I’ve been floating around in conservative policy circles for 30 years and I have spent much of that time covering media policy and child safety issues. My time in conservative circles began in 1992 with a 9-year stint at the Heritage Foundation, where I launched the organization’s policy efforts on media regulation, the Internet, and digital technology. Meanwhile, my work on child safety has spanned 4 think tanks, multiple blue ribbon child safety commissions, countless essays, dozens of filings and testimonies, and even a multi-edition book.

During this three-decade run, I’ve tried my hardest to find balanced ways of addressing some of the legitimate concerns that many conservatives have about kids, media content, and online safety issues. Raising kids is the hardest job in the world. My daughter and son are now off at college, but the last twenty years of helping them figure out how to navigate the world and all the challenges it poses was filled with difficulties. This was especially true because my daughter and son faced completely different challenges when it came to media content and online interactions. Simply put, there is no one-size-fits-all playbook when it comes to raising kids or addressing concerns about healthy media interactions.

Something Must Be Done!

My personal approach, as I summarized in my book on these issues, was to first and foremost do everything in my power to (a) keep an open mind about new media content and platforms, and (b) ensure an open line of ongoing communication with my kids about the issues they might be facing. Shutting down conversation or calling for others to come in and save the day were the worst two options, in my opinion. As I summarized in my book, “At the end of the day, there is simply no substitute for talking to our children in an open, loving, and understanding fashion about the realities of-this world, including the more distasteful bits.” This was my Parental Prime Directive, if you will. I just always wanted to make sure that my kids felt like they could talk to me about their issues, no matter how varied, horrible, or heart-breaking those problems might be.

When talking with other parents through the years, I’ve heard about their own unique concerns and struggles. Every family faces different challenges because no two kids or situations are alike. Moreover, the challenges can feel overwhelming in our modern world of information abundance, which is flush with ubiquitous communications and media options. Sometimes these parental frustrations can fester and grow into a sort of rage until you finally hear folks utter that famous phrase: Something must be done! And that “something” is often some sort of government regulation “for the children.”

Again, I get it. When all your best efforts to help or protect your kids don’t seem to work according to plan, it’s only natural to call for help. But there are very serious problems associated with calling on government for that help. When legislators and regulators are asked to play the role of National Nanny, it comes with all the same baggage that accompanies many other efforts by the government to intervene in our lives or control what people or organizations can say or do.

Conservative Contradictions

These are particularly sensitive issues for many conservatives, both because conservatives tend to have more heightened concerns about media content and online safety issues, and also because the steps they often recommend to address these issues can quickly come into conflict with their own first principles.

Let me run through six ways that support for media content controls and child safety regulations can sometimes run afoul of conservative principles.

1) It’s a rejection of personal responsibility

Again, I understand all too well how hard parenting can be. But that does not mean we should abdicate our parental responsibilities to the State. Conservatives have spent decades fighting government when it comes to broken schools and the supposed brainwashing many kids get in them. The rallying cry of conservatives has long been: Let us have a greater say in how we raise and educate our children because the State is failing us or betraying our values.

Thus, when conservatives suggest that the State should be making decisions for us as it pertains to anything the government says is a “child safety” issue, there is some serious cognitive dissonance going on there. In his humorous Devil’s Dictionary, Ambrose Bierce jokingly defined responsibility as, “A detachable burden easily shifted to the shoulders of God, Fate, Fortune, Luck or one’s neighbor. In the days of astrology it was customary to unload it upon a star.” For parental responsibility to actually mean something, it has to be more than a “detachable burden” that we unload upon government.

2) It’s an embrace of the administrative state & arbitrary rule by unelected bureaucrats

Beyond the classroom, conservatives have long been concerned about the specter of massive administrative agencies and armies of unelected bureaucrats controlling our lives from the shadows. I’ve spent decades working with conservative organizations and scholars trying to get the administrative state under some control to scale back its enormous power, arbitrary edicts, and costly burdens. Over-criminalization has become such a problem that, according to the Heritage Foundation, “regulatory offenses… have proliferated to the point that, literally, nobody knows how many federal criminal regulations exist today.” We’re all criminals of some sort in the eyes of the modern regulatory state.

Yet, when conservatives advocate the expansion of the administrative state through new “online safety” regulations, they are just making the over-criminalization problem worse, including by treating our own children as guilty parties for simply trying to access the primary media platforms of their generation and interact with their friends there. For example, calls to ban all teens from social media until they’re 18 would result in the most massive “forbidden fruit” nightmare in American history, with every teen suddenly becoming a criminal actor and working together to tunnel around bans using the same sort of VPNs and evasion technologies people in China and other repressive nations use to get around over-bearing speech policies. [See: “Again, We Should Not Ban All Teens from Social Media”]

Needless to say, all this regulation and bureaucratic empowerment would have massive negative externalities for online freedom more generally as the era of “permissionless innovation” is replaced by a new age of permission-slip regulation.

3) It’s a rejection of the First Amendment & free speech rights

Conservatives have spent many decades pushing for greater First Amendment-based freedoms as it pertains to religious liberty and or organizational/corporate speech issues. Thus, when conservatives seek to undermine free speech principles and jurisprudence in the name of child safety, it could undo everything conservatives have been fighting to accomplish in those other contexts.

Conservatives are understandably upset with some social media platforms for being too over-zealous with certain types of speech takedowns or de-platformings. But two wrongs don’t make a right, and they should not be calling on Big Government to be imposing its own editorial judgments in place of private actors. [See: “The Great Deplatforming of 2021“ and “When It Comes to Fighting Social Media Bias, More Regulation Is Not the Answer.“]

4) It’s a rejection of property rights and freedom more generally

Related to the previous two points, conservatives have long upheld the sanctity of property rights in many different contexts. This includes the property rights that private establishments enjoy under the Constitution to generally decide how to structure their operations, who they will do business with, and how they will do so. Private organizations and religious institutions possess not only free speech rights in this regard, but property and contractual rights, too.

