Posts tagged as:

On Mandating “Simplified” Privacy Policies

by on February 8, 2013 · 624 comments

Via a Twitter post this morning, privacy lawyer Stephen Kline (@steph3n) brings to my attention this new California bill that “would require the privacy policy [of a commercial Web site or online service] to be no more than 100 words, be written in clear and concise language, be written at no greater than an 8th grade reading level, and to include a statement indicating whether the personally identifiable information may be sold or shared with others, and if so, how and with whom the information may be shared.”

I’ve always been interested in efforts — both on the online safety and digital privacy fronts — to push for “simplified” disclosure policies and empowerment tools. Generally speaking, increased notice and simplified transparency in these and others contexts is a good norm that companies should be following. However, as I point out in a forthcoming law review article in the Harvard Journal of Law & Public Policy, we need to ask ourselves whether the highly litigious nature of America’s legal culture will allow for truly “simplified” privacy policies. As I note in the article, by its very nature, “simplification” likely entails less specificity about the legal duties and obligations of either party. Consequently, some companies will rightly fear that a move toward more simplified privacy policies could open them up to greater legal liability. If policymakers persist in the effort to force the simplification of privacy policies, therefore, they may need to extend some sort of safe harbor provision to site operators for a clearly worded privacy policy that is later subject to litigation because of its lack of specificity. If not, site operators will find themselves in a “damned if you do, damned if you don’t” position: Satisfying regulators’ desire for simplicity will open them up to attacks by those eager to exploit the lack of specificity inherent in a simplified privacy policy.

Another issue to consider comes down to simple bureaucratic sloth: Continue reading →

SHARE: 624 comments

On Data Privacy Day, A Glass Half Full and Leadership Lacking on Reforms

by on January 29, 2013 · 0 comments

Obama’s talked a big game about online privacy. He promised reform during the 2008 campaign. A year ago, the White House proposed a “Privacy Bill of Rights.” But so far, the Administration’s delivered little more than fine words. Worse, they’ve focused on the wrong problems.

Government has an important role to play in protecting consumer privacy, but its snooping and surveillance are far bigger problems—which have only grown worse. While Washington talks of a new commercial privacy “Bill of Rights,” the real Bill of Rights is in peril.

The American Revolution erupted, in large part, out of seething resentment at British privacy intrusions—without judicial supervision. Virginia adopted its own Bill of Rights shortly before the Declaration of Independence, including what later became Madison’s Fourth Amendment to the Constitution: “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated.” Law enforcement must generally obtain a warrant before conducting a search—which means convincing a judge that probable cause exists to believe a crime has been committed. Continue reading →

SHARE: 0 comments

Larry Downes on Privacy – Capitol Hill January 23rd

by on January 22, 2013 · 0 comments

Attendees at the State of the ‘Net conference will be thrilled to know that Larry Downes will be making an encore performance Wednesday afternoon, January 23rd, in the Rayburn House Office Building. The noontime briefing is entitled “A Rational Response to the Privacy ‘Crisis’.” It’s appropriately named because he’ll be discussing ideas from his recent Cato policy analysis: “A Rational Response to the Privacy ‘Crisis’.”

SHARE: 0 comments

The Perils of Parochial Privacy Policies

by on January 11, 2013 · 6 comments

Here’s a thought experiment. Let’s say you believe the Internet economy needs more regulation to guard against potential privacy violations or what you regard as excessive data aggregation. Further, you believe that no amount of self-regulation, social norms, market pressure, education, empowerment, or anything else could possibly substitute for regulation. I know there are a lot of people out there today who feel this way. Regardless of the merits of such claims, here’s my question for you: Do the ends (enhanced privacy protections) justify any means (regulation at any and every level of government)? For example, what would you think about having all 50 states creating their own Privacy Offices or Data Protection Bureaus that issued regulations or recommendations about Internet best practices?

What got me thinking about this was this new blog post by Parker Higgins of EFF, “California Attorney General Releases Mobile Privacy Recommendations.” In the essay, Higgins showers praise on California Attorney General Kamala D. Harris, who just released a document (“Privacy on the Go“) that lays out a long set of privacy “best practices” for mobile app developers. Higgins writes:

EFF applauds this important step forward, and congratulates the California Attorney General on a thorough and clearly written explanation of the importance of mobile privacy and how developers can deliver. It’s true that as technology changes, the specific needs and guidelines for companies will need to adapt. We could well see a time when these principles do not adequately protect the rights and needs of consumers. However, right now these principles represent a huge step forward — going beyond existing law in a way that improves transparency, accountability, and choice for users of mobile devices.

