This weekend, The Wall Street Journal ran my short letter to the editor entitled, “We Can Protect Children and Keep the Internet Free.” My letter was a response to columnist Peggy Noonan’s April 9 oped, “Can Anyone Tame Big Tech?” in which she proposed banning everyone under 18 from all social-media sites. She specifically singled out TikTok, Youtube, and Instagram and argued “You’re not allowed to drink at 14 or drive at 12; you can’t vote at 15. Isn’t there a public interest here?”

I briefly explained why Noonan’s proposal is neither practical nor sensible, noting how it:

would turn every kid into an instant criminal for seeking access to information and culture on the dominant medium of their generation. I wonder how she would have felt about adults proposing to ban all kids from listening to TV or radio during her youth. Let’s work to empower parents to help them guide their children’s digital experiences. Better online-safety and media-literacy efforts can prepare kids for a hyperconnected future. We can find workable solutions that wouldn’t usher in unprecedented government control of speech.

Let me elaborate just a bit because this was the focus of much of my writing a decade ago, including my book, Parental Controls & Online Child Protection: A Survey of Tools & Methods, which spanned several editions. Online child safety is a matter I take seriously and the concerns that Noonan raised in her oped have been heard repeatedly since the earliest days of the Internet. Regulatory efforts were immediately tried. They focused on restricting underage access to objectionable online content (as well as video games), but were immediately challenged and struck down as unconstitutionally overbroad restrictions on free speech and a violation of the First Amendment of the U.S. Constitution.

But practically speaking, most of these efforts were never going to work anyway. There was almost no way to bottle up all the content flowing in the modern information ecosystem without highly repressive regulation, and it was going to be nearly impossible to keep kids off the Internet altogether when it was the dominant communications and entertainment medium of their generation. The first instinct of every moral panic wave–from the waltz to comic books to rock or rap music to video games–has often been to take the easy way out by proposing sweeping bans on all access by kids to the content or platforms of their generation. It never works.

Nor should it. There is a huge amount of entirely beneficial speech, content, and communications that kids would be denied by such sweeping bans. That would make such ban highly counter-productive. But, again, usually such efforts just were not practically enforceable because kids are often better at the cat-and-mouse game than adults give them credit for. Moreover, imposing age limitations of speech or content are far more difficult than age-related bans on specific tangible products, like tobacco or other dangerous physical products.

Acknowledging these realities, most sensible people quickly move on from extreme proposals like flat bans of all kids using the popular media platforms and systems of the day. Over the past half century in the U.S., this has led to a flowering of more decentralized governance approach to kids and media that I have referred to as the “3E approach.” That stands for empowerment (of parents), education (of youth), and enforcement (of existing laws). The 3E approach includes a variety of mechanisms and approaches, including: self-regulatory codes, private content rating systems, a wide variety of different parental control technologies, and much more.

Over the past two decades, many multistakeholder initiatives and blue-ribbon commissions were created to address online safety issues in a holistic fashion. I summarized their conclusions in my 2009 report, “Five Online Safety Task Forces Agree: Education, Empowerment & Self-Regulation Are the Answer.” The crucial takeaway from all these task forces and commissions is that no silver-bullet solutions exist to hard problems. Child safety demands a vigilant but adaptive approach, rooted in a variety of best practices, educational approaches, and technological empowerment solutions to address various safety concerns. Digital literacy is particularly crucial to building wiser, more resilient kids and adults, who can work together to find constructive approaches to hard problems.

Importantly, our task here is never done. This is an ongoing and evolving process. Issues like underage access to pornography or violent content have been with us for a very long time and will never be completely “solved.” We must constantly work to improve existing online safety mechanisms while also devising new solutions for our rapidly evolving information ecosystem. Nothing should be off the table except the one solution that Noonan suggested in her essay. Just proposing outright bans on kids on social media or any other new media platform (VR will be next) is an unworkable and illogical response that we should dismiss fairly quickly. No matter how well-intentioned such proposals may be, moral panic-induced prohibitions on kids and media ultimately are not going to help them learn to live better, safer, and more enriching lives in the new media ecosystems of today or the future. We can do better.

I have been covering telecom and Internet policy for almost 30 years now. During much of that time – which included a nine year stint at the Heritage Foundation — I have interacted with conservatives on various policy issues and often worked very closely with them to advance certain reforms.

If I divided my time in Tech Policy Land into two big chunks of time, I’d say the biggest tech-related policy issue for conservatives during the first 15 years I was in the business (roughly 1990 – 2005) was preventing the resurrection of the so-called Fairness Doctrine. And the biggest issue during the second 15-year period (roughly 2005 – present) was stopping the imposition of “Net neutrality” mandates on the Internet. In both cases, conservatives vociferously blasted the notion that unelected government bureaucrats should sit in judgment of what constituted “fairness” in media or “neutrality” online.

Many conservatives are suddenly changing their tune, however. President Trump and Sen. Ted Cruz, for example, have been increasingly critical of both traditional media and new tech companies in various public statements and suggested an openness to increased regulation. The President has gone after old and new media outlets alike, while Sen. Cruz (along with others like Sen. Lindsay Graham) has suggested during congressional hearings that increased oversight of social media platforms is needed, including potential antitrust action.

Meanwhile, during his short time in office, Sen. Josh Hawley (R-Mo.) has become one of the most vocal Internet critics on the Right. In a shockingly-worded USA Today editorial in late May, Hawley said, “social media wastes our time and resources” and is “a field of little productive value” that have only “given us an addiction economy.” He even referred to these sites as “parasites” and blamed them for a long list of social problems, leading him to suggest that, “we’d be better off if Facebook disappeared” along with various other sites and services.

Hawley’s moral panic over social media has now bubbled over into a regulatory crusade that would unleash federal bureaucrats on the Internet in an attempt to dictate “fair” speech on the Internet. He has introduced an astonishing piece of legislation aimed at undoing the liability protections that Internet providers rely upon to provide open platforms for speech and commerce. If Hawley’s absurdly misnamed new “Ending Support for Internet Censorship Act” is implemented, it would essentially combine the core elements of the Fairness Doctrine and Net Neutrality to create a massive new regulatory regime for the Internet.

The bill would gut the immunities Internet companies enjoy under 47 USC 230 (“Section 230”) of the Communications Decency Act. Eric Goldman of the Santa Clara University School of Law has described Section 230 as the “best Internet law” and “a big part of the reason why the Internet has been such a massive success.” Indeed, as I pointed out in a Forbes column on the occasion of its 15^th anniversary, Section 230 is “the foundation of our Internet freedoms” because it gives online intermediaries generous leeway to determine what content and commerce travels over their systems without the fear that they will be overwhelmed by lawsuits if other parties object to some of that content.

The Hawley bill would overturn this important legal framework for Internet freedom and instead replace it with a new “permissioned” approach. In true “Mother-May-I” style, Internet companies would need to apply for an “immunity certification” from the FTC, which would undertake investigations to determine if the petitioning platform satisfied a “requirement of politically unbiased content moderation.”

The vague language of the measure is an open invitation to massive political abuse. The entirety of the bill hinges upon the ability of Federal Trade Commission officials to define and enforce “political neutrality” online. Let’s consider what this will mean in practice.

Under the bill, the FTC must evaluate whether platforms have engaged in “politically biased moderation,” which is defined as moderation practices that are supposedly, “designed to negatively affect” or “disproportionately restricts or promote access to … a political party, political candidate, or political viewpoint.” As Blake Reid of the University of Colorado Law School rightly asks, “How, exactly, is the FTC supposed to figure out what the baseline is for ‘disproportionately restricting or promoting’? How much access or availability to information about political parties, candidates, or viewpoints is enough, or not enough, or too much?”

There is no Goldilocks formula for getting things just right when it comes to content moderation. It’s a trial-and-error process that is nightmarishly difficult because of the endless eye-of-the-beholder problems associated with constructing acceptable use policies for large speech platforms. We struggled with the same issues in the broadcast and cable era, but they have been magnified a million-fold in the era of the global Internet with the endless tsunami of new content that hits our screens and devices every day. “Do we want less moderation?” asks Sec, 230 guru Jeff Kosseff. “I think we need to look at that question hard.  Because we’re seeing two competing criticisms of Section 230,” he notes. “Some argue that there is too much moderation, others argue that there is not enough.”

The Hawley bill seems to imagine that a handful of FTC officials will magically be able to strike the right balance through regulatory investigations. That’s a pipe dream, of course, but let’s imagine for a moment that regulators could somehow sort through all the content on message boards, tweets, video clips, live streams, gaming sites, and whatever else, and then somehow figure out what constituted a violation of “political neutrality” in any given context. That would actually be a horrible result because let’s be perfectly clear about what that would really be: It would be a censorship board. By empowering unelected bureaucrats to make decisions about what constitutes “neutral” or “fair” speech, the Hawley measure would, as Elizabeth Nolan Brown of Reason summarizes, “put Washington in charge of Internet speech.” Or, as Sen. Ron Wyden argues more bluntly, the bill “will turn the federal government into Speech Police.” “Perhaps a more accurate title for this bill would be ‘Creating Internet Censorship Act,'” Eric Goldman is forced to conclude.

The measure is creating other strange bedfellows. You won’t see Berin Szoka of TechFreedom and Harold Feld of Public Knowledge ever agreeing on much, but they both quickly and correctly labelled Hawley’s bill a “Fairness Doctrine for the Internet.” That is quite right, and much like the old Fairness Doctrine, Hawley’s new Internet speech control regime would be open to endless political shenanigans as parties, policymakers, companies, and the various complainants line up to have their various political beefs heard and acted upon. “That’s the kind of thing Republicans said was unconstitutional (and subject to FCC agency capture and political manipulation) for decades,” says Daphne Keller of the Stanford Center for Internet & Society. Moreover, during the Net Neutrality holy wars, GOP conservatives endlessly blasted the notion that bureaucrats should be determining what constitute “neutrality” online because it, too, would result in abuses of the regulatory process. Yet, Sen. Hawley’s bill would now mandate that exact same thing.

What is even worse is that, as law professor Josh Blackman observes, “the bill also makes it exceedingly difficult to obtain a certification” because applicants need a supermajority of 4 of the 5 FTC Commissioners. This is public choice fiasco waiting to happen. Anyone who has studied the long, sordid history of broadcast radio and television licensing understands the danger associated with politicizing certification processes. The lawyers and lobbyists in the DC “swamp” will benefit from all the petitioning and paperwork, but it is not clear how creating a regulatory certification regime for Internet speech really benefits the general public (or even conservatives, for that matter).

Former FTC Commissioner Josh Wright identifies another obvious problem with the Hawley Bill: it “offers the choice of death by bureaucratic board or the plaintiffs’ bar.” That’s because by weakening Sec. 230’s protections, Hawley’s bill could open the floodgates to waves of frivolous legal claims in the courts if companies can’t get (or lose) certification. The irony of that result, of course, is that this bill could become a massive gift to the tort bar that Republicans love to hate!

Of course, if the law ever gets to court, it might be ruled unconstitutional. “The terms ‘politically biased’ and ‘moderation’ would have vagueness and overbreadth problems, as they can chill protected speech,” Josh Blackman argues. So it could, perhaps, be thrown out like earlier online censorship efforts. But a lot of harm could be done—both to online speech and competition—in the years leading up to a final determination about the law’s constitutionality by higher courts.

What is most outrageous about all this is that the core rationale behind Hawley’s effort—the idea that conservatives are somehow uniquely disadvantaged by large social media platforms—is utterly preposterous. In May, the Trump Administration launched a “tech bias” portal which “asked Americans to share their stories of suspected political bias.” The portal is already closed and it is unclear what, if anything, will come out of this effort. But this move and Hawley’s proposal point to the broader trend of conservatives getting more comfortable asking Big Government to redress imaginary grievances about supposed “bias” or “exclusion.”

In reality, today’s social media tools and platforms have been the greatest thing that ever happened to conservatives. Mr. Trump owes his presidency to his unparalleled ability to directly reach his audience through Twitter and other platforms. As recently as June 12, President Trump tweeted, “The Fake News has never been more dishonest than it is today. Thank goodness we can fight back on Social Media.” Well, there you have it!

Beyond the President, one need only peruse any social media site for a few minutes to find an endless stream of conservative perspectives on display. This isn’t exclusion; it’s amplification on steroids. Conservatives have more soapboxes to stand on and preach than ever before in the history of this nation.

Finally, if they were true to their philosophical priors, then conservatives also would not be insisting that they have any sort of “right” to be on any platform. These are private platforms, after all, and it is outrageous to suggest that conservatives (or any other person or group) are entitled to have a spot on any other them.

Some conservatives are fond of ridiculing liberals for being “snowflakes” when it comes to other free speech matters, such as free speech on college campuses. Many times they are right. But one has to ask who the real snowflakes are when conservative lawmakers are calling on regulatory bureaucracies to reorder speech on private platform based on the mythical fear of not getting “fair” treatment. One also cannot help but wonder if those conservatives have thought through how this new Internet regulatory regime will play out once a more liberal administration takes back the reins of power. Conservatives will only have themselves to blame when the Speech Police come for them.

Addendum: Several folks have pointed out another irony associated with Hawley’s bill is that it would greatly expand the powers of the administrative state, which conservatives already (correctly) feel has too much broad, unaccountable power. I should have said more on that point, but here’s a nice comment from David French of National Review, which alludes to that problem and then ties it back to my closing argument above: i.e., that this proposal will come back to haunt conservatives in the long-run:

when coercion locks in — especially when that coercion is tied to constitutionally suspect broad and vague policies that delegate immense powers to the federal government — conservatives should sound the alarm. One of the best ways to evaluate the merits of legislation is to ask yourself whether the bill would still seem wise if the power you give the government were to end up in the hands of your political opponents. Is Hawley striking a blow for freedom if he ends up handing oversight of Facebook’s political content to Bernie Sanders? I think not.

Additional thoughts on the Hawley bill:

Josh Wright

Daphne Keller

Blake Reid

TechFreedom

Josh Blackman

Sen. Ron Wyden

Jeff Kosseff

Eric Goldman

CCIA

NetChoice

Internet Association

David French at National Review

John Samples

[originally published on Plaintext on June 21, 2017.]

This summer, we celebrate the 20th anniversary of two developments that gave us the modern Internet as we know it. One was a court case that guaranteed online speech would flow freely, without government prior restraints or censorship threats. The other was an official White House framework for digital markets that ensured the free movement of goods and services online.

The result of these two vital policy decisions was an unprecedented explosion of speech freedoms and commercial opportunities that we continue to enjoy the benefits of twenty years later.

While it is easy to take all this for granted today, it is worth remembering that, in the long arc of human history, no technology or medium has more rapidly expanded the range of human liberties — both speech and commercial liberties — than the Internet and digital technologies. But things could have turned out much differently if not for the crucially important policy choices the United States made for the Internet two decades ago.

First, on June 26, 1997, the Supreme Court handed down its landmark decision in Reno v. ACLU, which struck down the Communications Decency Act’s provisions seeking to regulate online content under the old broadcast media standard. The Court concluded that there was “no basis for qualifying the level of First Amendment scrutiny that should be applied to this medium” and rejected the congressional effort to pigeonhole this exciting new medium into the archaic censorship regimes of the past.

The Reno decision was tremendously important in protecting online speakers from the chilling effect of government “indecency” regulations. The decision also set a strong legal precedent and was cited in countless subsequent decisions involving not only online speech, but also efforts to regulate video game content.

Second, in July 1997, the Clinton Administration released The Framework for Global Electronic Commerce, a document that outlined the US government’s new policy approach toward the Internet and the emerging digital economy. The Framework was a bold vision statement that endorsed comprehensive online freedom of exchange, saying that “the private sector should lead [and] the Internet should develop as a market driven arena not a regulated industry.” The Administration rejected a restrictive regulatory regime for commercial activities and instead recommended reliance on civil society, contractual negotiations, voluntary agreements, and industry self-regulation.

To “avoid undue restrictions on electronic commerce,” the vision statement recommended that “parties should be able to enter into legitimate agreements to buy and sell products and services across the Internet with minimal government involvement or intervention.” But, “[w]here governmental involvement is needed, its aim should be to support and enforce a predictable, minimalist, consistent and simple legal environment for commerce.”

Taken together, the Reno decision and the Clinton Administration’s Framework acted as a Magna Carta moment for the Internet and digital technologies. It signaled that “permissionless innovation” would become America’s governance stance toward online speech and commerce.

As I defined it in a book on the subject, permissionless innovation, “refers to the notion that experimentation with new technologies and business models should generally be permitted by default. Unless a compelling case can be made that a new invention will bring serious harm to society, innovation should be allowed to continue unabated and problems, if any develop, can be addressed later.” The primary advantage of permissionless innovation as a governance disposition is that it sends a clear green light to citizens telling them they are at liberty to pursue their own interests and passions, free from the suffocating grip of prior restraints on free speech and free exchange.

But the Reno decision and the Clinton Administration’s Framework are not the only critical policy decisions that helped enshrine permissionless innovation as the lodestar of online policy in the US. In the mid-1990s, the Clinton Administration made the decision to allow open commercialization of the Internet, which was previously just the domain of government agencies and university researchers. Even more crucially, when Congress passed and President Bill Clinton signed into law the Telecommunications Act of 1996, lawmakers made it clear that traditional analog-era communications and media regulatory regimes would generally not be applied to the Internet.

The Telecom Act also included an obscure provision known as “Section 230,” which immunized online intermediaries from onerous liability for the content and communications that traveled over their networks. Section 230 was hugely important in that it let online speech and commerce flourish without the constant threat of frivolous lawsuits looming overhead. Internet scholar David Post has argued that “it is impossible to imagine what the Internet ecosystem would look like today without [Section 230]. Virtually every successful online venture that emerged after 1996 — including all the usual suspects, viz. Google, Facebook, Tumblr, Twitter, Reddit, Craigslist, YouTube, Instagram, eBay, Amazon — relies in large part (or entirely) on content provided by their users, who number in the hundreds of millions, or billions,” he notes. It is unlikely that the vibrant marketplace of online speech and commerce we enjoy today could have existed without the protections afforded by Section 230.