But when it comes to “child safety” mandates, some conservatives would toss all this out the window and undermine those rights, replacing them with burdensome regulatory mandates that tell private parties how to conduct their affairs. Again, there’s a lot of cognitive dissonance going on here and it could have serious blowback for conservatives when the property / contractual rights of other people or organizations are undermined on similar grounds.

5) It’s an embrace of frivolous lawsuits & the trial lawyers that bring them

The last time I checked, trial lawyers were not exactly the most conservative-friendly constituency. For many decades, conservatives have looked to advance tort reform, limit junk science and frivolous lawsuits, and make sure that the courts don’t engage in excessive judicial activism.

Unfortunately, many of the child safety regulations being proposed today would empower the regulatory state and trial lawyers at the same time. Many of the bills being floated open the door to open-ended litigation and potentially punishing liability for private platforms — and not just against deep-pocketed “Big Tech” companies. The fact is, once conservatives open the litigation floodgates based on amorphous accusations of potential online safety harms, they will be empowering the tort bar (one of the biggest supporters of the Democratic Party, no less) to launch a legal jihad against any and every media platform out there. Good luck putting that genie back in the bottle once you unleash it.

6) It’s an embrace of the same moral panic arguments your parents leveled against you

How quickly we forget the accusations our own parents and others leveled against us as children. Remember when video games were going to make us a lost generation of murderous youth? Or when rap and rock-and-roll music were going to send us straight to hell? Today, those kids are all grown up and trying to tell us that they are fine but it’s this latest generation that is doomed. It’s just an endless generational cycle of moral panics. [See: “Why Do We Always Sell the Next Generation Short?” and “Confessions of a ‘Vidiot’: 50 Years of Video Games & Moral Panics”] Today’s conservatives need to remember that they, too, were once kids and somehow muddled through to adulthood.

The “3-E” Approach Is the Better Answer

At this point, some of the people who’ve read this far are screaming at the screen: “So, are you saying we should just do nothing!?”

Absolutely not. But it is important that we consider less onerous and more practical ways to address these challenging issues without falling prey to Big Government gimmicks that would undermine other important principles. We should start by acknowledging that there are no easy fixes or silver-bullet solutions. The plain truth of the matter is that the best solutions here can seem messy and unsatisfying to many because they require enormous ongoing efforts to mentor and assist our kids at a far deeper level than some folks are comfortable with.

For example, it is just insanely uncomfortable to have to speak with your kids about online bullying or harassment, pornography, violence in movies and games, hate speech, and so on. And I haven’t even mentioned the hardest things to talk to kids about: The daily news of the real world: wars, violence, tragic accidents, famines, etc. Honestly, the hardest conversations I’ve had to have with my kids were those about school shootings. By comparison, many other discussions about online content and interactions were much easier. To the extent that we’re attempting to measure and address negative media affects, I firmly believe that there a few things in this world more horrifying to kids — or harder to talk with them about — than the first 10 minutes of what’s on cable news each hour of the day.

Regardless, whether we’re talking about the potential “harms” or mass media or online content, we cannot pretend there exists a simple solution to any of it. Here’s the better approach.

I recently authored a study for the American Enterprise Institute on, “Governing Emerging Technology in an Age of Policy Fragmentation and Disequilibrium.” It was my attempt to sketch out a flexible, pragmatic, bottom-up set of governance principles for modern technology platforms and issues. In that report, I noted how “[t]he First Amendment constitutes a particularly high barrier to the use of hard law in the United States,” and that court challenges were likely to continue to block many of the regulatory efforts being floated today, just as been the case countless times before in recent decades. Thus, we need to have backup approaches to online safety beyond one-size-fits-all regulatory Hail Mary passes.

I have described that backup plan as the “3-E” approach or “layered approach” to online safety:

• Empowerment of parents: Parental controls cannot solve all the world’s problems. It’s better to view them as helpful speed bumps or emergency alerts for when things are going badly for your child. In the old days, we placed a lot of faith in filtering, and that still has a role along with other tools that help place some reasonable limits not only on content but also overall consumption. But the best types of parental empowerment are those that force conversations between parents and kids by allowing reasonable monitoring to happen that is scaled by age (as in more limits for younger kids until they are gradually relaxed over time). And other carrot-and-stick tools and approaches are incredibly useful in helping parents place smart limits on youth activity and overall consumption.
• Education of youth: Education is the strategy with the most lasting impact for online safety. Education and digital literacy provide skills and wisdom that can last a lifetime. Specifically, education can help teach both kids (and adults!) how to behave in — or respond to — a wide variety of situations. Building resiliency and encouraging healthy interactions is the goal.
• Enforcement of existing laws: There are many sensible and straightforward laws already in place that address more concrete types of harm and harassment. And we have lots of laws pertaining to fraud and unfair and deceptive practices. Sometimes these rules can be challenging (and time-consuming) to enforce, but they constitute an existing backstop that can handle most worst-case scenarios when other less-restrictive steps fall short. And we should certainly tap these existing remedies before advancing unworkable new regulatory regimes.

I noted in my AEI study that, between 2000 and 2010, six major online-safety task forces or blue-ribbon commissions were formed to study online-safety issues and consider what should be done to address them. Each of them recommended some variant of the “3-E” approach as they encouraged a variety of best practices, educational approaches, and technological-empowerment solutions to address various safety concerns. Self-regulatory codes, private content-rating systems, and a wide variety of different parental-control technologies all proliferated during this period. Many multi-stakeholder initiatives and other organizations were also formed to address governance issues collaboratively. There are countless groups doing important work on this front today, including my old friends at the Family Online Safety Institute (FOSI) among many others.

These organizations push for a layered approach to online safety and work closely with educators, child development experts, and other academics and activists to find workable solutions to new online safety challenges as they arise. Their work is never done, and at times it can feel overwhelming. But, again, it’s the nature of the task at hand. We all must work together to continuously devise new and better approaches to addressing these challenges, because they will be endless. But let’s please not expect that we can unload these responsibilities on government and expect regulators to somehow handle it for us.

