The success of the Internet and the modern digital economy was due to its open, generative nature, driven by the ethos of “permissionless innovation.” A “light-touch” policy regime helped make this possible. Of particular legal importance was the immunization of online intermediaries from punishing forms of liability associated with the actions of third parties.

As “software eats the world” and the digital revolution extends its reach to the physical world, policymakers should extend similar legal protections to other “generative” tools and platforms, such as robotics, 3D printing, and virtual reality.

In other words, we need a Section 230 for the “maker” movement.

The Internet’s Most Important Law

Today’s vibrant Internet ecosystem likely would not exist without “Section 230” (47 U.S.C. § 230) of the Telecommunications Act of 1996. That law, which recently celebrated its 20^th anniversary, immunized online intermediaries from onerous civil liability for the content and communications that travelled over their electronic networks.

The immunities granted by Section 230 let online speech and commerce flow freely, without the constant threat of legal action or onerous liability looming overhead for digital platforms. Without the law, many of today’s most popular online sites and services might have been hit with huge lawsuits for the content and commerce that some didn’t approve of on their platforms. It is unlikely that as many of them would have survived if not for Section 230’s protections.

For example, sites such as eBay, Facebook, Wikipedia, Angie’s List, Yelp, and YouTube all depend on Section 230 immunities to shield them from potentially punishing liability for the content that average Americans post to those sites. But Section 230 protects countless small sites and services just as much as those larger platforms and it has been an extraordinary boon to online commerce and speech.

Extending Immunities to Other General-Purpose Technologies: 3 Models

To foster generativity and permissionless innovation for the next wave of tech entrepreneurs, it may be necessary to immunize some intermediaries (i.e., platform providers or device manufacturers) from punishing forms of liability, or at least to limit liability in some fashion to avoid the chilling effect that excessive litigation can have on life-enriching innovation. Specifically, they should be immunized from liability associated with the ways third-parties use their platforms or devices to speak, experiment, or innovate.

“The past ten years have been about discovering new ways to create, invent, and work together on the Web,” noted Chris Anderson in his book Makers: The New Industrial Revolution. “The next ten years will be about applying those lessons to the real world.” But that can only happen if we get public policy right.

Thus, the creators of newer general-purpose technologies may need to receive certain limited immunizations from liability for the ways third-parties use their devices. If troublemakers use general-purpose technologies to do harm—i.e., cybersecurity violations, privacy invasions, copyright infringement, etc.—it is almost always more sensible to hold those problematic users directly accountable for their actions.

The other approach—holding those intermediaries accountable for the actions of third parties—will discourage innovators from creating vibrant, open platforms and devices that could facilitate new types of speech and commerce. Therefore, an embrace of permissionless innovation requires a rejection of such middleman deputization schemes.

There are three different existing immunity models we might consider applying to emerging general-purpose technologies.

Model #1: Section 230 & online services

The first model, of course, is Section 230 itself.  Section 230 stipulated that it is the policy of the United States “to promote the continued development of the Internet and other interactive computer services and other interactive media,” and “to preserve the vibrant and competitive free market that presently exists for the Internet and other interactive computer services, unfettered by Federal or State regulation.” To accomplish that, the law made it clear that, “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”

Since implementation of Section 230 two decades ago, courts have generally read this immunity fairly broadly, so much so that some critics have argued that 230’s scope has been enlarged well beyond congressional intent. Even if that is true, I believe that has been a net positive (excuse the pun) and that it is not only wise to preserve that sweeping immunity but extend it to other technologies and sectors.

Model #2: Firearm manufacturing

Another immunization model can be found in the Protection of Lawful Commerce in Arms Act of 2005 (Pub. L. No. 109-92, 119 Stat. 2095). Although “lawsuits alleging negligent distribution plagued the firearm industry until 2005,” the Protection of Lawful Commerce in Arms Act “effectively ended the ‘gun tort’ era,” notes Peter Jensen-Haxel. The law did so by granting gun manufacturers immunities for such legal actions. (It would seem that, by extension, those who use 3D printers to create firearms will also be immunized from civil actions.)

Importantly, unlike Section 230, which provided broad immunity by default to all online platforms, the Protection of Lawful Commerce in Arms Act applied to manufactures/sellers that fit into the certain qualifications (i.e., they get immunity if they comply with certain licensing rules, record keeping requirements, etc.). This tension between broad versus targeted immunity will become the subject of debate for emerging general-purpose technologies as scholars and policymakers contemplate optimal default liability rules.

Model #3: Vaccines

A final legal immunization model comes, ironically, from the world of medical immunizations. As part of the National Childhood Vaccine Injury Act of 1986 (42 U.S.C. §§ 300aa-1 to 300aa-34), Congress created The National Vaccine Injury Compensation Program, “after lawsuits against vaccine companies and health care providers threatened to cause vaccine shortages and reduce U.S. vaccination rates, which could have caused a resurgence of vaccine preventable diseases.”

As described by the U.S. Department of Health and Human Services, the program, “is a no-fault alternative to the traditional legal system for resolving vaccine injury petitions.” Thus, those suffering injuries from vaccines are able to seek compensation from this program instead of having to sue vaccine companies.

As Avery Johnson of the Wall Street Journal noted in 2009 article about the program, “A spate of lawsuits against vaccine makers in the 1970s and 1980s had caused dozens of companies to get out of the low-profit business, creating a public-health scare. The strategy worked and the public health implications have been sizable. Vaccines have driven huge reductions — and in the case of smallpox, for instance, complete eradications — of major childhood diseases.”

This model is obviously very different than Section 230 and the Protection of Lawful Commerce in Arms Act in that it includes a government-created compensation fund provided as an alternative to civil lawsuit remedies. In all likelihood, such a compensation fund would not be necessary for new general-purpose “maker” technologies or sectors.

Nonetheless, this model could, perhaps, have some relevance for certain narrow classes of those technologies. For example, 3D-printed medical devices might be one area where it would make sense to exempt from liability the creators of 3D printers and the platforms over which 3D printer blueprints are distributed. But if there is significant resulting harm from some of those devices or plans, it remains unclear how compensation would work and who would be picking up the tab for it. The National Vaccine Injury Compensation Program offers one potential answer, although it may not be wise to craft such a consumer-funded or taxpayer-supported program for other reasons. Even if creating a government-run compensation fund was eventually seen as a good idea, we cannot determine how big the fund should be until some actual harms occur.

Three Sectors to Cover

Next, we should consider which sectors or technologies should be eligible for such immunities.

I wish it was possible to craft some sort of “General-Purpose Technology Immunization Act” that would shield such platforms and technologies from onerous liability associated with third-party uses. Realistically, however, it is not likely such a broad-based regime could achieve political traction. There would just be too many opposing forces. Moreover, there may be some unique distinctions between technologies and sectors which necessitate specialized legal regimes.

In any event, I believe a good case can be made for adopting some sort of legal immunity regime for three specific technologies: Robotics, 3D printing, and immersive technology (i.e., virtual reality and augmented reality).

Robotics

Ryan Calo, professor of law at the University of Washington School of Law, has done important work on the law of robotics and he has suggested that such legal immunities may need to be extended to this field. In his 2011 Maryland Law Review article on “Open Robotics,” Calo made his case as follows:

To preempt a clampdown on robot functionality, Congress should consider immunizing manufacturers of open robotic platforms from lawsuits for the repercussions of leaving robots open.  Specifically, consumers and other injured parties should not be able to sue roboticists, much less recover damages, where the injury resulted from one of the following: (1) the use to which the consumer decided to put the robot, no matter how tame or mundane; (2) the nonproprietary software the consumer decided to run on the robot; or (3) the consumer’s decision to alter the robot physically by adding or changing hardware. This immunity would include lawful and unlawful uses of the robot. (p. 134) . . . The immunity I propose is selective: Manufacturers of open robots would not escape liability altogether. For instance, if the consumer runs the manufacturer’s software and the hardware remains unmodified, or if it can be shown that the damage at issue was caused entirely by negligent platform design, then recovery should be possible. The immunity I propose only applies in those instances where it is clear that the robot was under the control of the consumer, a third party software, or otherwise the result of end-user modification. Because this issue will not always be easy to prove, we should expect litigation at the margins. I am thus arguing for a compromise position: A presumption against suit unless the plaintiff can show the problem was clearly related to the platform’s design. (p. 136)

I find this entirely convincing and I also believe Calo is wise to begin with robotics as the first target for such legal immunization because such technologies are already being widely manufactured and deployed today.

These liability questions are already being widely debated, for example, in the field of autonomous systems and driverless cars in particular. I’d like to believe that the common law would sort out these things fairly quickly and that an efficient liability regime would emerge from autonomous technologies in short order.

