) are better addressed by voluntary, spontaneous, bottom-up, marketplace responses than by coerced, top-down, governmental solutions.   From a practical perspective, the decisive advantage of the market-driven approach to correcting code failure comes down to the rapidity and nimbleness of those responses.  Stated differently, cyber-libertarians have a strong aversion to the politicization of technology issues and efforts to replace market processes with bureaucratic processes.

Importantly, the cyber-libertarian defines “markets” broadly to include monetary and non-monetary transactions as well as proprietary and non-proprietary modes of production.  To be clear, collaborative, non-proprietary technologies and efforts ( e.g., Wikipedia and open source software) are not at odds with cyber-libertarianism.  But the cyber-libertarian does reject the notion these models are the only acceptable model or that they should be imposed on us by law.  The proper policy position with regards to the “open vs. closed” or “proprietary vs. non-proprietary” debate should be one of techno-agnosticism.  Lawmakers and courts should not be tilting the balance in one direction or the other.

More generally speaking, instead of seeking to define or impose a single utopian vision, the cyber-libertarian seeks to enable what libertarian philosopher Robert Nozick called a “Utopia of Utopias:” a framework within which many different models of organizing commerce and community can flourish alongside, and in competition with, each other.

D.  General Relationship to “Internet Exceptionalism”

Internet exceptionalists are first cousins to cyber-libertarians:  They believe that the Internet has changed culture and history profoundly and is deserving of special care before governments intervene.  [See Section IV for an expanded discussion.]

II. The Intellectual Foundations of Cyber-Libertarianism

A.  Traditional Libertarian Philosophy

• Natural Rights philosophers –John Locke, Ayn Rand, The Founders
• Utilitarian philosophers – John Stuart Mill (On Liberty), Herbert Spencer
• “Austrian School” of Economics – Ludwig von Mises, F.A.  Hayek, Murray Rothbard
• Milton Friedman (Free to Choose)
• Robert Nozick – argument for a minimalist state; “utopia of utopias” notion
• Thomas Sowell – critique of “The Vision of the Anointed”
• Richard Epstein – vision of “Simple Rules for a Complex World

B.  Modern Cyber-Libertarian Theorists

• Ithiel de Sola Pool (Technologies of Freedom)
• Alvin Toffler (The Third Wave , Future Shock)
• George Gilder (Microcosm , Telecosm)
• Peter Huber (Law & Disorder in Cyberspace)
• Tom W.  Bell
• Technology Liberation Front bloggers

C.  Internet Exceptionalists[see Sec.  IV below]

• Nicholas Negroponte (Being Digital)
• John Perry Barlow (“Declaration of the Independence of Cyberspace”)
• David Post
• Eric Goldman
• H.  Brian Holland

III. The Contrast with Cyber-Collectivism

A.  Cyber-Collectivism Defined

Cyber-collectivism is the opposite of cyber-libertarianism.  Cyber-collectivism refers to the general belief that cyber-choices should be guided by the State or an elite class according to some amorphous “general will” or “public interest.”  The distant influence of Plato, Rousseau, and Marx can often been seen in the work of cyber-collectivists.

Cyber-collectivism comes in many flavors, however.  “Left”-leaning cyber-collectivists, for example, are more focused on social concerns than economic ones.  Some “Right”-leaning cyber-collectivists are focused on controlling the impact of the Internet on culture or security.  In other words, cyber-collectivism is not as philosophically coherent as cyber-libertarianism—which, though it comes in many flavors, shares a larger core of common agreement

B.  General Relationship to “Information Commons” Movement

There is a close relationship between the Leftist variant of cyber-collectivism and the “digital commons” or “information commons” movement, which generally refers to the belief that digital resources should be shared or perhaps commonly owned instead of held privately—both because cyber-collectivists think this is more equitable and because they generally think such arrangements will ultimately work better.

Cyber-collectivists are typically not Marxists; few of them call for state ownership of the information means of production.  Rather, cyber-collectivists might better be thought of a “cyber social Democrats” (in a European sense) or “Digital New Dealers” (in the American tradition).  They advocate a generous role for law and regulation in many online matters, but do not typically resort to full-blown nationalization.

C. Exponents of Cyber-Collectivism

Some notable cyber-collectivists or information commons adherents (and their key works):

• Lawrence Lessig (Code , Free Culture)
• Tim Wu (Who Controls the Internet?)
• Yochai Benkler (The Wealth of Networks)
• Jonathan Zittrain (The Future of the Internet & How to Stop It)
• David Bollier (Viral Spiral)
• Harvard Berkman Center*
• New America Foundation*
• Public Knowledge*

(*We are, of course, generalizing a bit here. Not everyone in these institutions is a cyber-collectivist and, again, there are many flavors of cyber-collectivism, just as there are many flavors of cyber-libertarianism. Individuals in some of these organizations diverge significantly in attitudes towards technological change and the proper scope of government influence throughout the high-tech sector.)

IV. Relationship Between Cyber-Libertarianism & Internet Exceptionalism

Some non-libertarians occasionally join ranks with cyber-libertarians out of a belief that the Internet is different and deserving of special consideration and care. This is commonly referred to as “Cyber-Exceptionalism” or “Internet Exceptionalism.” John Perry Barlow’s 1996 “Declaration of the Independence of Cyberspace” was probably the earliest (and most extreme) articulation of “Internet Exceptionalism”:

Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather. We have no elected government, nor are we likely to have one, so I address you with no greater authority than that with which liberty itself always speaks. I declare the global social space we are building to be naturally independent of the tyrannies you seek to impose on us. You have no moral right to rule us nor do you possess any methods of enforcement we have true reason to fear. Governments derive their just powers from the consent of the governed. You have neither solicited nor received ours. We did not invite you. You do not know us, nor do you know our world. Cyberspace does not lie within your borders. Do not think that you can build it, as though it were a public construction project. You cannot. It is an act of nature and it grows itself through our collective actions. You have not engaged in our great and gathering conversation, nor did you create the wealth of our marketplaces. You do not know our culture, our ethics, or the unwritten codes that already provide our society more order than could be obtained by any of your impositions. You claim there are problems among us that you need to solve. You use this claim as an excuse to invade our precincts. Many of these problems don’t exist. Where there are real conflicts, where there are wrongs, we will identify them and address them by our means. We are forming our own Social Contract. This governance will arise according to the conditions of our world, not yours. Our world is different.

Similarly, in 1994, The Progress & Freedom Foundation brought together four leading technology visionaries (Esther Dyson, George Gilder, George Keyworth, and Alvin Toffler) to pen A Magna Carta for the Knowledge Age. In that manifesto, the authors argued:

Cyberspace is the land of knowledge, and the exploration of that land can be a civilization’s truest, highest calling. The opportunity is now before us to empower every person to pursue that calling in his or her own way. The challenge is as daunting as the opportunity is great. The Third Wave has profound implications for the nature and meaning of property, of the marketplace, of community and of individual freedom. As it emerges, it shapes new codes of behavior that move each organism and institution—family, neighborhood, church group, company, government, nation—inexorably beyond standardization and centralization, as well as beyond the materialist’s obsession with energy, money and control. Turning the economics of mass-production inside out, new information technologies are driving the financial costs of diversity—both product and personal—down toward zero, “demassifying” our institutions and our culture. Accelerating demassification creates the potential for vastly increased human freedom. It also spells the death of the central institutional paradigm of modern life, the bureaucratic organization. (Governments, including the American government, are the last great redoubt of bureaucratic power on the face of the planet, and for them the coming change will be profound and probably traumatic.)

As that last paragraph suggests, this “Magna Carta” for cyberspace contained some hints of cyber-libertarian thinking, but the general thrust of the document was more generally of the Internet Exceptionalist school of thought.

Internet Exceptionalists are sometime critiqued for sounding like techno-utopians, but it is a mistake to conflate the two. There are not always synonymous.

V. Cyber-Libertarianism’s Early Legal Foundations & Victories

• Section 230 of the Communications Decency Act of 1996 is probably the best example of cyber-exceptionalism in practice. It grants broad immunity to online intermediaries for third party content except for criminal and IP law—breaking with traditional tort liability standards. Specifically, Sec. 230 rejected the “deputization of the middleman” model of liability.
• Overturning of the Communications Decency Act’s indecency & obscenity provisions in Reno v. ACLU decision
• Various court decisions blocking enforcement of the Child Online Protection Act (COPA) of 1999
• The encryption wars & the defeat of the “Clipper Chip”
• The Internet Tax Freedom Act of 1998

VI. Applications: How Cyber-Libertarians Think about Various Policy Issues

• Free speech & online child safety: Favor parental empowerment and industry self-regulation over censorship. “Household standards” should trump “community standards.”
• Privacy policy & online advertising: Privacy is a subjective condition and efforts to regulate to “protect privacy” could have unintended consequences for freedom of speech and the growth of online content and commerce. User empowerment and industry self-regulation represent the superior way to address privacy concerns.
• Net neutrality / infrastructure regulation: “Open access” regulation is nothing more the infrastructure socialism. Network operators should be free to own, operate, and price their systems and services as they see fit, subject only to enforcement of their terms of service and other voluntary disclosures as contracts with their users. New entry and innovation are better alternative to regulating yesterday’s networks and technologies.
• Internet taxation: No special taxes should be imposed on online services or Internet access. To the extent the Net disrupts traditional tax bases that should be seen as an opportunity to reform those tax systems.
• Online gambling: People should be free to do what they want with their money and Internet gambling is likely impossible to shut down entirely anyway, given the nature of the Internet.
• Antitrust: “Market power” and “code failures” are best dealt with by spontaneous evolution of markets and new entry, not bureaucratic micro-management of old technologies or market structures. Regulation often creates, or tends to foster, most monopolies. As Ithiel de Sola Pool once noted, “The force that preserves most monopoly privilege is law… most would vanish in the absence of enforcement.”
• IP issues: Cyber-libertarians are deeply divided over IP issues (especially copyright) and this reflects a long-standing division within libertarian ranks on these issues more generally. Some believe IP rights are a natural extension of traditional property rights and/or a sensible way to incentivize scientific and artistic creativity. Others believe no one has a right to “property-tize” intangible creations or that copyright is simply industrial protectionism. And there are many views in between.

VII. Prospects for Cyber-Libertarianism

A. The Pessimistic View

• Government’s will quash online freedom and bring the Internet under their thumbs.
• Regulatory efforts are expanding at a breathtaking pace and will not slow anytime soon.

B. The Optimistic View

• “Technologies of Freedom” (tools and methods to avoid online regulation, censorship and control) will ultimately triumph.
• Technology is evolving faster than government’s ability to regulate it.

VIII. Related Reading on Cyber-Libertarianism & Internet Exceptionalism

• John Perry Barlow, Declaration of the Independence of Cyberspace (1996).
• Tom W. Bell, Free Speech, Strict Scrutiny, and Self-Help: How Technology Upgrades Constitutional Jurisprudence , 87 U. Minn. L. Rev. 743 (2003).
• Esther Dyson, George Gilder, George Keyworth, & Alvin Toffler, The Progress & Freedom Foundation, A Magna Carta for the Knowledge Age (1994).
• Eric Goldman, The Third Wave of Internet Exceptionalism, Santa Clara Magazine (Winter 2008).
• H. Brian Holland, In Defense of Online Intermediary Immunity: Facilitating Communities of Modified Exceptionalism, Kansas L. Rev. (2007).
• Peter Huber, Law & Disorder in Cyberspace: Abolish the FCC and Let Common Law Rule the Telecosm (1997).
• Ithiel de Sola Pool, Technologies of Freedom (1983).
• David Post, In Search of Jefferson’s Moose: Notes on the State of Cyberspace (2009).
• Adam Thierer, The Pragmatic Internet Optimist’s Creed, Technology Liberation Front Blog (Nov. 11, 2008).
• Technology Liberation Front Blog, About the Technology Liberation Front (August 2004, revised 2008).

Cyber-Libertarianism: The Case for Real Internet Freedom [Ver 1.0 – Thierer & Szoka] http://d.scribd.com/ScribdViewer.swf?document_id=18490847&access_key=key-14tt6eb4f2cdcil8wnf2&page=1&version=1&viewMode=

What Unites Advocates of Speech Controls & Privacy Regulation? [pdf]

by Adam Thierer & Berin Szoka The Progress & Freedom Foundation, Progress on Point No. 16.19

Anyone who has spent time following debates about speech and privacy regulation comes to recognize the striking parallels between these two policy arenas. In this paper we will highlight the common rhetoric, proposals, and tactics that unite these regulatory movements. Moreover, we will argue that, at root, what often animates calls for regulation of both speech and privacy are two remarkably elitist beliefs:

1. People are too ignorant (or simply too busy) to be trusted to make wise decisions for themselves (or their children); and/or,
2. All or most people share essentially the same values or concerns and, therefore, “community standards” should trump household (or individual) standards.

While our use of the term “elitism” may unduly offend some understandably sensitive to populist demagoguery, our aim here is not to launch a broadside against elitism as Time magazine culture critic William H. Henry once defined it: “The willingness to assert unyieldingly that one idea, contribution or attainment is better than another.”^[1] Rather, our aim here is to critique that elitism which rises to the level of political condescension and legal sanction. We attack not so much the beliefs of some leaders, activists, or intellectuals that they have a better idea of what it in the public’s best interest than the public itself does, but rather the imposition of those beliefs through coercive, top-down mandates.

