Posts tagged as:

Privacy as an Information Control Regime: The Challenges Ahead

by on November 13, 2010 · 5 comments

This week, we’ve seen reports in both The New York Times (“Stage Set for Showdown on Online Privacy“) and The Wall Street Journal (“Watchdog Planned for Online Privacy“) that the Obama Administration is inching closer toward adopting a new Internet regulatory regime in the name of protecting privacy online.  In this essay, I want to talk about information control regimes, not from a normative perspective, but from a practical one.  In doing so, I will compare the relative complexities associated with controlling various types of information flows to protect against four theoretical information harms: objectionable content, defamation, copyright, and privacy.

From a normative perspective, there are many arguments for and against various forms of information control.  Here, for example, are the reasons typically given for why society might want to impose regulations on the Internet (or other communications channels) to address each of the four issues identified above:

  1. Content control / Censorship: We must control information flows to protect children from objectionable content or all citizens against some other form of supposedly harmful speech (hate speech, terrorist recruitment, etc).
  2. Defamation control: We must control information flows to protect people’s reputations.
  3. Copyright control: We must control information flows to protect the property rights of creators against unauthorized use / distribution.
  4. Privacy control: We must control information flows to protect against information flows that include information about individuals.

Again, there are plenty of good normative arguments in the opposite direction, many of which are based on free speech considerations since, by definition, information control regimes limit the flow of forms of speech.  For privacy, I discussed such speech-related considerations in my essay on “Two Paradoxes of Privacy Regulation.”  But what about the administrative or enforcement burdens associated with each form of information control?  I increasingly find that question as interesting as the normative considerations.

Continue reading →

SHARE: 5 comments

The Conflict Between a “Right to Be Forgotten” & Speech / Press Freedoms

by on November 5, 2010 · 10 comments

A report in the U.K. Telegraph notes that the European Union is seeking to create a so-called “right to be forgotten” online, and has “drafted potential legislation that would include new, unprecedented privacy rights for citizens sharing personal data.” Details are sparse at this point, but according to this new 20-page European Commission document, “A Comprehensive Approach on Personal Data Protection in the European Union,” the EU will be:

clarifying the so-called ‘right to be forgotten’, i.e. the right of individuals to have their data no longer processed and deleted when they are no longer needed for legitimate purposes. This is the case, for example, when processing is based on the person’s consent and when he or she withdraws consent or when the storage period has expired. (p.8)

Two brief comments on this.  First, it should be apparent that any “right to be forgotten” conflicts mightily with free speech rights and press freedom. As I discussed at greater length in this review of Solove’s Understanding Privacy as well as my essay on “Two Paradoxes of Privacy Regulation,” the problem with enshrining expansive privacy “rights” into law is that it means there will need to be stricter limits placed on speech and press freedoms.  As Eugene Volokh noted in his 2000 law review article entitled, “Freedom of Speech, Information Privacy, and the Troubling Implications of a Right to Stop People from Speaking About You“: Continue reading →

SHARE: 10 comments

Thoughts on the Election

by on November 3, 2010 · 3 comments

Tech issues don’t move the needle in national elections like yesterday’s, but below I’ll make some general observations, followed by a few on winners and losers in issue areas I cover.

All in all, I think it’s a good election result.

We’re back to divided government. The acute tension between the Republican House and Democratic Senate and president is likely to produce fiscal rectitude, and only legislation on which there is something close to true national consensus will pass.

Neither the Republicans nor the Tea Party movement were awarded any kind of sweeping victory, so they are unlikely to overplay their hands or take public support for granted. They must work to advance their aims by persuading more Americans that their philosophies and leadership are meritorious.

Democrats should, of course, be chastened. They’re rightly paying the price for the careless, go-for-broke strategy they used in the 111th Congress, to pass their sprawling, intrusive health care regulation, for example.

Here’s to at least two years of welcome gridlock.

Now, there were some notable losses among tech-focused representatives. The most worrisome loss is Senator Russ Feingold (D-WI), who has been a consistent and persistent overseer and skeptic of the growing surveillance state. I don’t see anyone to step up and take his place. Privacy lost big in the Wisconsin election.