Do the Ends Justify the Means When it Comes to Media & Content Control?

I could be wasting my breath here because I’ve been attempting to appeal to conservative principles that may be rapidly disappearing from the modern conservative movement. Donald Trump radically disrupted everything in American politics, but especially the Republican Party. Many so-called national conservatives now live by Trump’s central operating principle: The ends justify the means. The ends are “owning the libs” in any way possible. And “the libs” include not only anyone on the Left of the political spectrum, but even those individuals and institutions that Trumpian conservatives believe are “the enemy” and controlled by “liberal interests.” By their definition, this now includes virtually all large media and technology companies and platforms. Thus, when we turn to the means, it’s increasingly the case that just about anything goes — including many traditional conservative principles.

To see how far we’ve come, recall what President Ronald Reagan said 35 years ago when vetoing an effort to reinstate the Fairness Doctrine. “History has shown that the dangers of an overly timid or biased press cannot be averted through bureaucratic regulation, but only through the freedom and compe­tition that the First Amendment sought to guarantee,” he said. At the time, President Reagan was confronted with some of the same arguments we hear today about media being too biased or conservatives not getting a fair shake. But he called upon his fellow conservatives to reject the idea that Big Government was the solution to such problems.

Unfortunately, Mr. Trump and some of his most loyal followers and even some major conservative groups today have largely given up on this logic and instead embraced regulation. While Trumpian conservatives love to decry everyone they oppose as “communists,” ironically it is this same group that is embracing a sort of communications collectivism as it pertains to modern media control. In the Trumpian worldview, media and tech platforms are useful only to the extent they carry out the will of the party — or at least the man on top of it.

These national conservatives have made a horrible miscalculation. Feeling aggrieved by Big Tech “bias,” or just feeling overwhelmed by things they don’t like about online platforms, they’ve decided that two wrongs make a right. In reality, two political wrongs never make a right, but they almost always combine to make government a lot bigger and more powerful.

It’s an incredibly naïve gamble almost certainly destined to fail, but they should ask themselves what it means if it works. This endless ratcheting effect will result in comprehensive state control of most channels of communications and information dissemination. Is this a game that you really think you can play better than the Lefties?

I’ll close by returning to one of Reagan’s favorite jokes. He always used to say that, “The nine most terrifying words in the English language are: I’m from the government and I’m here to help.” I would suggest that an even scarier version of that line would be, “We’re from the government and we’re here to help you parent your kids.”

Don’t let it be you uttering that line.

______________

Additional Reading

· Adam Thierer, “Again, We Should Not Ban All Teens from Social Media”

· Adam Thierer, “Why Do We Always Sell the Next Generation Short?”

· Adam Thierer, “The Classical Liberal Approach to Digital Media Free Speech Issues”

· Adam Thierer, “Confessions of a ‘Vidiot’: 50 Years of Video Games & Moral Panics”

· Adam Thierer, “Left and right take aim at Big Tech — and the First Amendment“

· Adam Thierer, “When It Comes to Fighting Social Media Bias, More Regulation Is Not the Answer“

· Adam Thierer, “Ongoing Series: Moral Panics / Techno-Panics”

· Adam Thierer, “No Goldilocks Formula for Content Moderation in Social Media or the Metaverse, But Algorithms Still Help”

· Adam Thierer, “FCC’s O’Rielly on First Amendment & Fairness Doctrine Dangers“

· Adam Thierer, “Conservatives & Common Carriage: Contradictions & Challenges“

· Adam Thierer, “The Great Deplatforming of 2021“

· Adam Thierer, “A Good Time to Re-Read Reagan’s Fairness Doctrine Veto“

· Adam Thierer, “Sen. Hawley’s Radical, Paternalistic Plan to Remake the Internet“

· Adam Thierer, “How Conservatives Came to Favor the Fairness Doctrine & Net Neutrality“

· Adam Thierer, “Sen. Hawley’s Moral Panic Over Social Media“

· Adam Thierer, “The White House Social Media Summit and the Return of ‘Regulation by Raised Eyebrow’“

· Adam Thierer, “The Surprising Ideological Origins of Trump’s Communications Collectivism“

· Adam Thierer, Parental Controls & Online Child Protection: A Survey of Tools and Methods (2009).

There is growing interest in the market potential of artificial intelligence (AI) technologies and applications as well as in the potential risks that these technologies might pose. As a result, questions are being raised about the legal and regulatory governance of AI, machine learning, “autonomous” systems, and related robotic and data technologies. Fearing concerns about labor market effects, social inequality, and even physical harm, some have called for precautionary regulations that could have the effect of limiting AI development and deployment. In this paper, we recommend a different policy framework for AI technologies. At this nascent stage of AI technology development, we think a better case can be made for prudence, patience, and a continuing embrace of “permissionless innovation” as it pertains to modern digital technologies. Unless a compelling case can be made that a new invention will bring serious harm to society, innovation should be allowed to continue unabated, and problems, if they develop at all, can be addressed later.

The future of emerging technology policy will be influenced increasingly by the interplay of three interrelated trends: “innovation arbitrage,” “technological civil disobedience,” and “spontaneous private deregulation.” Those terms can be briefly defined as follows:

• “Innovation arbitrage” refers to the idea that innovators can, and will with increasingly regularity, move to those jurisdictions that provide a legal and regulatory environment more hospitable to entrepreneurial activity. Just as capital now fluidly moves around the globe seeking out more friendly regulatory treatment, the same is increasingly true for innovations. And this will also play out domestically as innovators seek to play state and local governments off each other in search of some sort of competitive advantage.
• “Technological civil disobedience” represents the refusal of innovators (individuals, groups, or even corporations) or consumers to obey technology-specific laws or regulations because they find them offensive, confusing, time-consuming, expensive, or perhaps just annoying and irrelevant. New technological devices and platforms are making it easier than ever for the public to openly defy (or perhaps just ignore) rules that limit their freedom to create or use modern technologies.
• “Spontaneous private deregulation” can be thought of as de facto rather than the de jure elimination of traditional laws and regulations owing to a combination of rapid technological change as well the potential threat of innovation arbitrage and technological civil disobedience. In other words, many laws and regulations aren’t being formally removed from the books, but they are being made largely irrelevant by some combination of those factors. “Benign or otherwise, spontaneous deregulation is happening increasingly rapidly and in ever more industries,” noted Benjamin Edelman and Damien Geradin in a Harvard Business Review article on the phenomenon.[1]

