As FCC Commissioner Jessica Rosenworcel said of the Internet, “It is our printing press.” Unfortunately, for First Amendment purposes, regulators and courts treat our modern printing presses — electronic media — very differently from the traditional ones. Therefore, there is persistent political and activist pressure on regulators to rule that Internet intermediaries — like social networks and search engines — are not engaging in constitutionally-protected speech.

Most controversial is the idea that, as content creators and curators, Internet service providers are speakers with First Amendment rights. The FCC’s 2015 Open Internet Order designates ISPs as common carriers and generally prohibits ISPs from blocking Internet content. The agency asserts outright that ISPs “are not speakers.” These Title II rules may be struck down on procedural grounds, but the First Amendment issues pose a significant threat to the new rules.

ISPs are Speakers Courts and Congress, as explained below, have long recognized that ISPs possess editorial discretion. Extensive ISP filtering was much more common in the 1990s but still exists today. Take JNet and DNet. These ISPs block large portions of Internet content that may violate religious principles. They also block neutral services like gaming and video if the subscriber wishes. JNet offers several services, including DSL Internet access, and markets itself to religious Jews. It is server-based (not client-based) and offers several types of filters, including application-based blocking, blacklists, and whitelists. Similarly, DNet, targeted mostly to Christian families in the Carolinas, offers DSL and wireless server-based filtering of content like pornography and erotic material. A strict no-blocking rule on the “last mile” access connection, which most net neutrality proponents want enforced, would prohibit these types of services.

The extensive filtering these ISPs do is not as common as it once was, but they illustrate the reality that ISPs do have editorial discretion and they do exercise it. For that reason, scholars have pointed out for nearly a decade that any meaningful no-blocking rule compels speech from ISPs and other Internet platforms. ISPs would be forced to transmit content that they object to.

Therefore, the Title II rules, especially a no-blocking rule, may not survive a First Amendment challenge. Title II proponents frequently assert that ISPs are “dumb pipes” and must be prohibited from exercising any editorial control over what is transmitted from consumers. Net neutrality activists around the globe, for instance, want to prohibit Internet.org, a free app jointly produced by Facebook and wireless carriers, because it “blocks” access to content that is is not selected to be included within the package.

To avoid scrutiny from a court, the FCC will need to show that ISPs resemble common carriers like telephone companies and FedEx that — though transmitting speech — don’t have editorial discretion and have essentially no First Amendment rights. However, if ISPs instead resemble electronic media like cable TV companies or search engines that exercise editorial control over transmitted content, the Title II rules represent compelled speech and will receive significant court scrutiny.

Internet Platforms and Curation A court holding that ISPs are speakers for First Amendment purposes is important because Internet-based, curated distribution is replacing traditional ways consumers accessed news and media — bookstores, newsstands, broadcast radio, cable TV. The nature of “publication” and “speakers” has changed rapidly in a short time because information is much more accessible in the Internet age. Clay Shirky notes that the traditional formula of “Filter, then publish,” has been replaced with “Publish, then filter.”

While the nature of media changed, many still want to regulate the intermediaries. Google’s algorithm is a common target for regulation. Politico recently published a piece calling for search engine regulation because of Google’s ostensible ability to sway close elections through opaque algorithm tweaks. Many online companies and media companies likewise want to regulate the order in which Search results appear, an effort gaining traction in Europe. Further, some academics and activists would like to extend neutrality rules to Twitter’s and Facebook’s curation of user streams.

Fortunately, those efforts would likely fail in the US because Internet intermediaries receive constitutional protection. As Eugene Volokh persuasively argues, “search engines are speakers” and regulations affecting Google’s algorithms must withstand First Amendment scrutiny. Law professor Jonathan Zittrain advises regulatory caution and notes that “content curators…have a First Amendment right to present their content as they see fit.” ISPs likewise have an existing right (seldom exercised) to curate and filter content. As net neutrality supporter Harold Feld says, if the FCC doesn’t classify ISPs as common carriers, “nothing requires your ISP to deliver [Internet content]. If Comcast decides I am evil and blocks [my website], they can do it.”

Courts call this ability to filter, anachronistically, “editorial discretion.” In this new media world of content abundance, “curation” better represents what defines protected speech because most of the actual messages transmitted originate from third parties. Certainly, print organizations have substantial editorial control over what is published, but radio and TV is less controlled and newer media platforms display a wide range of editorial controls. Many of the most important modern speakers in this “publish, then filter” environment are curators. New media, like aggregators, cable companies, search engines, and ISPs, often use an intentional, semi-automated, iterative process to decide what content to omit and what to transmit.

Constitutional protection of curators means regulators likely cannot force a Christian cable operator to carry Cinemax. Likewise, Apple can continue to block apps containing Confederate flags or nudity in the App Store. Even though ISP filtering of content may be a blunter tool, like a WISP operated by Christians or Jews that blocks websites for its religious users, or like Internet.org that transmits only select Internet content, the First Amendment protects that ability to tailor content.

The Dumb Pipes Myth Readers of law review articles from net neutrality advocates and of the Open Internet Order are left with the false impression that ISPs are passive transmitters — dumb pipes — that never block content. Title II supporters have to maintain this facade because if they suggest that ISPs exercise editorial control, the no-blocking rules trigger First Amendment scrutiny. Fortunately for First Amendment purists, there is sufficient evidence of ISPs filtering content to raise serious questions about the constitutionality of the Open Internet Order. Internet service providers can and do engage in filtering, and some curate content in ways that are much more intentional than First Amendment-protected speech activity like cable TV distribution and Google search results.

There are, as mentioned, small ISPs like JNet and Clean Internet that provide Internet access marketed to religious users. In addition to its wireline service, DNet is also a wireless ISP and advertises that they filter pornography and other content. Sprint, one of the Big Four national wireless carriers, last year offered social media plans and parental controls, including whitelists and blacklists, through its Virgin Mobile subsidiary.

I’ve posed this question to Title II advocates several times — Aren’t religious ISPs engaged in First Amendment-protected speech? To date, none have denied it and seem content to pretend server-based filtering by wired and wireless access providers doesn’t exist. Susan Crawford, for instance, wrote a law review piece about ISPs’ purported lack of First Amendment protection. She noted, correctly, that if ISPs were engaged in editorial decisions about filtering content, that would pose a problem for the FCC regulations. However, she abruptly discontinued a Twitter back-and-forth with me when I pointed out she omitted instances of religious ISPs exercising the editorial discretion she fears.

It’s not just smaller ISPs that filter. AT&T, for instance, like nearly every major ISP and Web company, reserves the right in its acceptable use policy to pull down content “that is determined by AT&T to be obscene, indecent, hateful, malicious, racist, defamatory, fraudulent, libelous, treasonous, excessively violent or promoting the use of violence or otherwise harmful to others.” This is not idle language. Groups like the Anti-Defamation League, for instance, knowing that they have enforceable acceptable use policies actively lobby and persuade ISPs and Web companies to remove content from anti-Semites and groups like the KKK.

Title II proponents like to point out that the large ISPs engage in relatively little of the curation and filtering that I’ve described. Therefore, they reason, ISPs are common carriers. I’m not persuaded. That distinction appears immaterial considering the FCC made no such distinction in its Open Internet Order. Further, large ISP reluctance to offer, say, family-friendly Internet packages is entirely predictable considering the FCC has for a decade chilled that exercise of free speech through ham-fisted attempts at net neutrality enforcement, merger conditions, and punitive fines.

Congress Intended to Encourage ISPs to Filter Content with Section 230 The FCC faces another obstacle to its conclusory determination that ISPs are not speakers. The 2015 Open Internet Order largely adopts net neutrality proponents’ First Amendment arguments and concludes that ISPs “serve as mere conduits for the messages of others, not as agents exercising editorial discretion.” However, Section 230 of the Communications Decency Act has a Good Samaritan provision that suggests ISPs are speakers, a view that several courts have endorsed.

For better or for worse, Section 230 makes ISPs and other Internet platforms that primarily rely on third-party content “super speakers.” Internet platforms can exercise editorial control and get all the benefits of being a speaker, like First Amendment protection, yet are immunized from many of the burdens, like liability for distributing online defamation and libel.

Why did Congress take this dramatic step in the mid-1990s? Quite simply, the drafters wanted to encourage ISPs to continue to block offensive content online. At that time, ISPs and bulletin board operators like Prodigy marketed themselves as family friendly and (inconsistently) blocked content that Prodigy administrators judged to be in bad taste. Because of this editorial discretion, in 1995 Prodigy faced costly liability in a defamation suit for defamatory statements one of its users posted, in a case called Stratton Oakmont v. Prodigy. Because of Stratton Oakmont and a few similar cases, Internet intermediaries faced two undesirable options to avoid liability for transmitted content:

1. become conduits and exercise no editorial control — thereby leaving even offensive content online; or
2. constantly police Internet content and take down all questionable material.

Congress disliked both options and quickly responded with Section 230 protections in 1996 to protect Internet-based distributors from becoming mere conduits. The statute protects “interactive computer services,” which includes, “specifically a service or system that provides access to the Internet….” Congress, therefore, preserved ISPs’ editorial role in cleaning up the Internet.