Alas, because America lacks a “loser pays” rule, a perverse incentive exists for overly-zealous trial lawyers to file an avalanche of lawsuits at the first sign of any problem. This could significantly hamper the development of autonomous technologies, which have the potential to immediately decrease the staggering death toll associated with human error behind the wheel. Therefore, it may be necessary for Congress to craft some sort of limited immunity regime for autonomous technology makers to ensure that the development of these potential life-saving technologies is not discouraged by the looming threat of perpetual litigation.

3D Printing

3D printing would be my second choice for a general-purpose technology that should be covered by some sort of intermediary immunity model.

In a forthcoming law review article for the Minnesota Journal of Law, Science & Technology, Adam Marcus and I argue that “the manufacturers of 3D printing devices and the website operators hosting blueprints for 3D-printed objects may need to be protected from liability to avoid chilling innovation. In this sense, a ‘Section 230 for 3D printing’ might be needed.”

We discuss three specific ways that 3D printers could be used by third-parties in such a way that existing laws or regulations are implicated and someone might seek to bring action against the manufacturers of 3D printers or 3D printing marketplaces, like Shapeways or Thingiverse. These cases involve things like 3D-printed prosthetics, which could raise policy concerns at the Food and Drug Administration, and 3D-printed toys or sculptures, which could present intellectual property issues.

But perhaps the most interesting case study for liability purposes will be 3D-printed firearms, which are already raising a great deal of controversy. Marcus and I argue, once again, that “the proper focus of regulation should remain on the user and uses of firearms, regardless of how they are manufactured.” And because, as already noted, the Protection of Lawful Commerce in Arms Act immunizes gun manufacturers from legal liability for third-party actions, it would seem logical that the law’s protections would extend to 3D-printed firearms. Moreover, Section 230 itself (and perhaps also the First Amendment) might also apply to 3D printing design schematics that appear on various websites or 3D printing marketplaces.

Generally speaking, Marcus and I argue, “imposing liability on third parties—sites hosting schematics, search engines, and manufacturers of devices—seems neither workable nor wise. There exists a broad spectrum of general-purpose technologies that can be used to facilitate criminal activity,” we note, such as cars, computers, or paper printers. But we don’t blame those intermediaries when those technologies are used by third parties in criminal acts. The same principle should apply to 3D printers.

Things get more complicated when intellectual property issues are brought into the debate. In an important 2014 article, “Patents, Meet Napster: 3D Printing and the Digitization of Things,” Deven R. Desai and Gerard N. Magliocca sketched out the potential case for some sort of limited immunity as it pertains to patent infringement and 3D printing. “An obstacle to the growth of 3D printing that Congress should consider addressing is that individuals who engage in that activity are strictly liable if they infringe a patent,” they note, but they continue on to add that:

Exempting personal 3D printing from patent infringement without undermining other aspects of the regulatory scheme will not be easy. It would not be a good idea for Congress to create a fair use exception for all patents or make infringement an intentional tort, as those changes would sweep too far. Targeting 3D printing itself is a possibility, but in that case the legislation would have to distinguish between personal and commercial activity, as there is no rationale for saying that all 3D printing leading to patent infringement, including what Fortune 500 firms do, should be permitted. Drawing that kind of line with a substantive legal standard, though, will generate years of litigation and may not effectively separate the good from the bad. One alternative, should Congress opt to give personal 3D printing some immunity, would be to set a relatively high minimum amount-in-controversy for federal jurisdiction over any [patent] infringement claims involving this technology. (p. 1717)

Getting this balance right will be tricky, yet essential. “Patent law and industries that rely on patents will have to adapt to this new environment or face potential obsolescence,” Desai and Magliocca correctly conclude.

Immersive Technology

A final sector we might eventually want to apply some sort of intermediary immunity model to is immersive technology. “Immersive technology” refers to services that currently utilize wearable devices (such as a head-mounted display or headset) to let users explore virtual worlds, virtual objects, or hologram-like projections. Immersive technology can be separated into two different, but related groups: virtual reality (VR) and augmented reality (AR).

These technologies are still in the cradle, but many companies are already developing VR and AR technologies for both entertainment and professional uses. As they gain more widespread usage, immersive technologies could raise some policy issues, including concerns about privacy, intellectual property (ex: who owns certain “experiences”), and potentially even worries about distraction and addiction.

It would not be surprising, therefore, if some critics begin advocating greater regulation of, or liability for, VR and AR intermediaries. If that happens, policymakers will need to consider immunizing them from the threat of lawsuits or else innovation will die in these sectors.

Conclusion

Following the general logic of permissionless innovation, and understanding the importance of keeping intermediaries free of punishing liability for what others might do with their general-purpose technologies and platforms, the proper focus of regulation should remain on the user and uses of those technologies.

Accordingly, policymakers should craft a “Section 230 for the maker movement” by adopting legal protections for robotics, 3D printing, and immersive technology. At the same time, we should seek out better solutions—legal and otherwise—to the old problems that might persist or new ones that might come about due to the use of these new devices and platforms. But we should not let hypothetical worst-case scenarios and concerns about future technologies lead us down a path where intermediaries are “deputized” or hit with punishing liability for downstream actions by third parties.

Note#1 : This is a preliminary sketch of a law review article I would eventually like to write entitled, “A Section 230 for the “Makers” Movement: Extending Section 230 Immunities to Robotics, 3D Printing & Virtual Reality.” Toward that end, I welcome suggestions for (a) which general-purpose technologies deserve some sort of immunization, and also (b) what other legal immunity regimes exist that we could learn from. Please forward any ideas you might have along to me.

Note #2: My thanks to Adam Marcus and Christopher Koopman for their helpful suggestions on this essay.

As I noted here a few days ago, the Federal Communications Commission held a workshop on Tuesday about “Speech, Democratic Engagement, and the Open Internet.”  It was a shockingly one-sided affair with the deck being stacked almost entirely in favor of advocates of Net neutrality regulation. Worse yet, those advocates shamelessly made up spooky stories about a future of “private censorship” that could only be remedied by using the First Amendment as a club to beat private players into submission. The token opposition at this Chicken Little circus was Robert Corn-Revere, a Partner at the law firm of Davis Wright Tremaine LLP in Washington, D.C.   Bob set the record straight–both in terms of baseless accusations that were flying that day as well as the revisionist histories of the First Amendment that were being put forward. I’m happy to report that Bob allowed PFF to reprint his remarks as a new white paper entitled, “The First Amendment, the Internet & Net Neutrality: Be Careful What You Wish For.”

In his essay, Corn-Revere discusses the relationship between the First Amendment and regulatory policy, particularly the treatment of new communications technologies, and he warns that government regulation of broadband networks could “provide the vehicle for advancing new First Amendment theories for media regulation” and online speech and expression more generally.  “It should not be forgotten,” he argues, “that the federal government’s initial impulse was to censor the Internet and to subject it to a far lower level of First Amendment protection. It pursued this agenda for more than a decade but was blocked by a series of First Amendment rulings.”  The Communications Decency Act and the Child Online Protection Act are just two notable examples. Luckily, the courts determined that “the open Internet would be at great risk if the government is allowed to exercise such power,” he notes, and they struck down such laws.

But we must be vigilant in defending our free speech rights, Corn-Revere warns. He notes that, “the constitutional ramifications of the network neutrality debate extend far beyond the question of whether the FCC should or should not adopt a given set of rules. On a doctrinal level the question is whether technological convergence should also lead to regulatory convergence, where the least common denominator of First Amendment protection becomes the governing rule.”

“The First Amendment, the Internet & Net Neutrality: Be Careful What You Wish For” is available on the PFF website and can also be viewed down below in a Scribd document reader. I want to also recommend that everyone take a look at the brief remarks that FCC Commissioner Robert McDowell delivered at the opening of that FCC event that Corn-Revere spoke at. “Efforts to advance ‘First Amendment values’ through additional government regulation risks turning over two hundred years of First Amendment jurisprudence on its head,” McDowell rightly argued. And that’s also consistent with the outstanding address delivered last week by Kyle McSlarrow, President & CEO of the National Cable & Telecommunications Association, on the same issue, in which he correctly noted that, “the First Amendment is framed as a shield for citizens, not a sword for government.” “By its plain terms and history, the First Amendment is a limitation on government power, not an empowerment of government,” McSlarrow said.

Thank God a few people in this town are still taking a stand for the real First Amendment.

Robert Corn-Revere Remarks at FCC Workshop on Speech and Democracy http://d1.scribdassets.com/ScribdViewer.swf?document_id=24208240&access_key=key-2h2o9rho7g9qr414utqi&page=1&version=1&viewMode=list

Be sure to read Julian’s write-up of the USA-PATRIOT Act reform bills.

by Adam Thierer & Berin Szoka — (Ver. 1.0 — Summer 2009)

We are attempting to articulate the core principles of cyber-libertarianism to provide the public and policymakers with a better understanding of this alternative vision for ordering the affairs of cyberspace. We invite comments and suggestions regarding how we should refine and build-out this outline. We hope this outline serves as the foundation of a book we eventually want to pen defending what we regard as “Real Internet Freedom.” [Note:  Here’s a printer-friendly version, which we also have embedded down below as a Scribd document.]