That sort of elitism—elitism enforced by law—is often the objective of speech and privacy regulatory advocates. Our goal is to identify the common themes that unite these regulatory movements, explain why such political elitism is unwarranted, and make it clear how it threatens individual liberty as well as the future of free and open Internet. As an alternative to this elitist vision, we advocate an empowerment agenda: fostering an environment in which users have the tools and information they need to make decisions for themselves and their families.

I. The Elitism of Speech Regulation

First, consider how those two elitist beliefs identified above are on display when lawmakers or regulatory advocates make efforts to control speech or content.^[2] Calls to regulate free speech are often premised on the belief that something must be done to “protect The Children.”^[3] Personal and parental responsibility ^[4] are regarded as inadequate safeguards ^[5] since some parents will inevitably fall down on the job by not adequately shielding their children’s eyes and ears from potentially objectionable (or supposedly harmful) speech. Therefore, government must regulate content that is indecent, profane, excessively violent, and so on. The definition of those things is then left to unelected bureaucrats and judges to make on our behalf.

But it’s not just about “The Children.” Some regulatory advocates believe that even the choices made by consenting adults must be disregarded because some people fail to understand the supposedly destructive nature of the speech they are consuming. Government must act to protect people from making what some regulatory advocates regard as destructive or even immoral choices that could bring harm to them or their loved ones.

In sum, regulatory advocates are essentially saying that people cannot be trusted or left to their own devices and, therefore, government must intervene and establish a baseline “community standard” on behalf of the entire citizenry to tell them what‘s best for them.^[6] Even if those citizens have tools and information at their disposal to make sensible decisions about objectionable content, that’s not good enough because they might not do the job properly. Government must do it for them!

II. The Elitism of Privacy Regulation

This same mentality motivates calls for privacy regulations. Those who call for government interventions to “protect privacy” often claim that people too willingly surrender personal information about themselves and that they don’t understand the adverse consequences of those actions.^[7] Alternatively, regulatory advocates claim that advertising and marketing efforts are inherently “manipulative” and that people do not realize they are being duped into surrendering personal information or into buying products or services they supposedly don’t need.^[8] Of course, those regulatory advocates rarely pause to explain to us how it is that they were not also duped and manipulated by the same things—again revealing their deeply-rooted elitism! (As discussed below, this makes it clear how the psychological phenomenon of “third-person effect hypothesis” is driving much of this debate.)

“Protecting The Children” is also used as a rhetorical cover for regulation here, but not as often in debates over speech controls.^[9] Instead, regulatory advocates mostly focus on adults who are presumed not to know what is in their own best interest—necessitating paternalistic government intervention on their behalf.

III. Intellectual Schizophrenia on Both the Left & Right

What is particularly interesting about all this is the way these two issues expose a sort of intellectual schizophrenia at work on both the Left and Right of the political spectrum. Left-leaning policymakers and intellectuals typically decry censorship efforts (except where “commercial speech,” “hate speech” and “bias” are at issue), but are quick to rally around proposals to layer privacy regulations on the Internet. The opposite is often true of many on the Right of the political spectrum: They typically declare privacy regulations to be paternalistic and antithetical to free enterprise (or perhaps just erosive of efforts to legislate morality),^[10] but in the next breath advocate controls on content they find objectionable.

Few on either side stop to consider the relationship between speech and privacy. In fact, they are but two sides of the same coin. After all, what is your “right to privacy” but a right to stop me from observing you and speaking about you?^[11] “Protecting privacy,” therefore, typically means restricting speech rights in the process. Advocates of privacy regulation often insist that the use, processing and collection of information are “conduct” unprotected by the First Amendment, but in fact, the First Amendment broadly protects the gathering and distribution of information as part of the process of communication (“speech”).^[12] Similarly, attempts to “clean up” speech or “protect The Children,” often require regulations that would betray the privacy of adults by expanding the role of government, and impose serious burdens on businesses and markets—such as age verification mandates ^[13] or extensive data retention requirements.^[14]

IV. Common Tactics & Regulatory Mechanisms

The two movements also share common political tactics and regulatory approaches. Privacy advocates generally favor “opt-in” mandates as the federal “baseline standard” for any website collecting information about users, especially their browsing habits (regardless of whether the information is “personally identifiable”). In other words, the law would create a property right in such “personal information” (ironically, many advocates of this approach criticize or reject intellectual property.) In a similar vein, many advocates of speech controls push for mandatory parental control tools or restrictive default settings.^[15] That is, if government won’t censor speech outright, regulatory advocates want lawmakers to at least (1) require that media, computing and communications devices be shipped to market with parental controls embedded or included (as proposed in Australia and with China’s “Green Dam” filter),^[16] and possibly, (2) that such controls be defaulted to their most restrictive position—forcing users to opt-out of the controls later if they want to consume media rated above a certain threshold.

More sophisticated advocates of speech controls and privacy regulation will likely argue that their paternalism is less elitist or intrusive because they merely want to “nudge” the public into making “better” decisions. Economist Richard Thaler and legal scholar Cass Sunstein (director of President Obama’s Office of Information and Regulatory Affairs, responsible for analyzing most new federal regulations) popularized this approach with their 2008 book Nudge: Improving Decisions about Health, Wealth, and Happiness. Based on behavioral economics studies, they argue that both government and private actors must inevitably make decisions about “choice architecture” and that, by setting defaults, incentives and rules smartly, “choice architects” can and should improve decision-making without blocking, fencing-off or significantly burdening choices.^[17]

In this regard, Sunstein and Thaler’s approach parallels the work of Lawrence Lessig, one of the most influential Internet policy thinkers. Lessig has argued that the “architecture” of “code” (how software is written) “regulates” all online activities and requires government oversight and intervention to keep in check. Otherwise, he warned ominously a decade ago, “Left to itself, cyberspace will become a perfect tool of control.”^[18] Lessig’s hyper-pessimistic predictions have proven unwarranted, however. Far from fostering a world of “perfect control,” code and cyberspace have proven remarkably difficult to regulate, but nonetheless has generally benefited consumers and citizens without centralized direction.^[19] Still, Lessig, Sunstein, and others of this ilk persist in their advocacy of “nudges” of many varieties to impose their will on cyberspace through mandates from above.

But while it might be possible to define “better decisions” and argue that poor choice architecture leads people to choose things they clearly don’t want in contexts like investment decisions and mortgages, how can elites know what other people really want in highly subjective contexts like privacy and speech? Should they rely on opinion polls—the highly subjective results of which depend heavily on “choice architecture” of question-crafting—to guess what the right default should be?^[20] Was the Chinese proposal to mandate deployment of “Green Dam” just a harmless “nudge” because users weren’t barred from uninstalling the filtering software that must accompany their computers (i.e., “opting-out”)? The problem becomes even more difficult where trade-offs among competing values are inevitable. For example, data collection about Internet users raises privacy concerns for some but benefits all, creating more funding for “free” content (i.e., speech) and services users prefer by making more valuable the advertising that supports online publishers. In short, regulations of speech and privacy are likely to be pure paternalism, even when billed as “libertarian paternalism as Thaler and Sunstein label their approach.^[21]

What might be called “regulatory blackmail” is also a time-honored tradition among both advocates of speech controls and privacy regulation. When censorship advocates have previously been impeded by the First Amendment, they have worked behind the scenes with lawmakers or regulatory agencies to use indirect pressure and strong-arming tactics to extract “voluntary concessions” from companies or others.^[22] For example, in 2004, the FCC strong-armed radio giant Clear Channel into agreeing to a “voluntary” consent decree that involved taking Howard Stern off the air.^[23] Similarly, in 2008, XM and Sirius Satellite Radio finally agreed to set aside 4% of their system capacity for use by politically favored racial minorities (a kind of speech control) as a “voluntary condition” of their merger—after the FCC had sat on their application for nearly 16 months.^[24] This race-based preference would have been unconstitutional if the FCC had imposed it directly.^[25] While the FTC has been far less prone to such abuse and actually plays a key role in holding companies to their promises, its current Chairman, Jon Leibowitz, has hung the “regulatory sword of Damocles” over the heads of the online advertising industry, threatening them with a “day of reckoning” if he doesn’t get what he wants from industry self-regulatory efforts.”^[26] The sword could actually fall if the FTC turns self-regulation into the European model of “co-regulation,” where the government steers and industry simply rows.^[27]

V. The Crisis Mentality that Drives Regulation

Speech and privacy regulatory advocates share another trait in common: an affinity for the use of a crisis mentality as a method of spurring political action. In his 1995 book The Vision of the Anointed: Self-Congratulation as a Basis for Social Policy, political philosopher and economist Thomas Sowell formulated a model that he argued drives ideological crusades to expand government power over our lives and economy. “The great ideological crusades of the twentieth-century intellectuals have ranged across the most disparate fields,” noted Sowell. But what they all had in common, he argued, was “their moral exaltation of the anointed above others, who are to have their different views nullified and superseded by the views of the anointed, imposed via the power of government.”^[28] These government-expanding crusades shared several key elements, which Sowell identified as follows:

1. Assertion of a great danger to the whole society, a danger to which the masses of people are oblivious.
2. An urgent need for government action to avert impending catastrophe.
3. A need for government to drastically curtail the dangerous behavior of the many, in response to the prescient conclusions of the few.
4. A disdainful dismissal of arguments to the contrary as either uninformed, irresponsible, or motivated by unworthy purposes.

We see this model at work on a daily basis today with our government’s various efforts to reshape our economy, but the model is equally applicable to debates over speech controls and privacy regulation. In particular, the various “technopanics”^[29] we have witnessed in recent years fit this model. For example, consider how this model plays out in the debate over online social networking:

1. Assertion of a great danger to the whole society [online sexual predators], a danger to which the masses of people are oblivious.
2. An urgent need for government action [such as mandatory online age verification ^[30] or the Deleting Online Predators Act ^[31]] to avert impending catastrophe.
3. A need for government to drastically curtail the dangerous behavior of the many [must stop kids and adults from being online together on same sites], in response to the prescient conclusions of the few [some state Attorneys General].^[32]
4. A disdainful dismissal of arguments to the contrary as either uninformed, irresponsible, or motivated by unworthy purposes [child safety researchers and others are told that their research is meaningless or offbase].^[33]

We also see this model in play in other debates, such as efforts to regulate “excessively violent” video games and television programming.^[34] And consider how this model plays out on the privacy front:

1. Assertion of a great danger to the whole society [amorphous privacy violations], a danger to which the masses of people are oblivious.
2. An urgent need for government action [“baseline federal privacy regulation”] to avert impending catastrophe.
3. A need for government to drastically curtail the dangerous behavior of the many [anyone who shares information online], in response to the prescient conclusions of the few [a handful of privacy advocacy groups].
4. A disdainful dismissal of arguments to the contrary as either uninformed, irresponsible, or motivated by unworthy purposes [any suggestion that privacy concerns are being overblown and that most information-sharing is socially beneficial is dismissed out-of-hand].

Worse yet, regulatory intervention in these cases simply begets more and more intervention to correct the inevitable failures of, or dissatisfaction with, previous interventions.^[35] Thus, the “crisis” cycle never ends.

VI. Third-Person Effect Hypothesis as an Explanation

Something more profound than simple political elitism seems to be at work here, however. A phenomenon psychologists refer to as the “third-person effect hypothesis” can explain many calls for government intervention, especially in the media world.^[36] Simply stated, speech and privacy critics sometimes seem to only see and hear in media or communications what they want to see and hear—or what they don’t want to see or hear. When they encounter perspectives or preferences that are at odds with their own, they are more likely to be concerned about the impact of those things on others throughout society and come to believe that government must “do something” to correct those perspectives. Many people desire regulation because they think it will be good for others, not necessarily for themselves. The regulation they desire has a very specific purpose in mind: “re-tilting” speech or market behavior in their desired direction.

The third-person effect hypothesis was first formulated by W. Phillips Davison in a seminal 1983 article:

In its broadest formulation, this hypothesis predicts that people will tend to overestimate the influence that mass communications have on the attitudes and behavior of others. More specifically, individuals who are members of an audience that is exposed to a persuasive communication (whether or not this communication is intended to be persuasive) will expect the communication to have a greater effect on others than on themselves.^[37]

Davison used this hypothesis to explain how media critics on both the Left and Right seemed to simultaneously find “bias” in the same content or reports when they couldn’t possibly both be correct. In reality, their own personal preferences were biasing their ability to fairly evaluate that content. Davison’s article prompted further research by many other psychologists, social scientists, and public opinion experts to test just how powerful this phenomenon was in explaining calls for censorship and other social phenomena.^[38] In these studies, third-person effect has been shown to be the primary explanation for why many people fear—or even want to ban—various types of speech or expression, including news,^[39] misogynistic rap lyrics,^[40] television violence,^[41] video games,^[42] and pornography.^[43] In each case, the subjects surveyed expressed strong misgivings about allowing others to see or hear too much of the speech or expression in question, but greatly discounted the impact of that speech on themselves. Such studies thus reveal the strong paternalistic instinct behind proposals to regulate speech. As Davison notes:

Insofar as faith and morals are concerned… it is difficult to find a censor who will admit to having been adversely affected by the information whose dissemination is to be prohibited. Even the censor’s friends are usually safe from the pollution. It is the general public that must be protected. Or else, it is youthful members of the general public, or those with impressionable minds.^[44]

It’s easy to see how this same phenomenon is at work in debates about privacy. Regulatory advocates imagine their preferences are “correct” (right for everyone) and that the masses are being duped by external forces beyond their control or comprehension, even though the advocates themselves are somehow immune from the brain-washing and privy to some higher truth that the hoi polloi simply cannot fathom. Again, this is Sowell’s “Vision of the Anointed” at work.

