Posts tagged as:

More on California’s New Net Regulations

by on May 23, 2011 · 1 comment

As Sonia Arrison mentioned here on Friday, the State of California is currently considering legislation that could, in the name of enhancing online privacy, impose burdensome new regulatory mandates on the Internet. Sonia has a nice column at TechNewsWorld discussing this. I also wrote about the same issue in my Forbes column this week, which is entitled, “The State of California Versus the Internet.” Specifically, I discuss SB 242, “The Social Networking Privacy Act,” and SB761, the so-called Do Not Track bill, and argue that: “What unifies these two measures is a general lack of understanding about the way the Internet and digital technology work. Both measures fail to appreciate the global nature of the Internet and would raise a host of unintended consequences.”

While the best of intentions drive these measures, they will be complicated to enforce in practice and could have a devastating impact on the California economy in the process. “If California wants to reestablish itself as the home of high-tech innovation,” I argue, “it needs to realize heavy-handed Net controls are not the ticket to either economic progress or job-creation.” Moreover, “These laws could be challenged in court since state-based regulation of the Internet raise constitutional issues. The Commerce Clause of the Constitution was designed to block the sort of parochial burdens on interstate commerce that these measures would establish.”

Jump over to Forbes to read the rest. Let’s hope California policymakers realize what a mistake they are making before it’s too late. If they don’t, Congress will need to preempt this regulation of interstate commerce if it’s not immediately challenged in Court and overturned.

SHARE: 1 comment

Privacy Solutions: How to Block Facebook’s “Like” Button And Other Social Widgets

by on May 20, 2011 · 21 comments

Social widgets, such as the now-ubiquitous Facebook “Like” button and Twitter “Tweet” button, offer users a convenient way to share online content with their friends and followers. These widgets have recently come under scrutiny for their privacy implications. Yesterday, The Wall Street Journal reported that Facebook, Twitter, and Google are informed each time a user visits a webpage that contains one of the respective company’s widgets:

Internet users tap Facebook Inc.’s “Like” and Twitter Inc.’s “Tweet” buttons to share content with friends. But these tools also let their makers collect data about the websites people are visiting. These so-called social widgets, which appear atop stories on news sites or alongside products on retail sites, notify Facebook and Twitter that a person visited those sites even when users don’t click on the buttons, according to a study done for The Wall Street Journal.

It wasn’t exactly a secret that social widgets “phone home.” However, the Journal’s story shed new light on how the firms that offer social widgets handle the data they glean regarding user browsing habits. Facebook and Google reportedly store this data for a limited period of time — two weeks and 90 days, respectively — and, importantly, the data isn’t recorded in a way that can be tied back to a user (unless, of course, the user affirmatively decides to “like” a webpage). Twitter reportedly records browsing data as well, but deletes it “quickly.”

Assuming the companies effectively anonymize the data they glean from their social widgets, privacy-conscious users have little reason to worry. I’m not aware of any evidence that social widget data has been misused or breached. However, as Pete Warden reminded us in an informative O’Reilly Radar essay posted earlier this week, anonymizing data is harder than it sounds, and supposedly “anonymous” data sets have been successfully de-anonymized on several occasions. (For more on the de-anonymization of data sets, see Arvind Narayanan and Vitaly Shmatikov’s 2008 research paper on the topic).

Continue reading →

SHARE: 21 comments

How the “Magic” of the Market Protects Privacy

by on May 12, 2011 · 0 comments

Sometimes free-marketeers are branded “free market fundamentalists” or something similar by their ideological opponents. The implication is that our preference for a society in which free people interact voluntarily to organize society’s resources is an irrational desire or a religion. I’m sure there’s a similar epithet we give to nanny staters—oh, there’s one, “nanny staters”—who we believe to have excessive faith in government solutions.