I. What is Cyber-Libertarianism?

Cyber-libertarianism refers to the belief that individuals—acting in whatever capacity they choose (as citizens, consumers, companies, or collectives)—should be at liberty to pursue their own tastes and interests online.

Generally speaking, the cyber-libertarian’s motto is “Live & Let Live” and “Hands Off the Internet!”  The cyber-libertarian aims to minimize the scope of state coercion in solving social and economic problems and looks instead to voluntary solutions and mutual consent-based arrangements.

Cyber-libertarians believe true “Internet freedom” is freedom from state action; not freedom for the State to reorder our affairs to supposedly make certain people or groups better off or to improve some amorphous “public interest”—an all-to convenient facade behind which unaccountable elites can impose their will on the rest of us.

B.  Application in Social & Economic Contexts

The cyber-libertarian draws no distinction between social and economic freedom when applying this vision:

• Social Freedom: Individuals should be granted liberty of conscience, thought, opinion, speech, and expression in online environments.
• Economic Freedom: Individuals should be granted liberty of contract, innovation, and exchange in online environments.

Cyber-libertarians also argue that social and economic freedoms are inextricably intertwined:  It is not enough to support liberty of action in one sphere; foreclosing freedom in one sphere will eventually affect freedom in the other.

C.  How “Code Failures” Are to Be Addressed

The cyber-libertarian believes that “code failures” (the digital equivalent of so-called “market failures”) are better addressed by voluntary, spontaneous, bottom-up, marketplace responses than by coerced, top-down, governmental solutions.   From a practical perspective, the decisive advantage of the market-driven approach to correcting code failure comes down to the rapidity and nimbleness of those responses.  Stated differently, cyber-libertarians have a strong aversion to the politicization of technology issues and efforts to replace market processes with bureaucratic processes.

Importantly, the cyber-libertarian defines “markets” broadly to include monetary and non-monetary transactions as well as proprietary and non-proprietary modes of production.  To be clear, collaborative, non-proprietary technologies and efforts ( e.g., Wikipedia and open source software) are not at odds with cyber-libertarianism.  But the cyber-libertarian does reject the notion these models are the only acceptable model or that they should be imposed on us by law.  The proper policy position with regards to the “open vs. closed” or “proprietary vs. non-proprietary” debate should be one of techno-agnosticism.  Lawmakers and courts should not be tilting the balance in one direction or the other.

More generally speaking, instead of seeking to define or impose a single utopian vision, the cyber-libertarian seeks to enable what libertarian philosopher Robert Nozick called a “Utopia of Utopias:” a framework within which many different models of organizing commerce and community can flourish alongside, and in competition with, each other.

D.  General Relationship to “Internet Exceptionalism”

Internet exceptionalists are first cousins to cyber-libertarians:  They believe that the Internet has changed culture and history profoundly and is deserving of special care before governments intervene.  [See Section IV for an expanded discussion.]

II. The Intellectual Foundations of Cyber-Libertarianism

A.  Traditional Libertarian Philosophy

• Natural Rights philosophers –John Locke, Ayn Rand, The Founders
• Utilitarian philosophers – John Stuart Mill (On Liberty), Herbert Spencer
• “Austrian School” of Economics – Ludwig von Mises, F.A.  Hayek, Murray Rothbard
• Milton Friedman (Free to Choose)
• Robert Nozick – argument for a minimalist state; “utopia of utopias” notion
• Thomas Sowell – critique of “The Vision of the Anointed”
• Richard Epstein – vision of “Simple Rules for a Complex World

B.  Modern Cyber-Libertarian Theorists

• Ithiel de Sola Pool (Technologies of Freedom)
• Alvin Toffler (The Third Wave , Future Shock)
• George Gilder (Microcosm , Telecosm)
• Peter Huber (Law & Disorder in Cyberspace)
• Tom W.  Bell
• Technology Liberation Front bloggers

C.  Internet Exceptionalists[see Sec.  IV below]

• Nicholas Negroponte (Being Digital)
• John Perry Barlow (“Declaration of the Independence of Cyberspace”)
• David Post
• Eric Goldman
• H.  Brian Holland

III. The Contrast with Cyber-Collectivism

A.  Cyber-Collectivism Defined

Cyber-collectivism is the opposite of cyber-libertarianism.  Cyber-collectivism refers to the general belief that cyber-choices should be guided by the State or an elite class according to some amorphous “general will” or “public interest.”  The distant influence of Plato, Rousseau, and Marx can often been seen in the work of cyber-collectivists.

Cyber-collectivism comes in many flavors, however.  “Left”-leaning cyber-collectivists, for example, are more focused on social concerns than economic ones.  Some “Right”-leaning cyber-collectivists are focused on controlling the impact of the Internet on culture or security.  In other words, cyber-collectivism is not as philosophically coherent as cyber-libertarianism—which, though it comes in many flavors, shares a larger core of common agreement

B.  General Relationship to “Information Commons” Movement

There is a close relationship between the Leftist variant of cyber-collectivism and the “digital commons” or “information commons” movement, which generally refers to the belief that digital resources should be shared or perhaps commonly owned instead of held privately—both because cyber-collectivists think this is more equitable and because they generally think such arrangements will ultimately work better.

Cyber-collectivists are typically not Marxists; few of them call for state ownership of the information means of production.  Rather, cyber-collectivists might better be thought of a “cyber social Democrats” (in a European sense) or “Digital New Dealers” (in the American tradition).  They advocate a generous role for law and regulation in many online matters, but do not typically resort to full-blown nationalization.

C. Exponents of Cyber-Collectivism

Some notable cyber-collectivists or information commons adherents (and their key works):

• Lawrence Lessig (Code , Free Culture)
• Tim Wu (Who Controls the Internet?)
• Yochai Benkler (The Wealth of Networks)
• Jonathan Zittrain (The Future of the Internet & How to Stop It)
• David Bollier (Viral Spiral)
• Harvard Berkman Center*
• New America Foundation*
• Public Knowledge*

(*We are, of course, generalizing a bit here. Not everyone in these institutions is a cyber-collectivist and, again, there are many flavors of cyber-collectivism, just as there are many flavors of cyber-libertarianism. Individuals in some of these organizations diverge significantly in attitudes towards technological change and the proper scope of government influence throughout the high-tech sector.)

IV. Relationship Between Cyber-Libertarianism & Internet Exceptionalism

Some non-libertarians occasionally join ranks with cyber-libertarians out of a belief that the Internet is different and deserving of special consideration and care. This is commonly referred to as “Cyber-Exceptionalism” or “Internet Exceptionalism.” John Perry Barlow’s 1996 “Declaration of the Independence of Cyberspace” was probably the earliest (and most extreme) articulation of “Internet Exceptionalism”:

Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather. We have no elected government, nor are we likely to have one, so I address you with no greater authority than that with which liberty itself always speaks. I declare the global social space we are building to be naturally independent of the tyrannies you seek to impose on us. You have no moral right to rule us nor do you possess any methods of enforcement we have true reason to fear. Governments derive their just powers from the consent of the governed. You have neither solicited nor received ours. We did not invite you. You do not know us, nor do you know our world. Cyberspace does not lie within your borders. Do not think that you can build it, as though it were a public construction project. You cannot. It is an act of nature and it grows itself through our collective actions. You have not engaged in our great and gathering conversation, nor did you create the wealth of our marketplaces. You do not know our culture, our ethics, or the unwritten codes that already provide our society more order than could be obtained by any of your impositions. You claim there are problems among us that you need to solve. You use this claim as an excuse to invade our precincts. Many of these problems don’t exist. Where there are real conflicts, where there are wrongs, we will identify them and address them by our means. We are forming our own Social Contract. This governance will arise according to the conditions of our world, not yours. Our world is different.

Similarly, in 1994, The Progress & Freedom Foundation brought together four leading technology visionaries (Esther Dyson, George Gilder, George Keyworth, and Alvin Toffler) to pen A Magna Carta for the Knowledge Age. In that manifesto, the authors argued:

Cyberspace is the land of knowledge, and the exploration of that land can be a civilization’s truest, highest calling. The opportunity is now before us to empower every person to pursue that calling in his or her own way. The challenge is as daunting as the opportunity is great. The Third Wave has profound implications for the nature and meaning of property, of the marketplace, of community and of individual freedom. As it emerges, it shapes new codes of behavior that move each organism and institution—family, neighborhood, church group, company, government, nation—inexorably beyond standardization and centralization, as well as beyond the materialist’s obsession with energy, money and control. Turning the economics of mass-production inside out, new information technologies are driving the financial costs of diversity—both product and personal—down toward zero, “demassifying” our institutions and our culture. Accelerating demassification creates the potential for vastly increased human freedom. It also spells the death of the central institutional paradigm of modern life, the bureaucratic organization. (Governments, including the American government, are the last great redoubt of bureaucratic power on the face of the planet, and for them the coming change will be profound and probably traumatic.)

