On Thursday, it was my great pleasure to participate in a Washington Legal Foundation (WLF) event on “Online Privacy Regulation: The Challenge of Defining Harm.” The entire event video can be found on YouTube here, but down below I pasted the clip of just my remarks. Other speakers at the event included:  FTC Commissioner Maureen K. Ohlhausen, Commissioner; John B. Morris, Jr., the Associate Administrator and Director of Internet Policy athe U.S. Department of Commerce’s National Telecommunications and Information Administration; and Katherine Armstrong, Counsel at the law firm of Hogan Lovells. Glenn Lammi of the WLF moderated the session.

My remarks drew upon a few recent law review articles I have published relating digital privacy debates to previous debates over free speech and online child safety issues. (Here are those articles: 1, 2, 3).

This week I will again be attending the Family Online Safety Institute’s excellent annual summit. The 2-day affair brings together some of the world’s leading experts on online safety and privacy issues. It’s a great chance to learn about major developments in the field. As I was preparing for the session I am moderating on Thursday, I thought back to the first FOSI annual conference, which took place back in 2007. What is remarkable about that period compared to now is that there was a flurry of legislative and regulatory activity related to online child safety then that we simply do not see today.

In fact, just 3 1/2 years ago, John Morris of the Center for Democracy and Technology and I compile a legislative index [summary here] that cataloged the more than 30 legislative proposals that had been introduced in the the 110th session of Congress. There was also a great deal of interest in these issues within the regulatory community. Finally, countless state and local measures related to online safety and speech issues had been floated. Today, by contrast, it is hard for me to find any legislative measures focused on online safety regulation at the federal level, and I don’t see much activity at the agency level either. I haven’t surveyed state and local activity, but it seems like it has also died down.

Generally speaking, I think this is a good development since I am opposed to most proposals to regulate online speech, expression, or conduct. But let’s ignore the particular wisdom of such measures and ask a simple question: What explains the decline in Internet safety legislation and online content regulation? I believe there are three possible explanations:

1) The effectiveness of education and awareness-building strategies

I would like to believe that all the efforts made by various groups and individuals (including myself) to encourage policymakers to adopt  “Educate & Empower” approaches over “Legislative & Regulate” approaches are finally bearing fruit. The first instinct for many policymakers is to legislate immediately and then worry about the consequences later (if at all). But such approaches, no matter how well-intentioned, often backfire and have myriad unintended consequences (including the problem addressed next). So, perhaps it is the case that lawmakers and regulators are finally coming to realize that education and awareness approaches — married to empowerment-based efforts — are actually the more sensible approach compared to a flurry of legislative measures that ultimately accomplish very little.

2) The deterrent effect of inevitable and lengthy constitutional challenges

Here are two things I know for certain: First, almost every Internet-related measure faces a constitutional challenge, typically on First Amendment grounds (but sometimes also on Sec. 230 grounds). Second, most of those challenges succeed. I don’t have hard stats to back up this assertion, but I’d bet that there are few areas of modern law that have witnessed a higher percentage of successful constitutional challenges in recent years than the field of cyberlaw.  Taking that as a given, one must assume that at some point it becomes a deterrent to additional state action in this field.  Why waste years legislating and regulating if it is all enjoined and then overturned a short time later?

3) Resurgence of privacy as major policy issue and the emergence of cybersecurity as a policy issue

It could also be that case that privacy policy crowds out congressional interest in online safety legislation. In fact, it seems like these issues often move in opposing waves. When a wave of online safety legislative and regulatory activity is cresting, interest in privacy policy seems to fall. That certainly seemed to be the case between roughly 2005 and 2008 when online safety dominated congressional debates and privacy was hardly on the radar.  Today the reverse is true. Privacy has been the dominant Internet policy issue of the past year or so. It is sucking all the oxygen out of the room — whether that room is a congressional hearing room, a regulatory agency event, or even academic conferences.

Importantly, cybersecurity has rapidly emerged as a major new fault line in Internet policy debates. It, too, is eating up a lot of the “attention bandwidth” available among policymakers today.  And intellectual property matters always seem to be percolating out there.