Finally, in 1998, another important legislative development occurred when Congress passed the Internet Tax Freedom Act, which blocked all levels of government in the US from imposing discriminatory taxes on the Internet. That made it clear that the Net would not be milked as a “cash cow” the way previous communications systems had been.

So, let’s recap how policymakers generally got policy right for the Internet in the mid-1990s by enshrining permissionless innovation as the law of the land:

• The Executive Branch set the tone for online freedom by fully privatizing the underlying network and then establishing a governance vision based upon minimal government interference with online speech and exchange.
• The Legislative Branch generally endorsed the Clinton Administration’s vision for the Internet and digital technologies by ensuring that new policies would not be based upon the failed regulatory and tax policies of the past.
• The Judicial Branch upheld the centrality of the First Amendment in the Information Age and made it clear that this new medium for speech would be granted the strongest protection against government encroachments on freedom of speech and expression.

The combined effect of these wise, bipartisan policy decisions was that the Net and digital tech were “born free” instead of being born into regulatory captivity. We continue to enjoy the fruits of these freedoms today as citizens here in the US and across the world take advantage of the unprecedented ability to connect and communicate to pursue their passions and interests as they see fit.

There’s still more work to be done, however. Online platforms and digital technologies continue to come under attack from regulatory activists both here and abroad. Many governments continue to push back against these online speech and commercial freedoms, meaning we’ll need to redouble our efforts to highlight and defend the benefits of preserving these important victories.

Finally, as the underlying drivers of the Digital Revolution continue to spread into other segments of the economy, these freedoms will come into conflict with older top-down regulatory regimes for automobiles, aviation, medical technology, finance, and much more. This will create an epic conflict of governance visions between the Internet’s permissionless innovation model versus the precautionary, command-and-control regulatory regimes of the industrial age. We already see tension at work in policy deliberations over the Internet of Things, “big data,” driverless cars, commercial drones, robotics, artificial intelligence, 3D printing, virtual reality, the sharing economy, and others.

If policymakers hope to preserve and extend the benefits of the hard-fought victories of the Internet’s past twenty years, they will need to restate and reinvigorate their commitment to permissionless innovation to help spur the next great technological revolutions in these and other fields.

I wanted to draw your attention to this important address on online platform regulation by Alex Chisholm, the head of UK’s Competition and Markets Authority. That’s the non-ministerial department in the UK responsible for competition policy issues. Chisholm delivered the address on October 27th at the Bundesnetzagentur conference in Bonn. It’s a terrific speech that other policymakers would be wise to read and mimic to ensure that antitrust and competition policy decisions don’t derail the many benefits of the Information Revolution.

“Today, as regulators, we have the responsibility but also the great historical privilege of playing an influential role in the deployment throughout the economy of the latest of these defining technological eras,” Chisholm began. “As regulators, we must try to minimise the inevitable mismatch between how we’ve done things before and the opportunities and risks of the new,” he argued.

He continued on to specify three recommendations for those crafting policy on this front:

1. “First, blanket solutions should be avoided. Instead an evidence-based assessment of potential adverse effects of specific industry features or practices should be carried out before either ex ante regulatory or ex post enforcement tools are deployed. In either case this should be closely targeted to the specific harm identified, and every care given to avoid disproportionate actions and unwelcome side-effects. In that respect, online platforms and the digital economy do not differ from any other sector: there is no need to reinvent the regulatory wheel.
2. Secondly, the significant risks associated with premature, broad-brush ex ante legislation or rule-making point towards a need to shift away from sector-specific regulation to ex post antitrust enforcement, which is better adapted to the period we’re in, with its fast-changing technology and evolving market reactions.
3. Thirdly, as regulators, policymakers, businesses and consumers, we all need to adapt our practices to harvest the benefits of the new while containing its costs and risks.”

That’s an excellent framework that can and should guide future antitrust and competition policy decisions by policymakers across the globe. But Chisholm wasn’t done. Here are some of my other favorite highlights from his address:

• On avoiding “one-size-fits-all” regulation: “[T]here is no ‘digital one size fits all’. . .  [O]penness is not necessarily always good for competition, nor are closed systems always bad.”
• On dealing with the pace of change: “Leaving aside costs of compliance, protecting consumers by virtue of ex ante regulation is inherently difficult in digital markets where consumer preferences evolve fast and in a less predictable manner.”
• On the difficulty of forecasting: “Where ex ante regulation is introduced, it therefore risks harming innovation by locking in existing standards and discouraging or preventing more disruptive innovations. The evolution of digital markets has been particularly difficult to predict.”
• On how to level the playing field: “Finally, consider deregulation. If policymakers were to seek to avoid every hypothetical consumer harm through pre-emptive ex ante regulation, they would likely prevent many best-case scenarios entailing significant consumer benefits from ever coming about. Policymakers and regulators should be open to the idea that a review of existing regulation and its suitability in the context of online platforms may in certain cases actually result in a withdrawal of such regulation – creating a reasonably level playing field by ‘levelling down’ as opposed to ‘levelling up’.”

I really appreciate those last few points, and they are very much consistent with the recommendations set forth in my recent book on  Permissionless Innovation. In the book, I argued that, “Trying to preemptively plan for every hypothetical worst-case scenario means that many best-case scenarios will never come about.”

I was pleased to see the book cited in Chisholm’s speech, as well as some work that Mercatus scholars had done on how to level the proverbial playing field within sectors undergoing rapid technological and regulatory change. Chris Koopman, Matt Mitchell, and I have argue that, while regulatory asymmetries represent a legitimate policy problem,

the solution is not to punish new innovations by simply rolling old regulatory regimes onto new technologies and sectors. The better alternative is to level the playing field by “deregulating down” to put everyone on equal footing, not by “regulating up” to achieve parity. Policymakers should relax old rules on incumbents as new entrants and new technologies challenge the status quo. By extension, new entrants should only face minimal regulatory requirements as more onerous and unnecessary restrictions on incumbents are relaxed.

Anyway, make sure to read Alex Chisholm’s entire speech. It’s very much worth your time. Incidentally, I think his vision is very much consistent with that of  Maureen K. Ohlhausen, a Commissioner with the Federal Trade Commission (FTC). I have written extensively here and elsewhere about Commissioner Ohlhausen’s laudable vision for wise tech policy-making, most recently in this essay.

On Thursday, it was my great pleasure to participate in a Washington Legal Foundation (WLF) event on “Online Privacy Regulation: The Challenge of Defining Harm.” The entire event video can be found on YouTube here, but down below I pasted the clip of just my remarks. Other speakers at the event included:  FTC Commissioner Maureen K. Ohlhausen, Commissioner; John B. Morris, Jr., the Associate Administrator and Director of Internet Policy athe U.S. Department of Commerce’s National Telecommunications and Information Administration; and Katherine Armstrong, Counsel at the law firm of Hogan Lovells. Glenn Lammi of the WLF moderated the session.

My remarks drew upon a few recent law review articles I have published relating digital privacy debates to previous debates over free speech and online child safety issues. (Here are those articles: 1, 2, 3).

The Mercatus Center at George Mason University has just released my latest working paper, “The Internet of Things and Wearable Technology: Addressing Privacy and Security Concerns without Derailing Innovation.” The “Internet of Things” (IoT) generally refers to “smart” devices that are connected to both the Internet and other devices. Wearable technologies are IoT devices that are worn somewhere on the body and which gather data about us for various purposes. These technologies promise to usher in the next wave of Internet-enabled services and data-driven innovation. Basically, the Internet will be “baked in” to almost everything that consumers own and come into contact with.

Some critics are worried about the privacy and security implications of the Internet of Things and wearable technology, however, and are proposing regulation to address these concerns. In my new 93-page article, I explain why preemptive, top-down regulation would derail the many life-enriching innovations that could come from these new IoT technologies. Building on a recent book of mine, I argue that “permissionless innovation,” which allows new technology to flourish and develop in a relatively unabated fashion, is the superior approach to the Internet of Things.

As I note in the paper and my earlier book, if we spend all our time living in fear of the worst-case scenarios — and basing public policies on them — then best-case scenarios can never come about. As the old saying goes: nothing ventured, nothing gained. Precautionary principle-based regulation paralyzes progress and must be avoided.  We instead need to find constructive, “bottom-up” solutions to the privacy and security risks accompanying these new IoT technologies instead of top-down controls that would limit the development of life-enriching IoT innovations.

The better alternative is to deal with concerns creatively as they develop, using a balanced, layered approach  involving many different solutions, including: educational efforts, technological empowerment tools, social norms, public and watchdog pressure, industry best practices and self-regulation, transparency, torts and products liability law, and targeted enforcement of existing legal standards as needed.

Generally speaking, patience, humility, and forbearance by policymakers is crucial to allowing greater innovation and consumer choice in this arena. Importantly, policymakers should not forget that societal and individual adaptation will play a role here, just as it has during so many other turbulent technological transformations.

This article can be downloaded on my Mercatus Center page, on SSRN, or at Research Gate. I am hoping to find a law or policy journal interested in publishing this paper soon. If you with a journal and are interested, please contact me. [UPDATE 12/3/14: This paper has been accepted for publication in the Richmond Journal of Law & Technology, Vol. 21, Issue 6 (2015).]

Finally, if you are interested in this topic, you might want to flip through these slides I prepared for a presentation on this topic that I made at the Federal Communications Commission in September:

On Thursday, it was my great pleasure to present a draft of my forthcoming paper, “The Internet of Things & Wearable Technology: Addressing Privacy & Security Concerns without Derailing Innovation,” at a conference that took place at the Federal Communications Commission on “Regulating the Evolving Broadband Ecosystem.” The 3-day event was co-sponsored by the American Enterprise Institute and the University of Nebraska College of Law.

The 65-page working paper I presented is still going through final peer review and copyediting, but I posted a very rough first draft on SSRN for conference participants. I expect the paper to be released as a Mercatus Center working paper in October and then I hope to find a home for it in a law review. I will post the final version once it is released. [UPDATE:The final version of this working paper was released on November 19, 2014.]

In the meantime, however, I thought I would post the 46 slides I presented at the conference, which offer an overview of the nature of the Internet of Things and wearable technology, the potential economic opportunities that exist in this space, and the various privacy and security challenges that could hold this technological revolution back. I also outlined some constructive solutions to those concerns. I plan to be very active on these issues in coming months.

Additional Reading

• “The Growing Conflict of Visions over the Internet of Things & Privacy,” January 14, 2012
• “Can We Adapt to the Internet of Things?” IAPP Privacy Perspectives, June 19, 2013
• My Filing to the FTC in its ‘Internet of Things’ Proceeding, May 31, 2013
• Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom (2014)
• [Video] Cap Hill Briefing on Emerging Tech Policy Issues (June 2014)

My latest law review article is entitled, “Privacy Law’s Precautionary Principle Problem,” and it appears in Vol. 66, No. 2 of the Maine Law Review. You can download the article on my Mercatus Center page, on the Maine Law Review website, or via SSRN. Here’s the abstract for the article:

Privacy law today faces two interrelated problems. The first is an information control problem. Like so many other fields of modern cyberlaw—intellectual property, online safety, cybersecurity, etc.—privacy law is being challenged by intractable Information Age realities. Specifically, it is easier than ever before for information to circulate freely and harder than ever to bottle it up once it is released.

This has not slowed efforts to fashion new rules aimed at bottling up those information flows. If anything, the pace of privacy-related regulatory proposals has been steadily increasing in recent years even as these information control challenges multiply.

This has led to privacy law’s second major problem: the precautionary principle problem. The precautionary principle generally holds that new innovations should be curbed or even forbidden until they are proven safe. Fashioning privacy rules based on precautionary principle reasoning necessitates prophylactic regulation that makes new forms of digital innovation guilty until proven innocent.

This puts privacy law on a collision course with the general freedom to innovate that has thus far powered the Internet revolution, and privacy law threatens to limit innovations consumers have come to expect or even raise prices for services consumers currently receive free of charge. As a result, even if new regulations are pursued or imposed, there will likely be formidable push-back not just from affected industries but also from their consumers.

In light of both these information control and precautionary principle problems, new approaches to privacy protection are necessary. We need to invert the process of how we go about protecting privacy by focusing more on practical “bottom-up” solutions—education, empowerment, public and media pressure, social norms and etiquette, industry self-regulation and best practices, and an enhanced role for privacy professionals within organizations—instead of “top-down” legalistic solutions and regulatory techno-fixes. Resources expended on top-down regulatory pursuits should instead be put into bottom-up efforts to help citizens better prepare for an uncertain future.

In this regard, policymakers can draw important lessons from the debate over how best to protect children from objectionable online content. In a sense, there is nothing new under the sun; the current debate over privacy protection has many parallels with earlier debates about how best to protect online child safety. Most notably, just as top-down regulatory constraints came to be viewed as constitutionally-suspect and economically inefficient, and also highly unlikely to even be workable in the long-run for protecting online child safety, the same will likely be true for most privacy related regulatory enactments.

This article sketches out some general lessons from those online safety debates and discusses their implications for privacy policy going forward.

Read the full article here [PDF].

Related Material:

• Book: Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom
• Law review article: “The Pursuit of Privacy in a World Where Information Control Is Failing,” Harvard Journal of Law & Public Policy, 36 (2013): 409–55.
• Law review article: “A Framework for Benefit-Cost Analysis in Digital Privacy Debates,” George Mason University Law Review, 20, no. 4 (Summer 2013): 1055–105.
• Law review article: “Technopanics, Threat Inflation, and the Danger of an Information Technology Precautionary Principle,” Minnesota Journal of Law, Science & Technology, 14 (2013): 309–86.

Adam Thierer – Privacy Law’s Precautionary Problem (Maine Law Review, 2014) by Adam Thierer

Patrick Byrne, CEO of Overstock.com, discusses how Overstock.com became one of the first online retail stores to accept Bitcoin. Byrne provides insight into how Bitcoin lowers transaction costs, making it beneficial to both retailers and consumers, and how governments are attempting to limit access to Bitcoin. Byrne also discusses his project DeepCapture.com, which raises awareness for market manipulation and naked short selling, as well as his philanthropic work and support for education reform.

Download

Related Links

• For Overstock CEO, Bitcoin Isn’t Just A Publicity Stunt, Forbes
• Meet Patrick Byrne: Bitcoin Messiah, CEO of Overstock, Scourge of Wall Street, Wired
• UBS, in Theory, a Conspiracy to Naked Short “Tens of Millions” of Shares, Deepcapture

Jack Schinasi discusses his recent working paper, Practicing Privacy Online: Examining Data Protection Regulations Through Google’s Global Expansion published in the Columbia Journal of Transnational Law. Schinasi takes an in-depth look at how online privacy laws differ across the world’s biggest Internet markets — specifically the United States, the European Union and China. Schinasi discusses how we exchange data for services and whether users are aware they’re making this exchange. And, if not, should intermediaries like Google be mandated to make its data tracking more apparent? Or should we better educate Internet users about data sharing and privacy? Schinasi also covers whether privacy laws currently in place in the US and EU are effective, what types of privacy concerns necessitate regulation in these markets, and whether we’ll see China take online privacy more seriously in the future.

Download

Related Links

• Practicing Privacy Online: Examining Data Protection Regulations Through Google’s Global Expansion, SSRN
• Journal of Transnational Law, Columbia University

I’m pleased to announce the release of my latest law review article, “A Framework for Benefit-Cost Analysis in Digital Privacy Debates.” It appears in the new edition of the George Mason University Law Review. (Vol. 20, No. 4, Summer 2013)

This is the second of two complimentary law review articles I am releasing this year dealing with privacy policy. The first, “The Pursuit of Privacy in a World Where Information Control is Failing,” was published in Vol. 36 of the Harvard Journal of Law & Public Policy this Spring. (FYI: Both articles focus on privacy claims made against private actors — namely, efforts to limit private data collection — and not on privacy rights against governments.)

My new article on benefit-cost analysis in privacy debates makes a seemingly contradictory argument: benefit-cost analysis (“BCA”) is extremely challenging in online child safety and digital privacy debates, yet it remains essential that analysts and policymakers attempt to conduct such reviews. While we will never be able to perfectly determine either the benefits or costs of online safety or privacy controls, the very act of conducting a regulatory impact analysis (“RIA”) will help us to better understand the trade-offs associated with various regulatory proposals.

However, precisely because those benefits and costs remain so remarkably subjective and contentious, I argue that we should look to employ less-restrictive solutions — education and awareness efforts, empowerment tools, alternative enforcement mechanisms, etc. — before resorting to potentially costly and cumbersome legal and regulatory regimes that could disrupt the digital economy and the efficient provision of services that consumers desire. This model has worked fairly effectively in the online safety context and can be applied to digital privacy concerns as well.

The article is organized as follows. Part I examines the use of BCA by federal agencies to assess the utility of government regulations. Part II considers how BCA can be applied to online privacy regulation and the challenges federal officials face when determining the potential benefits of regulation. Part III then elaborates on the cost considerations and other trade-offs that regulators face when evaluating the impact of privacy-related regulations. Part IV discusses alternative measures that can be taken by government regulators when attempting to address online safety and privacy concerns. This article concludes that policymakers must consider BCA when proposing new rules but also recognize the utility of alternative remedies such as education and awareness campaigns, to address consumer concerns about online safety and privacy.

I’ve embedded the full article down below in a Scribd reader, but you can also download it from my SSRN page and my Mercatus author page.

A Framework for Benefit-Cost Analysis in Digital Privacy Debates by Adam Thierer

Ronald J. Deibert is the director of The Citizen Lab at the University of Toronto’s Munk School of Global Affairs and the author of an important new book, Black Code: Inside the Battle for Cyberspace, an in-depth look at the growing insecurity of the Internet. Specifically, Deibert’s book is a meticulous examination of the “malicious threats that are growing from the inside out” and which “threaten to destroy the fragile ecosystem we have come to take for granted.” (p. 14) It is also a remarkably timely book in light of the recent revelations about NSA surveillance and how it is being facilitated with the assistance of various tech and telecom giants.