As that last paragraph suggests, this “Magna Carta” for cyberspace contained some hints of cyber-libertarian thinking, but the general thrust of the document was more generally of the Internet Exceptionalist school of thought.

Internet Exceptionalists are sometime critiqued for sounding like techno-utopians, but it is a mistake to conflate the two. There are not always synonymous.

V. Cyber-Libertarianism’s Early Legal Foundations & Victories

• Section 230 of the Communications Decency Act of 1996 is probably the best example of cyber-exceptionalism in practice. It grants broad immunity to online intermediaries for third party content except for criminal and IP law—breaking with traditional tort liability standards. Specifically, Sec. 230 rejected the “deputization of the middleman” model of liability.
• Overturning of the Communications Decency Act’s indecency & obscenity provisions in Reno v. ACLU decision
• Various court decisions blocking enforcement of the Child Online Protection Act (COPA) of 1999
• The encryption wars & the defeat of the “Clipper Chip”
• The Internet Tax Freedom Act of 1998

VI. Applications: How Cyber-Libertarians Think about Various Policy Issues

• Free speech & online child safety: Favor parental empowerment and industry self-regulation over censorship. “Household standards” should trump “community standards.”
• Privacy policy & online advertising: Privacy is a subjective condition and efforts to regulate to “protect privacy” could have unintended consequences for freedom of speech and the growth of online content and commerce. User empowerment and industry self-regulation represent the superior way to address privacy concerns.
• Net neutrality / infrastructure regulation: “Open access” regulation is nothing more the infrastructure socialism. Network operators should be free to own, operate, and price their systems and services as they see fit, subject only to enforcement of their terms of service and other voluntary disclosures as contracts with their users. New entry and innovation are better alternative to regulating yesterday’s networks and technologies.
• Internet taxation: No special taxes should be imposed on online services or Internet access. To the extent the Net disrupts traditional tax bases that should be seen as an opportunity to reform those tax systems.
• Online gambling: People should be free to do what they want with their money and Internet gambling is likely impossible to shut down entirely anyway, given the nature of the Internet.
• Antitrust: “Market power” and “code failures” are best dealt with by spontaneous evolution of markets and new entry, not bureaucratic micro-management of old technologies or market structures. Regulation often creates, or tends to foster, most monopolies. As Ithiel de Sola Pool once noted, “The force that preserves most monopoly privilege is law… most would vanish in the absence of enforcement.”
• IP issues: Cyber-libertarians are deeply divided over IP issues (especially copyright) and this reflects a long-standing division within libertarian ranks on these issues more generally. Some believe IP rights are a natural extension of traditional property rights and/or a sensible way to incentivize scientific and artistic creativity. Others believe no one has a right to “property-tize” intangible creations or that copyright is simply industrial protectionism. And there are many views in between.

VII. Prospects for Cyber-Libertarianism

A. The Pessimistic View

• Government’s will quash online freedom and bring the Internet under their thumbs.
• Regulatory efforts are expanding at a breathtaking pace and will not slow anytime soon.

B. The Optimistic View

• “Technologies of Freedom” (tools and methods to avoid online regulation, censorship and control) will ultimately triumph.
• Technology is evolving faster than government’s ability to regulate it.

VIII. Related Reading on Cyber-Libertarianism & Internet Exceptionalism

• John Perry Barlow, Declaration of the Independence of Cyberspace (1996).
• Tom W. Bell, Free Speech, Strict Scrutiny, and Self-Help: How Technology Upgrades Constitutional Jurisprudence , 87 U. Minn. L. Rev. 743 (2003).
• Esther Dyson, George Gilder, George Keyworth, & Alvin Toffler, The Progress & Freedom Foundation, A Magna Carta for the Knowledge Age (1994).
• Eric Goldman, The Third Wave of Internet Exceptionalism, Santa Clara Magazine (Winter 2008).
• H. Brian Holland, In Defense of Online Intermediary Immunity: Facilitating Communities of Modified Exceptionalism, Kansas L. Rev. (2007).
• Peter Huber, Law & Disorder in Cyberspace: Abolish the FCC and Let Common Law Rule the Telecosm (1997).
• Ithiel de Sola Pool, Technologies of Freedom (1983).
• David Post, In Search of Jefferson’s Moose: Notes on the State of Cyberspace (2009).
• Adam Thierer, The Pragmatic Internet Optimist’s Creed, Technology Liberation Front Blog (Nov. 11, 2008).
• Technology Liberation Front Blog, About the Technology Liberation Front (August 2004, revised 2008).

Cyber-Libertarianism: The Case for Real Internet Freedom [Ver 1.0 – Thierer & Szoka] http://d.scribd.com/ScribdViewer.swf?document_id=18490847&access_key=key-14tt6eb4f2cdcil8wnf2&page=1&version=1&viewMode=

If you’re a cyberlaw geek or tech policy wonk who needs to keep close tabs on Sec. 230 developments, here’s a terrific resource from the Citizen Media Law Project up at the Harvard Berkman Center.  The site offers a wealth of background info, including legislative history, all the relevant case law surrounding 230, and breaking news on this front.  Just a phenomenal resource; a big THANK YOU! to the folks at CMLP who put this together.

If you’re interested in these issues, you might also want to check out this friendly debate that Harvard’s John Palfrey and I engaged in over at Ars recently as well as my essay on how Sec. 230 has spawned a “utopia of utopias” online.

David Margolick has penned a lengthy piece for Portfolio.com about the AutoAdmit case, which has important ramifications for the future of Section 230 and online speech in general. Very brief background: AutoAdmit is a discussion board for students looking to enter, or just discuss, law schools. Some threads on the site have included ugly — insanely ugly — insults about some women.  A couple of those women sued to reveal the identities of their attackers and hold them liable for supposedly wronging them.  The case has been slowly moving through the courts ever since. Again, read Margolick’s article for all the details.  The important point here is that the women could not sue AutoAdmit directly for defamation or harassment because Section 230 of the Communications Decency Act of 1996 immunizes websites from liability for the actions of their users.  Consequently, those looking to sue must go after the actual individuals behind the comments which (supposedly) caused the harm in question.

I am big defender of Section 230 and have argued that it has been the cornerstone of Internet freedom. Keeping online intermediaries free from burdensome policing requirements and liability threats has created the vibrant marketplace of expression and commerce that we enjoy today. If not for Sec. 230, we would likely live in a very different world today.

Sec. 230 has come under attack, however, from those who believe online intermediaries should “do more” to address various concerns, including cyber-bullying, defamation, or other problems.  For those of us who believe passionately in the importance of Sec. 230, the better approach is to preserve immunity for intermediaries and instead encourage more voluntary policing and self-regulation by intermediaries, increased public pressure on those sites that turn a blind eye to such behavior to encourage them to change their ways, more efforts to establish “community policing” by users such that they can report or counter abusive language, and so on.

Of course, those efforts will never be fool proof and a handful of bad apples will still be able to cause a lot of grief for some users on certain discussion boards, blogs, and so on.  In those extreme cases where legal action is necessary, it would be optimal if every effort was exhausted to go after the actual end-user who is causing the problem before tossing Sec. 230 and current online immunity norms to the wind in an effort to force the intermediaries to police speech.  After all, how do the intermediaries know what is defamatory?  Why should they be forced to sit in judgment of such things?  If, under threat of lawsuit, they are petitioned by countless users to remove content or comments that those individuals find objectionable, the result will be a massive chilling effect on online free speech since those intermediaries would likely play is safe most of the time and just take everything down.

Which brings up back to the danger of a 230 backlash following the AutoAdmit case. As Margolick notes of the case:

By any standard, the plaintiffs’ catch has been meager. Even with one of the country’s top intellectual-property lawyers, backed by a super-elite law firm, going after them, most of the worst offenders got off scot-free. The fact that so few prey were netted could prompt calls to modify Section 230(c), if only to give victims of internet abuse more of a chance. Brian Leiter, the professor and vocal critic of AutoAdmit, sees it coming. He calls the free pass enjoyed by Google and other carriers “a disaster” and says change is inevitable. “The point at which some senator’s daughter becomes the target of this kind of campaign of online vilification and harassment on the next iteration of AutoAdmit — something’s going to happen,” predicted Leiter, who now teaches at the University of Chicago Law School.

