Google today unveiled the Data Liberation Front, a team of engineers in Chicago dedicated to ensuring that Google build “liberated products”—ones that have “built in features that make it easy (and free) to remove your data from the product in the event that you’d like to take it elsewhere.” We’ve spent a lot of time here warning about the dangers of Googlephobia, but now that Google has brazenly appropriated the TLF’s unique mock-Communist iconography, we’re starting to think that Jeff Chester and Scott Cleland may be right: Maybe Google really is trying to take over the world!

So we regret to announce our filing of a lawsuit in the Twelfth Circuit Court of Appeals to challenge Google’s infringement of our mark. We demand 50% of the $0.00 Google earns every time they “allow” users to port their application data out of Google to a competitor’s services! We will, of course, dedicate these royalties to the important project of educating and empowering users about how they can determine their own destiny online.

But seriously… We heartily agree with our Data Liberation Front comrades that users should be fully empowered to switch from one service to another online. This kind of competition is clearly the best protection for consumers in the Digital Age. Making switching easy should assuage not just antitrust concerns, but also concerns about how much privacy or security each web service offers to its users, no matter how big its market share: If you don’t like what a service offers, just take your data and leave! Who needs the government micro-managing the Internet when users have that kind of control?

Viva la (Technology) Revolution!

P.S. In case you haven’t seen it the Monty Python video we’re all riffing on:

http://www.youtube.com/v/gb_qHP7VaZE

You might have noticed that we’ve added a Tweetmeme button at the top of each TLF post showing how many times each post has been “retweeted” on Twitter. If you like a TLF post, please take a second to retweet it. Retweeting is an easy way to spread the TLF’s message that politicians should keep their hands off the ‘Net and everything else related to technology! Here are three ways you can help us with viral marketing the message of technology freedom:

1. If you’re already signed into Twitter, clicking the green “retweet” button will take you to Twitter with a retweet ready to go (“RT @techliberation “). You just have to click “Update.”
2. You can make retweeting even easier—just one click!—by connecting your Twitter account with Tweetmeme. Just sign in to Tweetmeme with your Twitter log-in and select “Allow” to enable TweetMeme to automatically send your retweets to your Twitter account.
3. You can tweet your comments on our posts by logging in with your Twitter account or using a Disqus account (assuming you’ve linked Twitter to your Disqus Profile). Each tweeted comment will count as a retweet of the post.

If you click the gray tweetcount button, you’ll be taken to Tweetmeme statistics about that particular post. One of my posts last week really took off, getting over 150 retweets! You can follow the TLF on twitter here and find links to individual TLF authors’ feeds here.

If you’re not already on Twitter, you can use but Tweet counts as an indicator of which TLF posts are hottest. But what are you waiting for, anyway? You’d better claim your name on Twitter before someone else does! It’s easy to set up an account and free, of course, and you can add followers from your webmail contacts. If nothing else, you can easily pipe your Tweets into Facebook as status updates. If you think Twitter is a stupid fad, Kevin Spacey and David Letterman may agree with you. But what do they really know about technology?

http://www.youtube.com/v/2Z1aZ7Gs46A

by Adam Thierer & Berin Szoka — (Ver. 1.0 — Summer 2009)

We are attempting to articulate the core principles of cyber-libertarianism to provide the public and policymakers with a better understanding of this alternative vision for ordering the affairs of cyberspace. We invite comments and suggestions regarding how we should refine and build-out this outline. We hope this outline serves as the foundation of a book we eventually want to pen defending what we regard as “Real Internet Freedom.” [Note:  Here’s a printer-friendly version, which we also have embedded down below as a Scribd document.]

I. What is Cyber-Libertarianism?

Cyber-libertarianism refers to the belief that individuals—acting in whatever capacity they choose (as citizens, consumers, companies, or collectives)—should be at liberty to pursue their own tastes and interests online.

Generally speaking, the cyber-libertarian’s motto is “Live & Let Live” and “Hands Off the Internet!”  The cyber-libertarian aims to minimize the scope of state coercion in solving social and economic problems and looks instead to voluntary solutions and mutual consent-based arrangements.

Cyber-libertarians believe true “Internet freedom” is freedom from state action; not freedom for the State to reorder our affairs to supposedly make certain people or groups better off or to improve some amorphous “public interest”—an all-to convenient facade behind which unaccountable elites can impose their will on the rest of us.

B.  Application in Social & Economic Contexts

The cyber-libertarian draws no distinction between social and economic freedom when applying this vision:

• Social Freedom: Individuals should be granted liberty of conscience, thought, opinion, speech, and expression in online environments.
• Economic Freedom: Individuals should be granted liberty of contract, innovation, and exchange in online environments.

Cyber-libertarians also argue that social and economic freedoms are inextricably intertwined:  It is not enough to support liberty of action in one sphere; foreclosing freedom in one sphere will eventually affect freedom in the other.

C.  How “Code Failures” Are to Be Addressed

The cyber-libertarian believes that “code failures” (the digital equivalent of so-called “market failures”) are better addressed by voluntary, spontaneous, bottom-up, marketplace responses than by coerced, top-down, governmental solutions.   From a practical perspective, the decisive advantage of the market-driven approach to correcting code failure comes down to the rapidity and nimbleness of those responses.  Stated differently, cyber-libertarians have a strong aversion to the politicization of technology issues and efforts to replace market processes with bureaucratic processes.