The clear and colloquial tone that Deibert employs in the text helps make arcane Internet security issues interesting and accessible. Indeed, some chapters of the book almost feel like they were pulled from the pages of techno-thriller, complete with villainous characters, unexpected plot twists, and shocking conclusions. “Cyber crime has become one of the world’s largest growth businesses,” Deibert notes (p. 144) and his chapters focus on many prominent recent examples, including cyber-crime syndicates like Koobface, government cyber-spying schemes like GhostNet, state-sanctioned sabotage like Stuxnet, and the vexing issue of zero-day exploit sales.

Deibert is uniquely qualified to narrate this tale not just because he is a gifted story-teller but also because he has had a front row seat in the unfolding play that we might refer to as “How Cyberspace Grew Less Secure.” Indeed, he and his colleagues at The Citizen Lab have occasionally been major players in this drama as they have researched and uncovered various online vulnerabilities affecting millions of people across the globe. (I have previously reviewed and showered praise on a couple important books that Deibert co-edited with scholars from The Citizen Lab and Harvard’s Berkman Center, including: Access Controlled: The Shaping of Power, Rights, and Rule in Cyberspace and Access Denied: The Practice and Policy of Global Internet Filtering. They are truly outstanding resources worthy of your attention.)

Black Code’s Many Meanings

So, what is “black code” and why should we be worried about it? Deibert uses the term as a metaphor for many closely related concerns. Most generally it includes “that which is hidden, obscured from the view of the average Internet user.” (p. 6) More concretely, it refers to “the criminal forces that are increasingly insinuating themselves into cyberspace, gradually subverting it from the inside out.” (p. 7) “Those who take advantage of the Internet’s vulnerabilities today are not just juvenile pranksters or frat house brats,” Deibert notes, “they are organized criminal groups, armed militants, and nation states.” (p. 7-8) Which leads to the final way Deibert uses the term “black code.” It also, he says, “refers to the growing influence of national security agencies, and the expanding network of contractors and companies with whom they work.” (p. 8)

Deibert is worried about the way these forces and factors are working together to undermine online stability and security, and even delegitimize liberal democracy itself. His thesis is probably most succinctly captured in this passage from Chapter 7:

We live in an era of unprecedented access to information, and many political parties campaign on platforms of transparency and openness. And yet, at the same time, we are gradually shifting the policing of cyberspace to a dark world largely free from public accountability and independent oversight. In entrusting more and more information to third parties, we are signing away legal protections that should be guaranteed by those who have our data. Perversely, in liberal democratic countries we are lowering the standards around basic rights to privacy just as the center of cyberspace gravity is shifting to less democratic parts of the world. (p. 130-1)

What Deibert is grappling with in this book is the same fundamental problem that has long plagued the Internet: How do you preserve the benefits associated with the most open and interconnected “network of networks” the world has ever known while also remedying the various vulnerabilities and pathologies created by that same openness and interconnectedness?  Deibert acknowledges this problem, noting:

Ever since the Internet emerged from the world of academia into the world of the rest of us, its growth trajectory has been shadowed by a grey economy that thrives on opportunities for enrichment made possible by an open, globally connected infrastructure. (p. 141)

The Paradox of the Net’s Open, Interconnected Nature

Again, paradoxically, this inherent instability and vulnerability is due precisely to the Net’s open and globally interconnected nature. And many governments are looking to exploit that fact. “These unfortunate by-products of an open, dynamic network are exacerbated by increasing assertions of state power,” Deibert notes. (p. 233)

More generally, this uncomfortable fact—that the Net’s open, interconnected nature leads to both enormous benefits as well as huge vulnerabilities—isn’t just true for criminal online activity or the cyber-espionage activities that various nation-states are pursuing today. It is equally true for everything online today. There is a sort of yin and the yang to the Net that is simply undeniable and completely unavoidable. For one issue after another we find that the Net’s greatest blessing—its open, interconnected nature—is also its greatest curse.

For example, as I noted here recently in my review of Abraham H. Foxman and Christopher Wolf ‘s new book, Viral Hate: Containing Its Spread on the Internet, the open and interconnected Internet gives us “the most widely accessible, unrestricted communications platform the world has ever known” but also  means we have to tolerate a great many imbeciles “who use it to spew insulting, vile, and hateful comments.” The same is true for other types of online speech and content: You have access to an abundance of informational riches, but there’s also no avoiding all the garbage out there now, too.

Similarly, as I noted in my essay, “Privacy as an Information Control Regime: The Challenges Ahead,” the open and interconnected Internet has given us historically unparalleled platforms for social interaction and commerce. But that same openness and interconnectedness has left us with a world of hyper-exposure and a variety of privacy and surveillance threats—not just from governments and large corporations, but also from each other.

And then there’s the never-ending story of digital copyright. On one hand, the open and globally interconnected network or networks has provided us with an amazing platform for sharing knowledge, art, and expression. On the other hand, as I noted in this essay on “The Twilight of Copyright,” creators of expressive works have less security than ever before in terms of how they can control and monetize their artistic and scientific inventions.

I could go on and on—as I did in my essays on “Copyright, Privacy, Property Rights & Information Control: Common Themes, Common Challenges” and “When It Comes to Information Control, Everybody Has a Pet Issue & Everyone Will Be Disappointed”—but the moral of the story is pretty clear: The Internet giveth and the Internet taketh away. Openness and interconnectedness offer us enormous benefits but also force us to confront major risks as the price of admission to this wonderful network.

Will the Whole System Collapse?

The uncomfortable question that Deibert’s book tees up for discussion is: When will this balance get completely out of whack in terms of online security? Or, has it already? In some portions of the text, he hints that may already be the case. Consider this passage in Chapter 11 in which Deibert discusses whether the Chicken Little-ism of digital security worry-warts like Eugene Kaspersky and Richard Clarke is warranted:

Eugene Kaspersky, Richard Clarke, and others may sound like broken records or self-serving fear mongers, but there is no denying the evolving cyberspace ecosystem around us: we are building a digital edifice for the entire planet, and it sits above us like a house of cards. We are wrapping ourselves in expanding layers of digital instructions, protocols, and authentication mechanisms, some them open scrutinized, and regulated, but many closed, amorphous, and poised for abuse, buried in the black arts of espionage, intelligence gathering, and cyber and military affairs. Is it only a matter of time before the whole system collapses? (p. 186)

That sounds horrific, but is it really the case that the entire system really about to collapse? And, if so, what are we going to do about it?

This raises a small problem with Deibert’s book. He does such a nice job itemizing and describing these security vulnerabilities that by the time the reader wades through 230 pages and nears the end of the book, they are left in a highly demoralized state, searching for some hope and a concrete set of practical solutions. Unfortunately, they won’t find an abundance of either in Deibert’s brief closing chapter, “Toward Distributed Security and Stewardship in Cyberspace.”

Don’t get me wrong; I agree with the general thrust of Deibert’s framework, which I describe below. The problem is that it is highly aspirational in nature and lacks specifics. Perhaps that is simply because there are no easy answers here. Digital security is damn hard and, as with most other online pathologies out there, no silver-bullet solutions exist.

Deibert notes that some government officials will seek to exploit those vulnerabilities—many of which they created themselves—to expand their authority over the Internet. “Faced with mounting problems and pressures to do something, too many policy-makers are tempted by extreme solutions,” he notes. (p. 234) He worries about “a movement towards clamp down” that would be “antithetical to the principles of liberal democratic government” by undermining checks and balances and accountability. (p. 235) In turn, this will undermine the “mixed common-pool resource” that is the current Internet.

Deibert’s alternative cyber security strategy to counter the push to “clamp down” is based on three interrelated notions or components:

1. Principles of restraint or “mutual restraint”: “Securing cyberspace requires a reinforcement, rather than a relaxation, of restraint on power, including checks and balances on governments, law enforcement, intelligence agencies, and on the private sector,” he argues. (p. 239)
2. “Distributed security”: “The Internet functions precisely because of the absence of centralized control, because of thousands of loosely coordinated monitoring mechanisms,” Deibert notes. “While these decentralized mechanisms are not perfect and can occasionally fail, they form the basis of a coherent distributed security strategy. Bottom-up, ‘grassroots’ solutions to the Internet’s security problems are consistent with principles of openness, avoid heavy-handedness, and provide checks and balances against the concentrations of power,” he observes. (p. 240)
3. “Stewardship” which Deibert defines as “an ethic of responsible behavior in regard to shared resources” and which, he argues, “would moderate the dangerously escalating exercise of state power in cyberspace by defining limits and setting thresholds of accountability and mutual restraint.” (p. 243)

Again, as an aspirational vision statement this all generally sounds fairly sensible, but the details are lacking. I think Deibert would have been wise to spend a bit more time developing this alternative “bottom-up” vision of how online security should work and bolstering it with case studies.

Digital Security without Top-Down Controls

Luckily, as my Mercatus Center colleague Eli Dourado noted in an important June 2012 white paper, distributed security and stewardship strategies are already working reasonably well today. Dourado’s paper, “Internet Security Without Law: How Service Providers Create Order Online,” documented the many informal institutions that enforce network security norms on the Internet and shows how cooperation among a remarkably varied set of actors improves online security without extensive regulation or punishing legal liability. “These informal institutions carry out the functions of a formal legal system—they establish and enforce rules for the prevention, punishment, and redress of cybersecurity-related harms,” Dourado noted.

For example, a diverse array of computer security incident response teams (CSIRTs) operates around the globe and share their research and coordinate their responses to viruses and other online attacks. Individual Internet service providers (ISPs), domain name registrars, and hosting companies, work with these CSIRTs and other individuals and organizations to address security vulnerabilities. A growing market for private security consultants and software providers also competes to offer increasingly sophisticated suites of security products for businesses, households, and governments.

A great deal of security knowledge is also “crowd-sourced” today via online discussion forums and security blogs that feature contributions from experts and average users alike. University-based computer science and cyberlaw centers (like Citizen Lab) and experts have also helped by creating projects like “Stop Badware,” which originated at Harvard University but then grew into a broader non-profit organization with diverse financial support.

Dourado continues on in his paper to show how these informal, bottom-up efforts to coordinate security responses offer several advantages over top-down government solutions, such as administrative regulation or punishing liability regimes.

Dourado’s description of the ideal approach to online security is entirely consistent with Deibert’s vision in Black Code. In fact, Deibert notes, “It is important to remind ourselves that in spite of the threats, cyberspace runs well and largely without persistent disruption. On a technical level, this efficiency is founded on open and distributed networks of local engineers who share information as peers,” he observes. (p. 240) That is exactly right, but I wish Deibert would have spent more time discussing how this system works in practice today and how it can be tweaked and improved to head off the heavy-handed and very costly top-down solutions that we both dread.

Toward Resiliency

But there’s one other thing I wish Deibert would have explored in the book: resiliency, or how we have adapted to various cyber-vulnerabilities over time.

For example, in another recent Mercatus Center study entitled “Beyond Cyber Doom: Cyber Attack Scenarios and the Evidence of History,” Sean Lawson, an assistant professor in the Department of Communication at the University of Utah, has stressed the importance of resiliency as it pertains to cybersecurity and concerns about “cyberwar.” “Research by historians of technology, military historians, and disaster sociologists has shown consistently that modern technological and social systems are more resilient than military and disaster planners often assume,” he writes. “Just as more resilient technological systems can better respond in the event of failure, so too are strong social systems better able to respond in the event of disaster of any type.”

More generally, as I noted in my recent law review article on “technopanics” and “threat inflation” in information technology policy debates:

while it is certainly true that “more could be done” to secure networks and critical systems, panic is unwarranted because much is already being done to harden systems and educate the public about risks. Various digital attacks will continue, but consumers, companies, and others organizations are learning to cope and become more resilient in the face of those threats.

What Professor Lawson and I are getting at in our respective articles is that the ability of organizations, institutions, and individuals to bounce back from adversity is a frequently unheralded feature of various systems and that it deserves more serious study. (See Andrew Zolli and Ann Marie Healy’s nice book, Resilience: Why Things Bounce Back, for more on this general topic). In the context of online security, what is most remarkable to me is not that the Internet suffers from vulnerabilities due to its open and interconnected nature; it’s that we don’t suffer far more damage as a result.

This gets us back to that very profound question that Deibert poses in Black Code: “Is it only a matter of time before the whole system collapses?” The better question, I think, is: why hasn’t the system already collapsed? Perhaps the answer is, because things haven’t gotten bad enough yet. But I believe that the more realistic answer is that: individuals and institutions often learn how to cope and become resilient in the face of adversity. This is partially the case online because of the stewardship and distributed, decentralized security we already see at work today that makes digital life tolerable.

But it has to be something more than that. After all, many of the security problems that Deibert describes in his book are quite serious and already affect millions of us today. How, then, are we getting by right now? Again, I think the answer has to be that adaptation and resiliency are at work on many different levels of online life.

Consider, for example, how we have learned to deal with spam, viruses, online porn, various online advertising and privacy concerns, and so on. Our adaptation to these threats and annoyances has not been perfectly smooth, of course. No doubt, some people would still like “something to be done” about these things. But isn’t it remarkable how we have, nonetheless, carried on with online commerce and interactive social life even as these problems have persisted?

Conclusion

Going forward, therefore, perhaps there are some reasons for hope. Perhaps the various generic strategies that Deibert outlines in his book, coupled with the remarkable ability of humans to roll with the punches and adapt, will help us come out of this just fine (or at least reasonably well).

Of course, it could also be the case that these security concerns just multiply and that the Internet then morphs into sometime quite different than the interconnected “network of networks” we know today. As I noted in my 2009 essay on “Internet Security Concerns, Online Anonymity, and Splinternets,” we might be moving toward a world with more separate dis­connected digital networks and online “gated communities.” This could take place spontaneously over time and be driven by corporations seeking to satisfy the demand of some consumers for safer and more secure online experiences. As I noted in my review of Jonathan Zittrain’s book, The Future of the Internet, I am actually fine with some of that. I think we can live in a hybrid world of “walled gardens” alongside of the “Wild West” open Internet, so long as this occurs in a spontaneous, organic, bottom-up fashion. [For a more extensive discussion, see my book chapter, “The Case for Internet Optimism, Part 2 – Saving the Net From Its Supporters.”]

If, however, this “splintering” of the Net is done from the top-down through intentional (or even incidental) government action, then it is far more problematic. We already see signs, for example, that Russia is pushing even more strongly in that direction in the wake of the NSA leaks. (See “N.S.A. Leaks Revive Push in Russia to Control Net,” New York Times, July 14.) The Russians have been using amorphous security concerns to push for greater Internet control for some time now. Of course, China has been there for years. So have many Middle Eastern countries. Of course, there’s no guarantee that their respective “splinternets” are, or would be, any more secure than today’s Internet, but it sure would make those networks far more susceptible to state control and surveillance. If that’s our future, then it certainly is a dismal one.

Anyway, read Ron Deibert’s Black Code for an interesting exploration of these and other issues. It’s an excellent contribution to field of Internet policy studies and a book that I’ll be recommending to others for many years to come.

Additional resources:

• the official website for Black Code
• the Citizen Lab website at the University of Toronto
• follow Ronald Deibert and The Citizen Lab on Twitter
• video of Washington, D.C. book launch for Black Code (held at the National Endowment for Democracy on 6/24/13)

Other books you should read alongside “Black Code” (links are for my reviews of each book):

• Access Controlled: The Shaping of Power, Rights, and Rule in Cyberspace edited by Ronald J. Deibert, John G. Palfrey, Rafal Rohozinski, and Jonathan Zittrain
• Consent of the Networked: The Worldwide Struggle for Internet Freedom , by Rebecca MacKinnon
• Cyber War: The Next Threat to National Security and What to Do About It, by Richard A. Clarke and Robert K. Knake
• Liars & Outliers: Enabling the Trust that Society Needs to Thrive, by Bruce Schneier
• Regulating Code: Good Governance and Better Regulation in the Information Age, by Ian Brown & Christopher T. Marsden
• Networks and States: The Global Politics of Internet Governance, by Milton Mueller
• Resilience: Why Things Bounce Back, by Andrew Zolli & Ann Marie Healy

Adam Thierer, Senior Research Fellow at the Mercatus Center discusses his recent working paper with coauthor Brent Skorup, A History of Cronyism and Capture in the Information Technology Sector. Thierer takes a look at how cronyism has manifested itself in technology and media markets — whether it be in the form of regulatory favoritism or tax privileges. Which tech companies are the worst offenders? What are the consequences for consumers? And, how does cronyism affect entrepreneurship over the long term?

Download

Related Links

• A History of Cronyism and Capture in the Information Technology Sector, Thierer
• Video: A History of Cronysim and Capture in the Information Technology Sector, Thierer
• Adam Thierer Biography, Mercatus Center
• Adam Thierer on Anti-Tech Grump Evgeny Morozov, Thierer

The Internet’s greatest blessing — its general openness to all speech and speakers — is also sometimes its biggest curse. That is, you cannot expect to have the most widely accessible, unrestricted communications platform the world has ever known and not also have some imbeciles who use it to spew insulting, vile, and hateful comments.

It is important to put things in perspective, however. Hate speech is not the norm online. The louts who spew hatred represent a small minority of all online speakers. The vast majority of online speech is of a socially acceptable — even beneficial — nature.

Still, the problem of hate speech remains very real and a diverse array of strategies are needed to deal with it. The sensible path forward in this regard is charted by Abraham H. Foxman and Christopher Wolf in their new book, Viral Hate: Containing Its Spread on the Internet. Their book explains why the best approach to online hate is a combination of education, digital literacy, user empowerment, industry best practices and self-regulation, increased watchdog / press oversight, social pressure and, most importantly, counter-speech. Foxman and Wolf also explain why — no matter how well-intentioned — legal solutions aimed at eradicating online hate will not work and would raise serious unintended consequences if imposed.

In striking this sensible balance, Foxman and Wolf have penned the definitive book on how to constructively combat viral hate in an age of ubiquitous information flows.