I have previously documented examples of these trends in action for technology sectors as varied as drones, driverless cars, genetic testing, Bitcoin, and the sharing economy. (For example, on the theme of global innovation arbitrage, see all these various essays. And on the growth of technological civil disobedience, see, “DOT’s Driverless Cars Guidance: Will ‘Agency Threats’ Rule the Future?” and “Quick Thoughts on FAA’s Proposed Drone Registration System.” I also discuss some of these issues in the second edition of my Permissionless Innovation book.)

In this essay, I want to briefly highlight how, over the course of just the past month, a single company has offered us a powerful example of how both global innovation arbitrage and technological civil disobedience— or at least the threat thereof—might become a more prevalent feature of discussions about the governance of emerging technologies. And, in the process, that could lead to at least the partial spontaneous deregulation of certain sectors or technologies. Finally, I will discuss how this might affect technological governance more generally and accelerate the movement toward so-called “soft law” governance mechanisms as an alternative to traditional regulatory approaches.

Comma.ai Case Study, Part 1: The Innovation Arbitrage Threat

The company I want to highlight is Comma.ai, a start-up that had hoped to sell a $999 after-market kit for vehicles called the “Comma One,” which “would give average, everyday cars autonomous functionality.”[2] Created by famed hacker George Hotz, who as a teenager gained notoriety for being the first person to unlock an iPhone in 2007, the Comma One represents an attempt to create autonomous vehicle tech “on the cheap” by using off-the-shelf cameras and GPS technology combined with a healthy dose of artificial intelligence technology.

But regulators at the National Highway Traffic Safety Administration (NHTSA), the federal agency responsible for road safety and automobile regulation, were none too happy to hear about Hotz’s plan to unleash his technology into the wild without first getting their blessing. On October 27, the agency fired off a nastygram to Hotz saying: “We are concerned that your product would put the safety of your customers and other road users at risk. We strongly encourage you to delay selling or deploying your product on the public roadways unless and until you can ensure it is safe.”

Hotz responded on Twitter promptly and angrily. After posting the full NHTSA letter, he said, “First time I hear from them and they open with threats. No attempt at a dialog.” In a follow-up tweet, he said, “Would much rather spend my life building amazing tech than dealing with regulators and lawyers. It isn’t worth it.” And then he announced that, “The comma one is cancelled. comma.ai will be exploring other products and markets. Hello from Shenzhen, China.” A flood of news articles followed about Hotz’s threat to engage in this sort of global innovation arbitrage by bolting US shores.[3]

Incidentally, what Hotz and Comma.ai were proposing to do with Comma One—i.e., deploy autonomous vehicle tech into the wild without prior regulatory approval—was recently done by Otto, a developer of autonomous trucking technology. As Mark Harris reported on Backchannel:

When Otto performed its test drive — the one shown in the May video — it did so despite a clear warning from Nevada’s Department of Motor Vehicles (DMV) that it would be violating the state’s autonomous vehicle regulations. When the DMV realized that Otto had gone ahead anyway, one official called the drive “illegal” and even threatened to shut down the agency’s autonomous vehicle program.”[4]

While Nevada regulators were busy firing off angry letters, Otto was busy doing even more testing in others states (like Ohio), which are eager to make their jurisdictions a testbed for autonomous vehicle innovation.[5] In fact, just recently, Ohio Gov. John Kasich announced the creation of the “Smart Mobility Corridor,” which, according to the Dayton Daily News, will be “a 35-mile stretch of U.S. 33 in central Ohio that runs through Logan County. Officials say that section of U.S. 33 will become a corridor where technologies can be safely tested in real-life traffic, aided by a fiber-optic cable network and sensor systems slated for installation next year.”[6]

This is an example of innovation arbitrage will increasingly take root here domestically as well as abroad, and some states (or countries) will use inducements in an effort to lure innovators to their jurisdictions.

Anyway, let’s get back to the Comma One case study. I don’t want to get too sidetracked regarding the merits of the concerns raised by NHTSA in its letter to Hotz and the implications of the agency’s threats for innovation in this space. But EFF board member Brad Templeton did a nice job addressing that issue in an essay about NHTSA’s letter that threatened Comma. As Templeton observed:

I will presume the regulators will say, “We only want to scare away dangerous innovation” but the hard truth is that is a very difficult thing to judge. All innovation in this space is going to be a bit dangerous. It’s all there trying to take the car — the 2nd most dangerous legal consumer product — and make it safer, but it starts from a place of danger. We are not going to get to safety without taking risks along the way.[7]

This gets to the very real trade-offs in play in the debate over driverless car technology and its regulation. In fact, my Mercatus Center colleague Caleb Watney and I recently filed comments [8] with NHTSA addressing the agency’s recently proposed “Federal Automated Vehicles Policy.”[9] We stressed the potentially deleterious implications of prior regulatory restraints on autonomous vehicle innovation by stressing the horrific real-world baseline we live with today, in which over 35,000 people dying on US roadways in 2015 (roughly 96 people per day) and 94 percent of all those crashes being attributable to human error.

Caleb and I noted that, by imposing new preemptive constraints on the coding of superior autonomous driving technology, “NHTSA’s proposed policy for automated vehicles may inadvertently increase the number of total automobile fatalities by delaying the rapid development and diffusion of this life-saving technology.” Needless to say, if that comes to pass, it would be a disaster because “automation on the roads could be the great public-health achievement of the 21st century.”[10]

In our filing, Caleb and I estimated that, “If NHTSA’s proposed premarket approval process slows the deployment of HAVs by 5 percent, we project an additional 15,500 fatalities over the course of the next 31 years. At 10 percent regulatory delay, we project an additional 34,600 fatalities over 33 years. And at 25 percent regulatory delay, we project an additional 112,400 fatalities over 40 years.[11]

So, needless to say, this is a very big deal.