Unfortunately, although I obviously don’t agree with Prof. Leiter about Sec. 230 being “a disaster,” I think he’s right to assume that one particularly visible and sensitive case could end up bringing 230 back up for political reconsideration.  Commenting on this on the Info/Law blog, William McGeveran of the University of Minnesota Law School summarizes my own feelings regarding the potential danger we face going forward:

the response will be a dramatic evisceration or even elimination of Section 230 immunity. We might end up with some kind of notice-and-takedown regime that could be abused just as it is in the DMCA setting, allowing anyone to effectively force the elimination of web content they dislike with the mere untested allegation that it was tortious. Worse, we might see an effort to repeal section 230 altogether, making it impossible to run an open online forum for user-generated content without risking significant liability.

Indeed, there have already been calls for variants of a notice-and-takedown regime for speech put forward by law professors such as Mark Lemley and Daniel Solove. And the rising calls at the state level for legislation to address cyber-bullying could become another pressure point in the movement to deputize the middleman.

Importantly, however, the “[AutoAdmit] case has already made a difference,” Margolick notes:

Things have calmed down on AutoAdmit, where, Cohen says, he’s driven away the worst actors and enlisted volunteer moderators. Some post­ers, moreover, have announced their “retirement”; any further self-expression, they’ve concluded, is clearly not worth the risk. Thanks to the case, casual defamers — those who take potshots for sport — may now refrain out of empathy for the plaintiffs, while the more malicious may have been intimidated into silence. The case may also have helped Heller and Iravani [the plantiffs in the case] cleanse their Google pages, as the old slurs have fallen farther down the screen. And last spring, Cohen quietly removed the offending threads. He’d have done so sooner, he says, had he been asked more nicely.

This gets back to my point about how self-regulation, social norms, and public pressure can be an effective way to counter online harassment without resorting to major changes in law or liability norms. Again, I think Sec. 230 is worth preserving and the efforts to tinker with it are likely to open a Pandora’s Box of problems for intermediaries and average users alike.  The question going forward is, do we let the presence of a few bad apples online justify the complete upending of a legal standard that has made the Internet the most vibrant platform for free speech that the world has ever known?  I certainly hope not.

Some additional reading on the case:

• Eugene Volokh’s thoughts on the case (make sure to read the comments too)
• Eric Goldman’s thoughts on the case
• Amir Efrati of the Wall Street Journal’s Law Blog
• Dave Hoffman at Concurring Opinions Blog (make sure to read the comments too)

I haven’t been blogging much lately because, along with my PFF colleagues Berin Szoka and Adam Marcus, I’m working on a lengthy paper about the importance of Section 230 to Internet freedom. Section 230 is the sometimes-forgotten portion of the Communications Decency Act of 1996 that shielded Internet Service Providers (ISP) from liability for information posted or published on their systems by users or other third parties. It was enshrined into law with the passage of the historic Telecommunications Act of 1996. Importantly, even though the provisions of the CDA seeking to regulate “indecent” speech on the Internet were struck down as unconstitutional, Sec. 230 was left untouched.

Section 230 of the CDA may be the most important and lasting legacy of the Telecom Act and it is indisputable that it has been remarkably important to the development of the Internet and online free speech and expression in particular. In many ways, Section 230 is the cornerstone of “Internet freedom” in its truest and best sense of the term.

In recent years, however, Sec. 230 has come under fire from some academics, judges, and other lawmakers. Critics raise a variety of complaints — all of which we will be cataloging and addressing in our forthcoming PFF paper. But what unifies most of the criticisms of Sec. 230 is the belief that Internet “middlemen” (which increasingly includes almost any online intermediary, from ISPs, to social networking sites, to search engines, to blogs) should do more to police their networks for potentially “objectionable” or “offensive” content. That could include many things, of course: cyberbullying, online defamation, harassment, privacy concerns, pornography, etc. If the online intermediaries failed to engage in that increased policing role, they would open themselves up to lawsuits and increased liability for the actions of their users.

The common response to such criticisms — and it remains a very good one — is that the alternative approach of strict secondary liability on ISPs and other online intermediaries would have a profound “chilling effect” on online free speech and expression. Indeed, we should not lose sight of what Section 230 has already done to create vibrant, diverse online communities. Brian Holland, a visiting professor at Penn State University’s Dickinson School of Law, has written a brilliant paper that does a wonderful job of doing just that. It’s entitled “In Defense of Online Intermediary Immunity: Facilitating Communities of Modified Exceptionalism” and it can be found on SSRN here. I cannot recommend it highly enough. It is a masterpiece. In the paper, Holland argues that Section 230 has helped give rise to our modern Web 2.0 world and that it “plays a vital role in [the] process of building heterogeneous communities that encourage collaborative production and communication.” Specifically, Holland argues that Sec. 230 immunity allows an online community:

to evolve and structure itself in the most efficient manner. To a limited extent, §230 immunity permits uncoordinated and uncoerced individual choice among different values and among different embodiments of those values. It further allows the intermediary to play an active role in facilitating the market in social norms and in creating enforcement mechanisms as a tool of self-governance. Those enforcement mechanisms can then themselves adapt. This allows not only for the development of distinct community values, but also for a means of tapping into incentives, adapting to evolving norms and conditions, and reducing costs associated with disputes. Within this framework, greater variations in community norms are possible. As communities grow, niche communities are formed at low cost. It… functions as a laboratory for testing social norms and values.

I think that is exactly right. Moreover, reading Professor Holland’s article got me thinking about something my favorite modern political philosopher, the late Harvard University philosophy professor Robert Nozick, said in his brilliant 1974 book, Anarchy, State, and Utopia. In a sense, Section 230 and existing online liability norms have helped foster what Nozick called “a utopia of utopias.”

Because people are all complex and quite different from one another, Nozick argued that, “There is no reason to think that there is one community which will serve as ideal for all people and much reason to think there is not.” Consequently, as a normative matter, it would be preferable for government to allow spontaneous community formation such that individuals can pursue their own interests. Nozick elaborated in the closing chapter of his book as follows:

The conclusion to draw is that there will not be one kind of community existing and one kind of life led in utopia. Utopia will consist of utopias, of many different and divergent communities in which people lead different kinds of lives under different institutions. Some kinds of communities will be more attractive to most than others; communities will wax and wane. People will leave some for others or spend their whole lives in one. Utopia is a framework for utopias, a place where people are at liberty to join together voluntarily to pursue and attempt to realize their own vision of the good life in the ideal community but where no one can impose his own utopian vision upon others.

That last line almost perfectly encapsulates everything that is so wonderful about our modern Web 2.0 world. Netizens are free to pursue their own vision of a good life in a community of their choosing, free from centralized or coerced visions of what “a good life” should entail.

Web 2.0 is Nozick’s utopia of utopias, and Section 230 has been instrumental in fostering and protecting it. We shouldn’t forget that.

Last month, I noted that UCLA Law School professor Doug Lichtman has a wonderful new monthly podcast called the “Intellectual Property Colloquium.” This month’s show features two giants in the field of tech policy — George Washington Law Professor Daniel Solove and Santa Clara Law Professor Eric Goldman –- discussing online privacy, defamation, and intermediary liability. More specifically, in separate conversations, Solove and Goldman both consider the scope of Section 230 of the Communications Decency Act of 1996, which shields Internet intermediaries from liability for the speech and expression of their users. Sec. 230 is the subject of hot debate these days and Solove and Goldman provide two very different perspectives about the law and its impact.

Goldman calls Sec. 230 “pure cyberspace exceptionalism” in the sense that it breaks from traditional tort norms governing intermediary liability. But he argues that this new online version of intermediary liability (which is extremely limited in scope) encourages more robust speech and expression than the older, offline version of liability (which was far more strict). I completely agree with Eric Goldman, but I respect the arguments that Lichtman and Solove raise about the privacy and defamation problems raised by the purist approach that Goldman and I favor.

Goldman also does a nice job dissecting the Roomates.com and Craigslist.com cases. And Lichtman brings up the JuicyCampus.com case during the conclusion. These are important cases for the future of Sec. 230 and online liability. Incidentally, there’s also an interesting conversation between Lichtman and Solove (around the 32:00 mark) about an issue that Alex Harris and Tim Lee have been raising here about the nature of online contracts and the perils of messy EULAs / Terms of Service (TOS).

These are two absolutely terrific conversations. Very in-depth and very highly recommended. Listen here.

[Note: I recently reviewed Daniel Solove’s important new book, Understanding Privacy, here.]