Several court cases recognize that ISPs and other Internet platforms exercise editorial discretion and are not mere conduits. As the district court said in the 1998 case Blumenthal v. Drudge, 230’s protections serve “as an incentive to Internet service providers to self-police the Internet for obscenity and other offensive material.” Similarly, the 9th Circuit Court of Appeals noted in the 2008 Roommate.com case that through 230, “Congress sought to [allow ISPs] to perform some editing on user-generated content….” A 10th Circuit decision states that “Congress clearly enacted § 230 to forbid the imposition of publisher liability on a service provider for the exercise of its editorial and self-regulatory functions.” Finally, as the Fourth Circuit said in Zeran v. America Online, Section 230 “forbids the imposition of publisher liability on a service provider for the exercise of its editorial and self-regulatory functions.”

At the very minimum, we have several courts saying that ISPs exercise editorial discretion — directly contradicting the assertions by Title II proponents and the FCC. Further, not only can ISPs filter content, it is a practice that Congress wished to encourage. The Title II rules chill those editorial functions, and that is a problem for the FCC.

Finally, while not a Section 230 case, a majority of the Supreme Court has tacitly endorsed Congress’ view that ISPs are speakers that can and should serve as curators of online content. In Ashcroft v. ACLU, the Court cited ISP filtering favorably as an alternative to unconstitutional provisions of the Child Online Protection Act. Taking these cases together, it’s unlikely a court will sustain the net neutrality advocate view that ISPs are not speakers and cannot engage in filtering.

The 2015 Open Internet Order and its Content-Neutrality Problem Section 230 poses an additional problem for the FCC. Most courts construe Section 230(c)(2) broadly in terms of what services are protected and the kinds of liability providers are immunized from. A broad reading may protect ISPs from FCC regulations that restrain ISP filtering abilities.

The FCC’s hastily-written Title II order seems to recognize this but reveals some internal tensions in an effort to allow some Section 230-type ISP filtering. For example, while the Order says ISPs are not First Amendment speakers, the Order appears to accept the premise that Section 230 restrains agency action. Specifically, the Order likely allows ISPs to block offensive content and offer family-friendly packages because the FCC permits, in paragraph 220, ISPs to block “traffic that is unwanted by end users.” The FCC cites to the portions of the 2010 Open Internet Order that allowed Internet access packages that block, specifically, pornographic content. In those referenced portions of the 2010 Order, the FCC cites Section 230 and expressly states that the agency will not impose liability for good-faith actions by ISPs to restrict harassing and offensive content.

This exception to the no-blocking rule, if it is indeed an exception, puts the FCC in a bind when defending its no-blocking rule against First Amendment challenges. As an initial matter, this exception that allows ISPs to actively block the content described in Section 230 suggests FCC acknowledgement that ISPs are exercising editorial control and engaged in protected speech.

Further, if the FCC interprets this “unwanted traffic” exception narrowly, the agency would allow ISPs to block only lewd, harassing, and violent material (that is, the material specifically mentioned in Section 230), but would penalize ISPs for blocking, say, political, religious, and entertainment content. Such a distinction means that the Title II rules are not content-neutral regulations and therefore likely to be struck down on First Amendment grounds. In the words of the Supreme Court, courts will “apply the most exacting scrutiny to regulations that…impose differential burdens upon speech because of its content.” If, on the other hand, the FCC interprets “unwanted traffic” broadly in a content-neutral manner, the rules allow widespread filtering of Internet content, undermine the FCC’s assertion that ISPs are not speakers, and eviscerate the entire purpose of the Title II rules.

Before concluding, one aside is probably necessary: This position — that ISPs have a constitutional right to filter Internet packages for consumers — is often misrepresented and maligned by net neutrality advocates. To be clear, that ISPs or other Internet platforms have a First Amendment right to select which online content to transmit does not mean anticompetitive blocking or throttling of, say, Netflix is permissible. That is illegal. It likewise does not mean ISPs can promise subscribers access to Internet content and subsequently block that content. That is also illegal. This is a narrower claim: The First Amendment protects ISPs’ prerogative to transparently offer kid-friendly and other filtered Internet packages like Internet.org.

The future of the media is Internet-based and content is increasingly curated. It’s important that regulators don’t deprive ISPs of their First Amendment rights because ISPs represent the canary in the coalmine. First Amendment protection has generally been a one-way ratchet that’s expanded free speech protections for several decades and has been used successfully to fight regulations that affect speech. A setback for the First Amendment would encourage media access activists to seek more regulation for new media. The “gatekeeper” theory used to justify regulation of ISPs is just the warmed-over “scarcity” rationale for the Fairness Doctrine and other restraints on speech. The calls to regulate Twitter, Facebook, and Google algorithms and Internet television will grow even louder if courts accept the FCC’s First Amendment analysis in the Open Internet Order. Fortunately, the Open Internet Order suffers from several deficiencies and there is a good chance courts will again remind regulators to keep their hands off the Internet.

Article was originally posted on Plain Text on September 3.

There seems to be increasing chatter among net neutrality activists lately on the subject of reclassifying ISPs as Title II services, subject to common carriage regulation. Although the intent in pushing reclassification is to make the Internet more open and free, in reality such a move could backfire badly. Activists don’t seem to have considered the effect of reclassification on international Internet politics, where it would likely give enemies of Internet openness everything they have always wanted.

At the WCIT in 2012, one of the major issues up for debate was whether the revised International Telecommunication Regulations (ITRs) would apply to Operating Agencies (OAs) or to Recognized Operating Agencies (ROAs). OA is a very broad term that covers private network operators, leased line networks, and even ham radio operators. Since “OA” would have included IP service providers, the US and other more liberal countries were very much opposed to the application of the ITRs to OAs. ROAs, on the other hand, are OAs that operate “public correspondence or broadcasting service.” That first term, “public correspondence,” is a term of art that means basically common carriage. The US government was OK with the use of ROA in the treaty because it would have essentially cabined the regulations to international telephone service, leaving the Internet free from UN interference. What actually happened was that there was a failed compromise in which ITU Member States created a new term, Authorized Operating Agency, that was arguably somewhere in the middle—the definition included the word “public” but not “public correspondence”—and the US and other countries refused to sign the treaty out of concern that it was still too broad.

If the US reclassified ISPs as Title II services, that would arguably make them ROAs for purposes at the ITU (arguably because it depends on how you read the definition of ROA and Article 6 of the ITU Constitution). This potentially opens ISPs up to regulation under the ITRs. This might not be so bad if the US were the only country in the world—after all, the US did not sign the 2012 ITRs, and it does not use the ITU’s accounting rate provisions to govern international telecom payments.

But what happens when other countries start copying the US, imposing common carriage requirements, and classifying their ISPs as ROAs? Then the story gets much worse. Countries that are signatories to the 2012 ITRs would have ITU mandates on security and spam imposed on their networks, which is to say that the UN would start essentially regulating content on the Internet. This is what Russia, Saudia Arabia, and China have always wanted. Furthermore (and perhaps more frighteningly), classification as ROAs would allow foreign ISPs to forgo commercial peering arrangements in favor of the ITU’s accounting rate system. This is what a number of African governments have always wanted. Ethiopia, for example, considered a bill (I’m not 100 percent sure it ever passed) that would send its own citizens to jail for 15 years for using VOIP, because this decreases Ethiopian international telecom revenues. Having the option of using the ITU accounting rate system would make it easier to extract revenues from international Internet use.

Whatever you think of, e.g., Comcast and Cogent’s peering dispute, applying ITU regulation to ISPs would be significantly worse in terms of keeping the Internet open. By reclassifying US ISPs as common carriers, we would open the door to exactly that. The US government has never objected to ITU regulation of ROAs, so if we ever create a norm under which ISPs are arguably ROAs, we would be essentially undoing all of the progress that we made at the WCIT in standing up for a distinction between old-school telecom and the Internet. I imagine that some net neutrality advocates will find this unfair—after all, their goal is openness, not ITU control over IP service. But this is the reality of international politics: the US would have a very hard time at the ITU arguing that regulating for neutrality and common carriage is OK, but regulating for security, content, and payment is not.

If the goal is to keep the Internet open, we must look somewhere besides Title II.

Ronald J. Deibert is the director of The Citizen Lab at the University of Toronto’s Munk School of Global Affairs and the author of an important new book, Black Code: Inside the Battle for Cyberspace, an in-depth look at the growing insecurity of the Internet. Specifically, Deibert’s book is a meticulous examination of the “malicious threats that are growing from the inside out” and which “threaten to destroy the fragile ecosystem we have come to take for granted.” (p. 14) It is also a remarkably timely book in light of the recent revelations about NSA surveillance and how it is being facilitated with the assistance of various tech and telecom giants.

The clear and colloquial tone that Deibert employs in the text helps make arcane Internet security issues interesting and accessible. Indeed, some chapters of the book almost feel like they were pulled from the pages of techno-thriller, complete with villainous characters, unexpected plot twists, and shocking conclusions. “Cyber crime has become one of the world’s largest growth businesses,” Deibert notes (p. 144) and his chapters focus on many prominent recent examples, including cyber-crime syndicates like Koobface, government cyber-spying schemes like GhostNet, state-sanctioned sabotage like Stuxnet, and the vexing issue of zero-day exploit sales.

Deibert is uniquely qualified to narrate this tale not just because he is a gifted story-teller but also because he has had a front row seat in the unfolding play that we might refer to as “How Cyberspace Grew Less Secure.” Indeed, he and his colleagues at The Citizen Lab have occasionally been major players in this drama as they have researched and uncovered various online vulnerabilities affecting millions of people across the globe. (I have previously reviewed and showered praise on a couple important books that Deibert co-edited with scholars from The Citizen Lab and Harvard’s Berkman Center, including: Access Controlled: The Shaping of Power, Rights, and Rule in Cyberspace and Access Denied: The Practice and Policy of Global Internet Filtering. They are truly outstanding resources worthy of your attention.)