But let’s ignore all those potential foregone benefits for the moment and just stick with the question of whether Hotz’s threat to engage in a bit of global innovation arbitrage (by moving to China or somewhere else) could work, or at least affect policy in some fashion. I think it absolutely could be an effective threat both because (a) policymakers really do want to do everything they can to achieve greater road safety, and (b) the auto sector remains a hugely important industry for the United States, and one that policymakers will want to do everything in their power to retain on our shores.

Moreover, as Templeton observes that “Comma is not the only company trying to build a system with pure neural networks doing the actual steering decisions.” Even if NHTSA succeeds in bringing Comma to heel, there will be others who will follow in its footsteps. It might be a firm like Otto, but there are many other players in this space today, including big dogs like Tesla and Google. If ever there was a truly global technology industry, it the automotive sector. Autonomous vehicle innovation could take root and blossom in almost any country in the world, and many countries will be waiting with open arms if America screws up its regulatory process.

As Templeton concludes:

The USA and California led the way in robocars in part because it was unregulated. In the USA, everything is permitted unless it was explicitly forbidden and nobody thought to write “no robots” in the laws. Progress in other countries where everything is forbidden unless it is permitted was much slower. The USA is moving in the wrong direction.[12]

Comma.ai Case Study, Part 2: The Technological Civil Disobedience Threat

But an interesting thing happened on the way to Comma’s threatened exodus. On November 30, the firm announced that it would now be open sourcing the code for its autonomous vehicle technology. Reporters at The Verge noted that, during a press conference:

Hotz said that Comma.ai decided to go open source in an effort to sidestep NHTSA as well as the California DMV, the latter of which he said showed up to his house on three separate occasions. “NHTSA only regulates physical products that are sold,” Hotz said. “They do not regulate open source software, which is a whole lot more like speech.” He went on to say that “if the US government doesn’t like this [project], I’m sure there are plenty of countries that will.”[13]

So here we see Hotz combining the threat of still potentially taking the project offshore (i.e., global innovation arbitrage) with the suggestion that by open-sourcing the code for Comma One he might be able to get around the law altogether. We might consider that an indirect form of technological civil disobedience.

Incidentally, Hotz may not be aware of the fact that NHTSA is in the process of making a power-play to become a driverless car code cop. While Hotz is technically correct that, under current law, NHTSA officials “do not regulate open source software, which is a whole lot more like speech,” NHTSA’s recent Federal Automated Vehicles Policy claimed that the agency “has authority to regulate the safety of software changes provided by manufacturers after a vehicle’s first sale to a consumer” while also suggesting that the agency “may need to develop additional regulatory tools and rules to regulate the certification and compliance verification of such post-sale software updates.”^[14]

Needless to say, this proposal has important ramifications for not only Comma, but all other firms in this sector. Consider the implications for Tesla’s “autopilot” mode, which is really little more than a string of constantly-evolving code it pushes out to offer greater and greater autonomous driving functionality.  How would that iterative process work if every time Tesla wanted to make a little tweak to its code it had to run to Washington and file paperwork with NHTSA petitioning for permission to experiment and improve their systems? And then think about all the smaller innovators out there who want to be the next Elon Musk or George Hotz but do not yet have the resources or political connections in Washington to even go through this complex and costly process.

In any event, I have no idea if Hotz or Comma.ai will follow through with any of these threats or be successful in doing so. It may be the case that he is just blowing off smoke and that he and his firm will end up staying in the U.S. and perhaps even later reversing course on the decision to open source the Comma code. But to the extent that innovators like Hotz even hint that they might split the country or open source their code to avoid burdensome regulatory regimes, it can have an influence on future policy decisions. Or at least it should.

New Tech Realities & Their Policy Implications

Indeed, the increasing prevalence of global innovation arbitrage and technological civil disobedience raise some interesting issues for the governance of emerging technologies going forward. The traditional regulatory stance toward many existing sectors and technologies will be challenged by these realities. That’s because most of those traditional regulatory systems are highly precautionary, preemptive, and prophylactic in character. They generally opt for policy solutions that are top-down, overly rigid, and bureaucratic.

Of course, in the past, many innovators (especially smaller scale entrepreneurs) really couldn’t do much to avoid similar regulatory systems where they existed. You either fell into line, or else! It wasn’t always clear what “or else!” would entail, but it could range from being denied a permit/license to operate, waiting months or years for rules to emerge, dealing with fines or other penalties, or some combination of all those things. Or perhaps you would just give up on your innovative idea altogether and exit the market.

But the world has changed in some important ways in recent years. Many of the underlying drivers of the digital revolution—massive increases in processing power, exploding storage capacity, steady miniaturization of computing, ubiquitous communications and networking capabilities, the digitization of all data, and more—are beginning to have a profound impact beyond the confines of cyberspace.^[15] As venture capitalist Marc Andreessen explained in a widely read 2011 essay about how “software is eating the world”:

More and more major businesses and industries are being run on software and delivered as online services—from movies to agriculture to national defense. Many of the winners are Silicon Valley-style entrepreneurial technology companies that are invading and overturning established industry structures. Over the next 10 years, I expect many more industries to be disrupted by software, with new world-beating Silicon Valley companies doing the disruption in more cases than not. Why is this happening now? Six decades into the computer revolution, four decades since the invention of the microprocessor, and two decades into the rise of the modern Internet, all of the technology required to transform industries through software finally works and can be widely delivered at global scale.^[16]