Importantly, the cyber-libertarian defines “markets” broadly to include monetary and non-monetary transactions as well as proprietary and non-proprietary modes of production.  To be clear, collaborative, non-proprietary technologies and efforts ( e.g., Wikipedia and open source software) are not at odds with cyber-libertarianism.  But the cyber-libertarian does reject the notion these models are the only acceptable model or that they should be imposed on us by law.  The proper policy position with regards to the “open vs. closed” or “proprietary vs. non-proprietary” debate should be one of techno-agnosticism.  Lawmakers and courts should not be tilting the balance in one direction or the other.

More generally speaking, instead of seeking to define or impose a single utopian vision, the cyber-libertarian seeks to enable what libertarian philosopher Robert Nozick called a “Utopia of Utopias:” a framework within which many different models of organizing commerce and community can flourish alongside, and in competition with, each other.

D.  General Relationship to “Internet Exceptionalism”

Internet exceptionalists are first cousins to cyber-libertarians:  They believe that the Internet has changed culture and history profoundly and is deserving of special care before governments intervene.  [See Section IV for an expanded discussion.]

II. The Intellectual Foundations of Cyber-Libertarianism

A.  Traditional Libertarian Philosophy

• Natural Rights philosophers –John Locke, Ayn Rand, The Founders
• Utilitarian philosophers – John Stuart Mill (On Liberty), Herbert Spencer
• “Austrian School” of Economics – Ludwig von Mises, F.A.  Hayek, Murray Rothbard
• Milton Friedman (Free to Choose)
• Robert Nozick – argument for a minimalist state; “utopia of utopias” notion
• Thomas Sowell – critique of “The Vision of the Anointed”
• Richard Epstein – vision of “Simple Rules for a Complex World

B.  Modern Cyber-Libertarian Theorists

• Ithiel de Sola Pool (Technologies of Freedom)
• Alvin Toffler (The Third Wave , Future Shock)
• George Gilder (Microcosm , Telecosm)
• Peter Huber (Law & Disorder in Cyberspace)
• Tom W.  Bell
• Technology Liberation Front bloggers

C.  Internet Exceptionalists[see Sec.  IV below]

• Nicholas Negroponte (Being Digital)
• John Perry Barlow (“Declaration of the Independence of Cyberspace”)
• David Post
• Eric Goldman
• H.  Brian Holland

III. The Contrast with Cyber-Collectivism

A.  Cyber-Collectivism Defined

Cyber-collectivism is the opposite of cyber-libertarianism.  Cyber-collectivism refers to the general belief that cyber-choices should be guided by the State or an elite class according to some amorphous “general will” or “public interest.”  The distant influence of Plato, Rousseau, and Marx can often been seen in the work of cyber-collectivists.

Cyber-collectivism comes in many flavors, however.  “Left”-leaning cyber-collectivists, for example, are more focused on social concerns than economic ones.  Some “Right”-leaning cyber-collectivists are focused on controlling the impact of the Internet on culture or security.  In other words, cyber-collectivism is not as philosophically coherent as cyber-libertarianism—which, though it comes in many flavors, shares a larger core of common agreement

B.  General Relationship to “Information Commons” Movement

There is a close relationship between the Leftist variant of cyber-collectivism and the “digital commons” or “information commons” movement, which generally refers to the belief that digital resources should be shared or perhaps commonly owned instead of held privately—both because cyber-collectivists think this is more equitable and because they generally think such arrangements will ultimately work better.

Cyber-collectivists are typically not Marxists; few of them call for state ownership of the information means of production.  Rather, cyber-collectivists might better be thought of a “cyber social Democrats” (in a European sense) or “Digital New Dealers” (in the American tradition).  They advocate a generous role for law and regulation in many online matters, but do not typically resort to full-blown nationalization.

C. Exponents of Cyber-Collectivism

Some notable cyber-collectivists or information commons adherents (and their key works):

• Lawrence Lessig (Code , Free Culture)
• Tim Wu (Who Controls the Internet?)
• Yochai Benkler (The Wealth of Networks)
• Jonathan Zittrain (The Future of the Internet & How to Stop It)
• David Bollier (Viral Spiral)
• Harvard Berkman Center*
• New America Foundation*
• Public Knowledge*

(*We are, of course, generalizing a bit here. Not everyone in these institutions is a cyber-collectivist and, again, there are many flavors of cyber-collectivism, just as there are many flavors of cyber-libertarianism. Individuals in some of these organizations diverge significantly in attitudes towards technological change and the proper scope of government influence throughout the high-tech sector.)

IV. Relationship Between Cyber-Libertarianism & Internet Exceptionalism

Some non-libertarians occasionally join ranks with cyber-libertarians out of a belief that the Internet is different and deserving of special consideration and care. This is commonly referred to as “Cyber-Exceptionalism” or “Internet Exceptionalism.” John Perry Barlow’s 1996 “Declaration of the Independence of Cyberspace” was probably the earliest (and most extreme) articulation of “Internet Exceptionalism”:

Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather. We have no elected government, nor are we likely to have one, so I address you with no greater authority than that with which liberty itself always speaks. I declare the global social space we are building to be naturally independent of the tyrannies you seek to impose on us. You have no moral right to rule us nor do you possess any methods of enforcement we have true reason to fear. Governments derive their just powers from the consent of the governed. You have neither solicited nor received ours. We did not invite you. You do not know us, nor do you know our world. Cyberspace does not lie within your borders. Do not think that you can build it, as though it were a public construction project. You cannot. It is an act of nature and it grows itself through our collective actions. You have not engaged in our great and gathering conversation, nor did you create the wealth of our marketplaces. You do not know our culture, our ethics, or the unwritten codes that already provide our society more order than could be obtained by any of your impositions. You claim there are problems among us that you need to solve. You use this claim as an excuse to invade our precincts. Many of these problems don’t exist. Where there are real conflicts, where there are wrongs, we will identify them and address them by our means. We are forming our own Social Contract. This governance will arise according to the conditions of our world, not yours. Our world is different.