Consider the flare-up in 2004 over the introduction of Gmail, Google’s free email service. At a time when Yahoo! mail (then as now the leading webmail provider) offered customers less than 10 megabytes of email storage, Gmail offered an astounding gigabyte of storage that would grow over time (now over 7 GB). Rather than charging some users for more storage or special features, Google paid for the service by showing advertisements next to each email “contextually” targeted to keywords in that email—a far more profitable form of advertising than “dumb banner” ads previously used by other webmail providers.^[45] Self-appointed (or, to extend Sowell’s framework, “self-anointed”) privacy advocates howled that Google was going to “read users’ email,” and led a crusade to ban such algorithmic contextual targeting.^[46] Thierer responded to these critics by pointing out that the service was purely voluntary and noted:

you don’t speak for me and a lot of other people in this world who will be more than happy to cut this deal with Google. So do us a favor and don’t ask the government to shut down a service just because you don’t like it. Privacy is a subjective condition and your value preferences are not representative of everyone else’s values in our diverse nation. Stop trying to coercively force your values and choices on others. We can decide these things on our own, thank you very much.^[47]

Interestingly, however, the frenzy of hysterical indignation about Gmail was followed by a collective cyber-yawn: Users increasingly understood that algorithms, not humans, were doing the “reading” and that, if they didn’t like it, they didn’t have to use it. Today, nearly 150 million of people around the world use Gmail, and it has a steadily growing share of the webmail market. Even though cyber-consumers have embraced the service, some privacy advocates persist in their effort to shut down Gmail. They appear determined to stop at nothing to impose their will on others—the essence of political elitism—even if that means cutting off free email service for 150 million people!^[48]

A similar debate has played out more recently regarding targeted online advertising in general. Advertising on search engines is, much like Gmail, targeted “contextually” based on search terms entered by users and most advertising on other websites is based on the nature of content on a site or page. But certain data is collected about users as they browse to make that advertising more effective—by measuring its performance, reducing fraud, preventing over-exposure, etc. Some privacy advocates have insisted that industry self-regulation of such practices (even if enforced by the FTC) is inadequate and have called for preemptive regulation. They are even more offended by “behavioral advertising” which allows publishers whose content would have little value as the basis for contextually targeting advertising on their own sites to compete for more highly valued advertising by showing ads to users based on other sites they’ve visited. In both cases, data collection can increase the funding available to publishers to produce more of the content and services preferred by users, thus conferring an enormous indirect benefit on users, but also directly benefits users by increasing the relevance of the advertising they see.^[49] For some of the more extreme advocates of privacy regulation, however, there are no trade-offs, only absolutist “solutions:” To them, privacy is so obviously desirable that they feel at ease in deciding what’s best for everyone else. Such absolutists often respond with righteous indignation and conspiratorial fulmination when challenged to identify the harm against which they’re protecting consumers, while disdainfully dismissing all talk of the benefits of online advertising as self-serving industry propaganda.^[50]

VII. The Principled Alternative: Trust People & Empower Them

There is an alternative to this elitist mentality: freedom and personal responsibility. Individuals should be permitted to live a life of their own, even if they sometimes make mistakes or choices that are at odds with what elites think is best for them. ^[51]

Of course, the world isn’t perfect. In an ideal world, adults would be fully empowered to tailor speech and privacy decisions to their own values and preferences. Specifically, in an ideal world, adults (and parents) would have (1) the information necessary to make informed decisions and (2) the tools and methods necessary to act upon that information. Importantly, those tools and methods would give them the ability to not only block the things they don’t like—objectionable content, annoying ads or the collection of data about them—while also finding the things they want.

Achieving that ideal is likely impossible, but the good news is that we are moving closer to it with each passing day. Citizens have more tools and methods at their disposal than ever before which enable them to make decisions for themselves and their families. And this is true for both parental controls ^[52] and privacy controls.^[53]

Of course, some speech and privacy elitists will argue that we can’t trust empowerment tools ( e.g., filters, rating systems, or other controls) that are created by companies or other affected parties. But rather than trying to enhance those tools and educate users about how to use them, these elitists skip right past user empowerment and channel their energies into regulations that would impose a top-down, one-size-fits all standard on all adults and families—or even into trying to craft the perfect “nudge” that will help users make what elites believe to be the “right” decisions. Of course, these tools can, and should, be improved. Those groups worried about speech/content and privacy issues should focus on how we might drive such protections from the bottom-up by empowering individuals instead of government bureaucrats. The goal in both cases should be a “let-a-thousand-flowers-bloom” approach, which offers diverse tools and strategies for our diverse citizenry.^[54] We need not accept “one-size-fits” all approaches, whether they be regulatory mandates or “nudges,” based on the presumption that elites know best.

Finally, it is vital not to lose sight of what’s ultimately at stake here. If regulatory approaches trump the empowerment agenda we have described, the future of a free and open Internet—indeed, as technology converges, the future of all media—is at risk.^[55] By imposing technological solutions from the top-down that can never keep pace with technological change, regulation necessarily forecloses freedom and innovation.^[56] By contrast, individual empowerment allows innovation to flourish. The better approach across the board is education, not regulation.^[57] Empowerment, not elitism, is the path forward. The digital elite should be leading this effort by developing and promoting technologies of empowerment, not crafting regulatory mandates to force their will upon us.^[58]

#

Adam Thierer is a Senior Fellow with The Progress & Freedom Foundation and the director of its Center for Digital Media Freedom. Berin Szoka  is a Senior Fellow with PFF and the Director of PFF’s Center for Internet Freedom.

[1] . William A. Henry, In Defense of Elitism (1995) at 2-3.

[2] . See Adam Thierer, The Progress & Freedom Foundation, Congress, Content Regulation, and Child Protection: The Expanding Legislative Agenda, Progress Snapshot 4.4, Feb. 2008, www.pff.org/issues-pubs/ps/2008/ps4.4childprotection.html. Like American courts, we use the term “speech” as a broad catch-all for communications, including both actual speaking as well as other forms of transmitting, as well as receiving, information (“content”).

[3] . See generally Adam Thierer, Don’t Scapegoat Media, USA Today, Dec. 4, 2008, www.pff.org/issues-pubs/ps/2008/ps4.24scapegoatmedia.html; Marjorie Heins, Not in Front of the Children, “Indecency,” Censorship, and the Innocence of Youth (2001); Karen Sternheimer, It’s Not the Media: The Truth about Pop Culture’s Influence on Children (2003); Karen Sternheimer, Kids These Days: Facts and Fictions about Today’s Youth (2006).

[4] . See Adam Thierer, The Progress & Freedom Foundation, FCC Violence Report Concludes that Parenting Doesn’t Work, PFF Blog, Apr. 26, 2007, http://blog.pff.org/archives/2007/04/fcc_violence_re.html.

[5] . See Adam Thierer, The Progress & Freedom Foundation, Sen. Rockefeller Gives Up on Parenting at Senate Violence Hearing, PFF Blog, June 26, 2007, blog.pff.org/archives/2007/06/sen_rockefeller_1.html.

[6] . Adam Thierer, Conservatives, Porn, and “Community Standards,” The Technology Liberation Front, March 2, 2009, http://techliberation.com/2009/03/02/conservatives-porn-and-community-standards.

[7] . Berin Szoka & Adam Thierer, The Progress & Freedom Foundation, Online Advertising & User Privacy: Principles to Guide the Debate, Progress Snapshot 4.19, Sept. 2008, www.pff.org/issues-pubs/ps/2008/ps4.19onlinetargeting.html.

[8] . Jeff Chester, for decades the great gadfly of American advertising, has decried “the system … developed to track each and every one of us and our behavior for one-on-one marketing efforts” as “manipulative, intrusive and un-democratic.” Wendy Melillo, Q&A: Chester Writes the Book on Privacy, Dec. 11, 2007, www.gfem.org/node/227. For instance, Chester and other leading “privacy advocates” ridicule the idea of smart phones as a “liberating technology” and insist that,

Despite the glowing words about customization and personalized service, what marketers and advertisers are increasingly offering consumers is merely the illusion of free choice. Mobile operators offer their various options and services, not on an individual basis, but preconfigured according to segmented demographic profiles.

Center for Digital Democracy and U.S. Public Interest Research Group, Complaint and Request for Inquiry and Injunctive Relief Concerning Unfair and Deceptive Mobile Marketing Practices, Jan. 13, 2009 (emphasis original), www.democraticmedia.org/files/FTCmobile_complaint0109.pdf. See generally Berin Szoka & Adam Thierer, The Progress & Freedom Foundation, Targeted Online Advertising: What’s the Harm & Where Are We Heading?, Progress on Point 16.2, Feb. 2009, www.pff.org/issues-pubs/pops/2009/pop16.2targetonlinead.pdf.

[9] . Berin Szoka & Adam Thierer, The Progress & Freedom Foundation, COPPA 2.0: The New Battle over Privacy, Age Verification, Online Safety & Free Speech, Progress on Point 16.11, May 2009, www.pff.org/issues-pubs/pops/2009/pop16.11-COPPA-and-age-verification.pdf.

[10] . The Supreme Court has used a “right to privacy” to strike down laws against the use of contraception by married couples, Griswold v Connecticut, 381 U.S. 479 (1965), and abortion, Roe v. Wade, 410 U.S. 113 (1973).

[11] . Eugene Volokh, Freedom of Speech and Information Privacy: The Troubling Implications of a Right to Stop People From Speaking About You, 52 Stanford L. Rev. 1049 (2000), available at www.pff.org/issues-pubs/pops/pop7.15freedomofspeech.pdf.

[12] . See , Amicus Brief for Association Of National Advertisers, Cato Institute, Coalition For Healthcare Communication, Pacific Legal Foundation And The Progress & Freedom Foundation In Support Of Appellants, IMS Health v. Sorrell, No. 09-1913-cv(L), 09-2056-cv(CON) (2nd Cir. 2009), available at www.pff.org/issues-pubs/filings/2009/071309-Brief-Amici-Curiae-ANA-et-al-Second-Circuit-(09-1913-cv).pdf.

[13] . See Adam Thierer, The Progress & Freedom Foundation, Social Networking and Age Verification: Many Hard Questions; No Easy Solutions, Progress on Point No. 14.5, March 2007, www.pff.org/issues-pubs/ pops/pop14.8ageverificationtranscript.pdf; www.pff.org/issues-pubs/pops/pop14.5ageverification.pdfAdam Thierer, The Progress & Freedom Foundation, Statement Regarding the Internet Safety Technical Task Force’s Final Report to the Attorneys General, Jan. 14, 2008, www.pff.org/issues-pubs/other/090114ISTTFthiererclosingstatement.pdf; Nancy Willard, Why Age and Identity Verification Will Not Work—And is a Really Bad Idea, Jan. 26, 2009, www.csriu.org/PDFs/digitalidnot.pdf; Jeff Schmidt, Online Child Safety: A Security Professional’s Take, The Guardian, Spring 2007, www.jschmidt.org/AgeVerification/Gardian_JSchmidt.pdf.

[14] . Adam Thierer, The Progress & Freedom Foundation, Mandatory Data Retention: How Much is Appropriate, PFF Blog, June 26, 2006, http://blog.pff.org/archives/2006/06/mandatory_data.html

[15] . Adam Thierer, The Progress & Freedom Foundation, The Perils of Mandatory Parental Controls and Restrictive Defaults, Progress on Point 14.4, Apr. 11, 2008, www.pff.org/issues-pubs/pops/2008/pop15.4defaultdanger.pdf.

[16] . Adam Thierer, China’s Green Dam Filter and the Threat of Rising Global Censorship, PFF Blog, June 17, 2009, http://blog.pff.org/archives/2009/06/chinas_green_dam_filter_and_threat_of_rising_globa.html

[17] . They define choice architecture as follows: “A structure designed by a choice architect(s) to improve the quality of decisions made by homo sapiens. Often invisible, choice architecture is the specific user-friendly shape of an organization’s policy or physical building when homo sapiens come into contact with it. Examples of choice architecture include a voter ballot, a procedure for handling well-meaning people who forget a deadline, or a skyscraper.” Nudge Glossary of Terms, www.nudges.org/glossary.cfm.

[18] . Lawrence Lessig, Code and Other Laws of Cyberspace (1999) at 6.

[19] . See Adam Thierer, Code, Pessimism, and the Illusion of “Perfect Control,” Cato Unbound, May 2009, www.cato-unbound.org/2009/05/08/adam-thierer/code-pessimism-and-the-illusion-of-perfect-control

[20] . See Solveig Singleton & Jim Harper, With A Grain of Salt: What Consumer Privacy Surveys Don’t Tell Us, 2001, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=299930.

[21] . As Cato Institute scholar Will Wilkinson has argued, the book’s “agreeably banal doctrine of choice-preserving helpfulness” blurs the lines between paternalism and libertarianism, and thus “the thrust of the conceptual renovation behind the term libertarian paternalism is to empower, not limit, political elites.” Why Opting Out Is No “Third Way,” Reason, October 2008, www.reason.com/news/show/128916.html. See also Adam Thierer, The Progress & Freedom Foundation, Sunstein’s “Libertarian Paternalism” is Really Just Paternalism, PFF Blog, April 7, 2008, http://blog.pff.org/archives/2008/04/sunsteins_liber.html.