We can add to this list of a new realities the more general problem of technology accelerating at an unprecedented pace. This is what philosophers of technology call the “pacing problem.”  In his new book,  A Dangerous Master: How to Keep Technology from Slipping beyond Our Control, Wendell Wallach concisely defined the pacing problem as “the gap between the introduction of a new technology and the establishment of laws, regulations, and oversight mechanisms for shaping its safe development.” “There has always been a pacing problem,” Wallach correctly observed, but like other philosophers, he believes that modern technological innovation is accelerating much faster than it was in the past.[17]

What are the ramifications of all this for policy? As technology lawyer and consultant Larry Downes has noted, lawmaking in the information age is now inexorably governed by the “law of disruption” or the fact that “technology changes exponentially, but social, economic, and legal systems change incrementally.”[18] This law is “a simple but unavoidable principle of modern life,” he said, and it will have profound implications for the way businesses, government, and culture evolve. “As the gap between the old world and the new gets wider,” he argues, “conflicts between social, economic, political, and legal systems” will intensify and “nothing can stop the chaos that will follow.”[19]

The end result of the “law or disruption” and a world relentlessly governed by the ever-accelerating “pacing problem” is that it will be harder than ever to effectively control emerging technologies using traditional legal and regulatory systems and mechanisms. And this makes it even more likely that the related threats of global innovation arbitrage and various forms of technological civil disobedience will become more regular fixtures in debates about many emerging technologies.

New Governance Models

How one reacts to these new realities will depend upon their philosophical disposition toward innovative activities more generally.

Consider first those adhering to a more “precautionary principle” mindset, which I have defined in my recent book as those who believe “that new innovations should be curtailed or disallowed until their developers can prove that they will not cause any harm to individuals, groups, specific entities, cultural norms, or various existing laws, norms, or traditions.”[20]

Needless to say, the precautionary principle crowd with be dismayed by these new trends and perhaps even decry them as “lawlessness.” Some of these folks seem to be in denial about these new realities and pretend that nothing much has changed. Yet, I have found that most precautionary principle-oriented advocates, and even many regulatory agencies themselves, tend to acknowledge these new realities. But they remain very uncertain about how best to respond to them, often just suggesting that we’ll all need to just try harder to impose new and better regulations on a more expedited or streamlined basis.

Of course, those of us who generally embrace the alternative policy vision for technological governance—“permissionless innovation”—are going to be more accepting of the new technological realities I have described, and we will perhaps even work to defend and encourage them. But while I count myself among this crowd, we cannot ignore the fact that many serious challenges will arise when innovation outpaces law or can easily evade it.

There is some middle ground here, although it is very messy middle ground.

The era of technocratic, top-down, one-size-fits-all regulatory regimes is fading, or at least being severely strained. We will instead need to craft flexible and adaptive policies going forward that are bottom-up, flexible, and evolutionary in character.

What that means in practice is that a lot more “soft law” and informal governance mechanisms will become the new norm. I wrote about this new policy environment in my recent essay, “DOT’s Driverless Cars Guidance: Will ‘Agency Threats’ Rule the Future?” as well as this lengthy review of Wendell Wallach’s latest book about technology ethics.  Along with Gary Marchant of the Arizona State University law school, Wallach recently published an excellent book chapter on “Governing the Governance of Emerging Technologies,” which discussed these soft law mechanisms, which include: “codes of conduct, statements of principles, partnership programs, voluntary programs and standards, certifications programs and private industry initiatives.”[21]

Their chapter appears in an important collection of essays that Gary Marchant edited with Kenneth W. Abbott and Braden Allenby entitled, Innovative Governance Models for Emerging Technologies.

What is interesting about the chapters in that book is that seemingly widespread consensus now exists among experts in this field that some combination of these soft law mechanisms are likely to become the primary mode of technological governance for the indefinite future.  This is because, as Marc A. Saner points out in a different chapter of that book, “the control paradigm is too limited to address all the issues that arise in the context of emerging technologies.”[22] By the control paradigm, he generally means traditional administrative regulatory agencies and processes. He and other contributors in the book all seem to agree that the control problem paradigm “has its limits when diffusion, pacing and ethical issues associated with emerging technologies become significant, as is often the case.”[23]

And so the traditional command-and-control ways will gradually give way to a new paradigm for emerging technology governance. In fact, as I noted in my recent essay on driverless cars, we see this happening quite a bit already. “Multistakeholder processes” are already all the rage in the world of emerging technologies and their governance. In recent years, we have seen the White House and various agencies (such as the FTC, NTIA, FDA, and others) craft multistakeholder agreements or best practice guidance documents for technologies as far ranging as:

• Drones & privacy
• Sharing economy
• Internet of Things
• Driverless cars
• Big data
• Artificial intelligence
• Cross-device tracking
• Native advertising
• Online data collection
• Mobile app transparency and security
• Mobile apps for kids
• Mobile medical apps
• Online health advertising
• 3D printing
• Facial recognition

And that list is not comprehensive. I know I am missing other multistakeholder efforts, best practices, or industry guidance documents that have been crafted in recent years.

Of course, many challenging issues need to be sorted out here, most notably: how transparent and accountable will these soft law systems be in practice? How will they be enforced? And what will happen to all those existing laws, regs, and agencies that will continue to exist? More generally, it is worth asking whether we can more closely study these various multistakeholder arrangements and soft law governance mechanisms and determine if there are certain principles or strategies that could be applicable across a wide class of technologies and sectors. In other words, can we a do a better job of “formalizing the informal,” without falling right back into the trap of trying to impose rules in a rigid, top-down, one-size-fits-all fashion?

Conclusion

Those are just a few of the hard questions we will need to consider going forward. For now, however, I think it is safe to conclude that we will no longer see much “law” being made for emerging technologies, at least not in the traditional sense of the term. Thanks to the new technological realities I have described here—and the relentless reality of the “pacing problem” more generally—I believe we are witnessing a wide-ranging and quite profound transformation in how technology is governed in our modern world. And I believe this movement away from traditional “hard law” and toward “soft law” governance mechanisms is likely to accelerate due to the increasing prevalence of innovation arbitrage, technological civil disobedience, and spontaneous private deregulation.