Similarly, in 1994, The Progress & Freedom Foundation brought together four leading technology visionaries (Esther Dyson, George Gilder, George Keyworth, and Alvin Toffler) to pen A Magna Carta for the Knowledge Age. In that manifesto, the authors argued:

Cyberspace is the land of knowledge, and the exploration of that land can be a civilization’s truest, highest calling. The opportunity is now before us to empower every person to pursue that calling in his or her own way. The challenge is as daunting as the opportunity is great. The Third Wave has profound implications for the nature and meaning of property, of the marketplace, of community and of individual freedom. As it emerges, it shapes new codes of behavior that move each organism and institution—family, neighborhood, church group, company, government, nation—inexorably beyond standardization and centralization, as well as beyond the materialist’s obsession with energy, money and control. Turning the economics of mass-production inside out, new information technologies are driving the financial costs of diversity—both product and personal—down toward zero, “demassifying” our institutions and our culture. Accelerating demassification creates the potential for vastly increased human freedom. It also spells the death of the central institutional paradigm of modern life, the bureaucratic organization. (Governments, including the American government, are the last great redoubt of bureaucratic power on the face of the planet, and for them the coming change will be profound and probably traumatic.)

As that last paragraph suggests, this “Magna Carta” for cyberspace contained some hints of cyber-libertarian thinking, but the general thrust of the document was more generally of the Internet Exceptionalist school of thought.

Internet Exceptionalists are sometime critiqued for sounding like techno-utopians, but it is a mistake to conflate the two. There are not always synonymous.

V. Cyber-Libertarianism’s Early Legal Foundations & Victories

• Section 230 of the Communications Decency Act of 1996 is probably the best example of cyber-exceptionalism in practice. It grants broad immunity to online intermediaries for third party content except for criminal and IP law—breaking with traditional tort liability standards. Specifically, Sec. 230 rejected the “deputization of the middleman” model of liability.
• Overturning of the Communications Decency Act’s indecency & obscenity provisions in Reno v. ACLU decision
• Various court decisions blocking enforcement of the Child Online Protection Act (COPA) of 1999
• The encryption wars & the defeat of the “Clipper Chip”
• The Internet Tax Freedom Act of 1998

VI. Applications: How Cyber-Libertarians Think about Various Policy Issues

• Free speech & online child safety: Favor parental empowerment and industry self-regulation over censorship. “Household standards” should trump “community standards.”
• Privacy policy & online advertising: Privacy is a subjective condition and efforts to regulate to “protect privacy” could have unintended consequences for freedom of speech and the growth of online content and commerce. User empowerment and industry self-regulation represent the superior way to address privacy concerns.
• Net neutrality / infrastructure regulation: “Open access” regulation is nothing more the infrastructure socialism. Network operators should be free to own, operate, and price their systems and services as they see fit, subject only to enforcement of their terms of service and other voluntary disclosures as contracts with their users. New entry and innovation are better alternative to regulating yesterday’s networks and technologies.
• Internet taxation: No special taxes should be imposed on online services or Internet access. To the extent the Net disrupts traditional tax bases that should be seen as an opportunity to reform those tax systems.
• Online gambling: People should be free to do what they want with their money and Internet gambling is likely impossible to shut down entirely anyway, given the nature of the Internet.
• Antitrust: “Market power” and “code failures” are best dealt with by spontaneous evolution of markets and new entry, not bureaucratic micro-management of old technologies or market structures. Regulation often creates, or tends to foster, most monopolies. As Ithiel de Sola Pool once noted, “The force that preserves most monopoly privilege is law… most would vanish in the absence of enforcement.”
• IP issues: Cyber-libertarians are deeply divided over IP issues (especially copyright) and this reflects a long-standing division within libertarian ranks on these issues more generally. Some believe IP rights are a natural extension of traditional property rights and/or a sensible way to incentivize scientific and artistic creativity. Others believe no one has a right to “property-tize” intangible creations or that copyright is simply industrial protectionism. And there are many views in between.

VII. Prospects for Cyber-Libertarianism

A. The Pessimistic View

• Government’s will quash online freedom and bring the Internet under their thumbs.
• Regulatory efforts are expanding at a breathtaking pace and will not slow anytime soon.

B. The Optimistic View

• “Technologies of Freedom” (tools and methods to avoid online regulation, censorship and control) will ultimately triumph.
• Technology is evolving faster than government’s ability to regulate it.

VIII. Related Reading on Cyber-Libertarianism & Internet Exceptionalism

• John Perry Barlow, Declaration of the Independence of Cyberspace (1996).
• Tom W. Bell, Free Speech, Strict Scrutiny, and Self-Help: How Technology Upgrades Constitutional Jurisprudence , 87 U. Minn. L. Rev. 743 (2003).
• Esther Dyson, George Gilder, George Keyworth, & Alvin Toffler, The Progress & Freedom Foundation, A Magna Carta for the Knowledge Age (1994).
• Eric Goldman, The Third Wave of Internet Exceptionalism, Santa Clara Magazine (Winter 2008).
• H. Brian Holland, In Defense of Online Intermediary Immunity: Facilitating Communities of Modified Exceptionalism, Kansas L. Rev. (2007).
• Peter Huber, Law & Disorder in Cyberspace: Abolish the FCC and Let Common Law Rule the Telecosm (1997).
• Ithiel de Sola Pool, Technologies of Freedom (1983).
• David Post, In Search of Jefferson’s Moose: Notes on the State of Cyberspace (2009).
• Adam Thierer, The Pragmatic Internet Optimist’s Creed, Technology Liberation Front Blog (Nov. 11, 2008).
• Technology Liberation Front Blog, About the Technology Liberation Front (August 2004, revised 2008).