It is my belief that because some of these Net policy issues are so complicated, policymakers are sometimes discouraged from doing a “deep dive” on them. To the extent they do, it seems unlikely that lawmakers are willing to invest serious time in more than a couple of these arcane matters at one time. Also, don’t forget how busy the relevant committees (Commerce and Judiciary) are with other, not tech policy-related matters. On any given legislative day, they could be handling a wide range of other policy issues that crowd out the amount of attention they can devote to Net policy matters, which are often far down the list of legislative priorities. Again, I’m generally pretty happy about that fact! I’d rather lawmakers go slow on these issues, whether the slow pace of the action is intentional or not.

So, what do you think? Are there other possible explanations for why we’ve seen less activity on the online safety / Internet content regulation front in recent years?

Today is the 33rd anniversary of the Supreme Court’s landmark First Amendment decision, FCC v. Pacifica Foundation. By a narrow 5-4 vote in this 1978 decision, the Court held that the FCC could impose fines on radio and TV broadcasters who aired indecent content during daytime and early evening hours. The Court used some rather tortured reasoning to defend the proposition that broadcast platforms deserved lesser First Amendment treatment than all other media platforms. The lynchpin of the decision was the so-called “pervasiveness theory,” which held that broadcast speech was “uniquely pervasive” and an “intruder” in the home, and therefore demanded special, artificial content restrictions.

Back in 2008, when Pacifica turned 30, I penned a 6-part series critiquing the decision and discussing its impact on First Amendment jurisprudence:

• Part 1:  General overview.
• Part 2: A short history of FCC indecency regulation.
• Part 3: The misguided logic of the Court’s reasoning in Pacifica.
• Part 4: How that logic of Pacifica is even more misguided in light of modern developments.
• Part 5: A joint editorial on the issue I co-authored with John Morris of Center for Democracy & Technology.
• Part 6: Wrap-up and further reading.

In addition to those essays, I brought all my thinking together on this issue in a 2007 law review article, “Why Regulate Broadcasting: Toward a Consistent First Amendment Standard for the Information Age.”  Importantly, this could be the last year we “celebrate” a Pacifica anniversary. Earlier this week, on the same day it handed down a historical video game free speech win, the Supreme Court announced that next term it will examine the constitutionality of FCC efforts to regulate “indecent” speech on broadcast TV and radio. Here’s hoping the Supreme Court takes the sensible step of undoing the unjust regulatory mess they created with Pacifica 33 years ago. Speech is speech is speech. Lawmakers should not be regulating it differently just because it’s on TV or radio instead of cable TV, satellite radio or TV, physical media, or the Internet.

Of course, there will always be those who respond by arguing that speech regulation is important because “it’s for the children.” But raising children, and determining what they watch or listen to, is a quintessential parental responsibility. Personally, I think the most important thing I can do for my children is to preserve our nation’s free speech heritage and fight for their rights to enjoy the full benefits of the First Amendment when they become adults. Until then, I will focus on raising my children as best I can.  And if because of the existence of the First Amendment they see or hear things I find troubling, offensive or rude, then I will sit down with them and talk to them in the most open, understanding and loving fashion I can about the realities of the world around them.  But I don’t want anyone else doing that job for me.

Meanwhile, I leave you with The Man himself, George Carlin, the greatest linguistic comic who ever did walk this Earth. I miss George.

Every Tuesday, Washington, DC’s local NPR station (88.5 WAMU) carries a “Tech Tuesdays” program as a regular part of The Kojo Nnamdi Show.  This week’s show, which was guest hosted by Marc Fisher of the Washington Post, was on “Regulating the World Wide Web: A View from Abroad.” It was a wide-ranging and very interesting discussion about the future of Internet governance and regulation, featuring:

• Evgeny Morozov: Yahoo! Fellow at the Institute for the Study of Diplomacy at Georgetown University; Fellow, Open Society Institute; and author “Net Effect” blog on ForeignPolicy.com
• John Morris: General Counsel, Director of the Internet Standards, Technology and Policy Project, Center for Democracy and Technology
• Olivier Tesquet: Reporter, Slate.fr (France)

Listen here. It’s worth your time.