The ramifications of this transformation will be studied by philosophers, legal theorists, and political scientists for many decades to come. But we are still in the early years of this momentous transformation in technological governance and we will continue to struggle to figure out how to make it all work, as messy as it all may be.

[ Note: This essay is condensed from a manuscript I have been working on about The Rise of Technological Civil Disobedience. I’m not sure I will ever get around to finishing it, however, so I thought I would at least post this piece for now. In a subsequent essay, which is also part of that draft manuscript, I hope to discuss how this process might play out for technologies that are “born free” versus those that are “born in captivity.” That is, how likely is it that the trends I discuss here will take hold for technologies that have no pre-existing laws or agencies, while other technologies that are born into a regulatory environment are potentially doomed to be pigeonholed into those old regulatory regimes? What are the chances that the latter technologies can escape captivity and gain the freedom the other technologies already enjoy? How might technology-enabled “spontaneous private deregulation” be accelerated for those sectors? Is that always desirable? Again, I will leave these questions for another day. Scholars and students who are interested in these topics can feel free to contact me if they are interested in discussing them as well as potential paper ideas. Regardless of how you feel about these trends, these issues are ripe for intellectual exploration.]

[1]     Benjamin Edelman and Damien Geradin, “Spontaneous Deregulation,” Harvard Business Review, April 2016, https://hbr.org/2016/04/spontaneous-deregulation.

[2]     Megan Geuss, “After mothballing Comma One, George Hotz releases free autonomous car software,” Ars Technica, November 30, 2016, http://arstechnica.com/cars/2016/11/after-mothballing-comma-one-george-hotz-releases-free-autonomous-car-software.

[3]     See: “NHTSA Scared This Self-Driving Entrepreneur Off the Road,” Bloomberg Technology, October 28, 2016, https://www.bloomberg.com/news/articles/2016-10-28/nhtsa-scared-this-self-driving-entrepreneur-off-the-road; Sean O’Kane, “George Hotz cancels his self-driving car project after NHTSA expresses concern,” The Verge, October 28, 2016, http://www.theverge.com/2016/10/28/13453344/comma-ai-self-driving-car-comma-one-kit-canceled; Brad Templeton, “Comma.ai cancels comma-one add-on box after threats from NHTSA,” Robohub, October 31, 2016, http://robohub.org/comma-ai-cancels-comma-one-add-on-box-after-threats-from-nhtsa.

[4]     Mark Harris, “How Otto Defied Nevada and Scored a $680 Million Payout from Uber,” Backchannel, November 28, 2016,  https://backchannel.com/how-otto-defied-nevada-and-scored-a-680-million-payout-from-uber-496aa07f5ba2#.9rmtb29bl

[5]     Larry E. Hall, “Otto Self-Driving Truck Tests in Ohio; Violated Nevada Regulations,” Hybrid Cars, November 29, 2016, http://www.hybridcars.com/otto-self-driving-truck-tests-in-ohio-violated-nevada-regulations.

[6]     Kara Driscoll, “Ohio to create ‘smart’ road for driverless trucks,” Dayton Daily News, November 30, 2016, http://www.daytondailynews.com/business/ohio-create-smart-road-for-driverless-trucks/25qC7uYjz9rE96q6YFVUUK.

[7]     Brad Templeton, “Comma.ai cancels comma-one add-on box after threats from NHTSA,” Robohub, October 31, 2016, http://robohub.org/comma-ai-cancels-comma-one-add-on-box-after-threats-from-nhtsa/

[8]     Adam Thierer and Caleb Watney, “Comment on the Federal Automated Vehicles Policy,” November 22, 2016, https://www.researchgate.net/publication/311065194_Comment_on_the_Federal_Automated_Vehicles_Policy.

[9]     National Highway Traffic Safety Administration (NHTSA), Federal Automated Vehicles Policy, September 2016.

[10]   Adrienne LaFrance, “Self-Driving Cars Could Save 300,000 Lives per Decade in America,” Atlantic, September 29, 2015

[11]   Adam Thierer and Caleb Watney, “Comment on the Federal Automated Vehicles Policy,” November 22, 2016, https://www.researchgate.net/publication/311065194_Comment_on_the_Federal_Automated_Vehicles_Policy.

[12]   Templeton.

[13]   Sean O’Kane and Lauren Goode, “George Hotz is giving away the code behind his self-driving car project,” The Verge, November 30, 2016, http://www.theverge.com/2016/11/30/13779336/comma-ai-autopilot-canceled-autonomous-car-software-free.

^[14]   NHTSA, Federal Automated Vehicles Policy, 76.

[15]   Adam Thierer, Jerry Brito, and Eli Dourado, “Technology Policy: A Look Ahead,” Technology Liberation Front, May 12, 2014, http://techliberation.com/2014/05/12/technology-policy-a-look-ahead.

[16]   Marc Andreessen, “Why Software Is Eating the World,” Wall Street Journal, August 20, 2011, http://www.wsj.com/articles/SB10001424053111903480904576512250915629460.

[17]   Wendell Wallach, A Dangerous Master: How to Keep Technology from Slipping beyond Our Control (New York: Basic Books, 2015), 60.

[18]   Larry Downes, The Laws of Disruption: Harnessing the New Forces That Govern Life and Business in the Digital Age 2 (2009).

[19]   Id.

[20]   Thierer, Permissionless Innovation, at 1.

[21]   Gary E. Marchant and Wendell Wallach, “Governing the Governance of Emerging Technologies,” in Gary E. Marchant, Kenneth W. Abbott & Braden Allenby (eds.), Innovative Governance Models for Emerging Technologies (Cheltenham, UK: Edward Elgar, 2013), 136.

[22]   Marc A. Saner,  “The Role of Adaptation in the Governance of Emerging Technologies,” in Gary E. Marchant, Kenneth W. Abbott & Braden Allenby (eds.), Innovative Governance Models for Emerging Technologies (Cheltenham, UK: Edward Elgar, 2013), 106.