Black Code’s Many Meanings

So, what is “black code” and why should we be worried about it? Deibert uses the term as a metaphor for many closely related concerns. Most generally it includes “that which is hidden, obscured from the view of the average Internet user.” (p. 6) More concretely, it refers to “the criminal forces that are increasingly insinuating themselves into cyberspace, gradually subverting it from the inside out.” (p. 7) “Those who take advantage of the Internet’s vulnerabilities today are not just juvenile pranksters or frat house brats,” Deibert notes, “they are organized criminal groups, armed militants, and nation states.” (p. 7-8) Which leads to the final way Deibert uses the term “black code.” It also, he says, “refers to the growing influence of national security agencies, and the expanding network of contractors and companies with whom they work.” (p. 8)

Deibert is worried about the way these forces and factors are working together to undermine online stability and security, and even delegitimize liberal democracy itself. His thesis is probably most succinctly captured in this passage from Chapter 7:

We live in an era of unprecedented access to information, and many political parties campaign on platforms of transparency and openness. And yet, at the same time, we are gradually shifting the policing of cyberspace to a dark world largely free from public accountability and independent oversight. In entrusting more and more information to third parties, we are signing away legal protections that should be guaranteed by those who have our data. Perversely, in liberal democratic countries we are lowering the standards around basic rights to privacy just as the center of cyberspace gravity is shifting to less democratic parts of the world. (p. 130-1)

What Deibert is grappling with in this book is the same fundamental problem that has long plagued the Internet: How do you preserve the benefits associated with the most open and interconnected “network of networks” the world has ever known while also remedying the various vulnerabilities and pathologies created by that same openness and interconnectedness?  Deibert acknowledges this problem, noting:

Ever since the Internet emerged from the world of academia into the world of the rest of us, its growth trajectory has been shadowed by a grey economy that thrives on opportunities for enrichment made possible by an open, globally connected infrastructure. (p. 141)

The Paradox of the Net’s Open, Interconnected Nature

Again, paradoxically, this inherent instability and vulnerability is due precisely to the Net’s open and globally interconnected nature. And many governments are looking to exploit that fact. “These unfortunate by-products of an open, dynamic network are exacerbated by increasing assertions of state power,” Deibert notes. (p. 233)

More generally, this uncomfortable fact—that the Net’s open, interconnected nature leads to both enormous benefits as well as huge vulnerabilities—isn’t just true for criminal online activity or the cyber-espionage activities that various nation-states are pursuing today. It is equally true for everything online today. There is a sort of yin and the yang to the Net that is simply undeniable and completely unavoidable. For one issue after another we find that the Net’s greatest blessing—its open, interconnected nature—is also its greatest curse.

For example, as I noted here recently in my review of Abraham H. Foxman and Christopher Wolf ‘s new book, Viral Hate: Containing Its Spread on the Internet, the open and interconnected Internet gives us “the most widely accessible, unrestricted communications platform the world has ever known” but also  means we have to tolerate a great many imbeciles “who use it to spew insulting, vile, and hateful comments.” The same is true for other types of online speech and content: You have access to an abundance of informational riches, but there’s also no avoiding all the garbage out there now, too.

Similarly, as I noted in my essay, “Privacy as an Information Control Regime: The Challenges Ahead,” the open and interconnected Internet has given us historically unparalleled platforms for social interaction and commerce. But that same openness and interconnectedness has left us with a world of hyper-exposure and a variety of privacy and surveillance threats—not just from governments and large corporations, but also from each other.

And then there’s the never-ending story of digital copyright. On one hand, the open and globally interconnected network or networks has provided us with an amazing platform for sharing knowledge, art, and expression. On the other hand, as I noted in this essay on “The Twilight of Copyright,” creators of expressive works have less security than ever before in terms of how they can control and monetize their artistic and scientific inventions.

I could go on and on—as I did in my essays on “Copyright, Privacy, Property Rights & Information Control: Common Themes, Common Challenges” and “When It Comes to Information Control, Everybody Has a Pet Issue & Everyone Will Be Disappointed”—but the moral of the story is pretty clear: The Internet giveth and the Internet taketh away. Openness and interconnectedness offer us enormous benefits but also force us to confront major risks as the price of admission to this wonderful network.

Will the Whole System Collapse?

The uncomfortable question that Deibert’s book tees up for discussion is: When will this balance get completely out of whack in terms of online security? Or, has it already? In some portions of the text, he hints that may already be the case. Consider this passage in Chapter 11 in which Deibert discusses whether the Chicken Little-ism of digital security worry-warts like Eugene Kaspersky and Richard Clarke is warranted:

Eugene Kaspersky, Richard Clarke, and others may sound like broken records or self-serving fear mongers, but there is no denying the evolving cyberspace ecosystem around us: we are building a digital edifice for the entire planet, and it sits above us like a house of cards. We are wrapping ourselves in expanding layers of digital instructions, protocols, and authentication mechanisms, some them open scrutinized, and regulated, but many closed, amorphous, and poised for abuse, buried in the black arts of espionage, intelligence gathering, and cyber and military affairs. Is it only a matter of time before the whole system collapses? (p. 186)

That sounds horrific, but is it really the case that the entire system really about to collapse? And, if so, what are we going to do about it?

This raises a small problem with Deibert’s book. He does such a nice job itemizing and describing these security vulnerabilities that by the time the reader wades through 230 pages and nears the end of the book, they are left in a highly demoralized state, searching for some hope and a concrete set of practical solutions. Unfortunately, they won’t find an abundance of either in Deibert’s brief closing chapter, “Toward Distributed Security and Stewardship in Cyberspace.”

Don’t get me wrong; I agree with the general thrust of Deibert’s framework, which I describe below. The problem is that it is highly aspirational in nature and lacks specifics. Perhaps that is simply because there are no easy answers here. Digital security is damn hard and, as with most other online pathologies out there, no silver-bullet solutions exist.

Deibert notes that some government officials will seek to exploit those vulnerabilities—many of which they created themselves—to expand their authority over the Internet. “Faced with mounting problems and pressures to do something, too many policy-makers are tempted by extreme solutions,” he notes. (p. 234) He worries about “a movement towards clamp down” that would be “antithetical to the principles of liberal democratic government” by undermining checks and balances and accountability. (p. 235) In turn, this will undermine the “mixed common-pool resource” that is the current Internet.

Deibert’s alternative cyber security strategy to counter the push to “clamp down” is based on three interrelated notions or components:

1. Principles of restraint or “mutual restraint”: “Securing cyberspace requires a reinforcement, rather than a relaxation, of restraint on power, including checks and balances on governments, law enforcement, intelligence agencies, and on the private sector,” he argues. (p. 239)
2. “Distributed security”: “The Internet functions precisely because of the absence of centralized control, because of thousands of loosely coordinated monitoring mechanisms,” Deibert notes. “While these decentralized mechanisms are not perfect and can occasionally fail, they form the basis of a coherent distributed security strategy. Bottom-up, ‘grassroots’ solutions to the Internet’s security problems are consistent with principles of openness, avoid heavy-handedness, and provide checks and balances against the concentrations of power,” he observes. (p. 240)
3. “Stewardship” which Deibert defines as “an ethic of responsible behavior in regard to shared resources” and which, he argues, “would moderate the dangerously escalating exercise of state power in cyberspace by defining limits and setting thresholds of accountability and mutual restraint.” (p. 243)

Again, as an aspirational vision statement this all generally sounds fairly sensible, but the details are lacking. I think Deibert would have been wise to spend a bit more time developing this alternative “bottom-up” vision of how online security should work and bolstering it with case studies.

Digital Security without Top-Down Controls

Luckily, as my Mercatus Center colleague Eli Dourado noted in an important June 2012 white paper, distributed security and stewardship strategies are already working reasonably well today. Dourado’s paper, “Internet Security Without Law: How Service Providers Create Order Online,” documented the many informal institutions that enforce network security norms on the Internet and shows how cooperation among a remarkably varied set of actors improves online security without extensive regulation or punishing legal liability. “These informal institutions carry out the functions of a formal legal system—they establish and enforce rules for the prevention, punishment, and redress of cybersecurity-related harms,” Dourado noted.

For example, a diverse array of computer security incident response teams (CSIRTs) operates around the globe and share their research and coordinate their responses to viruses and other online attacks. Individual Internet service providers (ISPs), domain name registrars, and hosting companies, work with these CSIRTs and other individuals and organizations to address security vulnerabilities. A growing market for private security consultants and software providers also competes to offer increasingly sophisticated suites of security products for businesses, households, and governments.

A great deal of security knowledge is also “crowd-sourced” today via online discussion forums and security blogs that feature contributions from experts and average users alike. University-based computer science and cyberlaw centers (like Citizen Lab) and experts have also helped by creating projects like “Stop Badware,” which originated at Harvard University but then grew into a broader non-profit organization with diverse financial support.

Dourado continues on in his paper to show how these informal, bottom-up efforts to coordinate security responses offer several advantages over top-down government solutions, such as administrative regulation or punishing liability regimes.

Dourado’s description of the ideal approach to online security is entirely consistent with Deibert’s vision in Black Code. In fact, Deibert notes, “It is important to remind ourselves that in spite of the threats, cyberspace runs well and largely without persistent disruption. On a technical level, this efficiency is founded on open and distributed networks of local engineers who share information as peers,” he observes. (p. 240) That is exactly right, but I wish Deibert would have spent more time discussing how this system works in practice today and how it can be tweaked and improved to head off the heavy-handed and very costly top-down solutions that we both dread.