Definitional Challenges & Free Speech Concerns

Defining “hate speech” is a classic eye-of-the-beholder problem: At what point does heated speech become hate speech and who should be in charge of drawing the line between the two? “The notion of a single definition of hate speech that everyone can agree on is probably illusory,” Foxman and Wolf note, especially because of “the continually evolving and morphing nature of online hate.” (p. 52, 103)  “Like every other form of human communication, bigoted or hateful speech is always evolving, changing its vocabulary and style, adjusting to social and demographic trends, and reaching out in new ways to potentially receptive new audiences.” (p. 92)

Many free speech advocates (including me) argue that the government should not be in the business of ensuring that people never have their feelings hurt. Censorial solutions are particularly problematic here in the United States since they would likely run afoul of the protections secured by the First Amendment of the U.S. Constitution.

The clear trajectory of the Supreme Court’s free speech jurisprudence over the past half-century has been in the direction of constantly expanding protection for freedom of expression, even of the most repugnant, hateful varieties. Most recently, in Snyder v. Phelps, for example, the Court ruled that the Westboro Baptist Church could engage in hateful protests near the funerals of soldiers. “[T]his Nation has chosen to protect even hurtful speech on public issues to ensure that public debate is not stifled,” ruled Chief Justice John Roberts for the Court’s 8-1 majority. The Court has also recently held that the First Amendment protects lying about military honors (United States v. Alvarez, 2012), animal cruelty videos (United States v. Stevens, 2010), computer-generated depictions of child pornography (Ashcroft v. Free Speech Coalition, 2002), and the sale of violent video games to minors (Brown v. EMA, 2011). This comes on top of over 15 years of Internet-related jurisprudence in which courts have struck down every effort to regulate online expression.

Some will celebrate this jurisprudential revolution; others with lament it. Regardless, it is likely to remain the constitutional standard here in the U.S. As a result, there is almost no chance that courts here would allow restrictions on hate speech to stand. That means alternative approaches will continue to be relied upon to address it.

Foxman and Wolf acknowledge these constitutional hurdles but also point out that there are other reasons why “laws attempting to prohibit hate speech are probably one of the weakest tools we can use against bigotry.” (p. 171) Most notably, there is the scope and volume problem: “the sheer vastness of the challenge” (p. 103) which means “it’s simply impossible to monitor and police the vast proliferation of bigoted content being distributed through Web 2.0 technologies.” (p. 81) “The borderless nature of the Internet means that, like chasing cockroaches, squashing on offending website, page, or service provider does not solve the problem; there are many more waiting behind the walls — or across the border.” (p. 82) That’s exactly right and it also explains why solutions of a more technical nature aren’t likely to work very well either.

Foxman and Wolf also point out how hate speech laws could backfire and have profound unintended consequences. Beyond targeted laws that address true threats, harassment, and direct incitements to violence, Foxman and Wolf argue that “broader regulation of hate speech may send an ‘educational message’ that actually weakens rather than strengthens our system of democratic values.” (p. 171) That’s because such censorial laws and regulations undermine the very essence of deliberative democracy — robust exchange of potential controversial views — and leads to potential untrammeled majoritarianism. Worse yet, legalistic attempts to shut down hate speech can end up creating martyrs for fringe movements and, paradoxically, end up fueling conspiracy theories. (p. 80)

The Essential Role of Counter-speech & Education

Yet, “the challenge of defining hate speech shouldn’t lead us to give up on solving the problem,” argue Foxman and Woff. (p. 53) We must, they argue, refocus our efforts around “education as a bulwark of freedom.” (p. 170)  Digital literacy — teaching citizens respectful online behavior — is the key to those education efforts.

A vital part of digital literacy efforts is the encouragement of counter-speech solutions to online hate. “[T]he best anecdote to hate speech is counter-speech – exposing hate speech for its deceitful and false content, setting the record straight, and promoting the values of respect and diversity,” note Foxman and Wolf. (p. 129)  Or, as the old saying goes, the best response to bad speech is better speech. This principle has infused countless Supreme Court free speech decisions over the past century and it continues to make good sense. But we could do more through education and digital literacy efforts to encourage more and better forms of counter-speech going forward.

“Counter-speech isn’t only or even primarily about debating hate-mongers,” they note. “It’s about helping to create a climate of tolerance and openness for people of all kinds, not just on the Internet but in every aspect of local, community, and national life.” (p. 146) This is how digital literacy becomes digital citizenship. It’s about forming smart norms and personal best practices regarding beneficial online interactions.

Intermediary Policing

What more can be done beyond education and counter-speech efforts? Foxman and Wolf envision a broad and growing role for intermediaries to help to police viral hate. “We are convinced that if much of the time and energy spent advocating legal action against hate speech was used in collaborating and uniting with the online industry to fight the scourge of online hate, we would be making more gains in this fight,” they say. (p. 121) Among the steps they would like to see online operators take:

• Establishing clear hate speech policies in their Terms of Service and mechanisms for enforcing them;
• Making it easier for users to flag hate speech and to speak out against it;
• Facilitating industry-wide education and best practices via multi-stakeholder approaches; and
• Limiting anonymity and moving to “real-name” policies to identify speakers.

De-anonymization / Real-name policies

Most of these are imminently sensible solutions that should serve as best practices for online service providers and social media platform operators. But their last suggestion for sites to consider limiting anonymous speech will be controversial, especially at a time when many feel that privacy is already at serious risk online and when some critics argue that intermediaries already “censor” too much content as it is. (See, for example, this Jeff Rosen essay on “The Delete Squad: Google, Twitter, Facebook and the New Global Battle over the Future of Free Speech” and this Evgeny Morozov editorial, “You Can’t Say That on the Internet”).

Anonymous online speech certainly facilitates plenty of nasty online comments. There’s plenty of evidence — both scholarly and anecdotal — that “deindividuation” occurs when people can post anonymously.  As Foxman and Wolf explain it: “People who are able to post anonymously (or pseudonymously) are far more likely to say awful things, sometimes with awful effects. Speaking from behind a blank wall that shields a person from responsibility encourages recklessness – it’s far easier to hit the ‘send’ button without a second thought under those circumstances.” (p. 114)

On the other hand, there needs to be a sense of balance here. We protect anonymous speech for the same reason we protect all other forms of speech, no matter how odious: With the bad comes a lot of good. Forcing all users to identify themselves to get at handful of troublemakers is overkill and it would result in the chilling of a huge amount of legitimate speech.

Nonetheless, many governments across the globe are pushing for restrictions on anonymous speech. As Cole Stryker noted in his recent book, Hacking the Future: Privacy, Identity, and Anonymity on the Web, “we are seeing is an all-out war on anonymity, and thus free speech, waged by a variety of armies with widely diverse motivations, often for compelling reasons.” (p. 229). Stryker is right. In fact, less than two weeks ago, a French court ordered Twitter to produce the names of the people behind anti-Semitic tweets that appeared on the site last year.  Meanwhile, plenty of academics, including many here in the U.S., have stepped up their efforts to ban or limit online anonymity. If you don’t believe me, I suggest you read a few of the chapters of The Offensive Internet: Speech, Privacy, and Reputation (Saul Levmore & Martha C. Nussbaum, eds.). It’s a veritable fusillade against anonymity as well as Section 230, the U.S. law that limits liability for intermediaries who post materials by others.

In Viral Hate, Foxman and Wolf stop short of suggesting legal restrictions on anonymity, preferring to stick with experimentation among private intermediaries. One of the book’s authors (Wolf) penned an essay in The New York Times last November (“Anonymity and Incivility on the Internet”) suggesting that while “this is not a matter for government… it is time for Internet intermediaries voluntarily to consider requiring either the use of real names (or registration with the online service) in circumstances, such as the comments section for news articles, where the benefits of anonymous posting are outweighed by the need for greater online civility.” Specifically, Wolf wants the rest of the Net to follow Facebook’s lead: “It is time to consider Facebook’s real-name policy as an Internet norm because online identification demonstrably leads to accountability and promotes civility.”

These proposals prompted strong responses from some academics and average readers who decried the implications of such a move for both privacy and free speech. But, again, it is worth reiterating that Foxman and Wolf do not call for government mandates to achieve this. “[T]his notion of promulgating a new standard of accountability online is not a matter for government intervention, given the strictures of the First Amendment,” they argue. (p. 117)

However, Foxman and Wolf do suggest one innovative alternative that merits attention: premium placement for registered commenters. The New York Times and some other major content providers have experimented with premium placement, whereby those registered on the site have their comments pushed up in the queue while other comments appear down below them. On the other hand, I don’t like the idea of having to register for every news or content site I visit, so I would hope such approaches are used selectively. Another useful approach involves letting users of various social media sites and content services to determine whether they wish to allow comments on their user-generated content at all. Of course, many sites and services (such as YouTube, Facebook, and most blogging services) already allow that.

Conclusion

There are times in the book when Foxman and Wolf push their cause with a bit too much rhetorical flair, as when they claim that “Hitler and the Nazis could never have dreamed of such an engine of hate (as the Internet”). (p. 10)  Perhaps there is something to that, but it is also true that Hitler and the Nazis could have never of dreamed of a platform for individual empowerment, transparency, and counter-speech such as the Internet. It was precisely because they were able to control the very limited media and communications platforms of their age that the Nazis were about to exert total control over the information systems and create a propaganda hate machine that had no serious challenge from the public or other nations. Just ask Arab dictators which age they’d prefer to rule in! It is certainly much harder for today’s totalitarian thugs to keep secrets bottled up and it is equally hard for them to spread lies and hateful propaganda without being met with a forceful response from the general citizenry as well as those in other nations. So the “Hitler-would-have-loved-the-Net” talk is unwarranted.

I’m also a bit skeptical of some of the metrics used to measure this problem. While there is clearly plenty of online hate to be found across the Net today, efforts to quantify it inevitably run right back into the same subjective definition problems that Foxman and Wolf do such a nice job explaining throughout the text. So, if we have such a profound ‘eye-of-the-beholder’ problem at work here, how is it that we can be sure that quantitative counts are accurate?  That doesn’t mean I’m opposed to efforts to quantify online hate, rather, we just need to take such measures with a grain of salt.

Finally, I wish the authors would have developed more detailed case studies of how companies outside the mainstream are dealing with these issues today. Foxman and Wolf focus on big players like Google, Facebook, and Twitter for obvious reasons, but plenty of other online providers and social media operators have policies and procedures in place today to deal with online hate speech. A more thorough survey of those differing approaches might have helped us gain a better understanding of which policies make the most sense going forward.

Despite those small nitpicks, Foxman and Wolf have done a great service here by offering us a penetrating examination of the problem of online hate speech while simultaneously explaining the practical solutions necessary to combat it. Some will be dissatisfied with their pragmatic approach to the issue, feeling on one hand that the authors have not gone far enough in bringing in the law to solve these problems, while others will desire a more forceful call for freedom of speech and just growing a thicker skin in response to viral hate.  But I believe Foxman and Wolf have struck exactly the right balance here and given us a constructive blueprint for addressing these vexing issues going forward.

Declan McCullagh, chief political correspondent for CNET and former Washington bureau chief for Wired News, discusses recent leaks of NSA surveillance programs. What do we know so far, and what more might be unveiled in the coming weeks? McCullagh covers legal challenges to the programs, the Patriot Act, the fourth amendment, email encryption, the media and public response, and broader implications for privacy and reform.

Download

Related Links

• Snowden: NSA snoops on U.S. phone calls without warrants, McCullagh
• Snowden: Feds can’t plug leaks by ‘murdering me’, McCullagh
• Feds: Power grid vulnerable to cyber threats, McCullagh

David Garcia, post doctoral researcher at the Swiss Federal Institute of Technology and co-author of Social Resilience in Online Communities: The Autopsy of Friendster, discusses the concept of social resilience and how online communities, like Facebook and Friendster, withstand changes in their environment.

Garcia’s paper examines one of the first online social networking sites, Friendster, and analyzes its post-mortem data to learn why users abandoned it.

Garcia goes on to explain how opportunity cost and cost benefit analysis can affect a user’s decision whether or not to remain in an online community.

Download

Related Links

• Social Resilience in Online Communities: The Autopsy of Friendster, Garcia, Mavrodiev, Schweitzer
• An autopsy of a dead social network, The Physics arXiV Blog
• Researchers conduct ‘autopsy’ of dead social network Friendster, Solon

Defining “privacy” is a legal and philosophical nightmare. Few concepts engender more definitional controversies and catfights. As someone who is passionate about his own personal privacy — but also highly skeptical of top-down governmental attempts to regulate and/or protect it — I continue to be captivated by the intellectual wrangling that has taken place over the definition of privacy. Here are some thoughts from a wide variety of scholars that make it clear just how frustrating this endeavor can be:

• “Perhaps the most striking thing about the right to privacy is that nobody seems to have any very clear idea what it is.” – Judith Jarvis Thomson, “The Right to Privacy,” in Philosophical Dimensions of Privacy: An Anthology, 272, 272 (Ferdinand David Schoeman ed., 1984).
• privacy is “exasperatingly vague and evanescent.” – Arthur Miller, The Assault on Privacy: Computers, Data Banks, and Dossiers, 25 (1971).
• “[T]he concept of privacy is infected with pernicious ambiguities.” – Hyman Gross,  The Concept of Privacy, 42 N.Y.U. L. REV. 34, 35 (1967).
• “Attempts to define the concept of ‘privacy’ have generally not met with any success.” – Colin Bennett, Regulating Privacy: Data Protection and Public Policy In Europe and the United States,  25 (1992).
• “When it comes to privacy, there are many inductive rules, but very few universally accepted axioms.” – David Brin, The Transparent Society: Will Technology Force Us To Choose Between Privacy and Freedom? 77 (1998).
• “Privacy is a value so complex, so entangled in competing and contradictory dimensions, so engorged with various and distinct meanings, that I sometimes despair whether it can be usefully addressed at all.” – Robert C. Post, Three Concepts of Privacy, 89 GEO. L.J. 2087, 2087 (2001).
• “[privacy] can mean almost anything to anybody.” – Fred H. Cate & Robert Litan, Constitutional Issues in Information Privacy, 9 Mich. Telecomm. & Tech. L. Rev. 35, 37 (2002).
• privacy has long been a “conceptual jungle” and a “concept in disarray.” “[T]he attempt to locate the ‘essential’ or ‘core’ characteristics of privacy has led to failure.” – Daniel J. Solove, Understanding Privacy 196, 8 (2008).
• “Privacy has really ceased to be helpful as a term to guide policy in the United States.” – Woodrow Hartzog, quoted in Cord Jefferson, Spies Like Us: We’re All Big Brother Now, Gizmodo, Sept. 27, 2012.
• “for most consumers and policymakers, privacy is not a rational topic. It’s a visceral subject, one on which logical arguments are largely wasted.” – Larry Downes,  A Rational Response to the Privacy “Crisis,” Cato Institute, Policy Analysis No. 716 (Jan. 7, 2013), at 6.

In my new Harvard Journal of Law & Public Policy article, “The Pursuit of Privacy in a World Where Information Control is Failing” I build on these insights to argue that:

1. precisely because privacy has always been a highly subjective philosophical concept;
2. and is also a constantly morphing notion that evolves as societal attitudes adjust to new cultural and technological realities;
3. America may never be able to achieve a coherent fixed definition of the term or determine when it constitutes a formal right outside of some narrow contexts.

That doesn’t mean the privacy isn’t profoundly important to many of us, but privacy is, first and foremost, an exercise of personal determination and personal responsibility. To some extent, we have to make our own privacy in this world. In this sense, we can liken it to our right to pursue happiness. Here’s how I put it in Part I of my Harvard JLPP article:

Even if agreement over the scope of privacy rights proves elusive, however, everyone would likely agree that citizens have the right to pursue privacy. In this sense, we might think about the pursuit of privacy the same way we think about the pursuit of happiness. Recall the memorable line from America’s Declaration of Independence: “We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.” Consider the importance of that qualifying phrase—“and the pursuit of”—before the mention of the normative value of happiness. America’s Founders obviously felt happiness was an important value, but they did not elevate it to a formal positive right alongside life, liberty, physical property, or even freedom of speech.

This framework provides a useful way of thinking about privacy. Even if we cannot agree whether we have a right to privacy, or what the scope of any particular privacy right should be, the right to pursue it should be as uncontroversial as the right to pursue happiness. In fact, pursing privacy is probably an important element of achieving happiness for most citizens. Almost everyone needs some time and space to be free with their own thoughts or to control personal information or secrets that they value. But that does not make it any easier to define the nature of privacy as a formal legal right, or any easier to enforce it, even if a satisfactory conception of privacy could be crafted to suit every context.

The most stable and widely accepted privacy rights in the United States have long been those that are tethered to unambiguous tangible or physical rights, such as rights in body and property, especially the sanctity of the home. Moreover, these rights have been focused on limiting the power of state actors, not private parties. By contrast, privacy claims premised on intangible or psychological harms have found far less support, and those claims have been particularly limited for private actors relative to the government. All this will likely remain the case for online privacy. Importantly, if privacy is enshrined as a positive right even in narrowly drawn contexts, it imposes obligations on the government to secure that right. These obligations create corresponding commitments and costs that must be taken into account since government regulation always entails tradeoffs.

Therefore, even as America struggles to reach political consensus over the scope of privacy rights in the information age, it makes sense to find methods and mechanisms—most of which will lie outside of the law—that can help citizens cope with social and technological changes that affect their privacy. Part III will outline some of the ways citizens can pursue and achieve greater personal privacy.

I fully realize that this way of thinking about privacy leaves many challenging questions at the margin and I also understand how it will be unsatisfactory to those who view privacy as a “dignity right” that trumps all other values and considerations. But, to reiterate, what I am suggesting here is that we will likely never be able to achieve a coherent fixed definition of the term or determine when it constitutes a formal right outside of some narrow contexts (such as for sensitive health or financial information, where the potential harms of collection, sharing, and use are more tangible).  The primary reason for this is that privacy primary comes down to assertions about “harms” that are primarily psychological in character. But precisely because such asserted harms (1) lack a tangible/physical/monetary nature and (2) also can come into conflict with other liberty rights (especially the right to freely gather information and speak about it; i.e., First Amendment rights), it makes it more difficult to classify psychological “harms” as harms at all.