I’m bucking consensus on the loss of Rick Boucher (D-VA) in the House, at least as far as privacy goes. (On copyright and some telecom issues, I’ll take Mike Masnick’s word.) Boucher is a nice guy and a careful legislator, but his popularity among the Washington, D.C. tech lobby, I think, was a product of lobby-legislator symbiosis, not his actual backing for the interests of tech innovators.

For at least a decade, Boucher has been an advocate of “baseline privacy legislation” that never actually had a serious chance of passing. The result was that tech lobbyists could always report to the home office that they had something to do, and tech trade associations could garner corporate support for all those noon-time strategy meetings over sandwiches—without generating a true threat to the business models of the companies they (purport to) represent.

My point is not that Boucher should have advanced his privacy legislation—it’s not going to be federal law that delivers privacy. I’m just not unhappy that he’s gone. (Not that far gone. Watch for him to take a job somewhere in the D.C. tech lobby. Knowing nothing about his plans, I’d give it a greater than 50% chance.)

The tech lobby will actually have some work to do under Boucher’s likely successor in the role of Democratic tech/consumer protection leader. Ed Markey (D-MA) is a partisan and an ideologue who will actually require the tech lobby to defend itself. He’s canny enough to have decent influence even from his perch in the minority.

UPDATE w/additional thought: Democrat Richard Blumenthal, elected to the Senate from Connecticut, is a technophobe demagogue—or plays one on TV, which is what matters. He went to war against Craigslist to boost his campaign, and his win is a notable loss for tech and free speech.

But—really—the fate of our privacy, the fate of our tech sector, and the fate of our country and society shouldn’t turn on elections. We are not defined by these people, who go to Washington, D.C. to sit atop the coercive authority machine for a while. Elections come and go. I’ll continue to work on returning power to civil society where it belongs.

SHARE: 3 comments

WSJ Article on Facebook Feeds the Privacy Beast

by on October 18, 2010 · 0 comments

The WSJ ran a front page, above-the-fold headline screaming that Facebook has had a privacy breach. But as Steve DelBianco discusses over at the NetChoice blog, today’s WSJ “breach” is all smoke and no fire.

The WSJ is saying that some of Facebook’s applications are accidentally sharing the public username on my Facebook page, in violation of the company’s privacy policy.  This story was nothing like a breach where my credit card numbers or sensitive personal information was leaked or hacked. A closer look at the issue indicates that there is far mSmoke alarm in a smoky roomore smoke than fire in the WSJ piece.
Moreover, the WSJ should step-back from using tabloid-style headings to attract eyeballs (and advertising revenue) to their research and writing.  The breathless headline is clearly meant to feed the privacy beast that is increasingly in danger of doing far more harm than good.

While details are still forthcoming, it appears that the issue at hand involves external actions between application developers and advertising companies. Facebook has stepped-up and is holding third parties accountable to existing privacy requirements.

SHARE: 0 comments

Privacy Polls & Real-World Trade-Offs Revisited

by on October 13, 2010 · 0 comments

By Adam Thierer & Berin Szoka

Last Friday, Common Sense Media (CSM) held an event  (video) at the National Press Club featuring the chairmen of the Federal Communications Commission (FCC) and the Federal Trade Commission (FTC). The regulatory activist group released a new poll on children and privacy (Exec Summary & Full Survey). Unfortunately, like almost every other privacy-related poll, theirs is more geared towards fueling a privacy panic than on exploring the real-world trade-offs between legislating “greater privacy” (a hopelessly abstract concept in most conversations) and losing the consumer benefits of data sharing: innovation in online services and the quality and quantity of services and content supported by data-driven advertising.

What better way to drum up Congressional support for paternalistic privacy legislation (restrictions on online data use) than by asserting that this is what the electorate already wants? The poll asks whether “Congress should update laws that relate to online privacy and security for children and teens.”  Three-fifths (61% of parents, 62% of adults) said yes. But earlier in the survey, only 16% knew that the Children Online Privacy Protection Act of 1998 already prohibits “online companies… from collecting or using personal information from children under the age of thirteen without a parent’s permission.” (53% weren’t sure.) If parents don’t know what Congress has already done, how meaningful is it for them to say they think Congress needs to do more? (There’s a reason we don’t have direct democracy.)