Today’s Online Safety Technical Working Group (OSTWG) meeting included some heated debate about whether online intermediaries should be doing more to assist law enforcement to help track down child predators and those producing and distributing child pornography. (It’s not clear whether or when NTIA will actually put the archived video or a transcript online at this point).

Most interesting was the third panel of the day (agenda), which devolved into a shouting match as Dr. Frank Kardasz (resume) of the Arizona Internet Crimes Against Children (ICAC) Task Force basically accused Internet intermediaries of being willing accomplices in crimes of sexual abuse against children—and suggested that they could be charged as co-defendants in child porn prosecutions. A few industry folks in the room expressed their outrage at such slander. A retired law enforcement officer perhaps put it best when he said that he had never dealt with an ISP that didn’t sincerely want to help law enforcement stop this monstrous crime.

Apart from those pyrotechnics, and a superb morning presentation by the Pew Internet Project’s Amanda Lenhart about “Social Media & Young Adults,” the most interesting part of the day concerned data retention mandates. Even as a debate rages in Washington about how much collection and use of online data should be permitted, Dr. Kardasz suggested online service providers should be required to hold user data for 5 years. A number of attendees noted the staggering costs of such a mandate given the sheer volume of information shared every day by use, especially for startups for whom building monitoring and compliance infrastructure can be a significant barrier to entry. Of course, practical objections are always answered with practical counter-solutions—in this case, several attendees asked why we couldn’t just provide tax incentives or stimulus money to defray such costs. One attendee joked that we’d have to devote the entire state of Montana just to house all the necessary server farms.

But the strongest objection came from John Morris of the Center for Democracy & Technology, who rightly noted that no amount of government subsidies for data retention could prevent leakage of sensitive private data. For this reason and because of the basic civil liberties at stake whenever the government has access to large pools of data about its citizens, Morris argued that we need to strike a balance between how we protect children & the values of free society. Dave McClure of the US Internet Industry Association (USIIA) seconded this point powerfully: If such vast data is retained, it will be abused.

Then the riposte from advocates of data retention mandates: Aren’t online intermediaries already retaining huge amounts of consumer information? If they can do that, why can’t they retain the data we need to track down child predators and child porn distributors?

John Morris and the ACLU’s Chris Calabrese patiently explained just how different these two kinds of data retention really are. Advertisers don’t care who you are—just what you’re likely to be interested in. So it simply isn’t worth the cost for them to retain the massive logs of data tracking every site a user has been to and when, or even tying that information to an IP address. All the advertiser wants is to be able to correlate information about likely interests with a cookie that uniquely identifies a computer (which likely, but not necessarily, corresponds to a user). I couldn’t have explained this difference better myself!

They didn’t specifically get into this example, but even a company like Phorm, which offers behavioral advertising based on inspecting packets sent back and forth by an Internet user doesn’t actually retain the kind of “digital dossier” of a user’s browsing activity that some advocates of increased data regulation fear–or that law enforcement wants. Instead, Phorm examines certain kinds of pages visited by users (e.g., no HTTPS or email) and looks for keywords (excluding sensitive things like phone numbers, social security numbers and credit card numbers) that suggest the user might be interested in a particular marketing category. The data about where the user has visited is then discarded, leaving only the marketing categories matched to that user’s unique ID (e.g., dog-owner, fly-fisher).

So even when it comes to the much-feared “Deep Packet Inspection,”what advertisers want is profoundly different from the kind of data retention mandates proposed by Kardasz and others in law enforcement. Moreover, given the costs entailed in data storage and processing, the mere fact that something is theoretically possible doesn’t mean advertisers are willing to pay for it just to try to tell you about their product! That critical point has been missing from most of the ongoing conversation about regulating “targeted” advertising, which tend to focus on the theoretical possibility of a particular data collection/use/aggregation practice rather than whether it’s actually being done or even whether it would make economic sense to do so. So I’m glad to see John Morris and Chris Calabrese making these vital points.

