Faithful readers know of my geeky love for tech policy books. I read lots of ’em. There’s a steady stream of Amazon.com boxes that piles up on my doorstop some days because my mailman can’t fit them all in my mailbox. But I go pretty hard on all the books I review. It’s rare for me pen a glowing review. Occasionally, however, a book will come along that I think is both worthy of your time and which demands a place on your bookshelf because it is such an indispensable resource. Access Controlled: The Shaping of Power, Rights, and Rule in Cyberspace is one of those books.
Smartly organized and edited by Ronald J. Deibert, John G. Palfrey, Rafal Rohozinski, and Jonathan Zittrain, Access Controlled is essential reading for anyone studying the methods governments are using globally to stifle online expression and dissent. As I noted of their previous edition, Access Denied: The Practice and Policy of Global Internet Filtering, there is simply no other resource out there like this; it should be required reading in every cyberlaw or information policy program.
The book, which is a project of the OpenNet Initiative (ONI), is divided into two parts. Part 1 of the book includes six chapters on “Theory and Analysis.” They are terrifically informative essays, and the editors have made them all available online here (I’ve listed them down below with links embedded). The beefy second part of the book provides a whopping 480 pages(!) of detailed regional and country-by-country overviews of the global state of online speech controls and discuss the long-term ramifications of increasing government meddling with online networks.
In their interesting chapter on “Control and Subversion in Russian Cyberspace,” Deibert and Rohozinski create a useful taxonomy to illustrate the three general types of speech and information controls that states are deploying today. What I find most interesting is how, throughout the book, various authors document the increasing movement away from “first generation controls,” which are epitomized by “Great Firewall of China”-like filtering methods, and toward second- and third-generation controls, which are more refined and difficult to monitor. Here’s how Deibert and Rohozinski define those three classes (or “generations”) of controls: Continue reading →
I participated last week in a Techdirt webinar titled, “What IT needs to know about Law.” (You can read Dennis Yang’s summary here, or follow his link to watch the full one-hour discussion. Free registration required.)
The key message of
The Laws of Disruption is that IT and other executives need to know a great deal about law—and more all the time. And Techdirt does an admirable job of reporting the latest breakdowns between innovation and regulation on a daily basis. So I was happy to participate.
Legally-Defensible Security
Not surprisingly, there were far too many topics to cover in a single seminar, so we decided to focus narrowly on just one: potential legal liability when data security is breached, whether through negligence (lost laptop) or the criminal act of a third party (hacking attacks). We were fortunate to have as the main presenter David Navetta, founding partner with The Information Law Group, who had recently written an excellent article on what he calls “legally-defensible security” practices.
Continue reading →
Companies often promote consistent and reliable customer experiences. KLM touts itself as “the reliable airline” while Michelin touts its dependability “because so much is riding on your tires.” And now we have Yahoo, who announced that it will be increasing the social networking functionality in Yahoo Mail. Yahoo has the ability to promote consistency in determining user defaults for sharing information.
But social networking is a product much different than most – it is participatory. Passengers can’t fly airplanes and drivers don’t design tire tread, but social networking users control what and with whom they share information.
So what happens when a social networking service changes functionality or adds new features? How does a company be consistent in carrying-over a user’s preference from the prior version to the new one? What assumptions should it make on user privacy preferences for new features?
These considerations matter whenever an online service tries to increase its social networking functionality. Last week, Facebook unveiled new privacy controls, and we blogged that it was a welcome response to clear-up confusion. In the coming weeks Yahoo will change how status updates work in Yahoo Mail. Michael Arrington’s TechCrunch article describes it well:
[C]urrently to see status updates for others in Yahoo Mail, you have to have a mutual follow, meaning both people have agreed to be “friends.” You can then see that user’s Yahoo status updates as well as updates on third party services that they have added to their Yahoo profile as well. In the new version there will no longer be a requirement for a mutual follow. So, like on Twitter, users can follow whomever they choose. This isn’t actually a dramatic change for Yahoo, since users can follow others in this way already on Yahoo Messenger.
Like Google and Facebook before it, Yahoo is adding features to make its service more “social.” And because of the scrutiny over the changes by Google and Facebook, Yahoo seems to be going out of its way to assure users that they can rely and depend on Yahoo. According to the Yahoo Corporate Blog: Continue reading →
Yesterday, the Federal Trade Commission (FTC) hosted an all-day workshop on “Protecting Kids’ Privacy Online,” which looked into the Children’s Online Privacy Protection Act of 1998 (COPPA) and challenges posed to its enforcement by new technological developments. The FTC staff did a nice job bringing together and moderating 5 panels worth of participants, all of whom had plenty of interesting things to say about the future of COPPA. But I was more struck by what was not said yesterday. Namely, there was:
- ZERO explanation of the supposed harms of advertising, marketing, and data collection. Advertising-bashing is an old sport here in Washington, so I guess I should not have been surprised to hear several panelists yesterday engaging in teeth-gnashing and hand-wringing about advertising, marketing, and the data collection methods that make it possible. But this grousing just went on and on without any explanation by the critics of the supposed harms that would result from it.