Indeed, how useful are such polls, anyway? Ultimately, what such polls really tell us is that, if you ask parents—or adults in general—whether they’re concerned about protecting kids, of course most will say yes, because nobody wants to think of themselves as the kind of person who doesn’t care about kids.

This bias becomes even more problematic when the choice at issue involves such stark trade-offs—especially when we’re talking about throwing a wrench (restrictions on data use and collection) in the economic engine that has again and again provided funding for media and services that users just won’t pay for. As we’ve noted here before, privacy polls and surveys reveal only what the public will tell pollsters in response to the particular questions asked. On privacy, those questions are almost invariably designed to solicit responses suggesting an urgent need for more laws and government action. Even the fairest of these surveys is no substitute for real-world experiments in which people make real choices, in real time, often with real money, and face many real trade-offs. Continue reading →

SHARE: 0 comments

In the Lull of Election Year Politics, Internet Ads Self-Regulation Has a Fighting Chance

by on October 13, 2010 · 0 comments

Earlier this month, a coalition of ad and marketing associations made public a new self-regulatory program for behavioral advertising (or as we like to refer to them, “interest-based ads”). Will it be enough to whet the appetite of members of Congress waiting to chomp on the privacy bit when they get back in November?

Hopefully. But it all depends on ad network uptake and user adoption. FTC Chairman Jon Leibowitz’s wait-and-see attitude toward the self-regulatory effort probably sums up the thoughts of many pro-regulatory privacy advocates. According to Politico’s Morning Tech, Leibowitz said:

We commend industry’s effort to get a broad group of industry leaders on board. However, the effectiveness of this effort will depend on how, and the extent to which, the opt-out is actually implemented and enforced – all of which is yet to be seen. We also urge industry to make sure that the opt-out is easy for consumers to find, use, and understand.

Making it easy for consumers is what the advertising option icon (above) is all about. It’s a just-in-time “heads-up” accompanying ads that allows users to obtain more information about why they’re seeing the ad. In the future, it will allow users to opt-out. Ad networks will pay a license fee to have the right to display the icon and must submit to ongoing compliance.

It’s the compliance part that’s interesting. The Better Advertising project is a new company formed specifically for the self-regulatory program. According to Internet Retailer, “the Council of Better Business Bureaus and the Direct Marketing Association, a trade group for direct-to-consumer marketers and retailers, will begin monitoring compliance with the program early next year.”

Let’s hope the coalition moves quickly and successfully, before Congress does….

SHARE: 0 comments

Schneier on Facebook: Factually Incorrect

by on October 13, 2010 · 1 comment

(Second in a series.)

The Register quotes security guru Bruce Schneier saying: “Facebook is the worst [privacy] offender – not because it’s evil but because its market is selling user data to its commercial partners.”

Facebook’s business model is to guide advertisements on its site toward users based on their interests as revealed by data about them. It is not to sell data about users. Selling data about users would undercut its advertising business.

It’s easy to misspeak in extemporaneous comments, and The Register is not your most careful media outlet. But we’ve almost got enough data points to show a consistent practice of misrepresentation on Bruce Schneier’s part. Perhaps that should be actionable as an unfair or deceptive practice under section five of the FTC Act.

SHARE: 1 comment

What Privacy Conservatives & Moral Conservatives Share in Common

by on October 12, 2010 · 0 comments

In a post here last month on “Two Paradoxes of Privacy Regulation,” I discussed some of the interesting — and to me, troubling — similarities between rising calls for online privacy regulation and ongoing attempts to enact various types of controls on online speech or expression.  In that essay, I argued that while most privacy advocates are First Amendment supporters as it pertains to content regulation, they abandon their free speech values and corresponding constitutional tests when it comes to privacy regulation. When the topic of debate shifts from concerns about potentially objectionable content to the free movement of personal information, personal responsibility and self-regulation become the last option, not the first.  Privacy advocates typically ignore, downplay, or denigrate user-empowerment tools, even though many of those same advocates endorse “self-help” efforts as the superior method of dealing with objectionable speech or media content. In essence, therefore, they are claiming self-help is the right answer in one context, but not the other.  Ironically, therefore, privacy advocates and moral conservatives actually share much in common in that they are using the same playbook to advance their goals:  They are rejecting personal responsibility and user-empowerment tools and techniques in favor or government control for their respective issues.