I don’t mean to pull a “gotcha!” on them as representatives of two organizations that have also been outspoken in calling for restrictions on the private use of data (especially since I can’t do justice them by quoting them precisely here without a transcript of the event or the ability to go back and listen to this fascinating exchange again). I’m sure they would respond that the potential for abuse still exists when private companies collect data about users for advertising purposes: Some companies might collect so much data that it could be tied back to a particular user and cause actual harm if released, which is always a possibility. That would be a fair response, but it would at least place us in a constructive debate between reasonable people about the costs and benefits of data sharing and whether government regulation is really the best way to address privacy concerns.

The important point is that they recognize the difference in kind between the collection of limited amounts of data for advertising purposes and the kind of comprehensive data mandates proposed by Kardasz and others. If nothing else, that difference means that one can take a principled stance—as I do—against data retention mandates as a governmental invasion of our privacy but also in favor of reliance on user empowerment, education, targeted enforcement of existing laws, etc. as less restrictive alternatives to government regulation of private data use, just as with parental control and empowerment over parentalist censorship.  As Adam Thierer and I have argued, because there are significant costs to regulation for consumers, free speech and culture, any government mandates should be narrowly tailored to addressing real, demonstrable harms rather than vague, unsubstantiated fears or amorphous concepts like “dignity interests.”

The other critical part of our “layered approach” to privacy concerns is building a higher “Wall of Separation Between Web and State.” Concretely, that means opposing such onerous data retention mandates and reforming ECPA—a subject mentioned only at the end of today’s meeting. In the comments I filed recently on the Notice written by CDT for the FCC, I praised CDT’s work in this area and look forward to working with them (and the ACLU and groups like EFF) on that cause in the future, despite our differences on private data use regulation.

Today, the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) announced the members of the new Online Safety and Technology Working Group (OSTWG).  I am honored to be among those chosen to participate in this new task force and I look forward to continuing the work started last year with the Harvard Berkman Center’s Internet Safety Technical Task Force (ISTTF), which I also served on.   I was very proud of the work done by the ISTTF and the impressive final report that Prof. John Palfrey crafted to reflect our findings.  I am eager to investigate these issues further and take a look at the latest research and technologies that can help us better understand how to protect our kids online while also protecting the free speech and privacy rights of Netizens.

The new NTIA working group, which was established under the “Protecting Children in the 21st Century Act,” will report to the Assistant Secretary of Commerce for Communications and Information on industry-implemented online child safety tools and efforts. Within a year of convening its first meeting, the group will submit a report of its findings and make recommendations on how to increase online safety measures.

Below the fold I have listed the complete roster of OSTWG task force members.  I very much looking forward to working with this outstanding group.  And I’m happy to report that my TLF blogging colleague Braden Cox will be joining me on this task force!

Ms. Parry Aftab, WiredSafety Ms. Elizabeth Banker, Yahoo! Inc. Mr. Christopher Bubb, AOL Ms. Anne Collier, Net Family News, Inc./ConnectSafely.org Mr. Braden Cox, NetChoice Coalition Ms. Caroline Curtin, Microsoft Mr. Brian Cute, Afilias U.S.A. Mr. Jeremy Geigle, Arizona Family Council Ms. Marsali Hancock, Internet Keep Safe Coalition Mr. Michael Kaiser, National Cyber Security Alliance Mr. Christopher Kelly, Facebook Mr. Brian Knapp, Loopt, Inc. Mr. Timothy Lordan, Internet Education Foundation Mr. Larry Magid, SafeKids.com/ConnectSafely.org Mr. Brian Markwalter, Consumer Electronics Association Mr. Michael McKeehan, Verizon Communications, Inc. Dr. Samuel McQuade, III, Rochester Institute of Technology Ms. Orit Michiel, Motion Picture Association of America, Inc. Mr. John Morris, Center for Democracy & Technology Mr. Jonathon Nevett, Network Solutions, LLC Mr. Hemanshu Nigam, MySpace/Fox Interactive Media Ms. Jill Nissen, Ning, Inc. Mr. Jay Opperman, Comcast Corporation Mr. Kevin Rupy, United States Telecom Association Mr. John Shehan, National Center for Missing & Exploited Children Mr. K. Dane Snowden, CTIA – the Wireless Association Mr. Adam Thierer, Progress & Freedom Foundation Ms. Patricia Vance, Entertainment Software Rating Board Mr. Ralph Yarro, The CP80 Foundation