With the publication of Understanding Privacy (Harvard University Press 2008), George Washington University Law School professor Daniel J. Solove has firmly established himself as one of America’s leading intellectuals in the field of information policy and cyberlaw.  Solove had already made himself a force to be reckoned with in this field with the publication of important books like The Future of Reputation: Gossip, Rumor, and Privacy on the Internet (Yale University Press 2007), The Digital Person: Technology and Privacy in the Information Age (NYU Press 2004) and his treatise on Information Privacy Law with Paul M. Schwartz of the Berkeley School of Law (Aspen Publishing, 2d ed. 2006).  But with Understanding Privacy, Solove has now elevated himself to that rarefied air of “people worth watching” in the cyberlaw field; an intellectual — like Lawrence Lessig or Jonathan Zittrain — whose every publication becomes something of an event in the field to which all eyes turn upon release.

Like those other intellectuals, however, my respect for their stature should not be confused with agreement with their positions.  In fact, my disagreements with Lessig and Zittrain are frequently on display here and, we have been critical of Solove here in the past as well. [Here’s Jim Harper’s review of Solove’s last book, with which I am in wholehearted agreement.]  In a similar vein, although I greatly appreciate what Prof. Solove attempts to accomplish in Understanding Privacy — and I am sure it will change the way we conceptualize and debate privacy policy in the future — I found his approach and conclusions highly problematic.

Let me begin by summarizing Solove’s bold objective in Understanding Privacy. In the book, he attempts “to set forth a theory of privacy that will guide our understanding of privacy issues and the crafting of effective laws and policies to address them.” (p. 2) Solove’s “pragmatic” proposal to rethink privacy requires us to abandon the ways we have traditional thought about it. He begins by rightly noting that privacy has long been a “conceptual jungle” (p. 196) and a “concept in disarray.” (p. 1) “[T]he attempt to locate the ‘essential’ or ‘core’ characteristics of privacy has led to failure,” he says. (pg. 8 )

Consequently — and this is what make’s his approach so unique and important — Solove’s proposal to rethink privacy begins with a call to abandon the entire philosophical exercise of trying to tie privacy rights to some “common denominator” (pg. 8 ) since “Nobody can articulate what it means.” (p. 1) Actually, what he really means to say is that plenty of theorists can articulate what it means, it’s just that there is rarely any strong consensus about what justifies a particular theory of privacy. Indeed, in Chapter 2, he walks the reader through a half-dozen “conceptions of privacy” and illustrates how each has intellectual weaknesses and suffers from over- and under-breadth problems in terms of what it types of privacy it protects.

More importantly, according to Solove, not only has the effort “to locate the ‘essence’ of privacy” failed, but there is never any hope of it succeeding. Instead of continuing the futile search for such a grand, unified theory of privacy, Solove says we should tackle privacy issues from the “bottom up” by looking to “solve certain problems” (p. 75) The key to making it all work, he says, is “balancing”:

Because privacy conflicts with other fundamental values, such as free speech, security, curiosity, and transparency, we should engage in a candid and direct analysis of why privacy interests are important and how they ought to be reconciled with other interests. We cannot ascribe a value to privacy in the abstract. The value of privacy is not uniform across all contexts. We determine the value of privacy when we seek to reconcile privacy with opposing interests in the particular situations. (p. 87)

It is tempting to applaud Solove’s attempt to unhinge privacy from any “common denominator” and instead get more concrete about how to work through the details of practical privacy problems. After all, it is easy to get frustrated with some modern theories of privacy that have been tied up with amorphous, warm-and-fuzzy terms like “personhood” and “intimacy.” The inherent subjectivity of some of those terms makes it challenging to derive bright-line principles and tests to help craft law or resolve privacy disputes when they come before the courts.

But I believe there are serious problems with any attempt to completely divorce privacy policy from a theory of rights or justice. In my opinion, you can’t just dynamite all conceptual frameworks to the ground; value judgments will persist and references to rights theory will always be required. Even Solove’s pragmatic, bottom-up approach is value-laden; he just doesn’t acknowledge it. The majority of privacy controversies he attempts to work through in Chapter 5’s ambitious 16-part “Taxonomy of Privacy” mostly end up coming down in favor of taking stronger steps (i.e., rules, regulations, lawsuits, etc) to enhance privacy rights. He clearly has a bias in favor of enhancing and extending privacy rights relative to many other rights, but he doesn’t bother grounding it in any substantive theory of rights or justice.

Simply stated, even though Solove claims he can construct a new paradigm based strictly on a “pragmatic,” utilitarian, “problem-solving” approach, there is just no getting around the fact that, at some point, you are going to have to provide a more robust theory of rights or justice to explain why one right trumps another.

For example, let’s consider the frequent clash between privacy and free speech rights. As any casual reader of this blog knows, I feel quite passionately about the First Amendment and free speech rights. And, in all but the most extreme cases or circumstances, I will argue that speech rights should trump privacy rights. When would speech rights not trump privacy rights? For me, that would only occur when a clear, quantifiable harm resulted from the speech. But what is “clear, quantifiable harm”?  Reputation, for example, is not something one can easily quantify the loss of. When a company or a government agency loses or sells your personal health records without permission, however, that privacy violation gets a little more quantifiable. And in the case of someone stealing your personal information to engage in identity theft, the harm becomes still more quantifiable. But those cases often involve monetary damages, whereas something like defamation is much more difficult to quantify. However, when considering privacy-vs.-free speech trade-offs, I would first look to identify and quantify to concrete harm to an individual before allowing the state to curtain freedom of speech.

Solove acknowledges these privacy-speech trade-offs and cites the work of scholars like Eugene Volokh, Fred Cate, Virginia Postrel, and Solveig Singleton, who have all discussed these problems in their work. Volokh, for example, wrote an incredibly important 2000 law review article entitled, “Freedom of Speech, Information Privacy, and the Troubling Implications of a Right to Stop People from Speaking About You.” As he pointed out in that piece:

The difficulty is that the right to information privacy — the right to control other people’s communication of personally identifiable information about you — is a right to have the government stop people from speaking about you. And the First Amendment (which is already our basic code of “fair information practices”) generally bars the government from “control[ling the communication] of information,” either by direct regulation or through the authorization of private lawsuits.

Without reference to some higher set of first principles or theory of rights / justice, I believe it is very difficult to sort through thorny problems like these. We need to know how and when one right trumps another. A theory of rights that focuses on avoiding direct, tangible harm to others — but largely leaves individuals otherwise free to do what they wish — would generally place speech rights above many privacy “rights” (some of which perhaps should not quality be rights at all). Of course, this more libertarian construction of rights remains quite controversial in our modern society, and there are other theories of rights and justice that would minimize the importance of speech rights relative to privacy.

Importantly, there also needs to be some recognition of the qualitative difference between government threats to privacy versus private threats. The harm that can come from government violations of privacy are generally far more troubling (surveillance, taxation, fines, imprisonment, etc) than potential private harms. I don’t think Solove’s framework appreciates that distinction.

Regardless of which approach one adopts — reasoning from first principles, or working from the “bottom up” (a la Solove) — there will always be fair degree of “balancing” undertaken by legislatures and the courts when crafting privacy policies. Indeed, in many ways, I see Solove’s more “pragmatic” approach often getting us to the same point we would find ourselves in if we took a more philosophical, first principles-based approach. It’s just that under his approach, he would often give the nod to privacy concerns over other rights whereas others (like me) would first look to enhance other values, especially free speech.

In sum, I believe that if one attempts to divorce the exercise of “understanding privacy” from any theory of rights, inevitably, you end right back in the same “conceptual jungle” you were in before. In that sense, I regret to say that Solove’s approach in Understanding Privacy ultimately fails. There’s just no escaping a fight over first principles.

But make no doubt about it, Daniel Solove’s book — and his approach to classifying and dealing with privacy problems — will have a profound impact on all future privacy debates. In that sense, it is a vital text; a must read for all who follow, or engage in, privacy debates.

P.S. Prof. Solove contributed an article to this month’s big Scientific American special issue on “The Future of Privacy.” Many articles in that issue worth reading.

The Progress & Freedom Foundation has just launched the new Center for Internet Freedom.  CIF offers an alternative to the proliferation of advocacy groups calling for government intervention online by offering timely analyses and critiques of proposals that diminish the vital role of free markets, free speech and property rights.  We aim to drive the Internet policy debate in new directions by emphasizing a layered approach of technological innovation, user education, user self-help, industry self-regulation, and the enforcement of existing laws consistent with the First Amendment.  Such an approach is a less restrictive—and generally more effective—alternative to increased regulation.  

Here are some of the issues I’ll be working on as CIF’s Director in conjunction with my esteemed colleagues Adam Thierer, Adam Marcus, and adjunct fellows: 

• Defending online advertising as the lifeblood of online content & services, especially in the “Long Tail”;
• Emphasizing market solutions to problems of privacy protection, especially regarding the use of cookies and packet inspection data;
• Protecting online speech and expression both in the U.S. and abroad;
• Defending Section 230 immunity for Internet intermediaries;
• Opposing online taxation and legal barriers to e-commerce and digital payments, especially at the state and local levels; and
• Ensuring that Internet governance remains transparent and accountable without hampering the evolution of the Internet.