Keeping that insight in mind, I want to take this comparison a step further and suggest that what really unites these two movements is a general conservatism about how our online lives and online business should be governed.  For the moral conservatives, that instinct is well-understood. They want hold the line against what they believe is a decaying moral order by restricting access to potentially objectionable speech or content — dirty words, violent video games, online porn, or whatever else.   The conservatism of the modern privacy movement is less obvious at first blush.  I suspect that many privacy conservatives would not consider themselves “conservative” at all, and they might even be highly offended at being grouped in with moral conservatives who seek to wield government power to control online speech and expression. Nonetheless, the two groups share a common trait — an innate hostility to the impact of technological / social change within the realm of “rights” or values they care about.  In their respective arenas, they both rejected the evolutionary dynamism of the free marketplace and they long for a return to a simpler and supposedly better time. Continue reading →

SHARE: 0 comments

What Privacy Invasion Looks Like

by on October 2, 2010 · 6 comments

The details of Tyler Clementi’s case are slowly revealing themselves. He was the Rutgers University freshman whose sex life was exposed on the Internet when fellow students Dharun Ravi and Molly Wei placed a webcam in his dorm room, transmitting the images that it captured in real time on the Internet. Shortly thereafter, Clementi committed suicide.

Whether Ravi and Wei acted out of anti-gay animus, titillation about Clementi’s sexual orientation, or simply titillation about sex, their actions were utterly outrageous, offensive, and outside of the bounds of decency. Moreover, according to Middlesex County, New Jersey prosecutors, they were illegal. Ravi and Wei have been charged with invasion of privacy.

This is what invasion of privacy looks like. It’s the outrageous, offensive, truly galling revelation of private facts like what happened in this case. Over the last 120 years, common law tort doctrine has evolved to find that people have a right not to suffer such invasions. New Jersey has apparently enshrined that right in a criminal statute.

The story illustrates how quaint are some of the privacy “invasions” we often discuss, such as the tracking of people’s web surfing by advertising networks. That information is not generally revealed in any meaningful way. It is simply being used to serve tailored ads.

This event also illustrates how privacy law is functioning in our society. It’s functioning fairly well. Law, of course, is supposed to reflect deeply held norms. Privacy norms—like the norm against exposing someone’s sexual activity without consent—are widely shared, so that the laws backing up those norms are rarely violated.

It is probably a common error to believe that law is “working” when it is exercised fairly often, fines and penalties being doled it with some routine. Holders of this view see law—more accurately, legislation—as a tool for shaping society, of course. Many of them would like to end the societal debate about online privacy, establishing a “uniform national privacy standard.” But nobody knows what that standard should be. The more often legal actions are brought against online service providers, the stronger is the signal that online privacy norms are unsettled. That privacy debate continues, and it should.

It is not debatable that what Ravi and Wei did to Tyler Clementi was profoundly wrong. That was a privacy invasion.

SHARE: 6 comments

Contension Over Privacy in the Cloud? There Shouldn’t Be…

by on September 30, 2010 · 0 comments

I’d like to recommend Sonia Arrison’s recent article on the need for updating the Electronic Privacy Communications Act (ECPA). She makes a good case why citizens should feel a bit worried about the ability of government to invade their privacy when they keep data in the cloud. And citizens are customers, so online businesses are worried if people may use less of their services. But here’s another angle for why we need to update ECPA…it’s to promote online safety. From an excellent analysis by Becky Burr, ECPA reform:

Would establish uniform, clear, and easily understood rules about when and what kind of judicial review is needed by law enforcement to access electronic content; and Would, by clarifying the applicable rules, enable business to respond more quickly and with greater confidence to law enforcement requests and to avail themselves of hosted productivity technology.

Right now the law is muddled, and online services have a hard time determining legitimate requests from those that are overreaching. When the law is clarified, businesses and law enforcement can (with appropriate legal process) share information that can help find sexual predators and other online miscreants.

SHARE: 0 comments

← Previous Entries

Next Entries →