Toward Resiliency

But there’s one other thing I wish Deibert would have explored in the book: resiliency, or how we have adapted to various cyber-vulnerabilities over time.

For example, in another recent Mercatus Center study entitled “Beyond Cyber Doom: Cyber Attack Scenarios and the Evidence of History,” Sean Lawson, an assistant professor in the Department of Communication at the University of Utah, has stressed the importance of resiliency as it pertains to cybersecurity and concerns about “cyberwar.” “Research by historians of technology, military historians, and disaster sociologists has shown consistently that modern technological and social systems are more resilient than military and disaster planners often assume,” he writes. “Just as more resilient technological systems can better respond in the event of failure, so too are strong social systems better able to respond in the event of disaster of any type.”

More generally, as I noted in my recent law review article on “technopanics” and “threat inflation” in information technology policy debates:

while it is certainly true that “more could be done” to secure networks and critical systems, panic is unwarranted because much is already being done to harden systems and educate the public about risks. Various digital attacks will continue, but consumers, companies, and others organizations are learning to cope and become more resilient in the face of those threats.

What Professor Lawson and I are getting at in our respective articles is that the ability of organizations, institutions, and individuals to bounce back from adversity is a frequently unheralded feature of various systems and that it deserves more serious study. (See Andrew Zolli and Ann Marie Healy’s nice book, Resilience: Why Things Bounce Back, for more on this general topic). In the context of online security, what is most remarkable to me is not that the Internet suffers from vulnerabilities due to its open and interconnected nature; it’s that we don’t suffer far more damage as a result.

This gets us back to that very profound question that Deibert poses in Black Code: “Is it only a matter of time before the whole system collapses?” The better question, I think, is: why hasn’t the system already collapsed? Perhaps the answer is, because things haven’t gotten bad enough yet. But I believe that the more realistic answer is that: individuals and institutions often learn how to cope and become resilient in the face of adversity. This is partially the case online because of the stewardship and distributed, decentralized security we already see at work today that makes digital life tolerable.

But it has to be something more than that. After all, many of the security problems that Deibert describes in his book are quite serious and already affect millions of us today. How, then, are we getting by right now? Again, I think the answer has to be that adaptation and resiliency are at work on many different levels of online life.

Consider, for example, how we have learned to deal with spam, viruses, online porn, various online advertising and privacy concerns, and so on. Our adaptation to these threats and annoyances has not been perfectly smooth, of course. No doubt, some people would still like “something to be done” about these things. But isn’t it remarkable how we have, nonetheless, carried on with online commerce and interactive social life even as these problems have persisted?

Conclusion

Going forward, therefore, perhaps there are some reasons for hope. Perhaps the various generic strategies that Deibert outlines in his book, coupled with the remarkable ability of humans to roll with the punches and adapt, will help us come out of this just fine (or at least reasonably well).

Of course, it could also be the case that these security concerns just multiply and that the Internet then morphs into sometime quite different than the interconnected “network of networks” we know today. As I noted in my 2009 essay on “Internet Security Concerns, Online Anonymity, and Splinternets,” we might be moving toward a world with more separate dis­connected digital networks and online “gated communities.” This could take place spontaneously over time and be driven by corporations seeking to satisfy the demand of some consumers for safer and more secure online experiences. As I noted in my review of Jonathan Zittrain’s book, The Future of the Internet, I am actually fine with some of that. I think we can live in a hybrid world of “walled gardens” alongside of the “Wild West” open Internet, so long as this occurs in a spontaneous, organic, bottom-up fashion. [For a more extensive discussion, see my book chapter, “The Case for Internet Optimism, Part 2 – Saving the Net From Its Supporters.”]

If, however, this “splintering” of the Net is done from the top-down through intentional (or even incidental) government action, then it is far more problematic. We already see signs, for example, that Russia is pushing even more strongly in that direction in the wake of the NSA leaks. (See “N.S.A. Leaks Revive Push in Russia to Control Net,” New York Times, July 14.) The Russians have been using amorphous security concerns to push for greater Internet control for some time now. Of course, China has been there for years. So have many Middle Eastern countries. Of course, there’s no guarantee that their respective “splinternets” are, or would be, any more secure than today’s Internet, but it sure would make those networks far more susceptible to state control and surveillance. If that’s our future, then it certainly is a dismal one.

Anyway, read Ron Deibert’s Black Code for an interesting exploration of these and other issues. It’s an excellent contribution to field of Internet policy studies and a book that I’ll be recommending to others for many years to come.

Additional resources:

• the official website for Black Code
• the Citizen Lab website at the University of Toronto
• follow Ronald Deibert and The Citizen Lab on Twitter
• video of Washington, D.C. book launch for Black Code (held at the National Endowment for Democracy on 6/24/13)

Other books you should read alongside “Black Code” (links are for my reviews of each book):

• Access Controlled: The Shaping of Power, Rights, and Rule in Cyberspace edited by Ronald J. Deibert, John G. Palfrey, Rafal Rohozinski, and Jonathan Zittrain
• Consent of the Networked: The Worldwide Struggle for Internet Freedom , by Rebecca MacKinnon
• Cyber War: The Next Threat to National Security and What to Do About It, by Richard A. Clarke and Robert K. Knake
• Liars & Outliers: Enabling the Trust that Society Needs to Thrive, by Bruce Schneier
• Regulating Code: Good Governance and Better Regulation in the Information Age, by Ian Brown & Christopher T. Marsden
• Networks and States: The Global Politics of Internet Governance, by Milton Mueller
• Resilience: Why Things Bounce Back, by Andrew Zolli & Ann Marie Healy

While on vacation last week, I finished up a few new cyber-policy books and one of them was  Cyber War: The Next Threat to National Security and What to Do About It by Richard A. Clarke and Robert K. Knake.  The two men certainly possess the right qualifications for a review of the subject.  Clarke was National Coordinator for Security, Infrastructure Protection, and Counterterrorism during the Clinton years and also served in the Reagan and two Bush administrations. Knake is an international affairs fellow at the Council on Foreign Relations where he specializes in cybersecurity.

Clarke and Knake’s book is important if for no other reason than, as they note, “there are few books on cyber war.” (p. 261) Thus, their treatment of the issue will likely remain the most relevant text in the field for some time to come.

They define cyber war as “actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption” (p. 6) and they argue that such actions are on the rise.  And they also claim that the U.S. has the most to lose if and when a major cyber war breaks out, since we are now so utterly dependent upon digital technologies and networks.

At their best, Clarke and Knake walk the reader through the mechanics of cyber war, who some of the key players and countries are who could engage in it, and identify what the costs of such of war would entail.  Other times, however, the book suffers from a somewhat hysterical tone, as the authors are out here not just to describe cyber war, but to also issue a clarion call for regulatory action to combat it.  Ryan Singel of Wired, for example, has taken issue with the book’s “doomsday scenario that stretches credulity” and claims that “Like most cyberwar pundits, Clarke puts a shine on his fear mongering by regurgitating long-ago debunked hacker horror stories.”  Bruce Schneier and Jim Harper have raised similar concerns elsewhere.

There’s certainly some Chicken Little-ism at work in the book.  But that’s not as big of a problem as the book’s complete lack of reference material, footnotes, or even an index!  To be taken seriously as a scholar, I believe the minimal call of duty is to properly attribute and reference supposedly factual content / anecdotes. Clarke and Knake have not done so here and their failure to do so had me constantly wondering whether I could trust many of their assertions or findings.

Nonetheless, the authors are certainly correct in noting that the Net’s very nature — open, highly interconnected, decentralized, and largely unsecured / unencrypted — makes cyberspace more vulnerable to various forms of attacks.  As my old colleague Wayne Crews used to always tell me, if you’re looking for a completely secure network, the Internet is not the network for you.  Clarke and Knake note that “While the protocols that were developed [to ensure the Net worked] allowed for massive growth in networking and creation of the Internet as we know it today, they also sowed the seeds for the security problem. The writers of these ground rules did not imagine that anyone other than well-meaning academics and government scientists would use the Internet.” (p. 83) That much is true, but their incessant lament about our more interconnected world of networks and devices grows tiresome after awhile since they seemingly would like to roll back the clock on cyber-progress.  They complain, for example, that “President Obama’s ‘Smart Grid’ initiative will cause the electric grid to become even more wired, even more dependent upon computer network technology.”  They regard that as problematic but fail to fully explore the potential benefits of a more connected grid.

In terms of communications industry regulation, Clarke and Knake would like to see government impose a fairly sweeping set of new rules on ISPs to better secure their networks against potential attacks.  In true deputize-the-middleman fashion, they want ISPs to engage in a great deal more network monitoring (using deep-packet inspection techniques) under threat of legal sanction if things go wrong.  They admit there are corresponding costs and privacy concerns, but largely dismiss them and essentially ask us to just get over those concerns in the name of a safer and more secure cyberspace.  They do, however, say they would be willing to have a “Privacy and Civil Liberties Board” appointed “to ensure that neither the ISPs nor the government was illegal spying on us.” (p. 162)  I doubt that will soothe the fears of those who (like me) are fundamentally suspicious of government snooping.