Market processes have decent theoretical explanations, such as Friedrich Hayek’s essay, “The Use of Knowledge in Society.” It’s not the easiest read, but lovers of the Internet, who see the genius of its decentralization, should see similar genius in markets as a method for discovering society’s wants and uniting to achieve them—without coercion.

From time to time, we also point out examples of how market processes work to deliver even intangible goods like privacy. So, for example, I noted market pressure against Facebook’s privacy-invasive “beacon” advertising system in 2007. Berin pointed out in 2008 that market forces caused Google to remove an oppressive clause from the Chrome end user license agreement. Google competitor Cuil made a run at the search behemoth based on privacy that year, something I noted briefly then (and Ryan and I discussed in the comments). I’ve also noted the failure of many to find true market failures.

As Cuil illustrates, not every privacy play works, but companies routinely pitch the public on the privacy merits of their products and the demerits of others’. It’s not a highly visible process, but it sometimes gets a little more visible when it fails. So thank you, Facebook, for a big #FAIL in the privacy competition area this week. You provide us a nice lesson in one of the ways markets work to meet consumer privacy demands.

You see, Facebook hired PR firm Burson-Marsteller to do a whisper campaign on the privacy demerits of a Google product called Social Circle. By pushing the story of privacy problems with a Google effort in the social networking space, Facebook hoped to thwart a competitor that it fears. Success would also be a success for privacy protection. If Google were doing something wrong, and Facebook were to make the case to the public, Google would lose face and it would lose business. Most importantly, a privacy-invasive product—as determined by public consensus—would recede. Markets often work by silently shunning products that don’t cut it. (Again, hard to see if you’re not looking for it, or if you’re committed to disbelieving it.)

Facebook appears not to have succeeded. Prickly privacy advocate Chris Soghoian outed the Burson-Marsteller campaign. Dan Lyons of the Daily Beast cornered Facebook into confessing its role in the attack on Google. And privacy commentator Kashmir Hill gives the privacy issues with Social Circle a “meh.”

When it happens differently, you get a change in a service like Social Circle—the way Facebook changed “beacon” and Google changed the Chrome EULA. These are anecdotes, and they reflect but one element of the market processes that shape products and services. But it’s something that “market denialists” should consider as they dig deep to explain to themselves and others how various mechanisms in our society work.

SHARE: 0 comments

Privacy Not a Focus of Senate Mobile Privacy Hearing

by on May 10, 2011 · 0 comments

This morning, the Senate Judiciary Committee’s Subcommittee on Privacy, Technology, and the Law had a hearing entitled: “Protecting Mobile Privacy: Your Smartphones, Tablets, Cell Phones and Your Privacy.” It was a remarkably scattered affair, and I blogged three key—and very distinct—elements of it on the Cato@Liberty blog:

  • The Department of Justice used this “mobile privacy” hearing to call for increased surveillance of Internet and mobile phone users.
  • To escape a prosecutorial dead-end, Senator Blumenthal (D-CT) strongly suggested that he would outlaw the collection of radio signals. Where this government power would lead is quite profound.
  • Ignoring mobile privacy, Senator Schumer (D-NY) touted his hobby-horse, mobile app censorship.

Valid concerns with what mobile operating system providers Google and Apple have done with location information were somewhat lost in this disjointed and confused hearing.

SHARE: 0 comments

Initial Thoughts about the Markey-Barton ‘Do Not Track Kids’ Bill

by on May 6, 2011 · 2 comments

Reps. Edward Markey (D-Mass.) and Joe Barton (R-Texas) have released a discussion draft of their forthcoming “Do Not Track Kids Act of 2011.”  I’ve only had a chance to give it a quick read, but the bill, which is intended to help safeguard kids’ privacy online, has two major regulatory provisions of interest:

(1) New regulations aimed at limiting data collection about children and teens, including (a) expansion of the Children’s Online Privacy Protection Act (COPPA) of 1998, which would build upon COPPA’s “verifiable parental consent” model; and (b) a new “Digital Marketing Bill of Rights for Teens;” and (c) limits on collection of geolocation information about both children and teens.