Regardless of the merits of the principles and recommendations contained in that report — and I agree that many of them are quite sensible best practices that industry should be following — I can’t help but wonder whether it is wise for EFF to be cheering on state-based Internet meddling so openly. Continue reading →

SHARE: 6 comments

Gabriella Coleman on the ethics of free software

by on January 8, 2013 · 0 comments

Gabriella Coleman, the Wolfe Chair in Scientific and Technological Literacy in the Art History and Communication Studies Department at McGill University, discusses her new book, “Coding Freedom: The Ethics and Aesthetics of Hacking,” which has been released under a Creative Commons license.

Coleman, whose background is in anthropology, shares the results of her cultural survey of free and open source software (F/OSS) developers, the majority of whom, she found, shared similar backgrounds and world views. Among these similarities were an early introduction to technology and a passion for civil liberties, specifically free speech.

Coleman explains the ethics behind hackers’ devotion to F/OSS, the social codes that guide its production, and the political struggles through which hackers question the scope and direction of copyright and patent law. She also discusses the tension between the overtly political free software movement and the “politically agnostic” open source movement, as well as what the future of the hacker movement may look like.

Download

Related Links

SHARE: 0 comments

Larry Downes’ “A Rational Response to the Privacy ‘Crisis’”

by on January 7, 2013 · 2 comments

We don’t expect news reports to exhibit the tightest legal reasoning, of course, but Sunday’s New York Times story on location privacy made a runny omelet of some important legal issues relating to privacy.

The starting point is United States v. Jones, a case the Supreme Court decided last January. The Court held that government agents violated the Fourth Amendment when they attached a GPS tracking device to a vehicle without a warrant and used it to determine the location of a suspect for four weeks. Location information can be revealing.

“Some advocacy groups view location tracking by mobile apps and ad networks as a parallel, warrantless commercial intrusion,” says the story. A location privacy bill forthcoming from Senator Al Franken (D-MN) “suggests that consumers may eventually gain some rights over their own digital footprints.”

Jones was about government agents—their freedom of action specifically disabled by the Fourth Amendment—invading a recognized property right (in one’s car) to gather data. There is little analogy to location tracking by mobile devices, apps, and networks, which are privately provided, voluntarily adopted, and which violate no recognized right. Indeed, their tracking provides various consumer benefits. The Times piece equivocates between the government’s failure to get a legally required search warrant in Jones and uses of data that some may feel “unwarranted,” in the sense of being “uncalled for under the circumstances.”

The first line of Larry Downes’ new Cato Policy Analysis, “A Rational Response to the Privacy ‘Crisis’,” could have been written for the Times‘ sloppy analogy:

“What passes today as a ‘debate’ over privacy lacks agreed-upon terms of reference, rational arguments, or concrete goals,” Downes says. The paper examines how the “creepy factor” permeates privacy debates rather than crisp thinking and clear-headed examination.

It’s not that location tracking doesn’t generate legitimate privacy concerns. It does. People don’t know how location information is collected and used. They don’t always know how to stop its collection. And the future consequence of location information collected today is unclear. But the capacity of private actors to harm individuals with location data is limited. Their incentive to do so is even smaller. And avoiding location tracking is simply done (at significant costs to convenience).

As Downes’ piece illustrates, we’ve seen this kind of debate before, and we’ll see it again: A particular innovation spurs privacy concerns and a backlash (whipped by legislators and regulators). A negotiation between consumers and industry, facilitated by the news media, advocates, and a variety of other actors, produces the way forward. As often as not, the way forward is a partial or complete embrace of the technology and its benefits. Plenty of times, the threat never materializes ( see pervasive RFID).

Downes explores the legal explanation for what happens when consumers adopt new technologies that use personal information to produce custom content and services—this question of “rights over … digital footprints.” He finds that licensing is the best explanation for what is happening. When consumers use the many online services available to them, they license data that they might otherwise control.

The legal framework Downes puts forward sets the stage for iterative, contract-based development of rules for how data may be used in the information economy. It cuts against top-down dictates like Franken’s proposal to regulate future technologies today, knowing so little of how technology or society will develop.

Ultimately, no legislature can resolve the deep and conflicted cultural issues playing out in the privacy debate. Downes characterizes that debate as revealed tension between Americans’ Davey Crockett side—the privacy-protective frontiersmen—and our collective Puritanism. We are participants in and parts of a very watchful society.

It’s worth a read, Larry Downes’s “A Rational Response to the Privacy ‘Crisis’.”