[22] . See Robert Corn-Revere, “’Voluntary’ Self-Regulation and the Triumph of Euphemism,” in Rationales & Rationalizations: Regulating the Electronic Media (Robert Corn-Revere, ed., 1997), at 183-208.

[23] . Telecom Policy Report, Commission Settles Indecency Charges, But At What Cost?, June 30, 2004, http://findarticles.com/p/articles/mi_m0PJR/is_25_2/ai_n6091525.

[24] . See Adam Thierer, XM-Sirius, Regulatory Blackmail, and Diversity, June 17, 2008, http://blog.pff.org/archives/2008/06/xmsirius_regula.html.

[25] . See Comments of W. Kenneth Ferree on Implementation of Sirius-XM Merger Condition, The Progress & Freedom Foundation, MB Docket No. 07-57, March 30, 2009, www.pff.org/issues-pubs/filings/2009/033009siriusXMconditionfiling.pdf.

[26] . See Szoka & Adam Thierer, supra note 8 at 3.

[27] . See id. at 2.

[28] . Thomas Sowell, The Vision of the Anointed: Self-Congratulation as a Basis for Social Policy (1995) at 5.

[29] . Alice Marwick, To Catch a Predator? The MySpace Moral Panic, First Monday, Vol. 13, No. 6-2, June 2008, www.uic.edu/htbin/cgiwrap/bin/ojs/index.php/fm/article/view/2152/1966; Wade Roush, The Moral Panic over Social Networking Sites, Technology Review, Aug. 7, 2006, www.technologyreview.com/communications/17266; Anne Collier, Why Techopanics are Bad, Net Family News, April 23, 2009, www.netfamilynews.org/2009/04/why-technopanics-are-bad.html; Adam Thierer, Parents, Kids & Policymakers in the Digital Age: Safeguarding Against ‘Techno-Panics,’ Inside ALEC, July 2009, at 16-17, www.alec.org/am/pdf/Inside_July09.pdf; Adam Thierer, Progress & Freedom Foundation, Technopanics and the Great Social Networking Scare, PFF Blog, June 10, 2008, http://techliberation.com/2008/07/10/technopanics-and-the-great-social-networking-scare.

[30] . Supra note 13.

[31] . In the 109th Congress, former Rep. Michael Fitzpatrick (R-PA) introduced the Deleting Online Predators Act (DOPA), which proposed a ban on social networking sites in public schools and libraries. DOPA passed the House of Representatives shortly thereafter by a lopsided 410-15 vote, but failed to pass the Senate. The measure was reintroduced just a few weeks into the 110th Congress by Senator Ted Stevens (R-AK), the ranking minority member and former chairman of the Senate Commerce Committee. It was section 2 of a bill that Sen. Stevens sponsored titled the “Protecting Children in the 21st Century Act” (S. 49), but was later removed from the bill. See Declan McCullagh, Chat Rooms Could Face Expulsion, CNet News.com, July 28, 2006, http://news.com.com/2100-1028_3-6099414.html?part=rss&tag=6099414&subj=news.

[32] . See Emily Steel & Julia Angwin, MySpace Receives More Pressure to Limit Children’s Access to Site, Wall Street Journal, June 23, 2006, online.wsj.com/public/article/SB115102268445288250-YRxkt0rTsyyf1QiQf2EPBYSf7iU_20070624.html; Susan Haigh, Conn. Bill Would Force MySpace Age Check, Yahoo News.com, March 7, 2007, www.msnbc.msn.com/id/17502005.

[33] . See, e.g., Letter of Henry McMaster, Attorney General, South Carolina to Attorney General Richard Blumenthal and Attorney General Roy Cooper Regarding Internet Safety Task Force (“ISTTF”) Report, January 14, 2009, www.scag.gov/newsroom/pdf/2009/internetsafetyreport.pdf

[34] . See Adam Thierer, The Progress & Freedom Foundation, Video Games and “Moral Panic,” PFF Blog, Jan. 23, 2009, http://blog.pff.org/archives/2009/01/video_games_and_moral_panic.html ; Adam Thierer, The Progress & Freedom Foundation, Fact and Fiction in the Debate over Video Game Regulation, Progress Snapshot 13.7, March 2006, www.pff.org/issues-pubs/pops/pop13.7videogames.pdf.

[35] . “All varieties of interference with the market phenomena not only fail to achieve the ends aimed at by their authors and supporters, but bring about a state of affairs which—from the point of view of their authors’ and advocates’ valuations—is less desirable than the previous state affairs which they were designed to alter. If one wants to correct their manifest unsuitableness and preposterousness by supplementing the first acts of intervention with more and more of such acts, one must go farther and farther until the market economy has been entirely destroyed and socialism has been substituted for it.” Ludwig von Mises, Human Action, at 858 (3rd ed. 1963) (1949).

[36] . See generally Adam Thierer, The Progress & Freedom Foundation, Media Myths: Making Sense of the Debate over Media Ownership (2005) at 119-123, www.pff.org/issues-pubs/books/050610mediamyths.pdf (Explaining how the third-person effect serves as a powerful explanation for the heated backlash that followed an FCC effort to moderately liberalize media ownership rules in 2003-04).

[37] . W. Phillips Davison, The Third-Person Effect in Communication, 47 Public Opinion Quarterly 1, Spring 1983, at 3.

[38] . For the best overview of third-person effect research, see Douglas M. McLeod, Benjamin H. Detenber, and William P. Eveland., Jr., Behind the Third-Person Effect: Differentiating Perceptual Processes for Self and Other, 51 Journal of Communication, Vol. 51, No. 4, 2001, at 678-695.

[39] . Vincent Price, David H. Tewksbury & Li-Ning Huang, Third-person Effects of News Coverage: Orientations Toward Media, Journalism & Mass Communications Quarterly, Vol. 74, at 525-540.

[40] . Douglas M. McLeod, William P. Eveland & Amy I. Nathanson, Support for Censorship of Violent and Misogynic Rap Lyrics: And Analysis of the Third-Person Effect, Communications Research, Vol. 24, 1997, at 153-174.

[41] . Hernando Rojas, Dhavan V. Shah, and Ronald J. Faber, For the Good of Others: Censorship and the Third-Person Effect, International Journal of Public Opinion Research, Vol. 8, 1996, at 163-186.

[42] . James D. Ivory, Addictive, But Not For Me: The Third-Person Effect and Electronic Game Players’ Views Toward the Medium’s Potential for Dependency and Addiction, University of North Carolina at Chapel Hill, School of Journalism and Mass Communication, Aug. 2002.

[43] . Albert C. Gunther, Overrating the X-rating: The Third-person Perception and Support for Censorship of Pornography, Journal of Communication, Vol. 45, No. 1, 1995, at 27-38

[44] . Supra note 37 at 14. Along these lines, a December 2004 Washington Post article documented the process by which the Parents Television Council, a vociferous censorship advocacy group, screens various television programming. One of the PTC screeners interviewed for the story talked about the societal dangers of various broadcast and cable programs she rates, but then also noted how much she personally enjoys HBO’s “The Sopranos” and “Sex and the City,” as well as ABC’s “Desperate Housewives.” Apparently, in her opinion, what’s good for the goose is not good for the gander! See Bob Thompson, Fighting Indecency, One Bleep at a Time, The Washington Post, Dec. 9, 2004, at C1, www.washingtonpost.com/wp-dyn/articles/A49907-2004Dec8.html.

[45] . See Chris Anderson, Free: The Future of a Radical Price at 112-118 (2009).

[46] . See Letter from Chris Jay Hoofnagle, Electronic Privacy Information Center, Beth Givens, Privacy Rights Clearinghouse, Pam Dixon, World Privacy Forum, to California Attorney General Lockyer, May 3, 2004, http://epic.org/privacy/gmail/agltr5.3.04.html.

[47] . See email from Adam Thierer to Declan McCullaugh on Politech Email discussion group, April 30, 2004, http://lists.jammed.com/politech/2004/04/0083.html (emphasis added).

[48] . See Complaint and Request for Injunction of the Electronic Privacy Information Center against Google, Inc., March 17, 2009, http://epic.org/privacy/cloudcomputing/google/ftc031709.pdf; see also Ryan Radia, Should the FTC Shut Down Gmail and Google Docs Because of an Already-Fixed Bug?, Technology Liberation Front Blog, March 18, 2009, http://techliberation.com/2009/03/18/should-the-ftc-shut-down-gmail-and-google-docs-because-of-an-already-fixed-bug/.

[49] . See Berin Szoka & Mark Adams, The Progress & Freedom Foundation, The Benefits of Online Advertising & the Costs of Regulation, PFF Working Paper, forthcoming.

[50] . Anti-advertising crusader Jeff Chester often resorts to questioning the motives of those who question whether his regulatory prescriptions would actually benefit consumers, see, e.g., http://techliberation.com/2009/06/17/behavioral-advertising-industry-practices-hearing-some-issues-that-need-to-be-discussed/#comment-11698840. See generally Jeff Chester, Digital Destiny: New Media and the Future of Democracy (2007).

[51] . “The only freedom which deserves the name is that of pursuing our own good in our own way, so long as we do not attempt to deprive others of theirs or impede their efforts to obtain it. Each is the proper guardian of his own health, whether bodily or mental and spiritual.” John Stuart Mill, On Liberty (Penguin Classics, 1859, 1986) at 72.

[52] . Adam Thierer, The Progress & Freedom Foundation, Parental Controls & Online Child Protection, Special Report, Version 4.0, Summer 2009, www.pff.org/parentalcontrols.

[53] . Adam Thierer, Berin Szoka & Adam Marcus, The Progress & Freedom Foundation, Privacy Solutions, PFF Blog, Ongoing Series, http://blog.pff.org/archives/ongoing_series/privacy_solutions.

[54] . Comments of Adam Thierer, The Progress & Freedom Foundation, In the Matter of Implementation of the Child Save Viewing Act; Examination of Parental Control Technologies for Video or Audio Programming; MB Docket No. 09-26, April 16, 2009, www.pff.org/issues-pubs/filings/2009/041509-%5bFCC-FILING%5d-Adam-Thierer-PFF-re-FCC-Child-Safe-Viewing-Act-NOI-(MB-09-26).pdf.

[55] . See Adam Thierer, FCC v. Fox and the Future of the First Amendment in the Information Age, Engage, Feb. 20, 2009, www.fed-soc.org/doclib/20090216_ThiererEngage101.pdf

[56] . “To act on the belief that we possess the knowledge and the power which enable us to shape the processes of society entirely to our liking, knowledge which in fact we do not possess, is likely to make us do much harm.” Friedrich von Hayek, “The Pretence of Knowledge,” in The Essence of Hayek, (Hoover Inst., 1984), at 276.

[57] . Adam Thierer, The Progress & Freedom Foundation, Two Sensible, Education-Based Legislative Approaches to Online Child safety, Progress Snapshot 3.10, Sept. 2007, www.pff.org/issues-pubs/ps/2007/ps3.10safetyeducationbills.pdf.

[58] . See, e.g., Berin Szoka, Google, CDT, Online Advertising & Preserving Persistent User Choice Across Ad Networks Through Plug-ins, Technology Liberation Front Blog, March 13, 2009, http://techliberation.com/2009/ 03/13/google-cdt-online-advertising-preserving-persistent-user-choice-across-ad-networks-through-plug-ins/.

In an earlier post, I mentioned an important new online child safety task force report that has just been released from the “Point Smart. Click Safe.” Blue Ribbon Working Group. It’s a great report and I encourage you to read the whole thing. It was my great pleasure to serve on this task force, and as we started finalizing our conclusions and recommendations, I started thinking about how much of what we were finding and recommending was consistent with what past online safety task forces had also concluded.

By way of background, over the past decade, five major online safety task forces or blue ribbon commissions have been convened to study online safety issues. Two of these task forces were convened in the United States and issued reports in 2000 (“COPA Commission”) and 2002 (“Thornburgh Commission“). Another was commissioned by the British government in 2007 and issued in a major report in March 2008 (“Byron Review“). Finally, two additional online safety task forces were formed in the U.S. in 2008 and concluded their work, respectively, in January (“Internet Safety Technical Task Force“) and July (“Point Smart. Click Safe.“) of 2009. [And yet another task force — the Online Safety Technology Working Group — was recently formed and has now gotten underway.]

In a new PFF white paper, ” Five Online Safety Task Forces Agree: Education, Empowerment & Self-Regulation Are the Answer,” I walk through a chronological summary of each of these past task forces [click on covers of each report below to read them in their entirety] and highlight some of the similar themes and recommendations from them.