Cyber-Libertarianism: The Case for Real Internet Freedom [Ver 1.0 – Thierer & Szoka] http://d.scribd.com/ScribdViewer.swf?document_id=18490847&access_key=key-14tt6eb4f2cdcil8wnf2&page=1&version=1&viewMode=

This is just a quick reminder to both faithful and fair-weather readers that there are many ways to keep up with what we’re saying here at the Technology Liberation Front, including:

(1) RSS

Subscribe in a Reader

(2) Twitter

(3) Facebook

(4) Daily email alert

(5) Podcast

… Or just make the TLF your browser’s welcome page!  What better way to start each day? Finally, as always, we appreciate your support, attention, tolerance of our rants.

On this episode “Tech Policy Weekly,” Technology Liberation Front contributors Ryan Radia and Berin Szoka join me for a discussion of the flare-up over Facebook’s recent changes to the data retention provisions of its Terms of Use agreement and whether there are any serious privacy issues in play here—or if this is all much ado about nothing. [Ryan blogged about it here, and I did here.]

Earlier this month, Facebook announced changes to the way it handled or retained user data on its site after a user quits Facebook, raising questions about who actually owns that data and whether any privacy issues were raised by the company’s new policy. Following some intense scrutiny in the blogosphere, Facebook decided this week to revert to their old terms of service until they figured out a new approach to data management and ownership.

You can begin listening by downloading the MP3 file here or by just clicking the play button below.  Or subscribe to our Podcast ( iTunes, other).

[display_podcast]

Savvy TLF Readers probably realize that the TLF was preceded by the Animal Liberation Front and Earth Liberation Front.  I suspect neither group has much of a sense of humor (although I’m glad to see from their Wikipedia pages that neither organization appears to have actually killed anyone, despite their use of terrorist tactics).

A TLF reader just called my attention to another group that most definitely does have a sense of humor:  the Beard Liberation Front.  I also discovered the The Hamster Liberation Front through Google.  Then there’s the classic People’s Liberation Front of Judea (or is it the Judean People’s Liberation Front?) from Monty Python’s The Life of Brian:

I often ponder what the TLF is all about.  Of course, our official mission is “keeping politicians’ hands off the ‘net and everything else related to technology.”  You can read more on our “About Us” page.  But this quote from Robert Heinlein‘s 1973 classic Time Enough for Love (among my top five favorite novels) really hits the nail on the head for me:

Throughout history, poverty is the normal condition of man. Advances which permit this norm to be exceeded — here and there, now and then — are the work of an extremely small minority, frequently despised, often condemned, and almost always opposed by all right-thinking people. Whenever this tiny minority is kept from creating, or (as sometimes happens) is driven out of a society, the people then slip back into abject poverty. This is known as “bad luck.”

“Man is the measure of all things,” said Protagoras of Abdera (c. 480-410 B.C.).  So it is for me:  technology is ultimately a means—indeed, the means—by which the condition of humanity is improved.  By “liberating technology”—i.e., defending the freedom to innovate and to profit from bringing innovation to the marketplace—we’re all doing our small part to prevent “right-thinking people” from squelching the creative minority whose toils will sometday take the species to the stars.  

I can’t wait to see what the coming decades will bring.  In the words of the immortal 1970s rock band, Bachman-Turner Overdrive: You ain’t seen nothing yet!  

  (The full version of the video—not the embedded player—includes an ad to buy the song, a new YouTube feature.  Heinlein would be proud.)

As a means of introducing myself to TLF readers, this is an article that I wrote for the PFF blog in September that has not been previously mentioned on the TLF. Most of my other PFF blog posts have been cross-posted by Adam Thierer or Berin Szoka, but I’ve taken ownership of those posts so they appear on my TLF author page.

This is the first in a series of articles that will focus directly on technology instead of technology policy. With an average age of 57, most members of Congress were at least 30 when the IBM PC was introduced in 1981. So it is not surprising that lawmakers have difficulty with cutting-edge technology. The goal of this series is to provide a solid technical foundation for the policy debates that new technologies often trigger. No prior knowledge of the technologies involved is assumed, but no insult to the reader’s intelligence is intended.

This article focuses on cookies–not the cookies you eat, but the cookies associated with browsing the World Wide Web. There has been public concern over the privacy implications of cookies since they were first developed. But to understand them , you must know a bit of history.

According to Tim Berners Lee, the creator of the World Wide Web, “[g]etting people to put data on the Web often was a question of getting them to change perspective, from thinking of the user’s access to it not as interaction with, say, an online library system, but as navigation th[r]ough a set of virtual pages in some abstract space. In this concept, users could bookmark any place and return to it, and could make links into any place from another document. This would give a feeling of persistence, of an ongoing existence, to each page.”[1. Tim Berners-Lee, Weaving The Web: The Original Design and Ultimate Destiny of the World Wide Web. p. 37. Harper Business (2000).] The Web has changed quite a bit since the early 1990s.

Today, websites are much more dynamic and interactive, with every page being customized for each user. Such customization could include automatically selecting the appropriate language for the user based on where they’re located, displaying only content that has been added since the last time the user visited the site, remembering a user who wants to stay logged into a site from a particular computer, or keeping track of items in a virtual shopping cart. These features are simply not possible without the ability for a website to distinguish one user from another and to remember a user as they navigate from one page to another. Today, in the Web 2.0 era, instead of Web pages having persistence (as Berners-Lee described), we have dynamic pages and “user-persistence.”