I feel the same way about concepts like “safety” and “security.” Who among us doubts these values and goals are important? As the father of two young digital natives, I am living a constant struggle to mentor my kids and ensure they have safe and healthy online interactions. But that doesn’t mean I think anyone in this world — including my own children — has an amorphous “right to safety.” What they do have a right to is not to be harmed by others in their online interactions. Where things become sticky, however, is when some child safety advocates adopt an extremely expansive view of what constitutes “harm” in this context and suggest that hearing a single dirty word or seeing a fleeting dirty image somehow irrevocably “harms” their mental well-being and development, or perhaps just their personal morality. (I have written about this here in dozens of essays through the years such as this one on “The Problem of Proportionality in Debates about Online Privacy and Child Safety” as well in longer papers, such as my recent law review article about, “Technopanics, Threat Inflation, and the Danger of an Information Technology Precautionary Principle.”)

While I appreciate the diverse beliefs and values that drives sensitivities about potentially objectionable online content, it is an entirely different matter when one claims “rights” and actionable “harms” in this context. It means that politics will essentially answer what are fundamentally deeply personal “eye of the beholder” questions. It is better, I believe to educate and empower citizens about safe and sensible online interactions and then let them determine what works best for them. Again, whether we are talking about safety or privacy, this model relies upon a certain amount of personal (and parental) responsibility.

To be sure, real harms exist and, at times, law will need to be brought in to right certain wrongs. For example, in the online safety context I favor strong penalties for anyone attempting predatory behavior or extreme forms of incessant harassment. In the privacy context, we’ll still need laws to deal with identity/data theft and certain uses of highly sensitive health and financial information. Outside of those narrow contexts, however, it is better to let people define their own online experiences free of top-down, one-size-fits-all regulatory enactments that attempt to make those determinations for all of us. To reiterate, we all have the right to pursue the objectives we care about–safety, privacy, or just happiness more generally–according to our own value systems. But we should be careful about elevating such amorphous concepts to the level of “rights” and then expecting the State to enforce one set of values and choices on a diverse citizenry.

The Pursuit of Privacy in a World Where Information Control is Failing

As noted here last week, as part of their Marginal Revolution University online courses, Tyler Cowen and Alex Tabarrok have been rolling out several classes on “Economics of the Media.” I think TLF readers will be interested in checking out their lessons on “Bundling” and “Cable TV Regulation” since these are topics we have frequently discussed here over the years. I’ve embedded those two presentations below, but please go the MRU site and watch all the videos in their media economics course when you get a chance. They are excellent.

Susan W. Brenner, associate dean and professor of law at the University of Dayton School of Law,  discusses her new paper published in the Minnesota Journal of Law, Science & Technology entitled “Cyber-threats and the Limits of Bureaucratic Control.”

Brenner argues that the approach the United States, like other countries, uses to control threats in real-space is ill-suited for controlling cyberthreats. She explains that because this approach evolved to deal with threat activity in a physical environment, it is predicated on a bureaucratic organizations. This is not an effective way of approaching cyber-threat control, she argues. 

Brenner also explains why congressional efforts at cybersecurity legislation are flawed and why U.S. authorities persist in pursuing antiquated strategies that cannot provide an effective cyberthreats defense system. She outlines an alternative approach to the task of protecting the country from cyberthreats, and approach that is predicated on older, more fluid threat control strategies.

Download

Related Links

• Cyber-Threats and the Limits of Bureaucratic Control, Brenner
• Cybercrime and the Law, Brenner
• Cyberwar: you lack imagination, Brenner
• Approaches to Cybercrime Jurisdiction, Brenner

I’m excited to announce the release of my latest law review article, “The Pursuit of Privacy in a World Where Information Control is Failing,” which appears in the next edition (vol. 36) of the Harvard Journal of Law & Public Policy. This is the first of two complimentary law review articles that I will be releasing this year dealing with privacy policy. The second, which will be published later this summer by the George Mason University Law Review, is entitled, “A Framework for Benefit-Cost Analysis in Digital Privacy Debates.” (FYI: Both articles focus on privacy claims made against private actors — namely, efforts to limit private data collection — and not on privacy rights against governments.)

The new Harvard Journal article is divided into three major sections. Part I focuses on some of normative challenges we face when discussing privacy and argues that there may never be a widely accepted, coherent legal standard for privacy rights or harms here in the United States. It also explores the tensions between expanded privacy regulation and online free speech. Part II turns to the many enforcement challenges that are often ignored when privacy policies are being proposed or formulated and argues that legislative and regulatory efforts aimed at protecting privacy must now be seen as an increasingly intractable information control problem. Most of the problems policymakers and average individuals face when it comes to controlling the flow of private information online are similar to the challenges they face when trying to control the free flow of digitalized bits in other information policy contexts, such as online safety, cybersecurity, and digital copyright.

If the effectiveness of law and regulation is limited by the normative considerations discussed in Part I and the practical enforcement complications discussed in Part II, what alternatives remain to assist privacy-sensitive individuals? I address that question in Part III of the paper and argue that the approach America has adopted to deal with concerns about objectionable online speech and child safety offers a path forward on the privacy front as well. A so-called “3-E” solution that combines consumer education, user empowerment, and selective enforcement of existing targeted laws and other legal standards (torts, anti-fraud laws, contract law, and so on), has helped society achieve a reasonable balance in terms of addressing online safety while also safeguarding other important values, especially freedom of expression.  That does not mean perfect online safety exists, not only because the term means very different things to different people, but because it would be impossible to achieve in the first instance as a result of information control complications. But the “3-E” approach has the advantage of enhancing online safety without sweeping regulations being imposed that could undermine the many benefits information networks and online services offer individuals and society.  This same framework can guide online privacy decisions—both at the individual household level and the public policy level.

I’ve embedded the full article down below in a Scribd reader, but you can also download it from my SSRN page and it should be available on the HJLPP website shortly. [Update 4/16: It is now live on the site.] In coming weeks, I hope to do some blogging that builds on the themes and arguments I develop in this article.

The Pursuit of Privacy in a World Where Information Control is Failing

Gabriella Coleman, the Wolfe Chair in Scientific and Technological Literacy in the Art History and Communication Studies Department at McGill University, discusses her new book, “Coding Freedom: The Ethics and Aesthetics of Hacking,” which has been released under a Creative Commons license.

Coleman, whose background is in anthropology, shares the results of her cultural survey of free and open source software (F/OSS) developers, the majority of whom, she found, shared similar backgrounds and world views. Among these similarities were an early introduction to technology and a passion for civil liberties, specifically free speech.

Coleman explains the ethics behind hackers’ devotion to F/OSS, the social codes that guide its production, and the political struggles through which hackers question the scope and direction of copyright and patent law. She also discusses the tension between the overtly political free software movement and the “politically agnostic” open source movement, as well as what the future of the hacker movement may look like.

Download

Related Links

• Coding Freedom: The Ethics and Aesthetics of Hacking, by Coleman
• Hacker Politics and Publics. Public Culture, by Coleman
• Hackers. The Johns Hopkins Encyclopedia of Digital Textuality. Forthcoming, 2012, by Coleman

The number of major cyberlaw and information tech policy books being published annually continues to grow at an astonishing pace, so much so that I have lost the ability to read and review all of them. In past years, I put together end-of-year lists of important info-tech policy books (here are the lists for 2008, 2009, 2010, and 2011) and I was fairly confident I had read just about everything of importance that was out there (at least that was available in the U.S.). But last year that became a real struggle for me and this year it became an impossibility. A decade ago, there was merely a trickle of Internet policy books coming out each year. Then the trickle turned into a steady stream. Now it has turned into a flood. Thus, I’ve had to become far more selective about what is on my reading list. (This is also because the volume of journal articles about info-tech policy matters has increased exponentially at the same time.)

So, here’s what I’m going to do. I’m going to discuss what I regard to be the five most important titles of 2012, briefly summarize a half dozen others that I’ve read, and then I’m just going to list the rest of the books out there. I’ve read most of them but I have placed an asterisk next to the ones I haven’t.  Please let me know what titles I have missed so that I can add them to the list. (Incidentally, here’s my compendium of all the major tech policy books from the 2000s and here’s the running list of all my book reviews.)

As I do each year, I need to repeat a few disclaimers.  First, what qualifies as an “important” info-tech policy book is highly subjective, but I would define it as a title that many people — especially scholars in the field — are currently discussing and that we will likely be referencing for many years to come.  But I “weight” books in the sense that narrowly-focused titles lose a few points. For example, books that deal mostly with privacy issues, copyright law, or antitrust policy are docked a few points relative to “big picture” info-tech policy books that offer a broader exploration of policy issues and which offer more wide-ranging recommendations.

Second, almost all of the books included have something profound to say about Internet policy (either directly or indirectly) and the more profound and clear the policy recommendations or implications, the higher the titles rank in terms of importance on my list.

Third, and most importantly: Just because a book appears on this list that does not necessarily mean I agree with everything in it.  In fact, as was the case in previous years, I found much with which to disagree in most of the books listed here. Simply put, the cyber-liberty I cherish is a real loser in both academic and public policy circles these days. It has very few defenders today. So, if this was simply a list of my personal favorite books, there would only be 2 or 3 titles on it. Instead, this is my effort to list important books in the field, regardless of whether I agree with the content and conclusions found in those titles.

OK, on to the list.

(1) Rebecca MacKinnon – Consent of the Network: The Worldwide Struggle for Internet Freedom

Rebecca MacKinnon’s book was the most important information technology policy book released in 2012 because it: (1) presented a splendid history of the ideas and forces shaping Internet policy debates globally; (2) offered policy insights that were extremely relevant to breaking developments in this field; and (3) set forth a call-to-arms to global Internet activists and gave them a new way of framing their issue advocacy.

MacKinnon is a former journalist and her outstanding reporting skills are on display throughout the text. Her coverage of China’s efforts to regulate the Net is outstanding. She also surveys some of the recent policy fights here and abroad over issues such as online privacy, Net neutrality regulation, free speech matters, and the copyright wars. The book demands attention for this historical work and analysis alone.

Even more importantly, however, MacKinnon makes a forceful argument for how to think about Internet freedom and democracy in new digital worlds. Her book is an attempt to take the Net freedom movement to the next level; to formalize it and to put in place a set of governance principles that will help us hold the “sovereigns of cyberspace” more accountable. Many of her proposals are quite sensible. But, as I noted in my much longer review of the book, I had a real problem with MacKinnon’s use of the term “digital sovereigns” or “sovereigns of cyberspace” and the loose definition of “sovereignty” that pervades her narrative. She too often blurs and equates private power and political power, and she sometimes leads us to believe that the problem of the dealing with the mythical nation-states of “Facebookistan” and “Googledom” is somehow on par with the problem of dealing with actual sovereign power — government power — over digital networks, online speech, and the world’s Netizenry.

Despite these nitpicks, MacKinnon has many other ideas about Net governance in the book that are less controversial and entirely sensible in my opinion. She wants to “expand the technical commons” by building and distributing more tools to help activists and make organizations more transparent and accountable. These would include circumvention and anonymization tools, software and programs that allow both greater data security and portability, and devices and network systems to expand the range of communication and participation, especially in more repressed countries. She would also like to see neitzens “devise more systematic and effective strategies for organizing, lobbying, and collective bargaining with the companies whose service we depend upon — to minimize the chances that terms of service, design choices, technical decisions, or market entry strategies could put people at risk or result in infringement of their rights.” This also makes sense as part of a broader push for improved corporate social responsibility.

Regarding the role of law, MacKinnon has a mixed view. She says: “There is a need for regulation and legislation based on solid data and research (as opposed to whatever gets handed to legislative staffers by lobbyists) as well as consultation with a genuinely broad cross-section of people and groups affected by the problem the legislation seeks to solve, along with those likely to be affected by the proposed solutions.” Of course, that’s a fairly ambiguous standard that could open the door to excessive political meddling with the Net if we’re not careful. Overall, though, she acknowledges how regulation so often lags far behind innovation. “A broader and more intractable problem with regulating technology companies is that legislation appears much too late in corporate innovation and business cycles,” she rightly notes.

MacKinnon’s book will be of great interest to Internet policy scholars and students, but it is also accessible to a broader audience interested in learning more about the debates and policies that will shape the future of the Internet and digital networks for many years to come. One other note: MacKinnon’s clearly-worded prose and cool-headed tone deserve praise and emulation. It serves as a model for how to write a thoughtful Internet policy book, even if you don’t agree with all her conclusions or recommendations.

My complete review of Consent of the Networked can be found here.

(2) Susan Crawford – Captive Audience: The Telecom Industry and Monopoly Power in the New Gilded Age

Susan Crawford’s book was probably my least favorite title of 2012, but that doesn’t mean I can discount its significance within this field. Crawford has made herself a widely-recognized and highly-charged figure in the world of Internet policy through her work as an activist, an academic, and even a government official. In Captive Audience, she doesn’t even try to hide her self-described “radicalized” views on communications policy anymore and in the process she solidifies her role as the ringleader of the growing movement to impose centralized, top-down government control on America’s broadband infrastructure.

What is most astonishing about Captive Audience is the way Crawford so audaciously waxes nostalgic for the days of regulated monopoly. Simply put, Crawford doesn’t believe that capitalism or competition have any role to play in the provision of broadband networks and services. “No competitive pressure will force these companies to act [in the public interest],” she argues on the last page of the manifesto. “Americans,” she claims, “have allowed a naive belief in the power and beneficence of the free market to cloud their vision.” She suggests we should just give up our false hope that markets can deliver such an important service and get on with the task of converting broadband into a full-blown regulated public utility.

Her proposed solutions read like the typical Big Government grab-bag of policy proposals: more government spending, more government ownership, and more government regulation (forced access regulation and rate controls) for any private carriers that are allowed to remain in operation as de facto handmaidens of the state. Crawford’s perfect world scenario would seem to be some sort of amalgam of the U.S. Postal Service and the federal highway program. While both programs have sought to provide an important service to the masses, it goes without saying that both are also an absolute basket case in terms of service management and economic viability. But, for the sake of argument, let’s say that Crawford is right and that public ownership and comprehensive government management is the way to go. Where will all this money come from for all the new government activity Crawford desires? Apparently it grows on trees because she isn’t ever willing to admit that we find ourselves in the midst of major fiscal crisis that likely constrains the ability of governments to make these investments themselves. Luckily, private wireline and wireless broadband providers have been investing tens of billions in infrastructural upgrades in recent years (don’t take my word for it, read what the Progressive Policy Institute has to say), a fact that Crawford conveniently ignores.

More importantly, Crawford never fully confronts the fact that the era of regulated monopoly she cherishes was an unmitigated croynist disaster for consumers. That era had nothing to do with the “public interest” and everything to do with protecting the private interests of regulated entities — namely, Ma Bell on the communications side and broadcasters on the media side. She also doesn’t address the lackluster state of innovation during the 70 or so years during which time communications and media markets were under the tight grip of federal and state regulators, who controlled rates, restricted new entry, and discouraged innovation at virtually every juncture. If one is going to recommend a return to the regulatory past, they had better grapple with that uncomfortable, anti-consumer, anti-innovation history. Crawford utterly fails to in Captive Audience.

While the book is nominally about broadband regulation, the bulk of it is actually dedicated to taking on one company — Comcast — and specifically picking apart its recent merger with NBC Universal. For Crawford, the Comcast-NBC deal represented something akin to the Mayan apocalypse of media policy. She wants us to believe that the deal has forever solidified Comcast’s grasp on both programming and broadband markets. Comcast chief Brian Roberts is presented as the nefarious villain of the narrative; Crawford paints him as a cross between Gordon Gecko and Mr. Burns from “The Simpsons.” Usually such neurotic narratives are reserved for Rupert Murdoch and how he is supposedly plotting mass media domination to brainwash the minds of the masses. But Crawford suggests that Roberts is the new Bond villain du jour and chapter after chapter are devoted to demonizing him, his father, and other execs at Comcast. She argues that “Comcast now owns the Internet in America” and that the company is “squeezing independent online video” providers out of the market.

Despite all this hand-wringing, the situation in the video marketplace has never looked brighter. Crawford fails to put things in historical perspective and examine consumer choices in this market today relative to the past — a point I made in this debate with her last year. Of course, she probably didn’t want to seriously examine that evidence because by every metric available — and I published an entire report called Media Metrics a few years ago proving this — Americans have more and better viewing options at their disposal than ever before in history. We have more channels and more content available over more platforms (cable, satellite, telco, online, DVD, mail, etc) and more devices than ever before. Consumers have an unprecedented ability to access, record, time-shift, interact with, and even manipulate and redistribute video content. Of course, all this choice and quality comes at a cost, as Crawford continuously complains throughout the text. Apparently, in her view, all these great new programming options and technologies should just fall to us like manna from heaven with no price tag attached.

If you want to see what the opposite of Internet freedom and digital capitalism looks like, look no further than this book. It is the definitive articulation of the cyber-planner’s ethos. Of course, that’s also what makes Captive Audience one of the most important books of 2012. But if you really must read such one-sided propaganda — since this book will, no doubt, be assigned in many cyberlaw and media studies classes across America — then I encourage you to also read Christopher Yoo’s Dynamic Internet and Randy May’s edited collection of essays on Communications Law and Policy in the Digital Age, both of which are mentioned below. Both of those books offer a refreshingly level-headed examination of the true state of this marketplace. I’d also recommend you check out these recent essays by Bret Swanson and Richard Bennett for a hard look at the shoddy numbers and assumptions underlying many of the broadband policy critiques you hear out there today from Crawford and others.