Altogether, these five task forces heard from hundreds of experts and produced thousands of pages of testimony and reports on a wide variety of issues related to online child safety. While each of these task forces had different origins and unique membership, what is striking about them is the general unanimity of their conclusions. Among the common themes or recommendations of these five task forces:

• Education is the primary solution to most online child safety concerns. These task forces consistently stressed the importance of media literacy, awareness-building efforts, public service announcements, targeted intervention techniques, and better mentoring and parenting strategies.
• There is no single “silver-bullet” solution or technological “quick-fix” to child safety concerns. That is especially the case in light of the rapid pace of change in the digital world.
• Empowering parents and guardians with a diverse array of tools, however, can help families, caretakers, and schools to exercise more control over online content and communications.
• Technological tools and parental controls are most effective as part of a “layered” approach to child safety that views them as one of many strategies or solutions.
• The best technical control measures are those that work in tandem with educational strategies and approaches to better guide and mentor children to make wise choices. Thus, technical solutions can supplement, but can never supplant, the educational and mentoring role.
• Industry should formulate best practices and self-regulatory systems to empower users with more information and tools so they can make appropriate decisions for themselves and their families. And those best practices, which often take the form of an industry code of conduct or default control settings, should constantly be refined to take into account new social concerns, cultural norms, and technological developments.
• Government should avoid inflexible, top-down technological mandates. Instead, policymakers should focus on encouraging collaborative, multifaceted, multi-stakeholder initiatives and approaches to enhance online safety. Additional resources for education and awareness-building efforts are also crucial. Finally, governments should ensure appropriate penalties are in place to punish serious crimes against children and also make sure law enforcement agencies have adequate resources to police crimes and punish wrong-doers.

The consistency of these findings from those five previous task forces is important and it should guide future discussions among policymakers, the press, and the general public regarding online child safety.  As I note in the paper, the findings are particularly relevant today since Congress and the Obama Administration — including 3 federal agencies (NTIA, FCC, & FTC) are actively studying these issues. So, in light of all that, I hope this short paper can shed some light on the collective wisdom of the past task forces. While more study of online child safety issues is always welcome — including additional task forces or working groups if policymakers deem them necessary — thanks to the work of these five task forces, we now have better vision of what is needed to address online safety concerns.

Five Online Safety Task Forces Agree [PFF – Adam Thierer] http://d.scribd.com/ScribdViewer.swf?document_id=17181137&access_key=key-z6cxfgrjkqaqtxbix&page=1&version=1&viewMode=

In episode #44 of “Tech Policy Weekly,” Berin Szoka and Adam Thierer engage in a debate with Internet security expert Chris Soghoian, who is a student fellow at the Berkman Center for Internet & Society at Harvard University. He is also a Ph.D. candidate at Indiana University’s School of Informatics.

Chris is an up-and-coming star in the field of cyberlaw and technology policy as he has quickly made a name for himself in debates over privacy policy, data security, and government surveillance.  He straddles the line between academic and activist, and the role he often plays in many tech policy debates is somewhat akin to what Ralph Nader has done in many other fields through the years. Except, in this case, instead of “Unsafe at Any Speed” it’s more like “Unsafe at Any Setting,” since Chris is often raising a stink about what he regards as unjust or unreasonable privacy or security settings that various online websites or service providers use.

On the show, Chris talks about two of his recent crusades to get certain online providers to change their default settings to improve user security or privacy: (1) His effort this week to get major email providers—and Google in particular—to change their default security settings on their email offerings; and (2) his earlier crusade to create permanent opt-out cookies to stop behavioral advertising by advertising networks.

There are several ways to listen to today’s TLF Podcast. You can press play on the player below to listen right now, or download the MP3 file. You can also subscribe to the podcast by clicking on the button for your preferred service. (And do us a favor, Digg this podcast!)

[display_podcast]

Finally, here’s some relevant links that were mentioned during today’s show:

• Chris Soghoian’s webpage + his Harvard Berkman Center page
• Chris’s blog (“Slight Paranoia”)
• Chris’s “TACO” (Targeted Advertising Cookie Opt-Out) plug-in for Firefox (and description of it on his home page)
• Chris’s “Caught in the Cloud” paper (+ a video of him presenting it at Harvard)
• The letter from 38 cybersecurity researchers that Chris sent to Google
• Berin Szoka’s response to Chris’s “Caught in the Cloud” paper
• Berin’s discussion of the issue of preserving user choice through permanent opt-out cookies

If you’re a cyberlaw geek or tech policy wonk who needs to keep close tabs on Sec. 230 developments, here’s a terrific resource from the Citizen Media Law Project up at the Harvard Berkman Center.  The site offers a wealth of background info, including legislative history, all the relevant case law surrounding 230, and breaking news on this front.  Just a phenomenal resource; a big THANK YOU! to the folks at CMLP who put this together.

If you’re interested in these issues, you might also want to check out this friendly debate that Harvard’s John Palfrey and I engaged in over at Ars recently as well as my essay on how Sec. 230 has spawned a “utopia of utopias” online.

Today, the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) announced the members of the new Online Safety and Technology Working Group (OSTWG).  I am honored to be among those chosen to participate in this new task force and I look forward to continuing the work started last year with the Harvard Berkman Center’s Internet Safety Technical Task Force (ISTTF), which I also served on.   I was very proud of the work done by the ISTTF and the impressive final report that Prof. John Palfrey crafted to reflect our findings.  I am eager to investigate these issues further and take a look at the latest research and technologies that can help us better understand how to protect our kids online while also protecting the free speech and privacy rights of Netizens.

The new NTIA working group, which was established under the “Protecting Children in the 21st Century Act,” will report to the Assistant Secretary of Commerce for Communications and Information on industry-implemented online child safety tools and efforts. Within a year of convening its first meeting, the group will submit a report of its findings and make recommendations on how to increase online safety measures.

Below the fold I have listed the complete roster of OSTWG task force members.  I very much looking forward to working with this outstanding group.  And I’m happy to report that my TLF blogging colleague Braden Cox will be joining me on this task force!

Ms. Parry Aftab, WiredSafety Ms. Elizabeth Banker, Yahoo! Inc. Mr. Christopher Bubb, AOL Ms. Anne Collier, Net Family News, Inc./ConnectSafely.org Mr. Braden Cox, NetChoice Coalition Ms. Caroline Curtin, Microsoft Mr. Brian Cute, Afilias U.S.A. Mr. Jeremy Geigle, Arizona Family Council Ms. Marsali Hancock, Internet Keep Safe Coalition Mr. Michael Kaiser, National Cyber Security Alliance Mr. Christopher Kelly, Facebook Mr. Brian Knapp, Loopt, Inc. Mr. Timothy Lordan, Internet Education Foundation Mr. Larry Magid, SafeKids.com/ConnectSafely.org Mr. Brian Markwalter, Consumer Electronics Association Mr. Michael McKeehan, Verizon Communications, Inc. Dr. Samuel McQuade, III, Rochester Institute of Technology Ms. Orit Michiel, Motion Picture Association of America, Inc. Mr. John Morris, Center for Democracy & Technology Mr. Jonathon Nevett, Network Solutions, LLC Mr. Hemanshu Nigam, MySpace/Fox Interactive Media Ms. Jill Nissen, Ning, Inc. Mr. Jay Opperman, Comcast Corporation Mr. Kevin Rupy, United States Telecom Association Mr. John Shehan, National Center for Missing & Exploited Children Mr. K. Dane Snowden, CTIA – the Wireless Association Mr. Adam Thierer, Progress & Freedom Foundation Ms. Patricia Vance, Entertainment Software Rating Board Mr. Ralph Yarro, The CP80 Foundation

• denotes co-chairs of the task force

Ars Technica has just posted the transcript of a friendly debate I recently engaged in with Harvard University law professor John Palfrey about the future of Section 230 of the Communications Decency Act and online liability more generally.  Our debate got started last fall, shortly after I penned a favorable review of John’s excellent new book (with Urs Gasser), Born Digital: Understanding the First Generation of Digital Natives.  [Listen to my podcast with John about it here.]  Although I enjoyed John’s book, I also raised some concerns about his call in the book to reopen and revise Section 230, specifically to address child safety concerns.  At the time, John and I were working together on the Berkman Center’s “Internet Safety Technical Task Force” and we decided to begin an e-mail exchange about the future of 230 and online liability norms more generally.  The result was the debate that Ars has just published.

In our exchange, I begin by asking John to more fully develop some statements and proposals he sets forth in Born Digital.  Specifically, he and co-author Urs Gasser argue that: “The scope of the immunity the CDA provides for online service providers is too broad” and that the law “should not preclude parents from bringing a claim of negligence against [a social networking site] for failing to protect the safety of its users.” They also suggest that “There is no reason why a social network should be protected from liability related to the safety of young people simply because its business operates online.” Specifically, the call for “strengthening private causes of action by clarifying that tort claims may be brought against online service providers when safety is at stake,” although they do not define those instances.

Using those proposals as a launching point for our discussion, I challenge John as follows:

I’m troubled by your proposals because I believe Section 230 has been crucial to the success of the Internet and the robust marketplace of online freedom of speech and expression. In many ways — whether intentional or not — Section 230 was the legal cornerstone that gave rise to many of the online freedoms we enjoy today. I fear that the proposal you have set forth could reverse that. It could lead to crushing liability for many online operators-and not just giants like MySpace or Facebook-that might not be able to absorb the litigation costs. Could you elaborate a bit more about your proposal and explain why you think the time has come to alter Section 230 and online liability norms?

And John does and then we go back-and-forth from there.  Again, you can read the whole exchange over at Ars.

It was a great pleasure to engage in this exchange with Prof. Palfrey and I look forward to what others have to say in response to our debate.  I am working on a longer paper looking broadly at the rising threats to Sec. 230 and the increasing calls for expanded online liability and middleman deputization.  I will use whatever feedback I get from this exchange to refine my paper and proposals.

Ben Edelman of the Harvard Business School has just released an interesting new study in the Journal of Economic Perspectives entitled, “Red Light States: Who Buys Online Adult Entertainment?”  Using data he obtained from a top-10 seller of adult entertainment, Edelman examined adult website subscriptions on the zip code level and found that conservatives seem to be every bit as interested in pornography as liberals. In fact, “Subscriptions [to adult entertainment sites] are slightly more prevalent in states that have enacted conservative legislation on sexuality” and “subscriptions are also more prevalent in states where surveys indicate conservative positions on religion, gender roles, and sexuality.”  He also finds that:

In states where more people agree that “Even today miracles are performed by the power of God” and “I never doubt the existence of God,” there are more subscriptions to this service.  Subscriptions are also more prevalent in states where more people agree that “I have old-fashioned values about family and marriage” and “AIDS might be God’s punishment for immoral sexual behavior.”

On the whole, these adult entertainment subscription patterns show a remarkable consistency: all but eleven states have between two and three subscribers to this service per thousand broadband households, and all but four have between 1.5 and 3.5. With interest in online adult entertainment relatively constant across regions, there’s little sign of a major divide.

But it’s not just Internet porn where we see this trend at work.  As I noted in my law review article, “Why Regulate Broadcasting?” we’ve seen a similar trend at work with television. When you look at some of the TV shows that conservatives and religious groups gripe most about, you might be surprised to know that it is conservatives who make those shows as popular as they are!

As Bill Carter of the New York Times reported in a 2004 article, “Many Who Voted for ‘Values’ Still Like Their Television Sin,” Nielsen ratings data shows that in many Republican-leaning “red state” markets, such programs garner higher ratings than in many Democratic-leaning “blue states.” For example, in the counties that constitute the greater Atlanta television market, ABC’s dramatic comedy “Desperate Housewives” was the top-rated show even though nearly 58 percent of voters in those counties voted for President Bush.  Similarly, in the traditionally conservative Salt Lake City market, where President Bush captured over 72 percent of the vote, the top four shows were “C.S.I.,” “C.S.I. Miami,” “E.R.,” and “Desperate Housewives.”

Likewise, in a 2004 column about “The Great Indecency Hoax,”  NY Times columnist Frank Rich noted that the same trend holds in conservative Oklahoma City, where “Desperate Housewives” is more popular than it is in Los Angeles, as well as Kansas City where the show is bigger than it is in New York City.  Rich quoted sociologist Herbert Gans who explained the phenomenon as follows: “For some people it’s a case of ‘I am moral therefore I can watch the most immoral show.'”

Such findings call into question the logic of traditional “community standards”-based regulatory efforts. Indeed, it is unclear how lawmakers can determine the relevant “community standard” for purposes of speech and content regulation when some of the most conservative communities in America are downloading as much porn as Edelman’s study finds, or when conservatives are watching smutty TV in greater numbers than liberals do.

The better approach, as I’ve argued here before, is to replace “community standards” with “household standards.”  That is, it would be optimal if public policy decisions regarding content took into account the extraordinary diversity of citizen / household tastes and left the ultimate decision about acceptable programming to them.  That’s especially the case in light of the fact that less than 32% of U.S. households have any children in them, and those homes that do have children have plenty of tools and methods at their disposal to control objectionable content. Let’s empower parents to make decisions for themselves and their families so that Uncle Sam doesn’t need to play the role of national nanny for all of us.

• Edelman’s mention of porn consumption in Utah reminded me of this passage from Jeff Rosen’s 2004 essay on “The End of Obscenity” (which I discussed in greater detail here):

  three years ago, when a local video retailer in Utah was prosecuted for peddling hard-core pornography, he successfully argued that his products were consistent with what his neighbors were watching on pay-per-view: in an age of nationally distributed hotel pornography, there was little difference between the consumption habits of hotel guests in Salt Lake City or Las Vegas. Pornography is everywhere, suggesting that there is no national consensus against it and no vast disparity from one locale to another.

  Seems that those Utah residents are a horny bunch!  Maybe their new motto should be, “What happens in Utah, stays in Utah.”