This paper describes the various methods websites can use to enable user-persistence and how this affects user privacy. But the first thing the reader must realize is that the Web was not initially designed to be interactive; indeed, as the quote above shows, the goal was the exact opposite. Yet interactivity is critical to many of the things we all take for granted about web content and services today.

Stateful Sessions

On the original World Wide Web designed by Berners-Lee (Web 1.0), Web servers responded to each client request without relating that request to previous requests. There was no need to remember what other pages the user had requested because the requests were for static pages. But if you’ve used a Web-based email system like Gmail, Hotmail, Yahoo! Mail, etc., you know that once you log in, the service remembers who you are as you click from message to message. When a website can keep track of a user as they move from page to page within a site it is called a “stateful session.” The website doesn’t necessarily need to know anything about the user, it just needs to be able to distinguish that particular user from all other users. For example, if you go to an online store and place a few items in your virtual shopping cart, the site still does not know your name, email address, or billing information. But it does know what you’ve placed in your cart–or more precisely, it knows what someone using your browser has placed placed in a particular cart. If you leave the site before buying anything and then go back an hour later, it’s possible that the site will have completely forgotten about you. In that case, the unique identifier persists during your “session” on the site, but it doesn’t persist between sessions.

URLs and HTTP Requests

Web 1.0 sites achieve Web page persistence by having a unique address or Uniform Resource Locator (URL) for each Web page, which is displayed in the address bar at the top of your browser as you browse the web. For example, http://www.pff.org/about/ is a simple URL pointing to a specific Web page. Every user that visits the PFF site at www.pff.org and clicks on the “About” link will be taken to the exact same page.

URLs can also store information about the user. For example, if you search for “test” on Google, the URL of the resulting page may look like the following: http://www.google.com/search?q=test&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a.[2. http://googlesystem.blogspot.com/2006/07/meaning-of-parameters-in-google-query.html] The URL contains a number of different pieces of data, separated by ampersands. There is the search query (“q=test”), the character encoding of the input (“ie=utf-8”), the character encoding of the output (“oe=utf-8”), the type and language of the client (“rls=org.mozilla:en-US:official”), and the Web browser used (“client=firefox-a”). None of this information can be used to uniquely identify the user, but this basic example illustrates how URLs can be used to specify more than simply static Web pages–and how some information can be remembered as a user navigates a website even without using cookies. Knowing how this works, you can create your own advanced searches or change the way the results are formatted (e.g., changing the language).

So how did Google know I speak English and use Firefox? That information is included in the HTTP request that my Web browser sends to the Google Web server when it requests a page. HTTP requests specify (among a few other more technical things) the desired language and a “User-Agent” field that includes the name of the browser and sometimes your operating system. This information allows websites to customize their content for different Web browsers (e.g., to ensure that it displays properly). HTTP requests also include your IP address so the Web server knows where to send its response, and geotagging allows Web servers to associate an IP address with a geographic area (though the area is rarely more accurate than the country or state). HTTP requests can also contain HTTP cookies.

HTTP Cookies

URLs can be used to uniquely identify individual users and allow stateful sessions, but unless a user bookmarks the URL containing their unique identifier, there is no way for the site to associate the same unique identifier with the same user on subsequent visits. Another option is to have users create an account and then log in each time they access the site. The website could then include the user’s unique ID in the URL on subsequent pages, so that the user only needs to log in once per session. Having to bookmark or create an account on every site you want to remember you would quickly become unmanageable. It would be nice if mapping and weather websites, for example, just remembered your location. It would be nice if the blogs you follow remembered what post you last read and displayed only unread posts when you next visit their site. What was needed at this point in the Web’s evolution was a way for websites to automatically store a unique identifier on the user’s computer and send it back to the website automatically[3. A site could also try to uniquely identify users by the IP address of their computer, but this is unreliable as there can be many computers behind a firewall sharing a single IP address.]—which is precisely what a cookie does.

To quote Wikipedia,

“HTTP cookies, or more commonly referred to as Web cookies, tracking cookies or just cookies, are parcels of text sent by a server to a Web client (usually a browser) and then sent back unchanged by the client each time it accesses that server. HTTP cookies are used for authenticating, session tracking (state maintenance), and maintaining specific information about users, such as site preferences or the contents of their electronic shopping carts.”

A cookie can contain one or more pieces of data, a description and/or URL for an online description of the cookie, how long the Web browser should store the cookie, and the domain, path, and port that the cookie should be limited to. Cookies can be set to expire after a specified interval, or can be “session cookies” that will expire when the Web browser is closed. When a cookie expires, it is deleted by the Web browser. Unexpired cookies are automatically sent back to the originating Web server when the Web browser makes any subsequent requests to the same server (the same domain, path, and port).

Neither Web servers nor Web browsers are required to support cookies, but a server may refuse to work with a Web browser that does not return the cookie(s) it sends. Cookies do not contain any executable code and are extremely small in size. They only contain data sent by the website and the data is not changed by the client computer, so there generally should be no privacy concerns about sending a cookie back to the website that created it (“First-party cookies”).

First-Party and Third-Party Cookies

Cookies are normally only sent to the server setting them or a server in the same domain ( e.g., a cookie set by mail.google.com could be shared with calendar.google.com). These are called first-party cookies because they’re set by the site displayed in the address bar of the Web browser. These cookies are typically used to tailor the website for the user. Third-party cookies, on the other hand, are typically used by advertising networks to track users across multiple Web sites where the networks have placed advertising–which allows the advertising network to target subsequent advertisements to the user’s presumed interests and also to limit the number of times a user is shown a particular ad. This targeting allows the delivery of “smarter” advertising that is less annoying and more informative to the user–and therefore more valuable to the advertiser, who will be willing to pay websites more for their ad space. However, this targeting also raises privacy concerns.