They also incorrectly assert that “most ISPs do not take even the most basic steps to keep bad traffic from getting to your computer.” (p. 81) In reality, most ISPs take steps not just to guard against malware and other types of cyber attacks, but they also offer customers free (or cheap) security software as part of a growing suite of gratis services (anti-virus, parental controls, e-mail, etc).  Clarke and Knake make it sound like ISPs don’t give a hoot about cyber-security when, in reality, those companies have powerful incentives to make sure their networks are relatively safe and secure to avoid costly attacks and retain customers who demand their online information and activities be trouble-free.  Of course, perfect security is impossible, and any attempt to achieve it would sacrifice far too much in terms of both speech and economic liberties.

Toward the end of the book, the authors also toy will more sweeping proposals, such as replacing the Internet’s “sacred” TCP/IP protocols with a “new Military Protocol [that] would allow for authentication of who sent every packet [and] would permit prioritization of the packets… [and] might even encrypt the content.” (p. 274) They acknowledge that this proposal, if pursued, will lead to an epic battle about the future of the Internet since it raises some profound questions and upends the way things have worked for decades. Clarke and Knake say this is mostly just about the “open Internet people” who “strongly believe that information should be free and freely disseminated.” (p. 275)  But it’s about more than that. It’s also about who will even be given the authority to make that decision, and how will they go about doing so?  It’s as if the authors want us to believe there’s some big magical switch in the sky that can be thrown and make such sweeping changes overnight. In reality, the way everything happens online would change — and radically so — because of their proposals.  We are, after all, talking about a fundamental reconstruction of the Internet’s underlying architecture.

I am more sympathetic, however, to their question: “But does that mean that everything should be done on one big anonymous, open-to-everyone network?”  Not necessarily. They propose a “Govnet,” for example, that would be “a private network for the internal working of federal agencies that would deny access to those who could not prove who they were.” (p. 275) I don’t think there’s anything wrong with what would essentially be a massive intranet for the government ( don’t they already have one?!) as many companies and institutions already employ them to intentionally avoid the security problems that accompany the occasional Wild West that is the Internet.  But when it comes to the private sector and individuals, these choices should be made in voluntary, bottom-up fashion and not forced upon them from above.

Overall, Clarke and Knake have written a book that is worth reading, but with a very large grain of salt.  They clearly feel The Cyber End Times are near, but their calls for sweeping remedial steps are often hard to take seriously when couched in cyber-Jeremiah, prophet-of-doom-like terms and, worse yet, often unsupported by any reference material whatsoever.

Other Thoughts on “Cyber War”:

• the official page for the book
• a review by Glenn Harlan Reynolds that appeared in the Wall Street Journal
• a rather scathing review by Ryan Singel of Wired
• a review by Jeff Stein in The Washington Post
• thoughts from Jim Harper of Cato
• Bruce Schneier says that “The Threat of Cyberwar Has Been Grossly Exaggerated“
• and videos of Richard Clarke on “The Rachel Maddow Show” and “Good Morning America” follow down below

[as always, you can find all my cyber-policy book reviews here]

By Adam Thierer & Berin Szoka

As we mentioned yesterday, in a new series of essays, we will be examining proposals being put forward today that would have the government play a greater role in sustaining struggling media enterprises, “saving journalism,” or promoting more “public interest” content. With many traditional media operators struggling, and questions being raised about how journalism in particular will be supported in the future, Washington policymakers are currently considering what role government can and should play in helping media providers reinvent themselves in the face of tumultuous technological change wrought by the Digital Revolution. We will be releasing 6 or 7 essays on this topic leading up to our big filing in the FCC’s “Future of Media” proceeding (deadline is May 7^th).

In the first installment of our series, we will critique an old idea that’s suddenly gained new currency: taxing media devices or distribution systems to fund media content. We argue that such media income redistribution is fundamentally inconsistent with American press traditions, highly problematic under the First Amendment, difficult to implement in a world of media abundance and platform convergence, and likely to cause serious negative side effects.  Bottom line: Don’t tax our iPhones or broadband to subsidize media!

We’ve attached the entire text of the piece below. (Installment #2, on broadcast spectrum taxes to subsidize public media, will be released next week.)

The Wrong Way to Reinvent Media, Part I: Taxes on Consumer Electronics, Mobile Phones & Broadband

by Adam Thierer & Berin Szoka*

PFF Progress on Point 17.1 [PDF]

With many traditional media operators struggling, and questions being raised about how journalism in particular will be supported in the future,[1] Washington policymakers are currently considering what role government can and should play in helping media providers reinvent themselves in the face of tumultuous technological change wrought by the Digital Revolution. For example, the Federal Communications Commission (FCC) recently kicked off a new “Future of Media” effort with a workshop on “Serving the Public Interest in the Digital Era.” Likewise, the Federal Trade Commission (FTC) has hosted two workshops asking “How Will Journalism Survive the Internet Age?”  Meanwhile, the Senate has already held hearings about “the future of journalism,” and Senator Benjamin L. Cardin (D-MD) recently introduced the “Newspaper Revitalization Act,” which would allow newspapers to become tax-exempt non-profits in an effort to help them stay afloat.

In a series of forthcoming essays leading up to the May 7 filing deadline for the FCC’s “Future of Media” proceeding, we will discuss and critique some of the leading proposals being put forward that would have the government play a greater role in sustaining struggling media enterprises, “saving journalism,” or promoting more “public interest” content.

In this essay, we discuss an old idea that‘s gained new currency: taxing media  devices or distribution systems to fund media content. We argue that such media income redistribution is fundamentally inconsistent with American press traditions, highly problematic under the First Amendment, difficult to implement in a world of media abundance and platform convergence, and likely to cause serious negative side effects.

The BBC Model: Taxing Devices

Taxing devices to subsidize media content has never gained much traction here in the U.S., but it’s been used by some foreign governments for many decades.  Most famously, taxes on radios, eventually replaced by taxes on televisions, have sustained the BBC in the U.K. since its inception as the world’s first national broadcasting system in 1922. According to the most recent BBC annual report, the annual “fee” was raised to £142.50/year (currently $213.43) as of April 2009.  Failure to pay the fee is, of course, a crime and punished with stiff fines up to £1000 ($1497.75)—and radio emissions from unlicensed televisions can be detected by government vans that rove Britain’s streets looking for violators.  The revenue generated by the tax is then allocated among various BBC media products, with most of it going to the BBC 1 and BBC 2 television channels.

The U.S. has taken a different approach.  We’ve not embedded a tax in the cost of new media devices to pay for the content delivered over those devices.  (Of course, that’s at least partially because we’ve had a strong tradition of free markets in media ever since we revolted against the Brits and mercantilism, their system of state-directed economic planning!)  Generally speaking, private media operators have been expected to pay their own way in this country and not look to government for direct support.

America has had some indirect subsidies in the form of reduced postal rates for print media, as well as tax treatment for advertising.  And taxpayer dollars have been channeled to the CPB/PBS/NPR regime, of course.  But such public subsidy is small potatoes when compared to private media in the U.S.  For example, the Corporation for Public Broadcasting’s 2010 budget is just $400 million.[2] While many look to CPB to fund children’s programming (among its many other activities), its entire budget is no more than a quarter of the total amount of U.S. advertising revenue produced by children’s programming from food and beverages products alone: $1.6 billion in 2006 by the FTC’s most conservative estimates.[3] That comparison illustrates the vital importance of advertising to media,[4] but subscriptions, direct sales, and private patronage have also been major economic engines of media in United States.

But the idea of more direct government support for media (and journalism, in particular) has always been lurking out there.  There’s long been a small but vociferous crowd of academics and policymakers advocating huge increases in government spending on non-commercial or public media.  And some of them have even toyed with a tax on technology to cross-subsidize the media content that flows over those devices or networks.  Most recently, Robert W. McChesney and John Nichols, authors of the new book The Death and Life of American Journalism, have proposed a 4-part tax plan to raise money ($18-21 billion) for a massive $35 billion/year “public works” program for the press (with the remainder coming from other sources):[5]

• a 5% tax on consumer electronics (they estimate it would bring in $4 billion/year)
• a 3% tax on monthly ISP & cell phone bills (estimated $6 billion/year)
• a 2% sales tax on advertising (estimated $5 to $6 billion/year)
• a 7% tax on broadcasters (estimated $3-6 billion/year)

Similarly, Leonard Downie, Jr., Vice President at Large of The Washington Post, and Michael Schudson, a Professor at the Columbia University Graduate School of Journalism, have advocated the creation of a “Fund for Local News” that “would make grants for advances in local news reporting and innovative ways to support it.”[6] The Fund would make grants to news organizations through “Local News Fund Councils” and would be financed by “fees paid by radio and television licensees, or proceeds from auctions of telecommunications spectrum, or new fees imposed on Internet service providers.”[7] (Note: Proposals to impose fees on radio and television licensees will be discussed in a subsequent installment of this PFF series.  But for purposes of this installment, we reference the Downie & Schudson plan because of its call for fees on ISPs as one method of financing media going forward.)

More Platforms, More Taxes

McChesney and Nichols don’t go into a lot of detail about their tax proposals, but the consumer electronics tax they favor appears to be based on the 1967 Carnegie Commission Report, which called for a 5% tax on all new television purchases—a variant on Britain’s annual licensing fee.  But instead of just taxing “televisions”—which would be very difficult in a world of technological convergence where consumers can “watch television” on any number of devices (PCs, mobile phones, portable gaming devices, portable media players, etc.)—they apparently want to tax all consumer electronic devices.  Thus, they seem to recognize the reality of convergence but their answer is to just tax everything!