Harvard’s Jonathan Zittrain has launched an interesting new project called “HerdictWeb,” which “seeks to gain insight into what users around the world are experiencing in terms of web accessibility; or in other words, determine the herdict.”  It’s a useful tool for determining whether governments are blocking certain websites for whatever reason.  Here’s Zittrain’s sock puppet video with all the details!

The website is quite slick and very user-friendly, and they’ve even created a downloadable Firefox button that will automatically check site accessibility while you’re surfing the Net.

The information gathered from this effort will be useful for the OpenNet Initiative that Zittrain and John Palfrey co-created (with others from Univ. of Toronto, Oxford Univ., and Univ. of Cambridge) and wrote about in their excellent book, Access Denied: The Practice and Policy of Global Internet Filtering, which was one of my favorite technology policy books of the past year.  The data collected will give them, and us, a fuller picture of just how widespread global filtering and censorship efforts really are.  I encourage you to take a look and spread the word, especially to those in foreign countries who could probably use it more than us. (Of course, their governments will likely block Herdict once the word gets around!)

On this episode of “Tech Policy Weekly,” we’re launching a new format called “Tech Book Corner” that will feature occasional conversations with the authors of important new books about technology policy and the other issues that we debate frequently at the Tech Liberation Front blog.

On this debut episode of Book Corner, we are joined by John Palfrey, a professor of law at Harvard University and the co-director of the Berkman Center for Internet & Society at Harvard. Along with his Berkman Center colleague Urs Gasser, Prof. Palfrey has recently co-authored Born Digital: Understanding the First Generation of Digital Natives, which was published last summer by Basic Books and which you can find out more information about at www.borndigitalbook.com. [Incidentally, I reviewed Born Digital here last October and I also named it one of the most important technology policy books of 2008.]

In our discussion, Prof. Palfrey explains who exactly counts as a “digital native” and tells us why he decided to write a book about them. He discusses why he believes that there has been some overreaction by older generations to fears about this Digital Generation and he argues that we need “to separate what we need to worry about from what’s not so scary” and “what we ought to resist from what we ought to embrace.” He then outlines how we should think about these issues and concerns going forward, and he stresses the importance of “balancing caution with encouragement” as we do so. Finally, he then applies that framework to three specific issues: privacy, child safety, and copyright.

It’s an interesting conversation and you can begin listening to it immediately by downloading the MP3 file here or by just clicking the play button below!

[display_podcast]

Online child safety — especially the fear of predators lurking on social networking sites (SNS) — continues to spur calls by state and federal lawmakers for regulation.  At first, some federal lawmakers advocated outright bans on SNS in schools and libraries via the Deleting Online Predators Act (DOPA).  Meanwhile, state and local lawmakers — specifically state Attorneys General (AGs) — have been even more vociferous in their calls for regulation in the form of mandatory age verification for social networking sites, which would cover a broad swath of online sites and activities according to their definitions of SNS. But the question that ultimately gets lost in this debate is: Just how much risk do social networking sites really pose for teens?  Which risks are real and which are overblown? And what’s the best way to deal with the risks that we find to be legitimate?

Nancy Willard devotes her life to answering those questions. Willard is one of America’s leading experts on online safety and risk prevention. She runs the Center for Safe and Responsible Internet Use and she is the author of two outstanding books, Cyberbullying and Cyberthreats and Cyber-Safe Kids, Cyber-Savvy Teens.  In my opinion, Willard’s general approach to online child safety is the most enlightened, level-headed, and likely to be effective. That’s because Willard focuses on putting fears in perspective, identifying the actual risks that kids face online, and devising sensible strategies to deal with risks and problems as they are discovered. Her approach is holistic and built upon sound data, targeted risk-identification strategies, and time-tested education and mentoring methods. For my money, it’s the most sensible approach to online safety issues. In fact, when other parents ask me for “just one thing” to read on the topic, I usually recommend Willard’s work — especially her amazing book Cyber-Safe Kids, Cyber-Savvy Teens. And her background in early childhood education, special education for “at risk” children with emotional and behavior difficulties, as well as experience in computer law, means she is uniquely suited to be analyzing these issues.  In sum, this is woman we should all be closely listening to on these issues.

Recently, Willard has been responding to criticisms that state AGs have leveled against the Internet Safety Technical Task Force (ISTTF) and its final report. [Disclaimer: I was a member of the ISTTF.] I’ve already outlined the ISTTF’s work at length here, but the three key takeaways from the report were that:

1. the risk of predation on social network sites has been over-stated; the data suggest that cyber-bullying is the bigger problem on SNS;
2. there is no silver-bullet technical solution to online child safety concerns, and mandatory age verification, in particular, would not make kids safer online but could even create bigger problems in the long-run;
3. education and empowerment are the real keys to keeping kids safer online.

The response from some state AGs to these findings was quite hostile, with some arguing that the ISTTF did not take online risks seriously enough, or that we relied on “outdated and inadequate” data in reaching our conclusions.  Willard addresses those arguments in a new white paper: “Research that is ‘Outdated and Inadequate?’ An Analysis of the Pennsylvania Child Predator Unit Arrests in Response to Attorney General Criticism of the Berkman Task Force Report.”  In this study, she analyzes data from arrest records from Pennsylvania’s Child Predator Unit to determine exactly how these individuals were operating online. Although it’s just one state’s worth of data — that’s all that seems to have been made publicly available in a single database at this time — it can give us a clue to what might be going on out there. The results are illuminating.

Here’s what Willard found:

The search yielded 143 responses. As noted by the Attorney General, 183 predators had been arrested. All of these arrests were described in the press releases dated from March 21, 2005 to January 13, 2009 – thus allowing for a full analysis of the arrests of sexual predators in the state Pennsylvania for the last 4 years by the Attorney General’s Child Predator Unit. The analysis of the arrests that involved predatory actions, excluding the arrests for child pornography, revealed the following:

• Only 8 incidents involved actual teen victims with whom the Internet was used to form a relationship.
  • In 4 of these incidents, teens or parents reported the contact. The other 4 cases were discovered in an analysis of the computer files of a predator who had been arrested in a sting operation. Five of the cases had led to inappropriate sexual contact. The other situations were discovered prior to any actual contact.
• There were 166 arrests as a result of sting activities where the predator contacted an undercover agent who was posing as a 12 – 14 year old, generally a girl.
  • The vast majority of the stings, 144, occurred in chat rooms. Eleven stings occurred through instant messaging. Nine of the arrests failed to specify the location, but the description bore significant similarity to the chat room incidents. One involved an advertisement that had been placed on Craig’s List.
  • There were only 12 reports of predators being deceptive about their age.
  • The descriptions of these chats incidents bear out what the research reviewed by the [ISTTF’s] Research Advisory Board found – that online predators are rarely deceptive about their interests.

Specifically,”Because the attorneys general have been focusing their attention on the social networking sites, MySpace and Facebook,” Willard made sure to give “special attention to any case that mentioned any activity occurring on either of these two sites.” Here’s what she found in that regard:

• One of the incidents involving an actual teen victim, communications took place on MySpace. This was a rearrest of a person who had already been arrested through a sting.
• A police officer who was arrested for sexual abuse of many teens with whom he had interacted with in the line of duty also had a MySpace account with friendship links to teen girl, but there was no assertion that these communications had led to sexual activity.
• One predator in a sting provided the agent with a link to his Facebook page.
• In 5 of the stings that took place in a chat room, reference was made to the fact that the predator had either looked at the teen’s MySpace account or suggested the teen look at his profile.

Importantly, Willard points out, “Despite the establishment of one or more public profiles on MySpace [by the PA Child Predator Unit], there has apparently not been one successful sting operation initiated on MySpace in the more than two years during which these sting profiles have been in existence.”

From these findings, Willard concludes that:

The insight gained through an analysis of the Pennsylvania Attorney General’s press releases on arrests for online sexual predation provide strong support for the validity of the conclusions of the Berkman Research Advisory Board and demonstrate the need for greater collaboration between law enforcement and researchers to address the actual risks to young people from sexual predators online.

In other words, the Pennsylvania data seem to confirm that predation is not as serious of a risk on SNS as some AGs had claimed. “It appears that chat rooms are far less safe than social networking sites and that there is limited inclination and ability of predators to use social networking sites to contact potential teen victims,” Willard notes. Consequently, she argues:

Attention must be paid to the obvious risks related to chat room communications, as well as the risk factors that are being manifested by the young people who may still be frequenting these chat rooms, especially the chat rooms where sexual relations are being discussed. It appears that rather than seek ways to discourage teens from participating in social networking sites, these sites are destinations that should be encouraged as much safe than the alternatives. A focus must be placed on improving the protective features of chat rooms that are frequented by minors.

We need to know more about which chat rooms are in question and why some youth visit those chat rooms. More importantly, how can we develop sensible messages for youth about the dangers of chat rooms that are targeted to adults and adult sexual activity?

But it is vitally important not to lose sight of the big picture here. As Willard summarizes it:

The incidents of online sexual predation are rare. Far more children and teens are being sexually abused by family members and acquaintances. It is imperative that we remain focused on the issue of child sexual abuse – regardless of how the abusive relationship is initiated.

Indeed, volumes of research on child abuse, child predation, and child abduction all point to this same conclusion: Your kids are actually more at risk from known acquaintances — especially family members — than they are from random strangers (including random strangers they might meet online).

Of course, this doesn’t mean we shouldn’t continue to develop sensible educational messages for youth about proper online behavior and how to report legitimate problems or troubling interactions that they experience online. Again, Willard has done this elsewhere and many of us (including those of us involved in the Berkman Center task force) have long been pushing for increased resources for online safety education and media literacy efforts as the first, best step towards improving online youth safety. We need to get AGs and other policymakers to work together with us to get this important task started — now!

Finally, Willard correctly notes that the AGs and other law enforcement agencies need to be willing to release more data like the Pennsylvania AG did such that further analysis of this problem is possible. If the AGs’ primary complaint with the ISTTF report was that the data we used was somewhat dated, then the best solution to that problem is for the AGs and other law enforcement agencies to open up their records to the child safety community so that risk researchers like Willard can get a better feel for what’s going on out there and devise strategies to deal with it.  Unfortunately, there’s still too much horn-locking going on between these communities and, sadly, I think some AGs are using this issue to create an atmosphere of fear for political gain. We need to find ways to communicate actual risks — such as those that kids would face in some specific, adult-oriented chat rooms — without going overboard and making parents and the general public think that there’s a bogeyman on every cyber-corner of the Internet.

[ Further reading: As usual, my friend Anne Collier over at Net Family News.org has done a much better job summarizing an issue than I have. Read her discussion of Nancy Willard’s paper and its implications here.]

The Internet Safety Technical Task Force (ISTTF), which was formed a year ago to study online safety concerns and technologies, today issued its final report to the U.S. Attorneys General who authorized its creation. It was a great honor for me to serve as a member of the ISTTF and I believe this Task Force and its report represent a major step forward in the discussion about online child safety in this country.

The ISTTF was very ably chaired by John Palfrey, co-director of Harvard University’s Berkman Center for Internet & Society, and I just want to express my profound thanks here to John and his team at Harvard for doing a great job herding cats and overseeing a very challenging process. I encourage everyone to examine the full ISTTF report and all the submissions, presentations, and academic literature that we collected. [It’s all here.] It was a comprehensive undertaking that left no stone unturned.

Importantly, the ISTTF convened (1) a Research Advisory Board (RAB),which brought together some of the best and brightest academic researchers in the field of child safety and child development and (2) a Technical Advisory Board (TAB), which included some of America’s leading technologists, who reviewed child safety technologies submitted to the ISTTF. I strongly recommend you closely examine the RAB literature review and TAB assessment of technologies because those reports provide very detailed assessments of the issues. They both represent amazing achievements in their respective arenas.

There are a couple of key takeaways from the ISTTF’s research and final 278-page report that I want to highlight here. Most importantly, like past blue-ribbon commissions that have studied this issue, the ISTTF has generally concluded there is no silver-bullet technical solution to online child safety concerns. The better way forward is a “layered approach” to online child protection. Here’s how we put it on page 6 of the final report:

The Task Force remains optimistic about the development of technologies to enhance protections for minors online and to support institutions and individuals involved in protecting minors, but cautions against overreliance on technology in isolation or on a single technological approach. Technology can play a helpful role, but there is no one technological solution or specific combination of technological solutions to the problem of online safety for minors. Instead, a combination of technologies, in concert with parental oversight, education, social services, law enforcement, and sound policies by social network sites and service providers may assist in addressing specific problems that minors face online. All stakeholders must continue to work in a cooperative and collaborative manner, sharing information and ideas to achieve the common goal of making the Internet as safe as possible for minors.

In sum, education and empowerment are the real keys to keeping kids safer online. We all need to work harder to mentor our children and help them develop the skills and good old fashion common sense to make smart decisions online. Technical tools can supplement — but can never supplant — education, parental guidance, and better mentoring.

Still, this was a task force that primarily came about after state attorneys general (AGs) had been incessantly pressuring social networking sites like MySpace and Facebook to adopt age verification technologies as a solution to online child safety concerns. Specifically, fears about online predators — driven largely by the moral panic whipped up by shows like NBC’s “To Catch a Predator” — prompted calls for mandatory age verification for social networking sites.

So, what did the final ISTTF report have to say about mandatory age verification. Answer: Probably not as much as the AGs were hoping for, and what we did say they may not like to hear.