(3) John Palfrey & Urs Gasser – Interop: The Promise and Perils of Highly Interconnected Systems

What makes Palfrey & Gasser’s book so important is that the authors aim to develop “a normative theory identifying what we want out of all this interconnectivity” that the information age has brought us. They correctly note “there is no single, agreed-upon definition of interoperability” and that “there are even many views about what interop is and how it should be achieved.” Generally speaking, they argue increased interoperability — especially among information networks and systems — is a good thing because it “provides consumers greater choice and autonomy,” “is generally good for competition and innovation,” and “can lead to systemic efficiencies.”

But they wisely acknowledge that there are trade-offs, too, noting that “this growing level of interconnectedness comes at an increasingly high price.” Whether we are talking about privacy, security, consumer choice, the state of competition, or anything else, Palfrey and Gasser argue that “the problems of too much interconnectivity present enormous challenges both for organizations and for society at large.” Their chapter and privacy and security offers many examples, but one need only look around at their own digital existence to realize the truth of this paradox. The more interconnected our information systems become, and the more intertwined our social and economic lives become with those systems, the greater the possibility of spam, viruses, data breaches, and various types of privacy or reputational problems. Interoperability giveth and it taketh away.

Ultimately, however, the authors fail to develop a clear standard for when interoperability is good and when governments should take steps to facilitate or mandate it. They argue that “there is no single form or optimal amount of interoperability that will suit every circumstance” and that “most of the specifics of how to bring interop about [must] be determined on a case-by-case basis. Yet, Palfrey and Gasser also make it clear they want government(s) to play an active role in ensuring optimal interoperability. They say they favor “blended approaches that draw upon the comparative advantages of the private and public sector,” but they argue that government should feel free to tip or nudge interoperability determinations in superior directions to satisfy “the public interest.” “If deployed with skill,” they argue, “the law can play a central role in ensuring that we get as close as possible to optimal levels of interoperability in complex systems.”

The fundamental problem this “public interest” approach to interoperability regulation is that it is no better than the “I-know-it-when-I-see-it” standard we sometimes at work in the realm of speech regulation. It’s an empty vessel, and if it is the lodestar by which policymakers make determinations about the optimal level of interoperability, then it leaves markets, innovators, and consumers subject to the arbitrary whims of what a handful of politicians or regulators think constitutes “optimal interoperability,” “appropriate standards,” and “best available technology.”

In my absurdly long review of their book, I offered an alternative framework that suggests patience, humility, and openness to ongoing marketplace experimentation as the primary public policy virtues that lawmakers should instead embrace. Ongoing marketplace experimentation with technical standards, modes of information production and dissemination, and interoperable information systems, is almost always preferable to the artificial foreclosure of this dynamic process through state action. The former allows for better learning and coping mechanisms to develop while also incentivizing the spontaneous, natural evolution of the market and market responses. The latter (regulatory foreclosure of experimentation) limits that potential.

Defining “optimal interoperability,” is not just difficult as Palfrey and Gasser suggest, but I would argue that it is a pipe dream. Sometimes consumers demanded a certain amount interoperability and they usually get it. But it seems equally obvious that consumers don’t always demand perfect interoperability. Just look at your iPhone or Xbox for proof. Quite often, a lack of interoperability helps firms finance important new products and services while simultaneously ensuring users a tailored and potentially more secure and satisfying experience. Importantly, however, non-interoperability also spurs new forms of innovation from rivals looking to leap-frog the old front-runners. Progress flows from this never-ending cycle of technological change and industrial churn.

In sum, we cannot define or determine “optimal interoperability” in an a priori fashion; only ongoing experimentation can help us determine what truly lies in “the public interest.” Despite my different approach and conclusions, Palfrey and Gasser’s book perfectly frames what should be a very interesting ongoing debate over these issues and for that reason will be required reading on this subject for years to come.

Again, my longer review of Palfrey and Gasser’s book can be found here, and listen to John Palfrey’s podcast discussion with Jerry Brito here.]

(4) Christopher Yoo – The Dynamic Internet: How Technology, Users, and Businesses are Transforming the Network

Christopher Yoo’s book was my personal favorite of the year, but it won’t capture as much interest and recognition as some of the other titles on this list. The book offers a concise overview of how Internet architecture has evolved and a principled discussion of the public policies that should govern the Net going forward. Yoo makes two straight-forward arguments. First, the Internet is changing. In Part 1 of the book, Yoo offers a layman-friendly overview of the changing dynamics of Internet architecture and engineering. He documents the evolving nature of Internet standards, traffic management and congestion policies, spam and security control efforts, and peering and pricing policies. He also discusses the rise of peer-to-peer applications, the growth of mobile broadband, the emergence of the app store economy, and what the explosion of online video consumption means for ongoing bandwidth management efforts. Those are the supply-side issues. Yoo also outlines the implications of changes in the demand-side of the equation, such as changing user demographics and rapidly evolving demands from consumers. He notes that these new demand-side realities of Internet usage are resulting in changes to network management and engineering, further reinforcing changes already underway on the supply-side.

Yoo’s second point in the book flows logically from the first: as the Internet continues to evolve in such a highly dynamic fashion, public policy must as well. Yoo is particularly worried about calls to lock in standards, protocols, and policies from what he regards as a bygone era of Internet engineering, architecture, and policy. “The dramatic shift in Internet usage suggests that its founding architectural principles form the mid-1990s may no longer be appropriate today,” he argues. “[T]he optimal network architecture is unlikely to be static. Instead, it is likely to be dynamic over time, changing with the shifts in end-user demands,” he says. Thus, “the static, one-size-fits-all approach that dominates the current debate misses the mark.”

Yoo makes a particular powerful case for flexible network pricing policies. His outstanding chapter on “The Growing Complexity of Internet Pricing” offers an excellent overview of the changing dynamics of pricing in this arena and explains why experimentation with different pricing methods and business models must be allowed to continue. Getting pricing right is essential, Yoo notes, if we hope to ensure ongoing investment in new networks and services. He also notes how foolish it is to expect the government to come in and save the day thought massive infrastructure investment to cover the hundreds of billions of dollars needed to continue to build-out high-speed services.

Throughout the second half of his book, Yoo explains why it would be a disaster for consumers and high-tech innovation if policymakers limited pricing flexibility and experimentation with new business models and technological standards. He argues that public policy should generally seek to avoid ex ante forms of preemptive, prophylactic Internet regulation and instead rely on an ex post approach when and if things go wrong. Essentially, he wants policymakers to embrace “techno-agnosticism” toward ongoing debates over standards, protocols, business models, pricing methods, and so on. Lawmakers should not be preemptively tilting the balance in one direction or the other or, worse yet, restricting experimentation that can help us find superior solutions.

And even under that model of retrospective review, Yoo makes it clear throughout the book that there should be a very high bar established before any regulation is pursued. This is particularly true because of the First Amendment values at stake when the government attempts to regulate speech platforms. In Chapter 9 of the book, Yoo walks the reader through all the relevant case law on this front and makes it clear how “the Supreme Court has repeatedly recognized that the editorial discretion exercised by intermediaries serves important free speech values.” Yoo also makes the case that a certain degree of intermediation helps serve consumer needs by helping them more easily find the content and services they desire. Law should not seek to constrain that and, under current Supreme Court First Amendment jurisprudence, it probably cannot.

To me, Yoo’s approach strikes the right balance for Net governance and public policy in the information age. It all comes down to flexibility and freedom. If the Internet and all modern digital technologies are to thrive, we must reject the central planner’s mindset that dominated the analog era and forever bury all the static thinking it entailed.

My complete review of Yoo’s Dynamic Internet is here.

(5) Brett Frischmann – Infrastructure: The Social Value of Shared Resources

Frischmann’s book offers a nice contrast with Yoo’s in that it suggests a far more ambitious role for the state in shaping the future of digital networks and online platforms. Although not strictly a book about information technology infrastructure, Frischmann spends a great deal of time making the case for a greater government action in the realm of communications policy and for open access and Net neutrality regulation in particular. (There’s also a chapter on intellectual property issues that tech policy wonks will find of interest). The book is a veritable paean to open access regulation; Frischmann aims to persuade the reader that “society is better off sharing infrastructure openly” and devotes considerable energy to hammering that point home in one context after another.

In my review of the book, which was part of 2-day symposium on the book over at the Concurring Opinions blog, I took Frischmann’s book to task for its almost complete absence of public choice insights and his general disregard for thorny “supply-side” questions.  Frischmann is so single-mindedly focused on making the “demand-side” case for better appreciating how open infrastructures “generate spillovers that benefit society as a whole” and facilitate various “downstream productive activities,” that he short-changes the supply-side considerations regarding how infrastructure gets funded and managed to begin with.

The book also ignored the omnipresent threat of regulatory capture and the fact that any major infrastructure regulatory system big enough and important to be captured by special interests and affected parties often will be. Frischmann acknowledges the problem of capture in just a single footnote in the book and admits that “there are many ways in which government failures can be substantial,” but he asks the reader to quickly dispense with any worries about government failure since he believes “the claims rest on ideological and perhaps cultural beliefs rather than proven theory or empirical fact.”  I found that assertion outrageous and argued that, to the contrary, decades of scholarship has empirically documented the reality of government failure and its costs to society, as well as the plain old-fashioned inefficiency often associated with large-scale government programs. For infrastructure projects in particular, the combination of these public choice factors usually adds up to massive inefficiencies and cost overruns.

For those reasons, I argued in my review that society would be better off adopting a “3-P” approach to infrastructure management: privatize, property-tize, and price. But Frischmann is dead set against such thinking and makes it clear that everything must be subservient to the goal of “openness” and commons-based management. Unsurprisingly, therefore, this leads him to suggest that we need “a dramatic shift — perhaps a paradigm shift — away from the conventional position favoring market provisioning and markets ‘free’ from government intervention.” But the problem with that reasoning, as I pointed out in my review, is that most of the infrastructure that Frischmann cites as failing us today is already managed in the fashion he favors! Nonetheless, he wants to pile on still more commons-based government control / ownership solutions even though they are the primary cause of our infrastructure problems today. In this sense, Frischmann’s approach parallels Susan Crawford’s in her book Captive Audience, discussed above. They both seek to gloss over the ugly realities of traditional public infrastructure (mis-)management and they imply that we just need to build a better breed of bureaucrats who will somehow be immune to all the problems of the past. Needless to say, I don’t place much faith in such efforts.

Despite these serious deficiencies, students and scholars studying infrastructure theory will benefit from Frischmann’s excellent treatment of public goods and social goods; spillovers and externalities; proprietary versus commons systems management; common carriage policies and open access regulation; congestion pricing strategies; and the debate over price discrimination for infrastructural resources. He at least does a nice job outlining these concepts and controversies, even if he ultimately fails to make the case for radically expanding government control of infrastructural resources.

Again, you can read my entire review of Frischmann’s book here.

— Other Major Releases in 2012 —

Julie E. Cohen – Configuring the Networked Self: Law, Code, and the Play of Everyday Practice

Cohen’s book represents an effort to move “beyond the bounds of traditional liberal political theory” by transcending what she labels the traditional “information-as-freedom” versus “information-as-control” paradigms. Her aim is to promote “cultural environmentalism” and “the structural conditions of human flourishing.” She argues that “a commitment to human flourishing demands a more critical stance toward the market-driven evolution of network architectures.” In other words, don’t trust markets.

I didn’t find her case very convincing and it didn’t help that the book is filled with impenetrable prose that sometimes leaves the reader’s head a bit numb. (Two representative samples: “With respect to space, surveillance employs a twofold dynamic of containerization and affective modulation in order to pursue large-scale behavioral modification.” … and… “Here the performative impulse introduces static into the circuits of the surveillant assemblage; it seeks to reclaim bodies and reappropriate spaces.” Say what? Write in plain English, professor!)

The closing chapter also includes a strange reinterpretation of Ludditism. Cohen argues: “the tale of the Luddites poses an important challenge for scholars and policy makers in the emerging networked information society. If technologies do not have natural trajectories, it is our obligation to seek pathways of development that promote the well-being of situated, embodied users and communities. When our preferred policy prescriptions persistently produce information architectures and institutions that undermine human flourishing in critical ways, it is time to question them and to experiment with ways of doing better.”  Hmmm… I’m not sure I want to know what that would mean in practice!

Regardless, Cohen’s book has a lot to say about modern privacy and copyright battles and will be of great interest to scholars in those specific fields of study.  You can find all the chapters online here.

Cole Stryker – Hacking the Future: Privacy, Identity, and Anonymity on the Web

Stryker’s Hacking the Future provides a concise overview of the battles over online anonymity that have raged since the Net’s early days and he outlines the many new threats to it. “What we are seeing is an all-out war on anonymity, and thus free speech, waged by a variety of armies with widely diverse motivations, often for compelling reasons,” he says. The book will be a great use to those covering ongoing policy debates over cybersecurity, the “nymwars” and online authentication / identification debates, post-Arab Spring political activism & “hactivism,” encryption issues, social networking privacy, troll culture and cyberbullying, and much more. Stryker makes a strong case for the continuing importance of online anonymity but isn’t scared to ask hard questions about the trade-offs society faces when some can mask their online identities. But he also explores the question of whether anonymity can survive given recent technological and policy-related developments, both of which aim to make individuals more identifiable online. I particularly enjoyed Chapter 10’s breakdown of the “Faces of Anonymity,” in which Stryker crafts a detailed taxonomy of anonymous character types online.

He also offers a run-down of the tools and steps that people can take advantage of if they want to ensure their anonymity / privacy online, including: cookie blocking, private browsing tools, disabling HTML in email and limiting or disabling broswer extensions, clearing browser histories, and using encryption tools, proxy servers, and VPN tunneling. “The question we have to ask ourselves,” Stryker notes, is “Does the accessibility of these anonymizing technologies make the world a safer, more equitable place, better place?” He answers: “It’s difficult to measure, but their abolition certainly wouldn’t.” He also draws this interesting parallel with efforts to regulate firearms: “The logic here is not unlike that used by those who oppose gun control: if guns are made illegal, then only criminals will have guns, leaving well-meaning folks defenseless. The reasoning is compelling within the identity space,” he argues, “regardless of what you might think about the merits of gun control.”

Two other notes: First, Wide Open Privacy: Strategies For The Digital Life by J.R. Smith & Siobhan MacDermott makes a nice compliment to Hacking the Future. It also offers a breakdown of privacy-enhancing technologies and outlines other strategies to safeguard your online anonymity. Second, if you are interested in digging even deeper in the Luzsec side of this story, you should check out Parmy Olson’s W e are Anonymous: Inside the Hacker Wor ld of Lulzsec, Anonymous and the Global Cyber Insurgency. It’s a splendid history but doesn’t have as much to say about the various policy issues that Stryker tackles in Hacking the Future. Or just listen to Olson’s podcast discussion with Jerry Brito. Speaking of that Brito character…

Jerry Brito (ed.) – Copyright Unbalanced: From Incentive to Excess

My Mercatus Center colleague Jerry Brito put together this important collection of essays by various conservatives and libertarian authors to highlight growing concerns about copyright policy. Contributors include Tom W. Bell, David G. Post, Reihan Salam, Patrick Ruffini, Tim Lee, Christina Mulligan, and Eli Dourado (also of Mercatus). Their essays suggest that the tide may be turning against copyright among free market analysts. Their chapters explore the increasingly complexity of copyright law and the rising costs associated with its enforcement and make a powerful case for reform of, or at least restraints on, the current copyright system. The consensus seemed to revolve around a few key reforms: significantly shortened copyright terms, the reintroduction of formalities (i.e., registration), and limits on criminal prosecution and civil asset forfeiture. The authors also make a strong case that public choice problems pervade today’s copyright system and that we should be concerned that cronyism is increasing creeping into the politics of copyright law and its seemingly endless expansion.

If you interested in a different take on IP issues to balance out Brito’s collection, I’d recommend picking up the forthcoming Laws of Creation: Property Rights in the World of Ideas by Ronald A. Cass and Keith N. Hylton. It’s a 2013 release but it is already in stock. I’m reading an advance copy from the publisher right now and will likely have more to say about it in a forthcoming post.

Randolph J. May (ed.) – Communications Law and Policy in the Digital Age: The Next Five Years

My former colleague Randy May put together this nice collection of essays by some of America’s leading communications and media policy scholars, including Bruce Owen, Christopher Yoo, James Speta, Daniel Lyons and others. The authors offer a generally skeptical take on the expansion of communications and broadband regulation and the growing power of the Federal Communications Commission over these markets. In particular, many of the contributors take the FCC to task for sketchy assertions of jurisdiction and the agency’s efforts to expand its imperial regulatory ambitions without always having the clear statutory authority to do so. The chapters by James Speta and Seth Cooper are particularly good in that regard. Admin law geeks will eat them up.

Those analysts following the ongoing Net neutrality wars will also find the book informative, even if they disagree with the generally skeptical take on the issue from contributors. Spectrum and universal service policy wonks will also appreciate the excellent chapters on those two issues from Michele P. Connolly and Daniel A. Lyons, respectively. And the closing chapter by Bruce Owen is, like everything Bruce does, a masterpiece. Owen is probably the most respected media economist on the planet and his decades of experience in this field shines through in his powerful essay on “Communications Policy Reform, Interest Groups, and Legislative Capture.” He crafts a political economy of the regulatory state and points out that the explosion of rent-seeking and legislative/regulatory capture in this sector is unlikely to dissipate. “Therefore,” Owen argues, “communications policy likely will continue to be subject to welfare-suppressing regulation because such regulation is consistent with the interests of legislators,” who are often beholden to special interests and their campaign dollars.

Joshua Gans – Information Wants to Be Shared

I really enjoyed this book. It’s an insightful exploration of modern media economics filled with interesting questions and scenarios about how information markets will evolve in the future. What will sustain movies, music, book, local reporting, and so on in the future? Gans does a terrific job making these issues easy to understand and doesn’t try to evangelize as much as the many others who have written on these issues. If you’ve read and enjoyed Carl Shapiro and Hal Varian’s classic text, Information Rules, then you will find Gans’ book to be the perfect compliment.

Gans doesn’t have a lot to say about public policy, however. This is really more of a business book suited for industry analysts and business school students. Nonetheless, some of its implications for policy are clear since many of these business model debates boil over into the policy arena.