• denotes co-chairs of the task force

Over at CDT’s “Policy Beta” blog, my friends John Morris and Sophia Cope have penned two important essays about online free speech issues that are worthy of your attention. In the first, Sophia argues that the “Next President Must Preserve Free Speech on the Internet.” She argues:

It will be critical for the next President to do his part to uphold the Internet’s robust culture of free speech and innovation as we march further into the 21st Century. In stark contrast to the mass media of the last century, the Internet has provided, at very low cost, virtually unlimited forums for both creators and consumers of new content and technologies. This in turn has created a huge boost for participatory democracy and our economy. The next Administration must reject Congressional or agency efforts to censor content or stifle the fire of innovation on the Internet and other communications media.

Amen! Importantly, Sophia points to the essential role of Section 230 of the Telecommunications Act of 1996, which protects online service providers from crushing legal liability in a variety of circumstances. Sec. 230 is probably the most important — and most often forgotten — law dealing with online freedom. Unfortunately, however, it’s increasingly under attack and we need to be vigilant in defending it. (I’m working on a big paper about that right now with my PFF colleagues Berin Szoka and Adam Marcus).

In the second essay on the CDT blog today, John Morris notes how Congress has been passing a “flurry” of last-minute child safety bills. He points out:

While the public’s attention was focused on the drama unfolding around the economic bailout, it was actually a busy time for other bills to get pushed – sometimes under the cover of the bailout darkness. Just before recess, Congress considered parts of four “child safety” bills, acted on three, and sent two to the White House. While not all the provisions in these bills raise red flags, some language gives free expression advocates plenty to worry about.

One of the measures he discusses, S. 602, the “Child Safe Viewing Act of 2007,” was the subject of an essay I penned here a few days ago.

Anyway, make sure to read these excellent essays by Sophia and John.

Along with my friends John Morris and Sophia Cope of the Center for Democracy & Technology, I have just submitted an amicus brief to the Supreme Court in the potentially historic free speech case FCC v. Fox, which will be heard in November.

[Reminder: The FCC v. Fox case is the indecency case involving the FCC’s new policy for “fleeting expletives.” I wrote about the Second Circuit Court of Appeals decision here. The full decision is here. By contrast, the so-called “Janet Jackson case” — CBS v. FCC — took place in the Third Circuit Court of Appeals and that court recently handed down a decision that also went against the FCC. I wrote about the Third Circuit’s decision here.]

The FCC v. Fox case could become the most important First Amendment-related Supreme Court case since FCC v. Pacifica Foundation, which just turned 30 years old last month. Of course, it could be that the Supreme Court simply sticks to the procedural questions regarding whether the FCC moved too far, too fast in reversing it’s long-standing policy of restraint regarding “fleeting expletives.” That’s essentially what the Second Circuit did. On the other hand, the Supremes might reach the substantive First Amendment issues tied up in the Pacifica case. We just won’t know for sure until the case is handed down.

Regardless, in the joint CDT-PFF amicus brief filed today, we argue that the FCC has both gone too far procedurally and that “the time is rapidly approaching for this Court to find that broadcast, like the Internet and other means of mass communication, ‘is entitled to the highest protection from government intrusion’ and that there is no longer a factual ‘basis for qualifying the level of First Amendment scrutiny that should be applied to this medium.'” Citing Reno v. ACLU, 521 U.S. at 863, 870.”

A more detailed summary of our argument follows below. Our brief contends that the “pervasiveness rationale,” which is the basis of the FCC’s authority to regulate broadcast programming, is being challenged by technological convergence, the proliferation of new media platforms, and the widespread availability of parental control technologies. Video content available over broadcast television is available over a variety of other platforms, such as the Internet and mobile devices, and an increasing number of households subscribe to satellite or cable video services. “With broadcast television being just one of the myriad of ways that people can access lawful content (including indecent content), it no longer makes sense from a constitutional or policy perspective to give broadcast speech less First Amendment protection,” we argue.