First, the ISTTF’s Research Advisory Board conclusively proved the primary online safety issue today is peer-on-peer cyber-harassment, not adult predation. Mandatory age verification would do nothing to stop cyberbullying. Indeed, the lack of adult supervision may even exacerbate the problem.

Second, after reviewing various age verification solutions, the ISTTF’s Technical Advisory Board concluded:

Age verification and identity authentication technologies are appealing in concept but challenged in terms of effectiveness. Any system that relies on remote verification of information has potential for inaccuracies. For example, on the user side, it is never certain that the person attempting to verify an identity is using their own actual identity or someone else’s. Any system that relies on public records has a better likelihood of accurately verifying an adult than a minor due to extant records. Any system that focuses on third-party in-person verification would require significant political backing and social acceptance. Additionally, any central repository of this type of personal information would raise significant privacy concerns and security issues.

As a result, our final report concluded that:

The Task Force does not believe that the Attorneys General should endorse any one technology or set of technologies to protect minors online. Instead, the Attorneys General should continue to work collaboratively with all stakeholders in pursuing a multifaceted approach to enhance safety for minors online.

Then, on pages 28-31, we go into more detail about age verification, finding that:

[Age verification] approaches are less effective in the child safety context — in other words, at creating safe environments for minors — than in the context of completing financial transactions or regulating purchases, especially to the extent that identity authentication and age verification focus solely upon adults. The reasons for this include the fact that in the commercial and financial contexts, an adult typically wants to verify his or her identity correctly in order to purchase a product or get access to records. Moreover, when adults purchase regulated items (such as alcohol or tobacco) online, in some cases a second form of age verification occurs when the item is delivered.

The identity authentication and age verification solutions that authenticate or verify only adults could be and are already sometimes used to reduce minors’ access to adult-only sites. Because they do not authenticate or verify minors, however, they cannot be used to create environments for minors that require authentication or verification prior to access. To the extent that an adult nonetheless uses his or her own verifiable information when accessing an environment intended only for minors, these technologies could enhance the ability of Internet service providers and social network sites to exclude that adult. Of course, it seems unlikely that an adult with nefarious purposes would proceed in this manner. Thus, while these types of identity authentication and age verification technologies may be helpful for other purposes, they do not appear to offer substantial help in protecting minors from sexual solicitation.

And there’s far more detail following this passage from the final report, so please read that section for additional discussion.

Again, some AGs may not like to hear all this but these were near-consensus findings of the Task Force. And, if anything, the Task Force probably did not far enough to show why mandatory age verification will not work and how age verification will actually make kids less safe online. In my final statement to the Task Force, this is what I spent my time focusing on. I outlined the dangers of age verification as well as 10 questions about age verification that the AGs must answer if they persist in this pursuit of a technological Holy Grail. I have embedded my entire expanded final statement down below as a Scribd document, but here are the key reasons I believe mandatory age verification represents a dangerous solution to online child safety concerns:

Again, although the Task Force didn’t go quite as far as I would have liked in terms of making clear the dangers associated with mandatory age verification, I think our final report reflects the general skepticism among Task Force members about taking that path or relying too heavily on any single, silver-bullet technical approach to online child safety concerns. Again, this is real progress; a sensible step forward in the discussion about keeping our kids safe online.

I hope policymakers will take a close look at our conclusions and recommendations and take them seriously. We need to stop wasting so much time searching for silver bullets and start getting more serious about how to better mentor our kids so that they can be good — and safe — digital citizens. Education, not regulation, is the key.

Below I have linked to some background essays about the Internet Safety Technical Task Force as well as additional thoughts by fellow task force members or reporters. I’ll add to it as I see new things in coming days.

Additional thoughts / articles about the ISTTF:

• ISTTF director John Palfrey discusses the report on this short podcast with Larry Magid as well as this longer one from the Berkman Center
• ISTTF co-director danah boyd comments on the report on her blog
• ISTTF member Larry Magid of ConnectSafely.org: “Net Threat to Minors Less Than Feared,” CNet News.com
• ISTTF member Anne Collier of Net Family News: “Key Crossroads for Net Safety“
• ISTTF member Stephen Balkam of FOSI featured on an NPR podcast about our work
• ISTTF member John Morris of CDT: “Deconstructing Reaction to Net Safety Task Force Report“
• ISTTF member Marsali Hancock, President of iKeepSafe blog essay about the task force
• AGs respond to report in interview with Emily Steel of the Wall Street Journal: “The Case for Age Verification“
• New York Times article by Brad Stone: “Report Calls Online Threats to Children Overblown“
• Wall Street Journal article by Emily Steel: “No Easy Answer for Protecting Kids Online“
• Associated Press story by Anick Jesdanun: “Panel: Technology Alone Can’t Protect Kids Online“
• Chronicle of Higher Education Wired Campus blog entry by Tracy Mitrano, “Report Weighs the Benefits and Risks of Social Networks,”
• PC World article by Jaikumar Vijayan: “Study Accused of Exaggerating Kids Online Safety“
• PC World blog post by Jaikumar Vijayan: “Are Internet Child Safety Concerns Overblown or Understated?”

Background info:

• an old blog entry of mine about the formation of the task force
• an old paper of mine about the agreement between MySpace and AGs that led to the formation of the ISTTF
• an essay of mine from the ISTTF’s mid-point: “Age Verification Debate Continues; Schools Now at Center of Discussion“
• my big white paper on the dangers of mandatory age verification
• my book: “Parental Controls and Online Child Protection: A Survey of Tools and Methods”
• my final ISTTF statement, which is also embedded below as a Scribd document…

I’ve spent a lot of time in recent years trying to debunk various myths about online child safety or at least put those risks into perspective. Too often, press reports and public policy initiatives are being driven by myths, irrational fears, or unjustified “moral panics.”  Luckily, the New York Times reports that there’s another study out this week that helps us see things in a more level-headed light. This new MacArthur Foundation report is entitled Living and Learning with New Media: Summary of Findings from the Digital Youth Project. This white paper is a summary of three years of research on kids’ informal learning with digital media. The survey incorporates the insights from 800 youth and young adults and over 5000 hours of online observations. The information will eventually be contained in a book from MIT Press (“Hanging Out, Messing Around, Geeking Out: Living and Learning with New Media.”)

From the summary of the study on the MacArthur website:

“It might surprise parents to learn that it is not a waste of time for their teens to hang out online,” said Mizuko Ito, University of California, Irvine researcher and the report’s lead author. “There are myths about kids spending time online – that it is dangerous or making them lazy. But we found that spending time online is essential for young people to pick up the social and technical skills they need to be competent citizens in the digital age.”

Importantly, regarding the concerns many parents and policymakers have about online predation, Ms. Ito told the New York Times that, “Those concerns about predators and stranger danger have been overblown.” “There’s been some confusion about what kids are actually doing online. Mostly, they’re socializing with their friends, people they’ve met at school or camp or sports.”

In the report, according to the summary, the researchers “identified two distinctive categories of teen engagement with digital media: friendship-driven and interest-driven. While friendship-driven participation centered on “hanging out” with existing friends, interest-driven participation involved accessing online information and communities that may not be present in the local peer group.” The specific findings of the study are as follows:

• There is a generation gap in how youth and adults view the value of online activity.
  • Adults tend to be in the dark about what youth are doing online, and often view online activity as risky or an unproductive distraction.
  • Youth understand the social value of online activity and are generally highly motivated to participate.
• Youth are navigating complex social and technical worlds by participating online.
  • Young people are learning basic social and technical skills that they need to fully participate in contemporary society.
  • The social worlds that youth are negotiating have new kinds of dynamics, as online socializing is permanent, public, involves managing elaborate networks of friends and acquaintances, and is always on.
• Young people are motivated to learn from their peers online.
  • The Internet provides new kinds of public spaces for youth to interact and receive feedback from one another.
  • Young people respect each other’s authority online and are more motivated to learn from each other than from adults.
• Most youth are not taking full advantage of the learning opportunities of the Internet.
  • Most youth use the Internet socially, but other learning opportunities exist.
  • Youth can connect with people in different locations and of different ages who share their interests, making it possible to pursue interests that might not be popular or valued with their local peer groups.
  • “Geeked-out” learning opportunities are abundant – subjects like astronomy, creative writing, and foreign languages.

These findings are consistent with the much of the existing research already out there about online youth behavior and Internet interactions. As I have mentioned here before, over the past year, I have been serving on the Internet Safety Technical Task Force (ISTTF), which was formed following a January 2008 agreement between social networking website operator MySpace.com and 49 state Attorneys General. As part their “Joint Statement on Key Principles of Social Networking Safety,” MySpace promised the AGs it would expand online safety tools, improve education efforts, and expand its cooperation with law enforcement. Importantly, they also agreed to create the ISTTF to study online safety issues and technologies.

The Berkman Center for Internet & Society at Harvard Law School was tapped to run the ISTTF, and the Task Force included a wide diversity of child safety groups, non-profit organization, and Internet companies. During a session the Task Force held in Washington, DC on April 30th, we heard from several of the nation’s top researchers in the field of online child safety. The presentations were quite enlightening and the videos of the sessions — as well as supporting materials — have all been posted on a special Berkman Center website. I just wanted to share all of those links with you here so that you have access to these wonderful materials. As you will see, they tell the same story the new MacArthur report does: Almost everything the press and policymakers have told us about online child actions and safety has been wrong.

Anyway, read (or watch) for yourself and decide. (P.S. When the final ISTTF report comes out later this year, it will include a massive compendium of all the relevant surveys and academic research done in this field. It will be the definitive treatment of the issue. An early draft is online here. I will post the final link here once the Task Force wraps up.)

April 30, 2008 – ISTTF Child Online Safety Expert Panel

• Teens OnlineStranger Contact and Cyberbullying: What research is telling us Amanda Lenhart, Pew Internet & American Life Project Presentation in .pdf video
• Youth & Law Enforcement Surveys Janis Wolak, Crimes against Children Research Center Presentation in .pdf video
• Social networking sites, unwanted sexual solicitation, Internet harassment, and cyberbullying Michele Ybarra, Internet Solutions for Kids, Inc. Presentation in .pdf video
• Panel Q&A video
• Further reading
  • 1 in 7 Youth: The Statistics about Online Sexual Solicitations
  • Online “Predators” and Their Victims: Myths, Realities, and Implications for Prevention and Treatment
  • Internet Safety Education for Teens: Getting It Right
  • Internet Prevention Messages: Targeting the Right Online Behaviors
  • Teens, Stranger Contact & Cyberbullying
  • How Risky Are Social Networking Sites?
  • Updated Trends in Child Maltreatment, 2006

Earlier this year, I mentioned an outstanding book that John Palfrey of the Berkman Center for Internet & Society at Harvard Law School co-edited entitled Access Denied: The Practice and Policy of Global Internet Filtering.  It’s an excellent resource for anyone studying the methods governments are (unfortunately) using to stifle online expression across the globe.  It’s one of the most important technology policy books of the year.

Well, it looks like John Palfrey will have a second title on this year’s “Best Tech Books” list.  I’ve just finished his new book with his Berkman Center colleague Urs Gasser, Born Digital: Understanding the First Generation of Digital Natives, and it is definitely worthy of your attention. In my book review posted today on the City Journal’s website, I argue that “Palfrey and Gasser’s fine early history of this generation serves as a starting point for any conversation about how to mentor the children of the Web.”  It’s a comprehensive and very even-handed discussion about a variety of concerns or Internet pathologies, including: online safety, personal privacy, copyright piracy, offensive content, classroom learning, and much more.

My City Journal review is down below, but in coming weeks I will be posting some additional thoughts about some specific things in the book worthy of more attention (including a few things I disagreed with).  Overall, I’d say Born Digital is a close runner-up in the race for “Tech Book of the Year,” closely trailing Jonathan Zittrain’s Future of the Internet and How to Stop It (which I have reviewed multiple times) and Nick Carr’s The Big Switch.  But I found far more to agree with in Born Digital than I did in those two books.  Highly recommended.

Understanding Our Digital Kids A new book offers a guide for mentoring the children of the Web.

a book review by Adam D. Thierer of

Born Digital: Understanding the First Generation of Digital Natives, by John Palfrey and Urs Gasser (Basic Books, 288 pp., $25.95)

City Journal 10 October 2008

You can’t blame parents today if they think that their children have been assimilated into the Borg or are living in the Matrix. Members of the “always on, always connected” generation have surrounded themselves with digital devices and networks and colonized cyberspace in the process. Meanwhile, back in “meatspace,” many Analog Era parents scratch their heads, trying to make sense of these momentous changes and what they mean for their kids and society.

Answers are available in Born Digital: Understanding the First Generation of Digital Natives, by John Palfrey and Urs Gasser, both of the Berkman Center for Internet & Society at Harvard Law School. Each chapter in the book addresses a different parental concern or Internet pathology: online safety, personal privacy, copyright piracy, offensive content, classroom learning, and more. Palfrey and Gasser aim “to separate what we need to worry about from what’s not so scary, (and) what we ought to resist from what we ought to embrace.”

The authors offer a balanced treatment of these issues—almost to a fault, in that they occasionally fail to develop fully their own positions. Of course, as they repeatedly—and correctly—note, often these thorny questions have no easy answers. “The hard problem,” they point out, “is how to balance caution with encouragement: How do we take effective steps to protect our children, as well as the interests of others, while allowing those same kids enough room to figure things out on their own?”