- ZERO appreciation of the benefits of advertising, marketing, and data collection. Not once yesterday — NOT ONCE — did anyone pause to ask what it is that makes all these wonderful online sites, services and content free (or dirt cheap) to consumers. Everyone at this show was guilty of the “manna fallacy” (that all this stuff just falls magically to Earth from the Net Gods above). Well, back here in the real world, something has to pay for all those goodies, and that something is advertising and marketing, which are facilitated by data collection! Or would you like to pay $19.95 a month for each of those currently free sites and services? Yeah, I didn’t think so.
Continue reading →
Professor Crim Pro I ain’t, but it seems to me that anybody who has used a computer can pretty easily grasp the holding of Berghuis v. Thompkins, 560 U.S. __, No. 08-1470 (June 1, 2010) [PDF]. In that opinion, handed down just yesterday, the U.S. Supreme Court toggled the default on the Miranda warning. A five-justice majority held that silence will not suffice for citizens who want to invoke Miranda’s protections against self-incrimination; we now must ask for our Constitutional rights. Think of it like a computer program that annoyingly assumes you want unsolicited advice from a chirpy paper clip–except this paper clip throws you in cuffs and tazes you if you talk back.
The
Berghuis decision inspires me to offer a new piece of legal armor—this time in the form of a t-shirt:
Click on the picture to buy a shirt, or borrow the text (I’ve
uncopyrighted it) to make your own version from scratch. Combine that notice of your
Miranda rights with the
bumper sticker and
magnetic sign I
offered earlier, in defense of your rights to record and report what public officials do to you, and you might just dodge some serious legal hurt. Or—who knows?—you might inspire some interesting and important litigation.
Continue reading →
While police and prosecutors have encouraged the growth of a surveillance state, they don’t seem so enthusiastic about the growth of a surveillance citizenry. Maryland and other states have recently seen privacy laws invoked to squelch the unauthorized recording of public officers performing public duties in public areas. Until courts put an end to those bogus claims, we should make sure that police officers know that we may monitor traffic stops to protect our rights; I below offer a bumper sticker and magnetic door sign that ought to help on that front.
Radley Balko recently reported on the latest attempt to use privacy laws to punish citizens for recording police misconduct. In this case, Anthony Graber was arrested for posting on YouTube a video he’d captured on an un-uniformed Maryland state trooper, driving an unmarked car, pulling over and rushing at Graber with a drawn handgun. Soon after Graber posted the video, he was charged for violating the Maryland Wiretapping and Electronic Surveillance Act, Md. Code Ann., Cts. & Jud. Proc. § 10-401 et seq. (2010), which basically outlaws secretly recording a private conversation.
Maryland’s police must be feeling a bit testy, these days, about getting recorded on-the-job by uppity citizens. Earlier this spring, an inconvenient video of the beating of Jack McKenna put the lie to the claims of Maryland police that McKenna had provoked the incident by attacking the officers and their horses. State and federal officials have since launched “excessive force” inquiries.
Did that video violate the privacy of the three officers, clad in riot gear and swinging batons, who surrounded and beat the unarmed McKenna? No. Neither did the video that Graber shot of the Maryland trooper strutting towards him with a drawn handgun. Courts have already explained that wrongs under the Maryland Wiretapping and Electronic Surveillance Act require a showing that someone’s reasonable expectation of privacy has suffered violation (
see Fearnow v. C & P Tel. Co., 104 Md. App. 1, 655 A.2d 1 (1995), rev’d on other grounds, 342 Md. 363, 676 A.2d 65 (1996)), and no officer can have a reasonable expectation of privacy while on a public street, performing public duties. Continue reading →
In my recent testimony before the House Commerce Committee on a proposal to require event data recorders in all new cars sold in the United States, I pointed out that the mandate would go far beyond what is needed to ensure safety. Indeed, the cost of EDRs raises the prices of new cars, marginally reducing the pool of used cars and keeping lower income drivers in older used cars which are less safe.