It is trivial for a Web page to contain images or other components stored on servers in other domains (“third-party elements”). In fact, it is often easier to link to an image already hosted online elsewhere than it is to host an image on your own Website.

Examples:

• Typical first-party embedded image:
• Typical third-party embedded image:

Whenever a Web browser loads a Web page or component of a Web page, it will include in its request for that component any cookies already stored on the user’s computer that are associated with the domain hosting the content. The Web server, in turn, can send a cookie or update a cookie already existing on the user’s computer.

Although your Web browser will not send a third-party cookie to the first-party Web server (and it won’t send a first-party cookie to the third-party Web server), the first-party Web server can send information to the third-party Web server by embedding it in the URL for the third-party content. The most common form of this communication between the sites you visit and the sites they rely on for content or ads is called a “web bug”–a small (usually 1 pixel by 1 pixel) graphic not meant to be noticed by the user. Its purpose is to cause the user’s Web browser to load the third-party embedded content from the external Web server, which will allow the third party (usually an advertising network) to track the user.

• Example third-party embedded web bug:

While this all may seem scary and invasive,the fact that a website or ad network can uniquely identify your browser does not mean that they have any clue who you are. Even if you provide your name, email address, or other personally-identifiable information to the first-party Web site, most sites’ privacy policies state that they will not share this information with their advertising partners. To use a real-world analogy, third-party advertising is equivalent to a marketer in a mall watching you come out of a music store and then offering you a flyer for a concert: The marketer may know that you’re interested in music (because you were shopping at the music store), but they have no idea who you are. And as my colleagues Adam Thierer and Berin Szoka explained in their post on Adblock Plus, websites (especially smaller independent websites) depend on advertising as a source of revenue and to cover their overhead costs.

Alternatives to Cookies

Cookies are not the only way websites can do stateful sessions. As has already been mentioned, Websites can put unique identifiers in URLs. But custom URLs don’t last between sessions. Websites that need to remember users ( e.g., websites that charge a fee for access) can require users to create an account and log into the site every time they use it.

But most websites do not require users to create an account and log in every time. And more and more users are configuring their Web browsers to delete all cookies when they close the browser. In response, Web site operators have found other methods to uniquely identify users by storing a unique identifier on users’ computers.

The cookie alternatives listed below are not any more or less invasive of privacy than cookies if the user is aware of them and manages them the same way they manage cookies. But most Web browsers don’t give users the same amount of control over cookie alternatives that they do over cookies, and few users know about these alternatives.

Per-session cookie alternatives – These cookie alternatives are not saved to disk and thus are not accessible after you close your Web browser.

• Hidden form fields – Web pages can contain hidden Web forms that submit data back to the Web server when an on-screen button is pressed. This method is quite limited because it requires the user to click a specific button, and there is no method for saving data after you’ve navigated away from the site. Beyond these limitations, the only way to detect hidden form fields is to inspect the HTML code for a page. There is also no easy way to block hidden form fields.
• window.name – JavaScript embedded in a Web page can set or read the this internal value that’s not really used for anything else. The value can be up to 32 megabytes in size and once set a value can be accessed by any Web site. Although the only way to detect this is to inspect the HTML code for a page, you can disable JavaScript.

Persistent cookie alternatives – These cookie alternatives are like cookies in that they are saved on your computer and can be accessed even after you’ve closed your Web browser.

• Flash Cookies – Also known as Local Shared Objects, Flash cookies require Adobe Flash to be installed on your computer. Whereas HTTP cookies are limited to 4 kilobytes, Flash cookies can contain up to 100 kilobytes by default and can contain an unlimited amount of data if the user desires. To view and delete the Flash cookies stored on your computer, go to this page (although accessed via a Web page, the Flash cookies shown are stored on your computer). You can also permanently disable Flash cookies on that page.
• DOM Storage – DOM storage was designed specifically to allow Web 2.0 applications to work offline, saving data locally when they are unable to access the host website and to save data that would otherwise be lost if a page is accidentally reloaded. DOM storage is currently only implemented in Firefox (and Internet Explorer 8 Beta). If cookies are disabled, DOM storage is also disabled. Users can also manually disable DOM storage even when cookies are enabled.
• userData behavior – The userData behavior does for Internet Explorer what DOM storage does for Firefox. Each “document” is limited to 128 kilobytes of storage, with a per-domain limit of 1024 kilobytes. The data is stored in Internet Explorer’s cache and are deleted when you delete cookies using the Delete Browsing History dialog box.

Conclusion

This article should give you a better sense of what cookies are used for and how they work. You should now see that per-session cookies and cookie alternatives are completely harmless. Persistent cookies (and cookie alternatives) can make your Web browsing a bit easier, but deleting them will not (in most cases) cause any problems. If you are concerned about your privacy, you will need to do a bit more than just delete cookies–you also need to delete or disable the above-mentioned cookie alternatives.

As TLF readers may know, I took over in July as Chairman of the Board of the Space Frontier Foundation.  As I explained in my recent interview on The Space Show, SFF has been the leading citizens’ advocacy group for space commercialization since 1988.  Dedicated to promoting Princeton physicist Gerard O’Neill‘s vision of space settlement, as described in his 1976 masterpiece The High Frontier, the Foundation has always argued that “space is a place, not a program.”

We sent out the following press release on October 28, calling for a major transformation of the U.S. government’s space program by which the U.S. government would buy commercial transportation to the International Space Station.  We’ll have more to say about this in the coming weeks.