If there is a single solution, they argue, it’s education. The authors want parents, educators, and lawmakers to do more to engage the digital generation in a dialogue, instead of leaving it to fend for itself. “The traditional values and common sense that have served us well in the past will be relevant in this new world, too,” they maintain. But Palfrey and Gasser don’t rule out additional tools and methods, including technical controls, industry self-regulation, social norms, and even government action.

Consider online privacy concerns. “Never before has so much information about average citizens been so easily accessible to so many,” they note—and particularly when it comes to our kids. Despite the growing amount of online information about our kids (“digital dossiers”) and other potential threats to privacy, Palfrey and Gasser counsel prudence: “The answer . . . is not to avoid the networked publics in which so many people—especially Digital Natives—are leading their lives. Instead, we need to develop more nuanced ways to navigate these new publics.” Though “there is no single, simple answer,” they argue that “parents, peers, teachers, and mentors [all] have a role to play” to encourage youngsters to protect their information and identities. Most importantly, the digital natives must learn to use common sense when sharing information online.

The authors advocate the same reasoned approach when it comes to online child safety. The safety risks have often been greatly overstated—or at least largely misunderstood—by parents and policymakers. “The data do not suggest that the world is a more dangerous place for young people” because of the Internet, the authors contend. Most of the problems we see online today—cyber-bullying, for example—are really just old problems playing out on new platforms. “Involved parenting” and “open and honest conversations” are the most sensible responses, but intervention strategies by others—including kids’ peers—may be another part of the solution. Parental empowerment tools and industry self-regulation can help, too.

Palfrey and Gasser are open to government playing a role in some cases. They believe “governments should restrict the production and dissemination of certain types of violent content in combination with instituting mandatory, government-based ratings of these materials.” They also call for greater liability for online service providers and social networking sites to encourage them to crack down on potential dangers to children. Given their vagueness, however, both proposals would likely smash into serious First Amendment roadblocks that the authors fail to explore fully.

Palfrey and Gasser view government action less favorably when it comes to combating copyright piracy. “Creativity is the upside of this brave new world of digital media,” they suggest, but “the downside is law-breaking. The vast majority of Digital Natives are currently breaking copyright laws on a regular basis.” But what should we do about piracy? Palfrey and Gasser sidestep some of the underlying ethical issues and bluntly declare that “the goal should be for copyright holders, technologists, and their customers to exchange royalty checks with one another instead of legal complaints.” Yes, but what happens when many refuse to pay even one penny for copyrighted content, as often happens today? Education can encourage youngsters to obey the law, but difficult questions remain about how to deal with those who won’t play by the rules.

In chapters debating the Internet’s impact on learning and culture, the authors worry about shortening attention spans and the rise of a “cut-and-paste culture,” due to the immediate gratification provided by Google searches, Wikipedia, blogs, and instant messaging. On the other hand, they rightly underscore how “Digital Natives are quite sophisticated in the ways that they gather information” and are learning “sophisticated information-gathering and information-processing skills,” while also creating content and sharing information with peers in ways unimaginable just a generation ago.

It will be fascinating to see what impact these changes have on digital natives as they get older and become parents themselves. Regardless, Palfrey and Gasser’s fine early history of this generation serves as a starting point for any conversation about how to mentor the children of the Web.

Update Feb. 2009: I hosted a TLF podcast featuring Prof. Palfrey and discussed this book with him. Listen here.

A few days ago I posted an open letter to New York Gov. David Patterson about a measure that recently passed through the New York legislature and was awaiting his signature. The bill proposes a new regulatory regime for video games that would include greater state-based oversight of video game labels and console controls as well as an advisory board to monitor the industry. Unfortunately—but quite unsurprisingly—Gov. Patterson signed the bill last night. And so I am certain that another legal battle will ensue regarding the constitutionality of the measure, and it will likely be struck down like every other measure on this front because it violates the First Amendment. Regardless, let’s talk a little more about what animates this specific legislative effort, because I think it is very important and foreshadows the heated debate to come over video games and all media in coming years.

The New York measure is notable in that, unlike most of the other state or local measures that had been stuck down in recent years that proposed penalties for the sale of games to youngsters which were labeled by the ESRB to be intended for an older audience, it simply proposed more “oversight” of the ratings process and parental control technologies by the state. Specifically, it mandated that all games be rated and that all consoles contain screening controls. The response to that proposal has generally been: “So what?” After all, all video games are rated already and all game consoles contain parental controls. The measure also mandated a 16-member oversight board to monitor the industry and this process. Again, that proposal was not regarded by many as a serious threat to the video games or free speech.

But I fear that many are missing the big picture here. The New York bill is actually far more important that many people suspect because of what it foreshadows: A day when politicians will claim that we can make rating systems more “scientific” by putting public health bureaucrats or university social scientists in charge of them. Indeed, last night on Bloomberg TV, this became the focus of a debate between me and Dr. Michael Rich, Director of the Center for Media and Child Health at the Harvard Medical School. After you watch the clip, I’ll have much more to say about this issue down below the fold.

As you heard in the clip, Dr. Rich favors a greater role for “science” and social scientists in the video game rating and labeling process. But let’s explore what that might mean in practice.

Over the past decade, I have heard many critics make the argument that media rating and labeling systems should be centralized in the hands of the government, some academic elites, a private (non-industry affiliated) rating organization, or some combination of all of the above. These critics often give lip service to private, voluntary rating systems but they then turn around and advocate that the entire process be run by people (usually closely resembling themselves!) who would somehow rate media according to more “scientific” criteria / variables.

The problem here is that media content is art, and art is fundamentally subjective. It’s not like there is some sort of Periodic Table of Media Elements that tells us what makes for good vs. bad art. Media ratings and labels, therefore, will always be based on judgments made by humans who all have somewhat different values. Those doing the rating are being asked to evaluate artistic expression and assign labels to it that provide the rest of us with some rough proxies about what is in that particular piece of art, or what age group should (or should not) be consuming it. In a sense, therefore, all rating systems will be inherently “flawed” since humans have different perspectives and values that they will use to label or classify content.

Thus, even if a bunch of social scientists at Harvard were running the show, the media rating and content-labeling process will never be an exact science; there will always be something fundamentally subjective about it. Incidentally, exactly which “social scientists” would get a say in the process? Psychologists? Sociologists? Political scientists? Criminologists? Hey, what about art historians! I can almost see a joke in the making here: “How many Harvard social scientists does it take to rate a video game?”

But Dr. Rich and others like him would likely argue that some forms of media or art have unique influences on the development of the mind—especially the minds of children. They would argue, for example, that exposure to certain forms of violent media content will breed aggressive behavior in youth, or at least make them more desensitized and fearful of the world around them.

For the sake of brevity, I am not going to go into my typical long-winded discussion here about “media effects” vs. “catharsis effect.” Instead I will just reference the latest of my many essays on the topic (“Why hasn’t violent media turned us into a nation of killers?”) and I also recommend that you read my review of the excellent new book, Grand Theft Childhood: The Surprising Truth About Violent Video Games and What Parents Can Do,” by Lawrence Kutner, PhD, and Cheryl K. Olson, ScD, cofounders and directors of the Harvard Medical School Center for Mental Health and Media. (As you will see when you read the book, apparently not everyone at Harvard agrees with Dr. Rich! That also makes one wonder how much actual consensus there would be in the scientific community about the ratings and labels they would be imposing on artistic expression.)

OK, so let’s just imagine that those social scientists who espouse “monkey see, monkey do” theories of media effects somehow get a say in rating and labeling video games. Think about what that would mean in practice. Imagine how long it would take a game like “Halo,” “Gears of War,” or “Grand Theft Auto” to get through that review process. And imagine what the warning label on the box would look like once they were done! They’d probably affix a 10-page memo to each game carton and then a poison (skull-and-crossbones) logo for good measure. Or perhaps the label would come in form of a Surgeon General’s warning about the product being hazardous to one’s (mental) health?

In the end, the whole system would become an unworkable farce if mandated by government. Nothing would be getting rated and to market in a timely way. Game developers would be in open revolt against it. And industry lawsuits would be flying.

More importantly, few people would likely use it. Many media critics seem to forget that there is trade-off between convenience and comprehensiveness in terms of rating and labeling systems. As Kutner and Olson note in their book: “The more complicated a system becomes, the less likely busy parents are to understand it and to actually use it.” We have to be careful not to upset this balance. In my opinion, the current ESRB game rating system pushes the labeling process just about as far as it can go on the comprehensiveness scale, but does so using easy-to-comprehend ratings (7 of them) and content descriptors (over 30 of them). When media critics and social scientists say they want to make the system even more “comprehensive” and “scientific,” therefore, I really have to wonder if they have thought through the practical implications of such a move. Exactly how many more ratings and labels are we talking about? Exactly how much more detailed could it be than the ESRB’s existing system, which already has 12 different content descriptors for violent content alone (from “cartoon violence” to “sexual violence” and everything in between).

Another point: The argument that government or “ratings by social scientists” would provide more objective ratings is also undermined by the grim reality of special-interest politics. Government officials or government-appointed commissions would be more susceptible to various interest group pressures as they were repeatedly lobbied to change ratings or restrict content based on widely varying objectives and values. Inevitably, as has been the case with the broadcast indecency complaint process in recent years, a handful of particularly vociferous groups could gain undue influence over content decisions. That possible outcome raises what the Supreme Court has referred to as the “heckler’s veto” problem since a vocal minority’s preferences could trump those of the public at large.

Now let me be perfectly clear about one thing: I have absolutely no problem whatsoever with folks like Dr. Rich and his colleagues devising some sort of “scientific” rating or labeling scheme for video games and other forms media content. But the fundamental question in this debate is: should such a system should be the law of the land?

In my book on Parental Controls and Online Child Protection, I spend a great deal of time in Chapter 2 talking about the importance of third-party ratings and pressure and I heap a lot of praise on the various independent, third-party content rating and labeling systems out there today. In particular, my wife and I absolute love Common Sense Media and rely on its ratings every week when we are consider what media to allow our kids to consume in our home. It’s a great system that is highly informative; and the feedback from average parents and kids on the site is very helpful too. Other great 3rd party rating and labeling services just for video games include: What They Play, Gamer Dad, and Children’s Technology Review, all of which provide detailed video game reviews and information about the specific types of content that kids will see or hear in a game. [Incidentally, the ESRB has a section on its webpage that highlights all these independent sites.]

So here’s the question for Dr. Rich and the folks in the social science community: Why not just create your own “shadow” ratings process or collaborate with these other organizations to serve a worthy “watchdog” role over the existing rating and labeling process? That’s the win-win solution here.

It would be a huge mistake to throw out the existing ESRB system. It is working very effectively and it is already widely recognized by the vast majority of parents. Surveys by Peter D. Hart Research Associates reveal that 89% of American parents of children who play video games are aware of the ESRB ratings and that 85% of them consult the ratings regularly when buying games for their families. That’s pretty impressive considering how young the ESRB rating system is.

Moreover, let’s not forget that every game console and computer system on the market today is geared to read the ESRB ratings metadata (digital tags) that are embedded in every game shipped to market. That’s how the parental controls are enabled. Should we toss all that work out the window and just start from scratch? I think that would be a huge mistake.

Again, there is nothing stopping Dr. Rich and his fellow social scientists from crafting their own system. In fact, I believe I speak for many parents when I say we would welcome it. But mandating it and asking that it serve as a replacement for the existing ratings and console controls is an completely different issue. It’s a non-starter in my opinion.

Now that the New York bill has passed, however, the door is open for this sort of proposal to see the light of day. If the measure is not struck down, watch to see who is appointed to the 16-member advisory committee and listen to hear which way they are going. I bet it ends up being something along the lines of what I have suggested above.

Well, I actually didn’t exactly get a chance to say quite enough for this to qualify as much of a “debate,” but I was brought in roughly a half hour into this WBUR (Boston NPR affiliate) radio show featuring Jonathan Zittrain, author of the recently released: The Future of the Internet–And How to Stop It. Jonathan was kind enough to suggest to the producers that I might make a good respondent to push back a bit in opposition to the thesis set forth in his new book.

Jonathan starts about 6 minutes into the show and they bring me in around 29 minutes in. Although I only got about 10 minutes to push back, I thought the show’s host Tom Ashbrook did an excellent job raising many of the same questions I do in my 3-part review (Part 1, 2, 3) of Jonathan’s provocative book.

In the show, I stress the same basic points I made in those reviews: (1) he seems to be over-stating things quite a bit in saying that the old “generative” Internet is “dying”; and in doing so, (2) he creates a false choice of possible futures from which we must choose. What I mean by false choice is that Jonathan doesn’t seem to believe a hybrid future is possible or desirable. I see no reason why we can’t have the best of both worlds–-a world full of plenty of tethered appliances, but also plenty of generativity and openness.

If you’re interested, listen in.

Don’t judge a book by its cover (or its title, for that matter). I’m usually faithful to that maxim, but I must admit that when I first saw the title and cover of “<a href="http://www.amazon.com/Grand-Theft-Childhood-Surprising-Violent/dp/0743299515/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1208179493&sr=8-1″>Grand Theft Childhood: The Surprising Truth About Violent Video Games and What Parents Can Do,” I rolled my eyes and thought to myself, “here we go again.” I figured that I was in for another tedious anti-gaming screed full of myths and hysteria about games and gamers. Boy, was I wrong. Massively wrong.