(2) An Internet “Eraser Button” for Kids to help kids wipe out embarrassing facts they have place online but later come to regret.  Specifically, the bill would require online operators “to the extent technologically feasible, to implement mechanisms that permit users of the website, service, or application of the operator to erase or otherwise eliminate content that is publicly available through the website, service, or application and contains or displays personal information of children or minors.” This is loosely modeled on a similar idea currently being considered in the European Union, a so-called “right to be forgotten” online.

Both of these proposals were originally floated by the child safety group Common Sense Media (CSM) in a report released last December.  It’s understandable why some policymakers and child safety advocates like CSM would favor such steps. They fear that there is simply too much information about kids online today or that kids are voluntarily placing far too much personal information online that could come back to haunt them in the future. These are valid concerns, but there are both practical and principled reasons to be worried about the regulatory approach embodied in the Markey-Barton “Do Not Track Kids Act”: Continue reading →

SHARE: 2 comments

Some Thoughts on the Cell Phone Locational Privacy Hullabaloo

by on May 3, 2011 · 1 comment

I spaced out and completely forget to post a link here to my latest Forbes column which came out over the weekend.  It’s a look at back at last week’s hullabaloo over “Apple, The iPhone, and a Locational Privacy Techno-Panic.” In it, I argue:

Some of the concerns raised about the retention of locational data are valid. But panic, prohibition and a “privacy precautionary principle” that would preemptively block technological innovation until government regulators give their blessings are not valid answers to these concerns. The struggle to conceptualize and protect privacy rights should be an evolutionary and experimental process, not one micro-managed at every turn by regulation.

I conclude the piece by noting that:

Public pressure and market norms also encourage companies to correct bone-headed mistakes like the locational info retained by Apple.  But we shouldn’t expect less data collection or less “tracking” any time soon.  Information powers the digital economy, and we must learn to assimilate new technology into our lives.

Read the rest here. And if you missed essay Larry Downes posted here on the same subject last week, make sure to check it out.

SHARE: 1 comment

Lauren Weinstein on Privacy & “Do Not Track”

by on May 2, 2011 · 2 comments

I’ve already Tweeted about it, but if you are following Internet privacy debates and have not yet had the chance to read Lauren Weinstein‘s new paper, “Do-Not-Track, Doctor Who, and a Constellation of Confusion,” it is definitely worth a look.  Weinstein, founder of the Privacy Forum, zeroes in on two related issue that I have made the focus of much of my work on this issue: (1) the fact that Do Not Track is seemingly viewed by some as a silver-bullet quick fix to online privacy concerns but will really be far more complicated in practice to enforce, and (2) that Do Not Track regulation will likely have many unintended consequences, most of which are going unexplored by proponents.

For example, Weinstein says:

Do-not-track in actuality encompasses an immensely heterogeneous mosaic of issues and considerations, not appropriately subject to simplistic approaches or “quick fix” solutions.   Approaching this area without a realistic appreciation of such facts is fraught with risks and the potential for major undesirable collateral damages to businesses, organizations, and individuals. Attempts to portray these controversies as “black or white” topics subject to rapid or in some cases even unilaterally imposed resolutions may be politically expedient, but are ultimately both childish and dangerous. […] Above all, we should endeavor to remember that tracking issues both on and off the Internet are in reality part of a complicated whole, a multifaceted  set of problems — and very importantly — potentials as well. The decisions that we make now regarding these issues will likely have far-ranging implications and effects on the Internet for many years to come, perhaps for decades.