Over at CDT’s “Policy Beta” blog, my friends John Morris and Sophia Cope have penned two important essays about online free speech issues that are worthy of your attention. In the first, Sophia argues that the “Next President Must Preserve Free Speech on the Internet.” She argues:

It will be critical for the next President to do his part to uphold the Internet’s robust culture of free speech and innovation as we march further into the 21st Century. In stark contrast to the mass media of the last century, the Internet has provided, at very low cost, virtually unlimited forums for both creators and consumers of new content and technologies. This in turn has created a huge boost for participatory democracy and our economy. The next Administration must reject Congressional or agency efforts to censor content or stifle the fire of innovation on the Internet and other communications media.

Amen! Importantly, Sophia points to the essential role of Section 230 of the Telecommunications Act of 1996, which protects online service providers from crushing legal liability in a variety of circumstances. Sec. 230 is probably the most important — and most often forgotten — law dealing with online freedom. Unfortunately, however, it’s increasingly under attack and we need to be vigilant in defending it. (I’m working on a big paper about that right now with my PFF colleagues Berin Szoka and Adam Marcus).

In the second essay on the CDT blog today, John Morris notes how Congress has been passing a “flurry” of last-minute child safety bills. He points out:

While the public’s attention was focused on the drama unfolding around the economic bailout, it was actually a busy time for other bills to get pushed – sometimes under the cover of the bailout darkness. Just before recess, Congress considered parts of four “child safety” bills, acted on three, and sent two to the White House. While not all the provisions in these bills raise red flags, some language gives free expression advocates plenty to worry about.

One of the measures he discusses, S. 602, the “Child Safe Viewing Act of 2007,” was the subject of an essay I penned here a few days ago.

Anyway, make sure to read these excellent essays by Sophia and John.

I reviewed the Veoh case for DRMWatch recently:

The user-generated video site Veoh achieved a victory in court on August 27th when California District Judge Howard Lloyd ruled that it was entitled to the protection of the DMCA’s safe harbor provisions. Veoh was accused of copyright infringement by IO Group, a maker of adult films…

Like eBay v. Tiffany, another case in which one might trumpet a tech-side win… the tech gets at least some protection from liability. But only in a context in which the tech is already taking substantial steps to help the plaintiff trademark/copyright owner with their enforcement problem, steps that would have been hard to conceive of a decade ago, and that many would have grandly declared to be too ambitious and too invasive for online services to attempt. Prediction: the case law is now much more mature, but the business side is just getting started. More and fancier filtering to come.

It’s funny and scary how many of our grand ideas about justice, rights, freedom, fairness and property come down to what we can become accustomed too.  Bad, in the sense that one can easily lose the customary baselines against which freedom is measured in a generation or so. Good, in the sense that one is not limited to identify freedom with just one historic mythical Golden Age; a free society has somewhat more leeway.

I’m fond of paradoxes these days. Tedious things. Almost as annoying to other people, I am sure, as those characters (you know who you are) who make puns all the time.

Anyone interested in the long-running debate over how to balance online privacy with anonymity and free speech, whether Section 230‘s broad immunity for Internet intermediaries should be revised, and whether we need new privacy legislation must read the important and enthralling NYT Magazine piece  “The Trolls Among Us” by Mattathias Schwartz about the very real problem of Internet “trolls“–a term dating to the 1980s and defined as “someone who intentionally disrupts online communities.”

While all trolls “do it for the lulz” (“for kicks” in Web-speak) they range from the merely puckish to the truly “malwebolent.”  For some, trolling is essentially senseless web-harassment or “violence” (e.g., griefers), while for others it is intended to make a narrow point or even as part of a broader movement.  These purposeful trolls might be thought of as the Yippies of the Internet, whose generally harmless anti-war counter-cutural antics in the late 1960s were the subject of the star-crossed Vice President Spiro T. Agnew‘s witticism:

And if the hippies and the yippies and the disrupters of the systems that Washington and Lincoln as presidents brought forth in this country will shut up and work within our free system of government, I will lower my voice.

But the more extreme of these “disrupters of systems” might also be compared to the plainly terroristic Weathermen or even the more familiar Al-Qaeda.  While Schwartz himself does not explicitly draw such comparisons, the scenario he paints of human cruelty is truly nightmarish:  After reading his article before heading to bed last night, I myself had Kafka-esque dreams about complete strangers invading my own privacy for no intelligible reason.  So I can certainly appreciate how terrifying Schwartz’s story will be to many readers, especially those less familiar with the Internet or simply less comfortable with the increasing readiness of so many younger Internet users to broadcast their lives online.

But Schwartz leaves unanswered two important questions.  The first question he does not ask:  Just how widespread is trolling? However real and tragic for its victims, without having some sense of the scale of the problem, it is difficult to answer the second question Schwartz raises but, wisely, does not presume to answer:  What should be done about it? The policy implications of Schwartz’s article might be summed up as follows:  Do we need new laws or should we focus on some combination of enforcing existing laws, user education and technological solutions?  While Schwartz focuses on trolling, the same questions can be asked about other forms of malwebolence–best exemplified by the high-profile online defamation Autoadmit.com case, which demonstrates the effectiveness of existing legal tools to deal with such problems.

Schwartz begins by noting that:

Many trolling practices … violate existing laws against harassment and threats. The difficulty is tracking down the perpetrators. In order to prosecute, investigators must subpoena sites and Internet service providers to learn the original author’s IP address, and from there, his legal identity. Local police departments generally don’t have the means to follow this digital trail, and federal investigators have their hands full with spam, terrorism, fraud and child pornography.

He then asks, quite fairly, what the consequences of more aggressive enforcement might be:

But even if we had the resources to aggressively prosecute trolls, would we want to? Are we ready for an Internet where law enforcement keeps watch over every vituperative blog and backbiting comments section, ready to spring at the first hint of violence? Probably not. All vigorous debates shade into trolling at the perimeter; it is next to impossible to excise the trolling without snuffing out the debate.

Certainly, proposals to ban online anonymity would seriously threaten legitimate anonymous speech, as my TLF colleagues Ryan Radia and Adam Thierer have pointed out.  Schwartz is probably correct that part of the answer to the problem of trolling and other serious malwebolences lies in equipping law enforcement at all levels with, and training them to use, the basic tools already available to “pierce the veil” of online anonymity and prosecute truly bad actors under existing laws.  But Schwartz is also right to highlight the danger of relying on government to enforce even existing laws, and to take on responsibility for monitoring online activity.

But like most commentators, Schwartz seems to assume that the enforcement of existing laws is solely the province of the “law enforcement” community (police, prosecutors and government investigators).  To be sure, there are a variety of state and federal laws criminalizing certain acts of “malwebolence.”  But those who find themselves victimized online generally have recourse to bring a lawsuit on their own (a “private right of enforcement”) under well-established causes of action under tort law–a crucial part of the “free system of government” lauded by Agnew.

Specifically, such a plaintiff may bring a defamation claim (“libel” if written, “slander” if oral) or one of the four categories of privacy claims that have emerged since 1890, defined by the magisterial Second Restatement of Torts as follows:

(a)  unreasonable intrusion upon the seclusion of another;
(b)  appropriation of the other’s name or likeness;
(c)  unreasonable publicity given to the other’s private life; or
(d)  publicity that unreasonably places the other in a false light before the public.

If the defendant is known, pursuing such claims is common-place.  The obstacle facing plaintiffs who do not know the legal identity of those who may have defamed them or intruded upon their privacy is the same facing law enforcement:  to “subpoena sites and Internet service providers [and other intermediaries] to learn the original author’s IP address, and from there, his legal identity.”  Such “third party subpoenas” are a vital part of the solution to the problem of malwebolence:  By enabling lawsuits under established causes of action against even anonymous defendants, they provide a real remedy to true victims.  The use of such subpoenas does not require finding new appropriations for “law enforcement,” new privacy laws or re-thinking Section 230’s grant of broad immunity to online intermediaries–a policy prescription that has gathered momentum in recent years.

For example, Daniel Solove has argued in his book The Future of Reputation that Section 230 should be re-interpreted:

to grant immunity only before the operator of a website is alerted that something posted there by another violates somebody’s privacy or defames her.  If the operator of a website becomes aware of the problematic material on the site, yet doesn’t remove it, then the operator could be liable.