Parental controls, such as the V-Chip and set-top box controls, allow parents to block content they deem offensive or inappropriate. Better yet, the rise of VCRs, DVD recorders, video on demand, and digital video recorders means that parents can tailor media consumption to their specific needs and values. Those tools are widely available and provide a less restrictive alternative to government regulation. As a result, the FCC can no longer justify broadcast television content censorship on “pervasiveness” grounds. [I have written much more about that point here, here and here.]

Our joint brief also states that complaint data the FCC cites as justification for the expansion of indecency enforcement, has been inflated through accounting changes. These changes in the way the complaints are counted, which were only instituted for indecency complaints, are in violation of the APA. These complaints, mostly generated by a single advocacy group, cannot be a substitute for an analysis of “community standards” and essentially represent a “heckler’s veto” that violates the First Amendment rights of other viewers.

The brief also cites the Commission’s inconsistent analysis of what it deems “indecent” as a violation of both the First Amendment rights of broadcasters and the APA. The inconsistency in what the FCC finds as indecent has a chilling effect on the free expression of content providers and provides inadequate guidance to broadcasters, which is required under FCC statutes.

The CDT-PFF brief can be found online here and I have also embedded the document below via the Scribd reader. [And those interested in this case might also be interested my recent law review article: “Why Regulate Broadcasting: Toward a Consistent First Amendment Standard for the Information Age.”]

Incidentally, other briefs that have been filed in the matter can be found here. And, last month, I wrote about how personally troubled I was about the lack of support from liberals who have already filed in this case. See: “Liberals Abandoning the First Amendment, Part 3: The Fox Case.”

This week I was pleased to join a diverse collection of think tanks and public interest groups in submitting joint comments to the FCC opposing the proposed content filtering mandate that would be part of a future AWS-3 auction. That’s the proposed auction that would create a “free” nationwide wireless broadband service. As part of the deal, the company would need to need to take steps to provide a “clean” Internet connection by filtering content. This joint filing points out why that is a bad idea:

• the reach of the filtering mandate is extraordinarily broad, and would attempt to censor content far beyond any content regulation regime that has been previously upheld in the face of constitutional challenge.
• even if the scope of the filtering mandate were more narrowly focused, it would conflict with the First Amendment analysis that the Supreme Court applied to Internet access in the seminal Reno v. ACLU decision.
• even if the Commission were to require filtering on an “opt out” or “opt in” basis, the Constitutional problems would not be avoided. Opt-out filtering would impose an unconstitutional burden on listeners and recipients of Internet communications, and both opt-out and opt-in filtering would violate the First Amendment rights of speakers and other content providers on the Internet. Simply put, the First Amendment does not allow a government mandated “blacklist” of websites to be blocked.
• would also violate the terms and intent of two federal statutes – 47 U.S.C. § 326 (which prohibits the Commission from “interfer[ing] with the right of free speech”) and 47 U.S.C. § 230 (which promotes user control over content and limits burdens on service providers).
• would also limit what people could do online using the free AWS-3 service so dramatically that the usefulness of the service would be radically reduced.
• would also certainly lead to legal challenges that would delay the implementation of the proposed access service. The reason I believe this fight is so important is because, ultimately, it represents an effort by the FCC to begin treating wireless broadband more like broadcast spectrum. That is, regulators want to create the classic regulatory quid pro quo: We’ll rig the wireless allocation process to make it easy for you to get spectrum, and you’ll be a good little boy and clean up the Net for us! This is the game the FCC has been playing for 70 years in the broadcast television and radio licensing space. And not they want to extend that nonsense to wireless broadband. As Commander Jean-Luc Picard would say: “The line must be drawn here!” We don’t want the Internet regulated like broadcasting.

Many thanks to John Morris of CDT for coordinating this filing and asking me to sign on. The comments can be found on the CDT website, and I have also embedded them down below as a Scribd file. Also, Leslie Harris of CDT has a short editorial about the issue over at ABC News.com.