Space Frontier Foundation Finds Funding Source for COTS-D

The Space Frontier Foundation today called upon Presidential candidates Barack Obama and John McCain to invest the $2 billion in new funds they have promised to NASA for reducing the “Gap” in U.S. human spaceflight (after the Space Shuttle is retired in 2010) to spur innovation and competition in America.

Foundation Chairman Berin Szoka said “It’s time that our national leaders give American entrepreneurs a shot at closing this gap. Let’s take the two billion dollars in the candidates’ plans and fund up to five winners of COTS-D.”

The NASA Authorization Act of 2008, recently signed into law by the President, directs NASA to “issue a notice of intent [by mid-April 2009] … to enter into a funded, competitively awarded Space Act Agreement with two or more commercial entities’ for transporting humans to the ISS”-the “Capability D” of NASA’s Commercial Orbital Transportation Services program (or COTS-D for short). But that directive is not yet funded.

Szoka continued, “Let’s have an American competition in space – to create good jobs, fuel innovation, and close the gap more quickly. With private funds matching government’s investment, we can dramatically leverage the $2 billion to produce breakthroughs in a new American industry – commercial orbital human spaceflight.”

By investing in several different approaches, the government will win no matter who wins this new race, and also benefit from the resulting price competition.

Many American companies, including Boeing, PlanetSpace, SpaceDev, SpaceX, and t/Space have each previously submitted credible COTS-D proposals to NASA. Each of these firms has reached the semi-finals of one of the previous NASA COTS competitions. Increasing funding for COTS by $2 billion would allow NASA to fund all five of these promising companies’ proposals with COTS agreements, and in so doing, build redundancy into the human spaceflight capability available to NASA and other customers.

“It’s popular in Washington to use ‘The Gap’ to cynically justify continued funding of an expensive jobs program,” concluded the Foundation’s co-founder, Bob Werb. “We’re using ‘The Gap’ to advocate a policy that will bridge a gap that matters much more: the chasm between a dying government Human spaceflight monopoly and an emerging, free and competitive marketplace that can open the space frontier to everyone.”

The Federal Circuit significantly limited the patentability of software and business methods today.  Mike Masnick at TechDirt summarizes the holding of the case as follows:

the court has said that there’s a two-pronged test to determine whether a software of business method process patent is valid: (1) it is tied to a particular machine or apparatus, or (2) it transforms a particular article into a different state or thing. In other words, pure software or business method patents that are neither tied to a specific machine nor change something into a different state are not patentable.

I’m sure several of my TLF colleagues will have a great deal to say about this.   Tim Lee has already written about this on Ars Technica:

The Bilski decision, then, is a clear signal that the pendulum has begun to swing back toward tighter limits on software and business patents. However, it remains to be seen how far the court will go in this direction. Bilski was a relatively easy case. The applicant made little effort to hide the fact that he was seeking to patent a mental process, something the Supreme Court has clearly said is not allowed. Therefore, the Federal Circuit’s rejection of this patent doesn’t tell us how it will rule when confronted with software or business method patents that are tied more directly to a physical machine or a transformation of matter. And indeed, the Federal Circuit reiterated that some software and business method patents are valid, so we are unlikely to return to the near-prohibition on such patents that prevailed until the early 1980s.

Thoughts?

Debates about online privacy often seem to assume relatively homogeneous privacy preferences among Internet users.  But the reality is that users vary widely, with many people demonstrating that they just don’t care who sees what they do, post or say online.   Attitudes vary from application to application, of course, but that’s precisely the point:  While many reflexively talk about the “importance of privacy” as if a monolith of users held a single opinion, no clear consensus exists for all users, all applications and all situations.  

If a picture is worth a thousand words, this picture makes the point brilliantly—showing:

locations where [Flickr] users are more likely to post their photos as “public,” which is the default setting, in green. Places where Flickr users are more likely to put privacy controls on their photos show up in red.

Of course, geography is just one dimension across which users may vary in their attitudes about privacy, but the map makes the basic point about variation very well.  Seeing what users actually do in real life says a lot more about their preferences than merely polling them about what they think they care about in the abstract—as my colleagues Solveig Singleton and Jim Harper argued brilliantly in their 2001 paper With A Grain of Salt: What Consumer Privacy Surveys Don’t Tell Us (SSRN).

Google has just announced that it is now accepting applications from undergraduate, graduate and professional students for its summer 2009 Google Policy Fellowship.  Three think tanks employing TLFers are among the host organizations participating in the program: The Progress & Freedom Foundation, the Cato Institute and the Competitive Enterprise Institute. 

Applications are due by December 12, 2008.  The program will run for ten weeks during the summer of 2009 (June-August). Apply today!

The Progress & Freedom Foundation has just launched the new Center for Internet Freedom.  CIF offers an alternative to the proliferation of advocacy groups calling for government intervention online by offering timely analyses and critiques of proposals that diminish the vital role of free markets, free speech and property rights.  We aim to drive the Internet policy debate in new directions by emphasizing a layered approach of technological innovation, user education, user self-help, industry self-regulation, and the enforcement of existing laws consistent with the First Amendment.  Such an approach is a less restrictive—and generally more effective—alternative to increased regulation.  

Here are some of the issues I’ll be working on as CIF’s Director in conjunction with my esteemed colleagues Adam Thierer, Adam Marcus, and adjunct fellows: 

• Defending online advertising as the lifeblood of online content & services, especially in the “Long Tail”;
• Emphasizing market solutions to problems of privacy protection, especially regarding the use of cookies and packet inspection data;
• Protecting online speech and expression both in the U.S. and abroad;
• Defending Section 230 immunity for Internet intermediaries;
• Opposing online taxation and legal barriers to e-commerce and digital payments, especially at the state and local levels; and
• Ensuring that Internet governance remains transparent and accountable without hampering the evolution of the Internet.