Frank Pasquale has argued that we ought to require Internet search engines to provide a “right of reply”–allowing someone to post a “reply” that would appear on a search engine next to content concerning them that they consider inaccurate or defamatory (essentially the “fairness doctrine” applied online).   Others (one example) have argued for replacing Section 230 with something akin to the notice-and-takedown regime of copyright so that publishers’ immunity would be contingent on compliance with takedown notices.  But Mark Lemley, an internet law guru who is representing the plaintiffs in the Autoadmit case, has argued that Section 230 should instead be “rationalized” along with other Internet safe harbors under a unified safe harbor drawn from current trademark law:  “innocent infringers” would have immunity and would not be required to take down allegedly defamatory content, but plaintiffs could get courts to issue injunctions requiring intermediaries to take down content.  What unites advocates of all these proposals is that, like Schwartz, they downplay or ignore the effectiveness of existing tort remedies and third-party subpoenas.

Indeed, if the public is aware of third party subpoenas at all, it is probably only because of their use by copyright-holders in attempting to identify those caught using peer-to-peer software to share copyright materials.  Whatever one’s opinions on copyright and of the recording industry’s enforcement strategy, it is safe to say that the overall impression created by such lawsuits against users has been less than favorable.  Regardless, these lawsuits have established an effective legal process for identifying anonymous defendants.  While we can expect that this process–and the safeguards that accompany it–will continue to evolve, it is critical to appreciate the basics of how the third party subpoena process works if one is to evaluate the policy arguments raised by articles like Schwartz’s.

The infamous Autoadmit.com case provides a clear illustration of how this proces works and the evolving safeguards for anonymous speech.  As summarizes the case–and its most recent development:

“Women named Jill and Hillary should be raped.” Those are the words of “AK-47” — a poster to the college-admissions web forum AutoAdmit.com. AK-47 was one of a handful of students heaping misogynist scorn on women attending the nations’ top law schools in 2007, in posts so vile they spurred a national debate on the limits of online anonymity, and an unprecedented federal lawsuit aimed at unmasking and punishing the posters. Now lawyers for two female Yale Law School students have ascertained AK-47’s real identity, along with the identities of other AutoAdmit posters, who all now face the likely publication of their names in court records — potentially marking a death sentence for the comment trolls’ budding legal careers even before the case has gone to trial.

The plaintiff law students in this case originally sued Autoadmit.com and its operator in a Connecticut Federal District Court, but eventually removed them as plaintiffs in recognition of the fact that Section 230 immunizes them from liability.  But Section 230 did not stop them from suing those who had defamed them anonymously on Autoadmit.com.  And third party subpoenas have since made it possible for the plaintiffs to uncover the identity of most of those defendants.

The Process.  The procedure, made possible by Federal Rule of Civil Procedure 45, is relatively straight-forward:  A plaintiff brings a lawsuit against a John or Jane Doe(s), a pseuodymous defendant whose identify is as yet unknown.  The lawsuit must clearly state the facts, cause(s) of action and remedy sought–just as with any lawsuit (see the Autoadmit complaint, for example).

Having filed such a lawsuit, the plaintiffs may then have a court issue subpoenas (subject to certain limitations) under FRCP 45 to parties who may have identifying information about the identity of the defendants.  For example, if the plaintiff has the IP address associated with a defamatory blog comment, one can subpoena the ISP for further identifying information about that user.  There may be several steps to the process:  for example, Autoadmit might disclose under subpoena an email address, leading to a subpoena to a webmail provider and ultimately a subpoena to an ISP.  Once the John/Jane Doe has been identified, the lawsuit can proceed.

The Safeguards.  In the Autoadmit case, one of the John Does did indeed file under FRCP 45 a “motion to quash” a subpoena to AT&T by which the plaintiffs sought the disclosure of identifying information about the John Doe.  Plaintiffs, of course, opposed the motion, and the Court ultimately denied the motion.  The Court’s discussion (pp 6-13) is instructive for those wondering just how the First Amendment would protect anonymity when a plaintiff seeks to force an Internet intermediary to disclose identifying information about an anonymous speaker.

At least since the Supreme Court’s 1958 decision in NAACP v. Alabama ex rel. Patterson, the First Amendment has limited the ability of courts to order the disclosure of identifying information (in that case, the NAACP’s membership list).  Since then, U.S. courts have developed a two-part balancing test that” ensures that:

the First Amendment rights of anonymous Internet speakers are not lost unnecessarily, and that plaintiffs do not use discovery to “harass, intimidate or silence critics in the public forum opportunities presented by the Internet.”

Understanding the way in which the Autoadmit.com court applied that test is critical to understanding how courts might balance privacy with free speech in the future:

First, the Court should consider whether the plaintiff has undertaken efforts to notify the anonymous posters that they are the subject of a subpoena and withheld action to afford the fictitiously named defendants a reasonable opportunity to file and serve opposition to the In this case, the plaintiffs have satisfied this factor by posting notice regarding the subpoenas on AutoAdmit … which allowed the posters ample time to respond, as evidenced by Doe 21’s [motion to quash]. Second, the Court should consider whether the plaintiff has identified and set forth the exact statements purportedly made by each anonymous poster that the plaintiff alleges constitutes actionable speech.  Doe II has identified the allegedly actionable statements by AK47/Doe 21: the first such statement is “Alex Atkind, Stephen Reynolds, [Doe II], and me: GAY LOVERS;” and the second such statement is ““Women named Jill and Doe II should be raped….” The Court should also consider the specificity of the discovery request and whether there is an alternative means of obtaining the information called for in the subpoena.  Here, the subpoena sought, and AT&T provided, only the name, address, telephone number, and email address of the person believed to have posted defamatory or otherwise tortious content about Doe II on AutoAdmit, and is thus sufficiently specific. Furthermore, there are no other adequate means of obtaining the information because AT&T’s subscriber data is the plaintiffs’ only source regarding the identity of AK47. Similarly, the Court should consider whether there is a central need for the subpoenaed information to advance the plaintiffs’ claims.   Here, clearly the defendant’s identity is central to Doe II’s pursuit of her claims against him. Next, the Court should consider the subpoenaed party’s expectation of privacy at the time the online material was posted.  Doe 21’s expectation of privacy here was minimal because AT&T’s Internet Services Privacy Policy states, in pertinent part: “We may, where permitted or required by law, provide personal identifying information to third parties. . . without your consent. . . To comply  with court orders, subpoenas, or other legal or regulatory requirements.” Thus, Doe 21 has little expectation of privacy in using AT&T’s service to engage in tortious conduct that would subject him to discovery under the federal rules. Finally, and most importantly, the Court must consider whether the plaintiffs have made an adequate showing as to their claims against the anonymous defendant.

The court noted that there is a range of competing standards for this last prong, but dismissed those standards most deferential to the plaintiff–requiring only that the plaintiff show a “good faith basis” to contend it may have an actionable cause or that there is “probable cause” for a claim–as “set[ting] the threshold for disclosure too low to adequately protect the First Amendment rights of anonymous defendants.”  The court also dismissed other standards very favorable to the defendant, such as requiring plaintiffs to show their claims could withstand a motion for summary judgment, noting the obvious point that “it would be impossible to meet this standard for any cause of action which required evidence within the control of the defendant.”  Ultimately, the court settled on the standard requiring the plaintiffs to “make a concrete showing as to each element of a prima facie case against the defendant” as striking, “the most appropriate balance between the First Amendment rights of the defendant and the interest in the plaintiffs of pursuing their claims, ensuring that the plaintiff is not merely seeking to harass or embarrass the speaker or stifle legitimate criticism.”

While Solove, Pasquale and others would make it far easier for a victim to require an online intermediary to take down content that truly defames them or invades their privacy–or to rein in a troll posting such content–relying on existing tort law of course requires that a victim actually file a website and third-party subpoenas.  Those who demand changes to Section 230 will likely argue that this is too burdensome and costly to be an effective remedy for a widespread problem.  But, again, one must ask how widespread that problem really is before leaping to conclusions about what kind of remedies are required.  As UCLA law professor and Internet law guru Eugene Volokh noted in the Yale Daily News’ coverage of this story, even a small number of lawsuits like Autoadmit “might remind some potential would-be defamers that their anonymity may not be secure.”  One wonders whether the trolls described by Schwartz would really be so brazen if more of their coven were unmasked and sued.

One obvious advantage of relying on the combination of tort law and third party subpoenas is that requiring the actual filing of a lawsuit minimizes the problem of Internet users attempting to squelch legitimate speech–for example, by sending frivolous take-down notices to intermediaries, a serious problem in the copyright context.  Those truly concerned with protecting anonymous speech should take a far greater interest in the balancing test chosen by courts following in Autoadmit‘s footsteps.  Marc Randazza, former counsel for Autoadmit administrator Anthony Ciolli, summarized the the balance struck by the court as follows:  “If you’re doing right, the First Amendment will protect you,” Randazza said. “If you’re doing wrong, it won’t.”

Much more could be said about third-party subpoenas, but it cannot be said that the law does not already provide every American with a remedy against the trolls identified by Schwartz, the villains of the Autoadmit case or other “disrupters of the systems.”  Any inquiry into whether we need new laws or regulations should begin by looking at the processes described above.