P.S. I should mention that, even if you don’t pick up his new book, you should be following Gans’ “Digitopoly” blog. It is always worth reading.

Andrew Keen – Digital Vertigo: How Today’s Online Social Revolution Is Dividing, Diminishing, and Disorienting Us

If you’re into ‘the-whole-world-is-going-to-Hell-and-the-Internet-is-to-blame’ screeds, Andrew Keen will never disappoint. In Digital Vertigo as well as his earlier book, The Cult of the Amateur, Keen is grumpy about, well, just about everything under the sun. In the earlier book, it was the Web 2.0 world of blogging and “amateur” content creation — most notably Wikipedia and YouTube — that earned Keen’s wrath. In the new book, it is users themselves and the social sharing sites and technologies that they favor that Keen goes off on.

Specifically, Keen is worried that our increased reliance on new online and interactive technologies is spawning a “hypervisible age of great exhibitionism” that sacrifices privacy and individuality at the altar of sharing and social status-seeking. He also makes sweeping claims that we are now living in “a world in which many of us have forgotten what it means to be human,” or that “we are forgetting who we really are.” As I noted in my Forbes review of the book, it’s classic technopanic talk. Not only does Keen fail to substantiate such claims, but he also doesn’t bother to even offer the reader any sort of practical plan for how to achieve a more balanced digital life.

Bruce Schneier – Liars & Outliers: Enabling the Trust that Society Needs to Thrive

Security expert Bruce Schneier’s latest book was a terrific read and easily one of my favorites of the year. It wasn’t a book about technology policy per se, but it certainly has important ramifications for it. Schneier explains four “societal pressures” combine to help create and preserve trust within society. Those pressures include: (1) Moral pressures; (2) Reputational pressures; (3) Institutional pressures; and (4) Security systems. By “dialing in” these societal pressures in varying degrees, trust is generated over time within groups. Of course, these societal pressures also fail on occasion, Schneier notes. He explores a host of scenarios — in organizations, corporations, and governments — when trust breaks down because defectors seek to evade the norms and rules the society lives by. These defectors are the “liars and outliers” in Schneier’s narrative and his book is an attempt to explain the complex array of incentives and trade-offs that are at work and which lead some humans to “game” systems or evade the norms and rules others follow.

Indeed, Schneier’s book serves as an excellent primer on game theory as he walks readers through complex scenarios such as prisoner’s dilemma, the hawk-dove game, the free-rider problem, the bad apple effect, principle-agent problems, the game of chicken, race to the bottom, capture theory, and more. These problems are all quite familiar to economists, psychologists, and political scientists, who have spent their lives attempting to work through these scenarios. Schneier has provided a great service here by making game theory more accessible to the masses and given it practical application to a host of real-world issues.

The most essential lesson Schneier teaches us is that perfect security is an illusion, and this is where the implications for tech policy come in. We can rely on those four societal pressures in varying mixes to mitigate problems like theft, terrorism, fraud, online harassment, and so on, but it would be foolish and dangerous to believe we can eradicate such problems completely. “There can be too much security,” Schneier explains, because, at some point, constantly expanding security systems and policies will result in rapidly diminishing returns. Trying to eradicate every social pathology would bankrupt us and, worse yet, “too much security system pressure lands you in a police state,” he correctly notes.

Despite these challenges, Schneier reminds us that there is cause for optimism. Humans adapt better to social change than they sometimes realize, usually by tweaking the four societal pressures Schneier identifies until a new balance emerges. While liars and outliers will always exist, society will march on.

See my longer review of Schneier’s excellent book over at Forbes. I highly recommend you pick up Liars & Outliers no matter what your field of study. It is outstanding.

… and still more titles from 2012 (* asterisk means I didn’t find time to finish them)…

• E. Gabriella Coleman – Coding Freedom: The Ethics and Aesthetics of Hacking *
• Sean A. Pager & Adam Candeub (eds.) – Transnational Culture in the Internet Age *
• John Naughton – From Gutenberg to Zuckerberg: What You Really Need to Know about the Internet
• Erik Brynjolfsson & Andrew McAfee – Race Against the Machine: How the Digital Revolution is Accelerating Innovation, Driving Productivity, and Irreversibly Transforming Employment and the Economy [listen to McAfee’s podcast discussion with Jerry Brito]
• Chris Reed – Making Laws for Cyberspace *
• J.R. Smith & Siobhan MacDermott – Wide Open Privacy: Strategies For The Digital Life
• Virginia Eubanks – Digital Dead End: Fighting for Social Justice in the Information Age *
• Lori Andrews – I Know Who You Are and I Saw What You Did: Social Networks and the Death of Privacy
• Hassan Masum and Mark Tovey (eds.) – The Reputation Society: How Online Opinions Are Reshaping the Offline World *
• Reed Hundt & Blair Levin – The Politics of Abundance: How Technology Can Fix the Budget, Revive the American Dream, and Establish Obama’s Legacy *
• Kal Raustiala & Christopher Sprigman – The Knockoff Economy: How Imitation sparks Innovation* [listen to Sprigman’s podcast discussion with Jerry Brito]
• Jason Mazzone, Copyfraud and Other Abuses of Intellectual Property Law * [listen to Mazzone’s podcast discussion with Jerry Brito]
• Clay A. Johnson – The Information Diet: A Case for Conscious Consumption
• Julian Assange – Cypherpunks: Freedom and the Future of the Internet
• Andy Greenberg – This Machine Kills Secrets: How WikiLeakers, Cypherpunks, and Hacktivists Aim to Free the World’s Information

… and, again, here are the lists of important books from 2008, 2009, 2010, and 2011.

I have always found it strange that the ACLU speaks with two voices when it comes to user empowerment as a response to government regulation of the Internet. That is, when responding to government efforts to regulate the Internet for online safety or speech purposes, the ACLU stresses personal responsibility and user empowerment as the first-order response. But as soon as the conversation switches to online advertising and data collection, the ACLU suggests that people are basically sheep who can’t possibly look out for themselves and, therefore, increased Internet regulation is essential. They’re not the only ones adopting this paradoxical position. In previous essays I’ve highlighted how both EFF and CDT do the same thing. But let me focus here on ACLU.

Writing today on the ACLU “Free Future” blog, ACLU senior policy analyst Jay Stanley cites a new paper that he says proves “the absurdity of the position that individuals who desire privacy must attempt to win a technological arms race with the multi-billion dollar internet-advertising industry.” The new study Stanley cites says that “advertisers are making it impossible to avoid online tracking” and that it isn’t paternalistic for government to intervene and regulate if the goal is to enhance user privacy choices. Stanley wholeheartedly agrees. In this and other posts, he and other ACLU analysts have endorsed greater government action to address this perceived threat on the grounds that, in essence, user empowerment cannot work when it comes to online privacy.

Again, this represents a very different position from the one that ACLU has staked out and brilliantly defended over the past 15 years when it comes to user empowerment as the proper and practical response to government regulation of objectionable online speech and pornography. For those not familiar, beginning in the mid-1990s, lawmakers started pursuing a number of new forms of Internet regulation — direct censorship and mandatory age verification were the primary methods of control — aimed at curbing objectionable online speech. In case after case, the ACLU rose up to rightly defend our online liberties against such government encroachment. (I was proud to have worked closely with many former ACLU officials in these battles.) Most notably, the ACLU pushed back against the Communications Decency Act of 1996 (CDA) and the Child Online Protection Act of 1998 (COPA) and they won landmark decisions for us in the process.

In those and other cases, the ACLU playbook wasn’t just solely focused on a pure First Amendment defense. In other words, they didn’t just say ‘Well, First Amendment values are at stake here, and so all you parents, prudes, and policymakers should just get over your obsession with eradicating online porn.” No, what really won the day for us in these cases was the user empowerment angle. The ACLU rightly noted (and proved in court) that many “less-restrictive means” — filters, monitoring tools, ratings, labels, user education, media literacy, etc. — were available to the public and that those tools and strategies provided compelling alternatives to government regulation. Thus, paternalistic government regulation should yield to those alternatives and the public (namely, parents) should be expected to take responsibility and use those less-restrictive means to protect themselves and their kids. That is the proper approach for a society that cherishes free speech, personal responsibility, and a citizenry with diverse tastes and values.

Not only did the ACLU get courts to agree with this, but the logic of user empowerment as a trump to speech controls became so compelling to justices that in some cases they actually went beyond what free speech advocates had asked or expected, even in non-Internet related decisions. For example, in United States v. Playboy Entertainment Group  (2000), the Court struck down a law that required cable companies to “fully scramble” video signals transmitted over their networks if those signals included any sexually explicit content. Echoing its earlier holding in Reno v. ACLU , the Court found that less restrictive means were available to parents looking to block those potentially objectionable signals in the home. Specifically, the Court argued that:

[T]argeted blocking [by parents] enables the government to support parental authority without affecting the First Amendment interests of speakers and willing listeners—listeners for whom, if the speech is unpopular or indecent, the privacy of their own homes may be the optimal place of receipt. Simply put, targeted blocking is less restrictive than banning, and the Government cannot ban speech if targeted blocking is a feasible and effective means of furthering its compelling interests.

More importantly, the Court held that:

It is no response that voluntary blocking requires a consumer to take action, or may be inconvenient, or may not go perfectly every time. A court should not assume a plausible, less restrictive alternative would be ineffective; and a court should not presume parents, given full information, will fail to act.

The Court endorsed that same logic for video games in the landmark 2011 decision in Brown v. EMA, which struck down a California that prohibited the sale or rental of “violent video games” to minors.

As I noted in my old book on Parental Controls & Online Child Protection , this is an extraordinarily high bar that the Supreme Court has set for policymakers wishing to regulate modern media content or online expression. Not only is it clear that the Court is increasingly unlikely to allow the extension of analog-era content regulations to new media outlets and technologies, but it appears likely that judges will apply much stricter constitutional scrutiny to all efforts to regulate speech and media providers in the future. And we really have to thank the ACLU for getting this user empowerment revolution started because, make no doubt about it, it was that hook that ushered in this amazing jurisprudential revolution — for the Internet, for video games, for new media, for everything.

Sadly, however, the ACLU is now abandoning the user empowerment approach, at least as it pertains to digital privacy regulation.

In Stanley’s latest piece as well as many other ACLU statements on privacy issues, we hear almost nothing about the importance of keeping the Net free of unnecessary regulation or that government regulation should yield to user empowerment. Instead, we are told that citizens cannot be expected to look out for themselves in this way, or that they can’t possibly hope to “win the arms race” against online advertisers. I think that is utter nonsense. The fact of the matter is that it is far, far harder to win “the arms race” against online porn and objectionable speech using user empowerment tools than it is to defeat online advertising or “tracking.”   There exists a very broad array of privacy-enhancing user empowerment tools and strategies today that can help privacy-sensitive individuals attain greater protection. Here’s a big filing I submitted to the Federal Trade Commission documenting just some of what is on the market today. (See Sec. VI). But here’s just a short list of things users can do or install to better enhance their online privacy:

• adjust your browser’s privacy settings to clear out and block the cookies most online ad networks use and utilize private browsing or “incognito” modes to surf the Web more privately;
• download tools to help you manage cookies, blocking web scripts, and so on.  Some of the more notable ones include: Ghostery, NoScript, Cookie Monster, Better Privacy, Track Me Not, and the Targeted Advertising Cookie Opt-Out or “TACO” (all for Firefox); No More Cookies (for Internet Explorer); Disconnect (for Chrome); AdSweep (for Chrome and Opera); CCleaner (for PCs); and Flush (for Mac).
• download AdBlockPlus and block almost all online advertising on most websites, and thus the data collection performed by online cookies. (It remains the most-downloaded add-on for both the Firefox and Chrome web browsers)
• use “ad preference managers” from major search companies. Google, Microsoft and Yahoo! all offer easy to use opt-out tools and educational webpages that clearly explain to consumers how digital advertising works. Meanwhile, DuckDuckGo offers as alternative search experience that blocks data collection altogether.

Again, this list just scratches the surface. New empowerment solutions like these are are constantly turning up. And many other tools and strategies exist that users can tap. See this excellent recent article by Kashmir Hill of Forbes, “10 Incredibly Simple Things You Should Be Doing To Protect Your Privacy.”

Now, let me be clear: These solutions aren’t perfect. There are no silver bullets or simple fixes when it comes protecting our privacy online. But the exact same thing has always been true for objectionable online content. I find that by using tools and strategies such as those listed above, however, you can eliminate most online advertising and data collection from your digital life. By contrast, as good as online safety tools are, a lot more gets through. That’s because what counts as “objectionable content” is notoriously subjective and, therefore, no tool or strategy can ever work perfectly. “Good enough” seems to be the standard we have to accept here. Again, the same can be said for privacy controls, but it is my contention that, relatively speaking, they actually do a better job if you are willing to live with some inconveniences (as can be the case if you are constantly clearing out your cookies and blocking all scripts, some of which may be important for site functionality). But those are trade-offs you need to accept if you want to ensure all ads are blocked or no data is collected. (Of course, once again, the exact same thing is has always been true for objectionable online content. It can be a huge inconvenience for parents and guardians to try to deal with online porn and objectionable content using all those user empowerment tools and strategies, no matter how good they are). Regardless, my argument here is that, contrary to what many advocates of privacy regulation claim, privacy empowerment tools and strategies can be remarkably effective at screening out almost all online advertising and greatly limiting any collection of personal data.

I can imagine that one response to what I have said here is that, regardless of how well the respective classes of user empowerment tools work, privacy “harms” are more serious and deserve greater government scrutiny and regulation than objectionable online speech/content. But that’s a subjective squabble we’ll never be able to definitively answer. Plenty of people would argue the opposite: that exposure to online porn and objectionable speech will do more harm to minors and society than any amount of online advertising or data collection ever would. Personally, I think both harms are grotesquely inflated “technopanics,” as I noted in this 80-page paper on the topic.

I can anticipate another response that goes like this: “Well, what’s wrong with the government doing a little paternalistic nudging if it’s focused on better empowering users?” First, let’s be clear that groups like ACLU, EFF, and CDT did not adopt that position for objectionable online speech/content. And with good reason. They understood that if we invite the government to come in and create and/or mandate the empowerment tools to be used to address the problem, it could serve as a Trojan Horse that policymakers could later use to expand their influence over speech and speech platforms. But why, then, would the same concern not apply to efforts by the government to mandate certain privacy tools or controls? Such a move would serve as the same sort of open-ended invite to the government to come in and meddle more with online networks.

I suspect what this all comes down to is the artificial distinction between speech rights and economic liberties that the ACLU and other groups have made through the years.  If the regulatory proposals are more about speech regulation, then the ACLU and others will say that personal responsibility and user empowerment represent the proper first-order response. But if we are talking about something perceived to be economic regulation (like advertising regulation), then the standard seems to change and all the talk of personal responsibility and user empowerment go right out the window. (Of course, this is just the classic distinction between “civil libertarians” and actual libertarians manifesting itself in a different way. While the two groups share a mutual distrust of government regulation of speech and social affairs, the civil libertarians distrust free markets and invite regulation of them there whereas the actual libertarians do not.)

But let’s ignore all these other issues and ask a different question: What about the precedent ACLU is setting here by saying user empowerment is hopeless when it comes to privacy? It goes without saying that more than a few social conservatives and regulatory-minded child safety organizations may be listening! Don’t be surprised if those folks throw the ACLU’s words back at them next time controls on speech and expression are being contemplated. They will argue that if people are sheep when it comes to protecting their privacy, then they must also be sheep when it comes to protecting themselves and their families from porn and other objectionable things online.

To me, the consistent and principled position here is this: Personal responsibility and user empowerment should be the first-order solution for all these issues. Governments should only intervene when clear harm can be demonstrated and user empowerment truly proves ineffective as a solution. Conjectural fears must not drive Internet regulation. While there are many legitimate online safety privacy concerns out there, we can find better, less-restrictive ways of dealing with them than by inviting greater government controls for cyberspace.

John Palfrey of the Berkmann Center at Harvard Law School, discusses his new book written with Urs Gasser, Interop: The Promise and Perils of Highly Interconnected Systems. Interoperability is a term used to describe the standardization and integration of technology. Palfrey discusses how the term can describe many relationships in the world and that it doesn’t have to be limited to technical systems. He also describes potential pitfalls of too much interoperability. Palfrey finds that greater levels of interoperability can lead to greater competition, collaboration, and the development of standards. It can also lead to giving less protection to privacy and security. The trick is to get to the right level of interoperability. If systems become too complex, then nobody can understand them and they can become unstable. Palfrey describes the current financial crises could be an example of this. Palfrey also describes the difficulty in finding the proper role of government in encouraging or discouraging interoperability.

Download

Related Links

• Interop: The Promise and Perils of Highly Interconnected Systems , by Palfrey and Gasser
• “What is “Optimal Interoperability”? A Review of Palfrey & Gasser’s “Interop”, Adam Thierer
• “Book Experiment #2: Interop”, Palfrey’s Blog
• Interoperability, Berkman Center

My most recent Forbes column is entitled, “We All Hate Advertising, But We Can’t Live Without It.” It’s my attempt to briefly (a) defend the role advertising has traditionally played in sustaining news, entertainment, and online service, and (b) discuss some possible alternatives to advertising that could be tapped if advertising starts failing us a media cross-subsidy.

What got me thinking about this issue again was the controversy over satellite video operator DISH Network offering its customers a new “Auto Hop” capability for its Hopper whole-home HD DVR system. Auto Hop will give viewers the ability to automatically skip over commercials for most recorded prime time programs shown on ABC, CBS, FOX and NBC when viewed the day after airing. It makes the viewing experience feel like the ultimate free lunch. Alas, something still must pay the bills. As innovative as that technology is, we can be certain that it will not make content consumption cost-free. We’ll just pay the price in some other way. The same is true for online services since it’s never been easier to use technology to block ads.