Want an easy way of keeping up with the TLF?  Follow us on Twitter!  Each new TLF posting will show up as a Tweet that starts with “TLF Blog: ” followed by the subject line of the blog piece and a link back to the blog entry so you can read the whole piece if you want to.  TLFers may also Twitter links to news stories and events that don’t merit a full blog entry.  Think of it as TLF-lite!

For PC users, I highly recommend the open source Digsby as a client that can support Twitter, Facebook and just about any instant messaging protocol you might use (except, sadly, Skype).

Congress has very wisely cancelled the National Reconnaissance Office’s proposed Broad Area Space-Based Imagery Collection (BASIC) satellite system. The proposal to build two new imaging satellites at a cost to taxpayers of $1.7 billion would have represented a major break from what is possibly the U.S. government’s most successful effort to promote space commercialization to date: buying the imagery it needs from commercial providers, who can also sell imagery to other buyers.

Five years ago, the idea that Internet users could pull up a satellite image of just about any location on the planet at a whim would have seemed ludicrous. Yet that’s precisely what websites like Google Maps and Microsoft’s Live Search offer today—for free! Desktop applications like Microsoft’s Virtual Earth and Google Earth offer even more advanced geospatial tools—again, for free. But of course this library of incredibly rich imagery didn’t just “fall out of the sky,” as they say. It was collected by a handful of expensive commercial remote sensing satellites whose construction was made possible by the National Geospatial-Intelligence Agency‘s (Wikipedia) extraordinarily successful “Nextview” program implemented under the Commercial Remote Sensing Policy of 2003.  Rather than having the Federal government build its own satellites—and pay for the entire cost of the satatellites—the NGA very wisely chose to buy imagery from commercial providers in two ~$500 million, 4-year contracts with U.S. satellite imagery companies:  DigitalGlobe in 2003 and OrbImage (now GeoEye) in 2004.  

These long-term purchase agreements essentially made the U.S. Government the “anchor tenant” in a new class of remote sensing satellites, providing the initial funding for both companies to build and operate their satellites. But because the companies sell roughly half of imagery to foreign governments and commercial buyers like Google and Microsoft, these deals have saved U.S taxpayers money for the purchase of imagery for a wide variety of needs, ranging from agricultural monitoring to military intelligence. At the same time, the Nextview contracts have given birth to a vibrant geospatial industry whose immediate benefits should be obvious to anyone who’s ever pulled up a satellite map online and whose macroeconomic impact is potentially enormous. 

So why mess with success?  If the U.S. Government thinks it needs more satellite imagery, why not simply award another long-term purchase agreement to a commercial provider? Besides reducing the burden on the taxpayers, continuing the NextView approach would support the construction of a new generation of commercial satellites like GeoEye-1, which was launched just last month, and DigitalGlobe’s WorldView-1, launched last year.  Rather than rolling back NextView in favor of building its own systems, the U.S. Government should be looking for other space services it can buy on a commercial basis as a way of building industries rather than programs, ranging from sending crew & cargo to the International Space Station to communications and navigation services for NASA’s planned Return to the Moon.

Rather than giving up on the NextView approach in the area where it has already produced spectacular results, the U.S. government should be looking for other areas in which to apply the NextView model by buying space services from commercial providers.

Full disclosure: I was proud to handle FCC matters for GeoEye while practicing law at Latham & Watkins LLP. I currently have no greater personal interest in their success than should any American who wants to see the private sector succeed where the government has failed in opening up the space frontier to all mankind.

Hello, and welcome to the Technology Liberation Front blog. Does the world really need another blog, you might ask? Well, yes, on this issue the world most certainly does need another blog because there’s not another one like this out there.

Do you remember when politicians would run around saying government should keep its “Hands off the Net”? It was nice rhetoric while it lasted but, ultimately, it was a hollow promise. Today the government has its hands all over the Internet. It’s difficult to name an area where lawmakers and regulators are not currently promulgating or considering rules and regulations for the high-technology and communications sectors.

This is why this site is needed. We aim to report on, and hopefully help to reverse, this dangerous trend of over-regulation of the Internet, communications, media and high-technology in general. We will not hide our love of liberty on this site and we will take every opportunity to castigate those who call for expanding the reach of government into these fields.

Second, this will be what you might call a full-service technology policy blog. While there are other technology blogs out there, those dealing with public policy often seem to be focused on just a few core issues. In particular, copyright law dominates the discussion on many blogs these days. While that’s understandable given the increasing intersection of copyright law and technology policy, one wonders why other sites haven’t popped up to cover a broader array of topics in our exploding universe of high technology pubic policy issues, including: First Amendment & free speech concerns; regulation of e-commerce markets and online services; privacy regulation; SPAM; spectrum management policy and wireless issues; broadcast television and radio regulation; media ownership / concentration concerns; traditional telecom regulatory policy; broadband Internet deployment policy; cable regulation; VoIP issues; network regulation and open access mandates; Internet taxation; online gambling; cyber-surveillance issues; and the role of the Federal Communications Commission and other regulatory agencies in the Information Age. And that just scratches the surface of what we’ll be covering here.

Third, this blog is not a one-man show. We have brought together several of the brightest and most provocative minds in the field of technology public policy today to compile and comment on the important developments of the day. This will help us keep the site fresh, entertaining and informative.

We hope you enjoy the site and will pass word on to friends who might also be interested in these issues. We also hope you will be willing to provide feedback on our entries and please let us know how we can improve the site to make it more useful and consumer-friendly.

Viva la (Technology) Revolution!