The British themselves have struggled with technological change: In 1971, the radio fee first introduced in 1922 was abolished, and in 1972, so was the BBC’s radio monopoly, with commercial radio stations being allowed to compete with BBC Radio for the first time.  One might argue that abolishing the radio tax and relying on a single tax (on televisions) to fund the BBC’s television programming (67% of BBC spending) as well as BBC radio (17%) was simply more efficient—since most consumers had a television as well as a radio.  Indeed, actually implementing any media device tax in the U.S. could prove very difficult, since countering evasion would require imposing sales taxes on online retailers ranging from Amazon.com to TigerDirect.com to countless small operators who sell TVs, DVD players, cell phones, and a wide variety of other gadgets.  So much for the Internet sales tax moratorium!

But the evasion problem is a real one. The BBC estimates an 8.7% evasion rate, and it’s not clear how much more (or less) of a problem evasion might be when the tax is imposed at the point of sale (as McChesney and Nichols propose) rather than every year (as in Britain).  But clearly, the problem can’t be solved simply by trying to tax all consumer electronics:  The higher the tax rate, the more likely a black market will develop for discounted devices—with all the problems that generally come with black markets, such as funding organized crime. Whenever someone proposes a single-digit tax rate for anything, it’s worth remembering that the federal income tax started out at 1-7% back in 1913—and, well, we all know how that turned out!  (Top rates rose to 67-73% during World War I, fell again to the mid-20s under Coolidge, then jumped again to 63% by 1933 and didn’t fall below 50% till 1986!)  Maybe McChesney and Nichols realize how ugly black markets would get if tax rates on devices rise in the future—and perhaps that’s why they’re trying to spread the pain around by taxing broadband and wireless service, advertising and broadcasting, too.  But, as discussed next, that’s another problem with the plan.

Taxation’s Negative Disincentives

Taxes distort markets and human behavior.  Long ago, Chief Justice John Marshall taught us that “the power to tax is the power to destroy.”  As the late Clarence B. Carson noted in an article of the same name:

Any level of taxation will make some undertakings unprofitable or submarginal. In practice, any increase in taxes will drive some people out of business, prevent them from going into business, or make it difficult or impossible for them to sustain themselves by whatever they are doing.[8]

This helps us understand why raising taxes on mobile phones and broadband bills would be particularly foolish way of supporting media:  it will distort beneficial behavior by both providers and consumers of communications conduit.

The FCC just recently reported that cost is a major factor for many households who decide not to buy broadband service (even though it’s available).  Why, after the FCC spent 13 months producing a 376-page, Congressionally mandated National Broadband Report on ways to increase the utilization and affordability of broadband, would we want to do anything to boost broadband bills, even in the name of “saving journalism”?  Increased taxes on broadband bills might discourage some broadband providers from rolling out innovative new services as rapidly as planned.  And once the new service tax is passed along to consumers—as all business taxes inevitably are—they might be less likely to adopt broadband, or might even cancel existing service.  How would that benefit media and journalism?

The same goes for mobile phones. CTIA—The Wireless Association estimates that wireless users already pay an average 15% tax (local state and federal) on their cell phone bills.  Moreover, if there is one thing we can count on, it’s that taxes inevitably rise once they get on the books, whatever the intention of their initial architects.  That‘s especially true when the tax creates a new class of subsidy recipients who have a vested interest in keeping the scheme alive and growing. Thus, what starts out as 3-5% tax on phones, broadband, and consumer electronics, will likely grow to be much higher over time.  Pretty soon the FCC will look like the massively inefficient Department of Agriculture, doling out subsides to everybody and his brother who qualifies for media industry corporate welfare.

How Will the Government Spend Your Money?

But the more interesting question about such a media tax may be on the  payout side of the scheme.  Herein lies a fundamental difference between the BBC model and what McChesney and Nichols are proposing: The BBC fees have always been used to fund BBC content only, not for all media.  True, the BBC once held monopolies in radio and television, but those monopolies died long ago, and when they did, the British did not share fee revenue with the BBC’s competitors.  Instead, commercial radio and television in the UK have had to rely on subscription and advertising revenues, just as in the US.  Thus, the British model does not answer a profoundly difficult question: Even if we assume government could create a reasonably effective media tax collection regime, who would qualify for a cut of the money?

In an age of user-generated content and a wide variety of hybrid media products, it would seem that defining eligibility criteria for the subsidy might be significantly more challenging than it was in the past. Would blogs qualify?  What about live reporting via Twitter or photo-journalism via Flickr?  Who gets to decide what qualifies as news worth subsidizing, as opposed to mere opinions or aggregation?  Similarly, the “Fund for Local News” and “Local News Fund Councils” favored by Downie and Schudson would be doubly problematic.  They propose that, “The criteria for grants should be journalistic quality, local relevance, innovation in news reporting, and the capacity of the news organization, small or big, to carry out the reporting.”[9] But, again, who determines “journalistic quality” and “the capacity… to carry out the reporting” or even what constitutes “local” news?

Beyond such practical problems, determining eligibility raises profound First Amendment questions because, as the Supreme Court has held, “in the realm of private speech or expression, government regulation may not favor one speaker over another.”[10] The Court has also held that “Both tax exemptions and tax deductibility are a form of subsidy that is administered through the tax system.”[11] Thus, the government may not pick preferred classes of speakers for subsidies, just as it may not single out disfavored classes for penalties.  For example, a state university may not selectively deny funding to a gay and lesbian students association, because, as the Eighth Circuit has held:

a public body that chooses to fund speech or expression must do so even-handedly, without discriminating among recipients on the basis of their ideology.  The University need not supply funds to student organizations; but once having decided to do so, it is bound by the First Amendment to act without regard to the content of the ideas being expressed.  This will mean, to use Holmes’s phrase, that the taxpayers will occasionally be obligated to support not only the thought of which they approve, but also the thought that they hate. That is one of the fundamental premises of American law.[12]

And there’s also a First Amendment-related concern here associated with the potentially—if subtly—coercive effects of subsidies on the independent editorial discretion of news-gatherers.  Downie and Schudson insist they “understand the complexity of establishing a workable grant selection system and the need for strict safeguards to shield news organizations from pressure or coercion from state councils or anyone in government.”^[13] Yet they hope political pressure can, somehow, be kept to a minimum.  Likewise, McChesney and Nichols largely dismiss such concerns about undue political influence on subsidized entities—even though they cite several examples of politicians attempting to use the purse strings to influence PBS and NPR funding over the past four decades![14]

Regardless, these scholars fail to account for the fact that, going forward, political pressure would likely grow in proportion to dependence of media entities upon such public subsidy and the overall amount of those subsidies.  After all, we’re talking about taxpayer funding for the press on an unprecedented scale here.  Moreover, the more visible these subsidies become—especially then the funding goes to highly controversial media content or outlets ( e.g., involving pornography, vulgarity, politics, religion, abortion, homosexuality)—the more likely the public and politicians are to clamor for rules on who gets what.  We’ve already seen a microcosm of that concern with National Endowment for the Arts funding for controversial art and culture in the past.  Now imagine media subsidies on the scale that McChesney and Nichols envision coupled with Downie and Schudson’s “Local News Fund Councils” sorting out competing claims and concerns.  Media funding will quickly become a political circus—and another front in the ongoing Culture Wars.

Here’s another concern: Will this scheme lead to more or less media competition?  It would be misguided to argue that such a tax system couldn’t fund some quality journalism and even entertainment.  After all, there’s some wonderful stuff on the BBC.  But without having run the numbers for all countries, there seems to be a correlation between the level of government investment in media and the overall number of media outlets at the public’s disposal.  When visiting Europe, one is struck by how even the largest European countries have so few choices compared to what we have here in the States, and that’s true across media (video, audio, print, online).  Could that be because government spending / investment in media has had a crowding-out effect on private media?  That possibility is at least worth considering as some look to broaden public support for media here in the U.S. Government simply doesn’t have a very good track record of creating innovative, competitive businesses and markets.

How the Death of Private, For-Profit Media Becomes a Self-Fulfilling Prophecy

Which leads to a final concern: There’s just a gut-level discomfort many of us would have with the idea of government imposing even more taxes on us to support industries or interests we might find distasteful or not deserving of corporate welfare.  It’s one thing to say that the government should play a role at the margin funneling some money into public broadcasting efforts via the CPB for limited purposes, but it’s quite another to suggest that this should be the new model upon which all media should rest.  That’s essentially what McChesney and Nichols propose in their book, on the grounds that “the old order is collapsing” and private media is dead.

Of course, it’s virtually a self-fulfilling prophecy that private media operators will fail if you impose a smorgasbord of new tax burdens on them and related devices and distribution channels—and then channel the money to “public media” competitors!  As will be discussed in a future installment in this series of essays, taxing advertising is particularly harmful because those taxes come straight out of the advertising revenues upon which most publishers depend for their lifeblood.

But raising prices of innovative consumer electronics like readers ( e.g., Amazon’s Kindle, Barnes & Noble’s Nook, Sony’s Reader or Apple’s iPad) and the wireless broadband services that connect them isn’t such a bright idea either at a time when traditional publishers are hoping that new media distribution and consumption technologies will also allow them to experiment with new business models (like selling subscriptions for magazines or newspapers tailored for these devices).  Unlike the British annual license fee, a tax imposed at the point of purchase would discourage users from buying new devices.  This, in turn would slow adoption of new technologies and retard innovation in a market that has seen consumers move increasingly towards replacing their old devices every few years, due to the constant increased in processing power and functionality made possible by Moore’s Law.