SHARE: 2 comments

Important Cyberlaw & Info-Tech Policy Books (2012 Edition)

by on December 17, 2012 · 131 comments

The number of major cyberlaw and information tech policy books being published annually continues to grow at an astonishing pace, so much so that I have lost the ability to read and review all of them. In past years, I put together end-of-year lists of important info-tech policy books (here are the lists for 2008, 2009, 2010, and 2011) and I was fairly confident I had read just about everything of importance that was out there (at least that was available in the U.S.). But last year that became a real struggle for me and this year it became an impossibility. A decade ago, there was merely a trickle of Internet policy books coming out each year. Then the trickle turned into a steady stream. Now it has turned into a flood. Thus, I’ve had to become far more selective about what is on my reading list. (This is also because the volume of journal articles about info-tech policy matters has increased exponentially at the same time.)

So, here’s what I’m going to do. I’m going to discuss what I regard to be the five most important titles of 2012, briefly summarize a half dozen others that I’ve read, and then I’m just going to list the rest of the books out there. I’ve read most of them but I have placed an asterisk next to the ones I haven’t.  Please let me know what titles I have missed so that I can add them to the list. (Incidentally, here’s my compendium of all the major tech policy books from the 2000s and here’s the running list of all my book reviews.)

Continue reading →

SHARE: 131 comments

Top 5 Net Policy Issues of 2012

by on December 10, 2012 · 0 comments

Earlier today on Twitter, I listed what I thought were the Top 5 “Biggest Internet Policy Issues of 2012.” In case you don’t follow me on Twitter — and shame on you if you don’t! — here were my choices:

  1. Copyright wars reinvigorated post-SOPA; tide starting to turn in favor of copyright reform. [TLF posts on copyright.]
  2. Privacy still red-hot w ECPA reform, online advertising regs & kids’ privacy issues all pending. [TLF posts on privacy.]
  3. WCIT makes Internet governance / NetFreedom a major issue worldwide. [TLF posts on Net governance.]
  4. Antitrust threat looms larger w pending Google case + Apple books investigation. [TLF posts on antitrust.]
  5. Cybersecurity regulatory push continues in both legislative (CISPA) & executive branch. [TLF posts on cybersecurity.]

Lists like these are entirely subjective, of course, but I am basing my list on the general amount of chatter I tended to see and hear about each topic over the course of the year.

What do you think the top tech policy issues of the year were?

SHARE: 0 comments

Your Privacy and FCC Broadband Measurement: What You Need to Know About Your Personal Data

by on September 21, 2012 · 0 comments

Consumers should be aware that “government transparency” also applies to the data consumers voluntarily provide to the FCC when they participate in a government-run broadband measurement program.

The most egregious aspect of these broadband measurement programs, however, is that the FCC kept the public in the dark for more than a year by failing to disclose that its mobile testing apps were collecting user locations (by latitude and longitude) and unique handset identification numbers that the FCC’s contractors can make available to the public.

The Federal Communications Commission (FCC) recently announced a new program to measure mobile broadband performance in the United States. The FCC believes it is “difficult” for consumers to get detailed information about their mobile broadband performance, and that “transparency on broadband speeds drives improvement in broadband speeds.” The FCC does not, however, limit transparency to broadband speeds. Consumers should be aware that “government transparency” also applies to the data consumers voluntarily provide to the FCC when they participate in a government-run broadband measurement program. Information collected by the FCC about individual consumers may be “routinely disclosed” to other federal agencies, states, or local agencies that are investigating or prosecuting a civil or criminal violation. Some personal information, including individual IP address, mobile handset location data, and unique handset identification numbers, may be released to the public.

This blog post describes the FCC’s broadband measurement programs and highlights the personal data that may be disclosed about those who participate in them. Continue reading →

SHARE: 0 comments

Adam Thierer on nationalizing Facebook

by on September 4, 2012

Adam Thierer, senior research fellow at the Mercatus Center at George Mason University, discuses recent calls for nationalizing Facebook or at least regulating it as a public utility. Thierer argues that Facebook is not a public good in any formal economic sense, and nationalizing the social network would be a big step in the wrong direction. He argues that nationalizing the network is neither the only nor the most effective means of solving privacy concerns that surround Facebook and other social networks. Nor is Facebook is a monopoly, he says, arguing that customers have many other choices. Thierer also points out that regulation is not without its problems including the potential that a regulator will be captured by the regulated network thus making monopoly a self-fulfilling prophecy.

Listen to the Podcast

Download MP3

Related Links

SHARE:

← Previous Entries

Next Entries →