So, what is going to pay the bills for content as ad-skipping becomes increasingly automated and effortless? Stated differently, what are the other possible methods of picking up the tab for content creation? Here’s a rough taxonomy:

I.     CHARGES

A.     Direct Fees (Periodic billing / Pay-per-view)

B.    Indirect Charges (Tiers / Bundles / Package pricing)

II.     ADVERTISING

A.    General / Mass market ads (Billboards / Banner ads / Pop-up online ads)

B.     Targeted ads (Directed pitch)

C.     Integrated (Product placement / Payola)

D.     Sponsorship / Underwriting

III.     PHILANTHROPIC

A.     Individual  (ex: Arts & opera funding)

B.     Foundational (ex: Knight Foundation)

C.     Governmental  (ex: CPB / BBC model)

IV.     INTERNAL CROSS-SUBSIDY  (Profitable division subsidizes unprofitable / “loss leader” strategies)

There are probably other ways of subsidizing content creation, but those are the primary methods. I have no idea what combination of strategies will sustain content going forward, but I think advertising is likely to play a diminished role in the mix as it becomes increasingly easy for us to filter it out of the mix. But the content creators will just shift costs elsewhere and raise the prices for programming through direct and indirect pricing techniques. Do you like HBO’s pricing model? Pay-per-view? Paywalls? Well, it doesn’t make a difference whether you do or not because you’ll likely be seeing a lot more of those models in your life in coming years if advertising fades as a subsidization method.

Alternatively, as I also note in my Forbes piece, “we could see a lot more Texaco Star Theaters in our future, with major companies essentially owning specific shows or networks.” Such program sponsorship and content underwriting has always been with it, but it could really explode as a cross-subsidy method if traditional advertising starts failing. “But it will be challenging for every show or website to find its own corporate benefactor, and it will also raise issues about undue influence and bias,” I note in my essay.

I hope no one seriously believes that philanthropic models can fill the gaps. Even if we saw a significant uptick in voluntary charitable giving or even taxpayer support for the arts and media, there’s no way in hell it will possibly begin to cover the the bill for what advertising support covers today.

In the end, I can’t help but think how great we’ve had it when it comes to advertising. As I also noted in my essay, advertising has been “the great subsidizer of the press, entertainment, and online services” historically and benefited us tremendously even if we haven’t appreciated that fact. “It’s possible that no single industry — not newspapers nor search engines nor anything else — has done as much to advance the storehouse of accessible human knowledge in the 20th century as advertisers,” argues Washington Post columnist Ezra Klein. Klein is exactly right, yet it doesn’t really make a difference how important advertising has been to us if we fail to appreciate that fact and increasingly take steps to exclude it from our lives.

As that becomes easier and easier to accomplish, we shouldn’t bitch and whine when the bills (literally) come due for the content we all desire. As always, there is no free lunch. We’ll pay the price one way or another.

Additional Reading:

• my recent Charleston Law Review article on “Advertising, Commercial Speech & First Amendment Parity”
• Ezra Klein on the Importance of Advertising to Media
• The Hidden Benefactor: How Advertising Informs, Educates & Benefits Consumers
• There is No Free Lunch! No Advertising, No Media
• PFF’s Mega-Filing in the FCC’s “Future of Media” Proceeding

[UPDATE: 2/14/2013: As noted here, this paper was published by the Minnesota Journal of Law, Science & Technology in their Winter 2013 edition. Please refer to that post for more details and cite this final version of the paper going forward.]

I’m pleased to report that the Mercatus Center at George Mason University has just released my huge new white paper, “Technopanics, Threat Inflation, and the Danger of an Information Technology Precautionary Principle.” I’ve been working on this paper for a long time and look forward to finding it a home in a law journal some time soon.  Here’s the summary of this 80-page paper:

Fear is an extremely powerful motivating force, especially in public policy debates where it is used in an attempt to sway opinion or bolster the case for action. Often, this action involves preemptive regulation based on false assumptions and evidence. Such fears are frequently on display in the Internet policy arena and take the form of full-blown “technopanic,” or real-world manifestations of this illogical fear. While it’s true that cyberspace has its fair share of troublemakers, there is no evidence that the Internet is leading to greater problems for society. This paper considers the structure of fear appeal arguments in technology policy debates and then outlines how those arguments can be deconstructed and refuted in both cultural and economic contexts. Several examples of fear appeal arguments are offered with a particular focus on online child safety, digital privacy, and cybersecurity. The  various  factors  contributing  to  “fear  cycles”  in these policy areas are documented. To the extent that these concerns are valid, they are best addressed by ongoing societal learning, experimentation, resiliency, and coping strategies rather than by regulation. If steps must be taken to address these concerns, education and empowerment-based solutions represent superior approaches to dealing with them compared to a precautionary principle approach, which would limit beneficial learning opportunities and retard technological progress.

The complete paper can be found on the Mercatus site here, on SSRN, or on Scribd.  I’ve also embedded it below in a Scribd reader.

Technopanics and Threat Inflation [Adam Thierer – Mercatus Center]

Filings are due to the Federal Trade Commission (FTC) today as part of its review of the Children’s Online Privacy Protection Act (COPPA) and the COPPA rule that the FTC devised and enforces. I didn’t have time to pen as much as I wanted, but I did submit a short filing to the agency in the matter based on some of my previous work both with Berin Szoka and on my own.  Here’s the executive summary for my filing:

It goes without saying that the Children’s Online Privacy Protection Act (COPPA) is complicated law and rule. When considering the rule and proposals to amend it, it is easy to get lost in the weeds and ignore the bigger picture. That would be a mistake. There are broader, more important questions that need to be asked as part of the Federal Trade Commission’s effort to expand this regulatory regime. These questions involve not only the costs of increased regulation for online business interests, but the impact of expanded regulation on market structure, competition, and innovation. More importantly, these questions cut to the core of whether the public (including children) will be served with more and better digital innovations in the future. There is no free lunch. Regulation—even well-intentioned regulation like COPPA—is not a costless exercise. There are profound trade-offs for online content and culture that must always be considered.

Whatever one thinks about the effectiveness or sensibility of the COPPA regulatory model for the Web 1.0 world, it is clear that the regime is being strained by the unforeseen realities of the Web 2.0 world of hyper-ubiquitous connectivity and user-generated content creation and sharing. The digital genie cannot be put back in the bottle.  While COPPA may continue to have a marginal role to play in this rapidly evolving world, that role will likely be increasingly limited by the inherent realities of the information age.

Entire filing can be found on the Mercatus website, on SSRN, or via Scribd [Also embedded below in a Scribd reader.] [FILING] Comments of Adam Thierer – Mercatus Center – FTC COPPA 2011 Ammendments

Over the weekend, Janet Morrissey of The New York Times posted an excellent article on the U.S. government’s continuing crackdown on Internet gambling. (“Poker Inc. to Uncle Sam: Shut Up and Deal“) Ironically, her article arrives on the same week during which PBS aired the terrific new Ken Burns and Lynn Novick documentary on the history of alcohol prohibition in the United States. It’s a highly-recommended look at the utter hypocrisy and futility of prohibiting a product that millions of people find enjoyable. If there’s a simple moral to the story of Prohibition, it’s that you can’t repress human nature–not for long, at least, and not without serious unintended consequences. Which is why Morrissey of the Times notes:

And so the poker world now finds itself in a situation many liken to Prohibition. America didn’t stop drinking when the government outlawed alcoholic beverages in 1919. And, in this Internet age, it won’t be easy to prevent people from gambling online, whatever the government says. “It’s a game of whack-a-mole,” says Behnam Dayanim, an expert on online gambling and a partner at the Axinn Veltrop & Harkrider law firm. “They’ve whacked three very large moles, but over time, more moles will pop up.”

Exactly right (except that it should be “whac” not “whack”! There’s no K in whac-a-mole.)  It reminds me of the paper that my blogging colleague Tom Bell penned back in 1999 for the Cato Institute with its perfect title: “Internet Gambling: Popular, Inexorable, and (Eventually) Legal.” As Tom noted back then:

Consumer demand and lost tax revenue will create enormous political pressure for legalization, which we should welcome if only for its beneficial policy impacts on network development and its consumer benefits. We should also welcome it for a more basic reason: as the Founders recognized, our rights to peaceably dispose of our property include the right to gamble, online or off.

Again, you can’t hold back human nature and the effort of millions to pursue happiness as they see fit. It was true of alcohol and it will be true of online gambling–eventually.

And although it represents the worst argument for legalization, Tom was right about the tax revenue benefits as a primary factor leading to legalization. As Morrissey notes in her Times piece:

Uncle Sam is leaving a lot of money on the table. Over 10 years, legal online gambling could generate $42 billion in tax revenue, according to the Congressional Committee on Taxation. An estimated 1.8 million Americans played online poker last year, and some make a living at it. Because of the legal issues in the United States, online card rooms typically base their computer servers elsewhere, in places like Costa Rica or, in the case of Full Tilt, in the Channel Islands.

It was the same story back during alcohol prohibition, of course. All the “money left on the table” was snatched up by foreign governments and organized crime, who were all too happy to satisfy the thirst Americans had. Some State governments have already realized this and are taking steps to partially legalize online gambling and get in on the action, as Morrissey reports:

Oddly enough, Internet gambling is already legal in the nation’s capital. Earlier this year, the District of Columbia became the first jurisdiction in the United States to legalize it. Officials there said they hoped the move would bring in $13 million to $14 million a year in tax revenue. But Washington may only be the start. Several bills now working their way through the House of Representatives would give online poker the run of the country.

Again, as Bell’s paper argued, it’s popular, inexorable, and it will eventually be fully legal. We just have to be patient while some lawmakers play through this latest silly experiment in legislating morality.

Last year I was asked by the Aspen Institute Communications and Society Program and the John S. and James L. Knight Foundation to author a study on models for local online hubs or community web portals. This paper was one of several commissioned by the Knight Foundation to implement the 15 recommendations found in the Knight Commission report on the Information Needs of Communities in a Democracy.  The specific Knight Commission recommendation I focused on in my white paper read as follows: “Ensure that every local community has at least one high-quality online hub.” More specifically, it said: “Communities should have at least one well-publicized portal that points to the full array of local information resources. These include government data feeds, local forums, community e-mail listservs, local blogs, local media, events calendars, and civic information. [The entire three paragraph recommendation can be read here.]

My resulting white paper is entitled, Creating Local Online Hubs: Three Models for Action, and it was released by the Aspen Inst. & Knight Foundation at an event this morning.  (Another Aspen/Knight white paper was simultaneously released on Government Transparency: Six Strategies for More Open and Participatory Government. It was written by Jon Gant and Nicol Turner-Lee.) A short summary of my report follows down below, and you can find the entire report online here.  I’ve also embedded the video of this morning’s launch event for both reports.

___

Creating Local Online Hubs: Three Models for Action

by Adam Thierer

— EXECUTIVE SUMMARY —

The Knight Commission on the Information Needs of Communities in a Democracy (Knight Commission) recommended that every local community have at least one high-quality online hub to help meet community information needs. While the Commission recognized that “it is not possible for any one Web site to aggregate all of the online information local residents want and need,” it believed that “communities should have at least one well-publicized portal that points to the full array of local information resources.” This paper outlines how local online hubs currently work, what their core ingredients are, and what it will take to bring more of them to communities across America.

This analysis makes three simplifying assumptions. First, while newer developments have supplanted the “portal” concept—namely, online search and social media—there is still something to be said for websites that can help to aggregate attention, highlight important civic information and activities and map public information resources. Second, it continues to make sense to focus on geographic communities for the reasons the Informing Communities report made clear: they are the physical places where people live and work and also elect their leaders. Third, the government’s role in creating high-quality online hubs will likely be quite limited and primarily focused on (a) opening up its own data and processes and (b) some limited funding at the margins for other local initiatives.

Luckily, there are many excellent, high-quality online hubs already in place in many communities. Unsurprisingly, however, those hubs tend to be found mostly in large and mid-sized cities. They can serve as models for online hubs in other communities; the question is how to get them built.

As we look to do so, we should keep in mind the great diversity of local communities and realize that there is no one-size-fits-all, best approach to designing high-quality local online hubs. We should not assume that a hub model that works well in one community will automatically work for another. The more experimentation, the better at this point.  Some communities may be served by multiple hubs that specialize in serving various informational needs, while other communities might get all those needs served by one site.

The primary concern going forward should be underserved communities. More thought needs to be put into how to deal with those communities who have nothing in place today. That can be facilitated by the close collaboration of various players. Building effective local hubs will require coordination among local governments and universities, libraries and other community organizations, local businesses, local media outlets and other patrons and supporters. It is particularly important to find community champions who can help lead these efforts. Many of the examples discussed in this paper began with the efforts of a small handful of inspired, active, civic-minded citizens who were looking to make a difference in their communities using digital technologies.

It is important, however, that we do not set the benchmark for success too high. The effectiveness of online community hubs should not necessarily be measured solely by the number of people visiting those sites on a regular basis. Availability and usability should trump actual site time in terms of effectiveness measures.

To advance the goal of a high-quality online hub in every community, there are certain tasks that various stakeholders will need to undertake. Among these are the following:

• Governments at all levels should ensure that these hubs are given access to all relevant data about the government and other community affairs organized by it.
• Local libraries   and other community organizations can help to develop content and resources for local hubs. In fact, local libraries may be one of the best places to start discussions about local information needs and identify stakeholders who can help facilitate local hub creation or improvement.
• Local businesses can support online hubs through direct financial sponsorship; in-kind donations of services, support and technology; or advertising support (in much the same way as they do for local newspapers and broadcast outlets.)
• Local media outlets could partner with one another or  others in the community to foster or assist local hubs, or to improve the local information resources offered on their own websites.
• Colleges and universities offer a wealth of capital, human and other resources to map and develop local information resources. Higher education stakeholders could develop a toolbox of technologies and templates for ready-made hubs or a “code toolbox” to make local hub creation easier, incubate successful models or host local hubs.
• Foundations and venture capitalists should support best-of-class programs and applications through matching grants, support efforts such as the Knight News Challenge or directly invest in innovative local community online hubs and programs.
• Governments can provide seed money, targeted grants and access to public facilities to spur the creation of local online hubs where they do not currently exist, taking care not to impose a particular hub vision from outside the community receiving support.

Creating Local Online Hubs: Three Models for Action http://d1.scribdassets.com/ScribdViewer.swf

Today I filed roughly 30 pages worth of comments with the Federal Trade Commission (FTC) in its proceeding on “Protecting Consumer Privacy in an Era of Rapid Change: a Proposed Framework for Businesses and Policy Makers.” [Other comments filed in the proceeding can be found here.] Down below, I’ve attached the Table of Contents from my filing so you can see the major themes I’ve addressed, and I’ve also attached the entire document in a Scribd reader. In coming days and weeks, I’ll be expanding upon some of these themes in follow-up essays.

In my filing, I argue that while it remains impossible to predict with precision the impact a new privacy regulatory regime will have the Internet economy and digital consumers, regulation will have consequences; of that much we can be certain.  As the FTC  and other policy makers move forward with proposals to expand regulation in this regard, it is vital that the surreal “something-for-nothing” quality of current privacy debate cease. Those who criticize data collection or online advertising and call for expanded regulation should be required to provide a strict cost-benefit analysis of the restrictions they would impose upon America’s vibrant digital marketplace.

In particular, it should be clear that the debate over Do Not Track and online advertising regulation is fundamentally tied up with the future of online content, culture, and services. Thus, regulatory advocates must explain how the content and services supported currently by advertising and marketing will be sustained if current online data collection and ad targeting techniques are restricted.

The possibility of regulation also retarding vigorous marketplace competition—especially new innovations and entry—is also very real. Consequently, the Commission bears the heavy burden of explaining how such results would be consistent with its long-standing mission to protect consumer welfare and promote competition. Importantly, the “harm” that critics claim online advertising or data collection efforts gives rise to must be shown to be concrete, not merely conjectural. Too much is at stake to allow otherwise.

Finally, as it pertains to solutions for those who remain sensitive about their privacy online, education and empowerment should trump regulation. Regulation would potentially destroy innovation in this space by substituting a government-approved, “one-size-fits-all” standard for the “let-a-thousand-flowers-bloom” approach, which offers diverse tools for a diverse citizenry. Consumers can and will adapt to changing privacy norms and expectations, but the Commission should not seek to plan that evolutionary process from above.

Download my comments here or just scroll down and read them below.

Contents

I.       Introduction

II.      No Showing of Harm or Market Failure Has Been Made

1. How Do We Conduct Cost-Benefit Analysis When “Creepiness” Is the Alleged Harm?
2. Privacy Regulation & the Precautionary Principle.
3. On “Informed Consent” & Information as Currency
4. On “Commonly Accepted Practices”
5. The Mythical Harm of Consumer “Walk Aways”

III.    Privacy Regulation Is an Information Control Regime That Faces Formidable Enforcement Challenges

1. Media & Technological Convergence
2. Decentralized, Distributed Networking
3. Unprecedented Scale of Networked Communications
4. Explosion of the Overall Volume of Information
5. Unprecedented Individual Information Sharing Through User-Generation of Content and Self-Revelation of Data

IV.    The Commission’s Proposed “Do Not Track” Regime Creates Potential Risks to Consumers, Culture, Competition, and Global Competitiveness

1. Potential Direct Cost to Consumers
2. Potential Indirect Costs / Impact on Content & Culture
3. Competition & Market Structure
4. International Competitiveness
5. “Silver-Bullet” Solutions Rarely Adapt or Scale Well
6. Implications of This New Regime in Other Contexts

V.     Privacy Regulation Raises Serious Free Speech & Press Freedom Issues

VI.    Better, Less-Restrictive Solutions Exist to Privacy-Related Concerns

1. Education, Empowerment & Self-Regulation
2. Simplified” Privacy Policies, Enhanced Notice & “Privacy by Design”
3. Increased Sec. 5 Enforcement, Targeted Statutes & the Common Law

VII.  Conclusion

Comment in FTC Do Not Track Proceeding (Adam Thierer – Mercatus Center) http://d1.scribdassets.com/ScribdViewer.swf