The demand for EDRs in all cars, collecting and transmitting data about all crashes, suggests that something more than statistically relevant safety data is what advocates of this mandate want. I put a finer point on these issues today in answers to questions propounded to me after the hearing.
The proposed EDR mandate includes controls on the use of EDR information, a nominal protection for privacy, but the EDR mandate “sets the stage for migration away from consumer privacy toward serving the goals of government and industry related not only to safety but also to general law enforcement, taxation, and surveillance.”
The bill is H.R. 5381, the Motor Vehicle Safety Act of 2010. Other bills with EDR mandates include H.R. 5169, H.R. 5345, and S. 3271.
Many of my free market friends have been making the case that government action is unnecessary to address the privacy trouble in which Facebook has recently found itself. I agree with them completely. The reason is that I believe that the given choice, individuals acting in the market will act to discipline unscrupulous or stupid companies. This is precisely what we’ve begun to see happen to Facebook.
It therefore bothers me when folks go beyond mere defense of free market to pretending that corporations can do no wrong. Facebook, for example, has committed a terrible breach of trust against its users, and it should pay the price. Still, on the NetChoice blog, Steve DelBianco writes this about Facebook’s new privacy options:
Facebook is making these moves partly to placate a handful of professional privacy critics, as we described on our post this week. But as with most moves made in reaction to critics, there’s a chance Facebook might have moved too far.
As part of this change, Facebook is making it trivial for users to stop applications and websites from knowing anything about you. If lots of users select this option, I’m afraid it could restrict Facebook’s use of targeted advertising (those ads on the right side of your Facebook pages) and their new instant personalization program. Here’s why we should all be concerned if everyone opts-out of sharing anything:
First, we’ll still see ads, only they won’t be so relevant[.] … Second, and far more concerning, is the effect on Facebook’s ad revenue[.]
I’m not a “professional privacy critic,” yet I know I’ll never trust Facebook with any of my data ever again. I hear the same sentiment from many of my friends, acquaintances, and other regular folks I follow online. Sometimes, companies react because they made a dumb mistake (or perhaps in this case a repeated one that makes one wonder whether it’s a mistake at all), not only in response to privacy advocates. I know Steve’s saying Facebook’s only
partly reacting to critics, but I believe that any such fraction is very small. Continue reading →
Facebook has had a tough month. The site’s latest round of privacy changes, implemented last month, spurred stiff backlash — not just from so-called privacy advocates, but also from several U.S. Senators. Facebook CEO Mark Zuckerberg shot back with an op-ed in The Washington Post, as Braden discussed here yesterday.
I’ve had much to say about Facebook’s past privacy controversies (1, 2, 3, 4, 5), but what really sticks out about the latest anti-Facebook backlash is who’s leading the charge: U.S. Senator Chuck Schumer.
Seriously, of all people, Chuck Schumer should be the
last to criticize Facebook’s privacy practices. That’s because Schumer is leading the push in Congress to establish a biometric national identification regime. If Schumer had his way, all Americans, including U.S. citizens, wishing to legally work in this country would be required by law to obtain a national ID card! Compared to this highly invasive potential exercise of the state’s coercive power, concerns about Facebook’s privacy practices seem downright trivial.
Continue reading →
Today, the House Committee on Energy and Commerce, Subcommittee on Communications, Technology and the Internet, released its long-awaited online privacy bill discussion draft, requiring that users opt-in to certain types of online data collection. Berin Szoka and I issued the following statement in response:
By mandating a hodge-podge of restrictive regulatory defaults, policymakers could unintentionally devastate the “free” Internet as we know it. Because the Digital Economy is fueled by advertising and data collection, a “privacy industrial policy” for the Internet would diminish consumer choice in ad-supported content and services, raise prices, quash digital innovation, and hurt online speech platforms enjoyed by Internet users worldwide.
Before imposing prophylactic regulation, policymakers should first identify specific consumer harm that requires government intervention. They should next ask whether there are less restrictive alternatives to regulation, such as enhancing enforcement of existing laws, bolstering limitations on government access to online data, education efforts about online privacy, and promoting the development and uptake of technological empowerment solutions that allow users to manage their own privacy preferences.
Continue reading →
Faithful readers know of my geeky love for tech policy books. I read lots of ’em. There’s a steady stream of Amazon.com boxes that piles up on my doorstop some days because my mailman can’t fit them all in my mailbox. But I go pretty hard on all the books I review. It’s rare for me pen a glowing review. Occasionally, however, a book will come along that I think is both worthy of your time and which demands a place on your bookshelf because it is such an indispensable resource. Access Controlled: The Shaping of Power, Rights, and Rule in Cyberspace is one of those books.
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.