Taken together, these tax proposals are a sure-fire way to achieve McChesney’s true radical end: the destruction of private, commercial media and journalism.  Let’s not forget, after all, that McChesney has argued (during this interview with the Canadian-based “Socialist Project”) that “the ultimate goal is to get rid of the media capitalists,” and that, “unless you make significant changes in the media, it will be vastly more difficult to have a revolution.”[15] And in his book with Nichols, he concludes by noting that “We have responded in a time of crisis not with tinkering reforms but with revolution.”[16]

Indeed they have!  But such radicalism must be rejected if we hope to sustain a truly free press and uphold America’s proud tradition of keeping a high and tight wall of separation between Press and State.  Americans would do well remember to remember the (other) Golden Rule: “Whoever Has the Gold, Makes the Rules!”[17] The more control politicians have over funding media, the more control they will inevitably have over media itself.

Related PFF Publications

• Testimony at FCC’s Hearing on “Serving the Public Interest in the Digital Era ,” Adam Thierer, March 2010.
• Public Option for Press Should Get the Red Pen, Adam Thierer, The Daily Caller, Jan. 2010.
• Chairman Leibowitz’s Disconnect on Privacy Regulation & the Future of News, Adam Thierer & Berin Szoka, Progress Snapshot 6.1, Jan. 13, 2010.
• Socializing Media in Order to Save It, Adam Thierer, City Journal, March 2009.
• A Manifesto for Media Freedom , Adam Thierer & Brian Anderson, 2008.
• Media Ownership Proceedings, W. Kenneth Ferree, Testimony before the Federal Communications Commission, Nov. 3, 2009.
• Media Myths: Making Sense of the Debate over Media Ownership, Adam Thierer, June 2005.

[1] The Pew Project for Excellence in Journalism reports that: “The numbers for 2009 reveal just how urgent these questions are becoming. Newspapers, including online, saw ad revenue fall 26% during the year, which brings the total loss over the last three years to 43%. Local television ad revenue fell 22% in 2009, triple the decline the year before. Radio also was off 22%. Magazine ad revenue dropped 17%, network TV 8% (and news alone probably more). Online ad revenue over all fell about 5%, and revenue to news sites most likely also fared much worse. Only cable news among the commercial news sectors did not suffer declining revenue last year.” Pew Project For Excellence in Journalism, Introduction, The State of the News Media 2010, March 2010, www.stateofthemedia.org/2010/overview_intro.php.

[2] Corporation for Public Broadcasting, FY 2010 Operating Budget, www.cpb.org/aboutcpb/leadership/board/resolutions/090915_fy10OperatingBudget.pdf.

[3] See FTC’s 2008 report, Marketing Food to Children and Adolescents: A Review of Industry Expenditures, Activities, and Self-Regulation, at ES-1-2, www.ftc.gov/os/2008/07/P064504foodmktingreport.pdf.

[4] Adam Thierer & Berin Szoka, The Progress & Freedom Foundation, The Hidden Benefactor: How Advertising Informs, Educates & Benefits Consumers, PFF Progress Snapshot 6.5, Feb. 2010, www.pff.org/issues-pubs/ps/2010/ps6.5-the-hidden-benefactor.html.

[5] Robert W. McChesney & John Nichols, The Death and Life of American Journalism (2010) at 210-11.

[6] Leonard Downie, Jr. & Michael Schudson, The Reconstruction of American Journalism, Columbia Journalism Review, Oct. 20, 2009, at 92, available at www.scribd.com/doc/21268382/Reconstruction-of-Journalism.

[7] Id.

[8] Clarence B. Carson, The Power to Tax is the Power to Destroy, The Freeman, Vol. 26, No. 10, Oct. 1976, www.thefreemanonline.org/featured/the-power-to-tax-is-the-power-to-destroy.

[9] Downie & Schudson, supra note 6 at. 93.

[10] Rosenberger, 515 U.S. 819, 828 (1995).

[11] Regan v. Taxation with Representation of Washington, 461 U.S. 540, 544 (1983).

[12] Gay & Lesbian Students Assoc, 850 F.2d 361, 362 (8th Cir. 1988).

[13] Id.

[14] McChesney & Nichols, supra note 5 at 193-99.

[15] Socialist Project, Media Capitalism, the State and 21st Century Media Democracy Struggles: An Interview with Robert McChesney, The Bullet, Socialist Project, E-Bulletin No. 246, Aug. 9, 2009, www.socialistproject.ca/bullet/246.php.

[16] Id.

[17] The Big Apple, Golden Rule (“He Who Has the Gold Makes the Rules”), June 13, 2009,  www.barrypopik.com/index.php/new_york_city/entry/golden_rule_he_who_has_the_gold_makes_the_rules.

Wrong Way to Reinvent Media Part 1 – Media Taxes [Thierer & Szoka – PFF] http://d1.scribdassets.com/ScribdViewer.swf

By Adam Thierer & Berin Szoka

In a series of upcoming essays, we will be examining proposals being put forward today that would have the government play a greater role in sustaining struggling media enterprises, “saving journalism,” or promoting more “public interest” content. The reason we’re working up this multi-part series is because, with many traditional media operators struggling, and questions being raised about how journalism in particular will be supported in the future, Washington policymakers are currently considering what role government can and should play in helping media providers reinvent themselves in the face of tumultuous technological change wrought by the Digital Revolution.

For example, the Federal Communications Commission (FCC) recently kicked off a new “Future of Media” effort with a workshop on “Serving the Public Interest in the Digital Era.” (The  filing deadline for the FCC’s “Future of Media” proceeding is May 7^th).  Likewise, the Federal Trade Commission (FTC) has hosted two workshops asking “How Will Journalism Survive the Internet Age?”  Meanwhile, the Senate has already held hearings about “the future of journalism,” and Senator Benjamin L. Cardin (D-MD) recently introduced the “Newspaper Revitalization Act,” which would allow newspapers to become tax-exempt non-profits in an effort to help them stay afloat.

Thus, in light of Washington’s sudden interest in the future of media and journalism, we will be taking a hard look at several issues and proposals that are being floated today, including:

• Taxes on media devices, mobile phones, or broadband bills to channel money to media enterprises / content;
• Taxes / fees on broadcasters to funnel support to their public sector competitors or to public interest programs;
• “News vouchers” or “public interest vouchers” that would encourage citizens to channel support to media providers;
• Taxes on private advertising to subsidize non-commercial / public media content;
• Expanded postal subsidies for media mail; and
• Targeted welfare programs for out-of-work journalists or corporate welfare in the form of bailouts for failing media enterprises.

You won’t be surprised to hear that we are generally quite skeptical of most of these ideas, but we promise to give each one serious consideration.  We’ll kick things off tomorrow with our essay on why taxing media devices or distribution systems to fund media content is not a particularly good idea.

NebuAd is dead. The company‘s plan to track users through their ISPs for the purpose of targeting advertising met with public and congressional concern that ultimately led to its demise.

I believe that ISPs should stick to serving bits and not get into the business of serving or helping to serve ads, so I’m glad to see NebuAd’s model fail. I’ve been made aware by a similar company – Phorm – of the privacy sensitivity they design into their system, but the answer for me is still “No, thanks.”

In terms of policy, this story is mixed. Fans of government involvement probably believe that concerns expressed by public authorities caused NebuAd’s partners to pull out. ISPs also responded to public concerns expressed directly and in the media, of course, and I believe that consumers’ passive reliance on government authorities for protection is in error.

And so begins another fight over data retention. As Declan summarizes:

Republican politicians on Thursday called for a sweeping new federal law that would require all Internet providers and operators of millions of Wi-Fi access points, even hotels, local coffee shops, and home users, to keep records about users for two years to aid police investigations. The legislation, which echoes a measure proposed by one of their Democratic colleagues three years ago, would impose unprecedented data retention requirements on a broad swath of Internet access providers and is certain to draw fire from businesses and privacy advocates. […] Two bills have been introduced so far — S.436 in the Senate and H.R.1076 in the House. Each of the companion bills is titled “Internet Stopping Adults Facilitating the Exploitation of Today’s Youth Act,” or Internet Safety Act.

Julian also has coverage over at Ars and quotes CDT’s Greg Nojeim who says the data retention language is “invasive, risky, unnecessary, and likely to be ineffective.”  I think that’s generally correct.  Moreover, I find it ironic that at a time when so many in Congress seemingly want online providers to collect and retain LESS data about users, this bill proposes that ISPs be required to collect and retain MORE data. One wonders how those two legislative priorities will be reconciled!!

Don’t get me wrong. It’s good that Congress is taking steps to address the scourge of child pornography — especially with stiffer sentences for offenders and greater resources for law enforcement officials. Extensive data retention mandates, however, would be unlikely to help much given the ease with which bad guys will likely circumvent those requirements using alternative access points or proxies.  Finally, retention mandates pose a threat to the privacy of average law-abiding citizens and impose expensive burdens of online intermediaries.

We’ve had more to say about data retention here at the TLF over the years.  Here’s a few things to read:

• Yahoo! Data-Retention Policy vs. The New Justice Department, by Cord Blomquist
• Another Reason to Be Wary of Age Verification & Data Retention Mandates, by Adam Thierer, October 30, 2006.
• Mandatory Data Retention: How Much is Appropriate? by Adam Thierer, June 26, 2006.
• Internet Data Storage Is The Wrong Way To Combat Child Sexual Exploitation, by Hance Haney, Sept. 20, 2006.
• Data Retention on the Move, by Jim Harper, June 1, 2006.