Continue reading →

SHARE: 2 comments

When It Comes to Information Control, Everybody Has a Pet Issue & Everyone Will Be Disappointed

by on April 29, 2011 · 8 comments

When it comes to information control, everybody has a pet issue and everyone will be disappointed when law can’t resolve it. I was reminded of this truism while reading a provocative blog post yesterday by computer scientist Ben Adida entitled “(Your) Information Wants to be Free.” Adida’s essay touches upon an issue I have been writing about here a lot lately: the complexity of information control — especially in the context of individual privacy. [See my essays on “Privacy as an Information Control Regime: The Challenges Ahead,” “And so the IP & Porn Wars Give Way to the Privacy & Cybersecurity Wars,” and this recent FTC filing.]

In his essay, Adida observes that:

In 1984, Stewart Brand famously said that information wants to be free. John Perry Barlow reiterated it in the early 90s, and added “Information Replicates into the Cracks of Possibility.” When this idea was applied to online music sharing, it was cool in a “fight the man!” kind of way. Unfortunately, information replication doesn’t discriminate: your personal data, credit cards and medical problems alike, also want to be free. Keeping it secret is really, really hard.

Quite right. We’ve been debating the complexities of information control in the Internet policy arena for the last 20 years and I think we can all now safely conclude that information control is hugely challenging regardless of the sort of information in question. As I’ll note below, that doesn’t mean control is impossible, but the relative difficulty of slowing or stopping information flows of all varieties has increased exponentially in recent years.

But Adida’s more interesting point is the one about the selective morality at play in debates over information control. That is, people generally expect or favor information freedom in some arenas, but then get pretty upset when they can’t crack down on information flows elsewhere. Indeed, some people can get downright religious about the whole “information-wants-to-be-free” thing in some cases and then, without missing a beat, turn around and talk like information totalitarians in the next breath. Continue reading →

SHARE: 8 comments

The iPhone flap and the anatomy of a privacy panic

by on April 27, 2011 · 4 comments

I’ve written a long article this morning for CNET (See “Privacy panic debate:  Whose data is it?”) on the discovery of the iPhone location tracking file and the utterly predictable panic response that followed.  Its life-cycle follows precisely the crisis model Adam Thierer has so frequently and eloquently traced, most recently here on TLF.

In particular, the CNET article takes a close and serious look at Richard Thaler’s column in Saturday’s New York Times, “Show us the data.  (It’s ours, after all.)” Thaler uses the iPhone scare as occassion to propose a regulatory fix to the “problem” of users being unable to access in “computer-friendly form” copies of the information “collected on” them by merchants.  Continue reading →

SHARE: 4 comments

Video: Debating Privacy & Online Advertising on the Stossel Show

by on April 22, 2011 · 0 comments

On this week’s John Stossel show on Fox Business Network, I debated Internet privacy, advertising, and data collection issues with Michael Fertik of Reputation.com. In the few minutes we had for the segment, I tried to reiterate a couple of keep points that we’ve hammered repeatedly here in the past:

  • There’s no free lunch. All the free sites and service we enjoy online today are powered by advertising and data collection. [see this op-ed]
  • There is no clear harm in most cases, or what some argue is harm also can have many benefits that are rarely discussed. [see this paper.]
  • There’s little acknowledgement of the trade-offs involved in having government create an information control regime for the Internet. [see this filing and these three essays: 1, 2, 3.]
  • The ultimate code of “fair information practices” is the First Amendment, which favors free speech, openness, and transparency over secrecy and information control. [see this piece.]
  • “Hands Off the Net” is a policy that has served us well. There are dangerous ramifications for our economy and long-term Internet freedoms if we continue down the road of “European-izing” privacy law here in the States. [see this essay and this filing.]
  • At some point, personal responsibility needs to come into the equation. With so many privacy enhancing empowerment tools already on the market, it begs the question: If consumers don’t take steps to use those tools, why should government intervene and take action for them?

Anyway, here’s the 7-min video of the debate between Fertik and me:

http://www.youtube.com/v/rYBsOK47LUw&hl=en_US&feature=player_embedded&version=3

SHARE: 0 comments

← Previous Entries

Next Entries →