The Australian government has been running a trial of ISP-level filtering products to determine whether network-based filtering could be implemented by the government to censor certain forms of online content without a major degradation of overall network performance. The government’s report on the issue was released today: Closed-Environment Testing of ISP-Level Internet Content Filtering. It was produced by the Australian Communications & Media Authority (ACMA), which is the rough equivalent of the Federal Communications Commission here in the U.S., but with somewhat broader authority.

The Australian government has been investigating Internet filtering techniques for many years now and even gone so far to offered subsidized, government-approved PC-based filters through the Protecting Australian Families Online program. That experiment did not end well, however, as a 16-year old Australian youth cracked the filter within a half hour of its release. The Australian government next turned its attention to ISP-level filtering as a possible solution and began a test of 6 different network-based filters in Tasmania.

What makes ISP-level (network-based) filtering an attractive approach for many policymakers is that, at least in theory, it could solve the problem the Australian government faced with PC-based (client-side) filters: ISP-level filters are more difficult, if not impossible, to circumvent. That is, if you can somehow filter content and communications at the source–or within the network–then you have a much greater probability of stopping that content from getting through. Here’s a chart from the ACMA’s new report that illustrates what they see as the advantage of ISP-level filters:

Of course, that’s the theory and it remains to see how well it would work in practice. In today’s report, however, the ACMA claims that network-based filtering generally did work well enough in practice during the Tasmanian trial such that all 6 filters tested scored an 88% effectiveness rate in terms of blocking the content / URLs that the government was hoping would be blocked (and 3 of the products scored above 94%). The report also claims that overblocking of acceptable content was only 8% for all filters tested and 3% for four of the services. Finally, the ACMA said that network degradation was not nearly as big of a problem during this round of tests as it was during previous test, when performance degradation ranged from 75-98%. In this latest test, by contrast, the ACMA said degradation was down, but still varied widely—from a low of just 2% for one product to a high of 87% for another.

So, what to make of this report? There are a couple of interesting caveats in the report which raise some questions regarding overall effectiveness and feasibility of such ISP-level filtering being applied on a broader scale. For example, the report mentions of p. 45 that the scope of network filtering is mostly limited to HTTP and HTTPS. For other services and protocols, including peer-to-peer, IM, e-mail, newsgroups, or custom protocols, the services could generally not filter properly. The report notes, “No products are capable of distinguishing illegal content and content that may be regarded as inappropriate on non-web protocols, excepting two products that can identify particular types of content carried via one email protocol, and one product that can identify particular types of content carried via one streaming protocol.”

Of course, the filters could block those services and protocols outright, but that’s not a workable solution in the long-run, of course, since people demand those services. As the ACMA notes later in the report (on p. 53), “Where such protocols are used to carry legitimate traffic and are widely used by children for study and social interaction, ACMA regards the absence of a more targeted capability as a deficiency.” Indeed, that’s a pretty significant deficiency!

But here’s the more interesting question: Would a centralized filtering mandate by governments encourage people to shift content or communications to those other protocols or services, or encourage others to create new protocols or services that would be more likely to evade centralized ISP-filtering? I don’t want to overplay this point because it is certainly true that much (perhaps most) of what governments want censored today would likely be captured by such centralized filters. But what sort of filtering failure rate is acceptable, and what will happen in coming years as a result of such a mandate? I’m not saying I have any answers, but it is certainly worth exploring those questions.

More importantly, I have obviously not even gotten into the threshold question here about what sort of content or materials governments would deem “illegal” such that they would be filtered in the first place? That’s obviously a very significant and controversial question. Moreover, why should the decision to censor in such a sweeping fashion be transferred to the network-level instead of remaining at the individual household level?

Of course, governments might require that every ISP simply offer such a network filtering solution and then let individual households choose to opt-out of or to opt-in to the system. But who decides what is blocked at the headend under such a scheme? That determination is currently left to private filtering companies here in the U.S. and in many other countries, but the Australians have a different sort of regime and history when it comes to content regulation. They and other countries would likely be more comfortable making those determinations about acceptable content and then requiring the ISPs to act as deputized agents of speech and morality enforcement. And there’s no First Amendment in Australia to stop them from doing so.

Beyond such issues about the wisdom and scope of government censorship, there’s also the question of whether such centralized filtering poses other concerns about the extent of government authority. Many people will be put off by the prospect of national governments playing the role of national nanny via centralized network filters. (Fill in your own “Big Brother” or China analogy here). But many others will be left wondering what else such a move subsequently allows the government to do in terms of network snooping and surveillance. And there are other concerns here regarding the ongoing cost of the process (who pays for network upgrades?) and how else those resources might have been used.

But make no doubt about it folks, this debate is about to get red-hot here in the States as lawmakers increasingly look for new ways to ‘deputize the middleman’ and require greater policing of the Net by online intermediaries—and not just for ISPs. If ISPs are required to engage in such centralized filtering, then one can easily imagine how other online intermediaries—search providers, social networking sites, online gaming platform providers, other application vendors, etc—would be expected to play ball too, especially for all that user-generated content out there that could evade centralized ISP filters. If they don’t play ball, one could imagine the government seeking to impose some sort of liability on them. And that then opens a debate about the applicability of Sec. 230 of the Communications Decency Act, which has generally immunized intermediaries from such liability.

I hope our readers will provide additional thoughts and comments about the Australian scheme and centralized, network-based, mandatory ISP filtering more generally. Specifically, I am hoping some of our savvy readers can identify some of the technical hurdles standing in the way of such schemes, or what unintended consequences they might create.

The Register reports that Google is developing yet another suite of free tools for broadband users–this time aimed at allowing users to monitor traffic-management/shaping conducted by their ISP.

“We’re trying to develop tools, software tools…that allow people to detect what’s happening with their broadband connections, so they can let [ISPs] know that they’re not happy with what they’re getting – that they think certain services are being tampered with,” Google senior policy director Richard Whitt said this morning during a panel discussion at Santa Clara University, an hour south of San Francisco.

The article provides a short-but-interesting history of how Google’s views on Net Neutrality have evolved in recent years and about the debate inside the company as to whether to governmental prohibition of traffic management/prioritization by enshrining some conception of Net Neutrality in law.  Today, of course, the company has become perhaps the most outspoken corporate defender of Net Neutrality principles.  Google senior policy director Richard Whitt shows no sign of rethinking Google’s commitment to those principles, but suggests that the monitoring tools being developed by Google might fundamentally change the calculus of the debate:

“The forces aligned against us are real. They’ve been there for decades. Their pockets are deep. Their connections are strong with those in Washington,” he said. “Maybe we can turn this into an arms race on the application software side rather a political game.”

As Verizon’s Link Hoewing observes, these tools promise to increase dramatically the transparency of network management practices.  This increased transparency will provide a clearer picture of what ISPs are actually doing, something that is largely a subject of speculation today, while helping to remove the current uncertainty that fuels sometimes wild speculation about the “death of the Internet” and other calamities in a world without Net Neutrality.  Psychologically, transparency may thus remove much of the need for perceived need for Net Neutrality mandates.

But, of course, as defenders of traffic prioritization argue, there will be instances where ISPs “deviate from Net Neutrality principles” by prioritizing certain traffic to enable advanced voice and video services over more intelligent networks.   (Read, for example, George Ou’s post taking issue with aspects of The Register‘s story.)  Of course, some will surely point to such instances as further evidence of the perceived “need” for regulation, but the fact that these practices will be rmore readily apparent to more users than ever before will in fact provide three powerful alternative mechanisms for disciplining ISP traffic management.

First, it will be easier to hold ISPs accountable under their own terms of use–especially with the involvement of citizens’ watchdog groups such as Lauren Weinstein’s “Network Neutrality Squad.”  Clearly, if Google’s planned tools suggest that an ISP is violating the applicable provisions of its terms of use and if that suspicion can be properly confirmed, such a violation should give rise to a breach of contract claim or an unfair-and-deceptive trade practice action.  Increased user awareness of what traffic management actually involves and when it is actually being conducted should also create public pressure on ISPs to specify with greater granularity what they will and will not do.

Second, as demonstrated by the recent “Comcast Kerfuffle,” ISPs could suffer reputational consequences for either (i) violating their terms of use or (ii) simply conducting forms of traffic management that significantly degrade user experiences without any corresponding benefit to users.  The better users understand how ISPs manage their networks, the more likely they will be to appreciate the need for certain kinds of traffic management and the less likely they will be to equate all forms of traffic management with the dystopian scenarios thrown out by the Chicken Littles who insist that the digital firmament is falling and that the “End of the Internet” is upon us if we fail to regulate–and quickly.

Third, Google’s tools will facilitate good, ol’ fashioned self-help.   The more consumers know about traffic management, the more they will be able to find technological means of practices they consider particularly objectionable–the “arms race” referenced by Whitt.

Those of us who defend the ISP’s freedom to manage its network–and, like George Ou, the corresponding freedom of the user to choose prioritization–should never make the mistake of thinking that all prioritization is equally good.  Nor should we let our opposition to coercive Net Neutrality mandates diminish our appreciation for purely voluntary efforts like Google’s monitoring tools.  Surely we can join even those who favor Net Neutrality mandates in agreeing that “Sunlight is the best disinfectant,” as Justice Brandeis famously said.