[23]   Ibid., at 94.

I am pleased to announce the release of my latest book, “Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom.” It’s a short manifesto (just under 100 pages) that condenses — and attempts to make more accessible — arguments that I have developed in various law review articles, working papers, and blog posts over the past few years. I have two goals with this book.

First, I attempt to show how the central fault line in almost all modern technology policy debates revolves around “the permission question,” which asks: Must the creators of new technologies seek the blessing of public officials before they develop and deploy their innovations? How that question is answered depends on the disposition one adopts toward new inventions. Two conflicting attitudes are evident.

One disposition is known as the “precautionary principle.” Generally speaking, it refers to the belief that new innovations should be curtailed or disallowed until their developers can prove that they will not cause any harms to individuals, groups, specific entities, cultural norms, or various existing laws, norms, or traditions.

The other vision can be labeled “permissionless innovation.” It refers to the notion that experimentation with new technologies and business models should generally be permitted by default. Unless a compelling case can be made that a new invention will bring serious harm to society, innovation should be allowed to continue unabated and problems, if they develop at all, can be addressed later.

I argue that we are witnessing a grand clash of visions between these two mindsets today in almost all major technology policy discussions today.

The second major objective of the book, as is made clear by the title, is to make a forceful case in favor of the latter disposition of “permissionless innovation.” I argue that policymakers should unapologetically embrace and defend the permissionless innovation ethos — not just for the Internet but also for all new classes of networked technologies and platforms. Some of the specific case studies discussed in the book include: the “Internet of Things” and wearable technologies, smart cars and autonomous vehicles, commercial drones, 3D printing, and various other new technologies that are just now emerging.

I explain how precautionary principle thinking is increasingly creeping into policy discussions about these technologies. The urge to regulate preemptively in these sectors is driven by a variety of safety, security, and privacy concerns, which are discussed throughout the book. Many of these concerns are valid and deserve serious consideration. However, I argue that if precautionary-minded regulatory solutions are adopted in a preemptive attempt to head-off these concerns, the consequences will be profoundly deleterious.

The central lesson of the booklet is this: Living in constant fear of hypothetical worst-case scenarios — and premising public policy upon them — means that best-case scenarios will never come about. When public policy is shaped by precautionary principle reasoning, it poses a serious threat to technological progress, economic entrepreneurialism, social adaptation, and long-run prosperity.

Again, that doesn’t mean we should ignore the various problems created by these highly disruptive technologies. But how we address these concerns matters greatly. If and when problems develop, there are many less burdensome ways to address them than through preemptive technological controls. The best solutions to complex social problems are almost always organic and “bottom-up” in nature. Luckily, there exists a wide variety of constructive approaches that can be tapped to address or alleviate concerns associated with new innovations. These include:

• education and empowerment efforts (including media literacy, digital citizenship efforts);
• social pressure from activists, academics, and the press and the public more generally.
• voluntary self-regulation and adoption of best practices (including privacy and security “by design” efforts); and,
• increased transparency and awareness-building efforts to enhance consumer knowledge about how new technologies work.

Such solutions are almost always superior to top-down, command-and-control regulatory edits and bureaucratic schemes of a “Mother, May I?” (i.e., permissioned) nature. The problem with “top-down” traditional regulatory systems is that they often tend to be overly-rigid, bureaucratic, inflexible, and slow to adapt to new realities. They focus on preemptive remedies that aim to predict the future, and future hypothetical problems that may not ever come about. Worse yet, administrative regulation generally preempts or prohibits the beneficial experiments that yield new and better ways of doing things. It raises the cost of starting or running a business or non-business venture, and generally discourages activities that benefit society.

To the extent that other public policies are needed to guide technological developments, simple legal principles are greatly preferable to technology-specific, micro-managed regulatory regimes. Again, ex ante (preemptive and precautionary) regulation is often highly inefficient, even dangerous. To the extent that any corrective legal action is needed to address harms, ex post measures, especially via the common law (torts, class actions, etc.), are typically superior. And the Federal Trade Commission will, of course, continue to play a backstop here by utilizing the broad consumer protection powers it possesses under Section 5 of the Federal Trade Commission Act, which prohibits “unfair or deceptive acts or practices in or affecting commerce.” In recent years, the FTC has already brought and settled many cases involving its Section 5 authority to address identity theft and data security matters. If still more is needed, enhanced disclosure and transparency requirements would certainly be superior to outright bans on new forms of experimentation or other forms of heavy-handed technological controls.

In the end, however, I argue that, to the maximum extent possible, our default position toward new forms of technological innovation must remain: “innovation allowed.” That is especially the case because, more often than not, citizens find ways to adapt to technological change by employing a variety of coping mechanisms, new norms, or other creative fixes. We should have a little more faith in the ability of humanity to adapt to the challenges new innovations create for our culture and economy. We have done it countless times before. We are creative, resilient creatures. That’s why I remain so optimistic about our collective ability to confront the challenges posed by these new technologies and prosper in the process.

If you’re interested in taking a look, you can find a free PDF of the book at the Mercatus Center website or you can find out how to order it from there as an eBook. Hardcopies are also available. I’ll be doing more blogging about the book in coming weeks and months. The debate between the “permissionless innovation” and “precautionary principle” worldviews is just getting started and it promises to touch every tech policy debate going forward.

Related Essays :

• “The Growing Conflict of Visions over the Internet of Things & Privacy,” Technology Liberation Front, January 14, 2014.
• “CES 2014 Report: The Internet of Things Arrives, but Will Washington Welcome It?” Technology Liberation Front, January 8, 2014.
• “Who Really Believes in ‘Permissionless Innovation’?” Technology Liberation Front, March 4, 2013.
• “What Does It Mean to ‘Have a Conversation’ about a New Technology?” Technology Liberation Front, May 23, 2013.
• “On the Line between Technology Ethics vs. Technology Policy,” Technology Liberation Front, August 1, 2013.
• “Planning for Hypothetical Horribles in Tech Policy Debates,” Technology Liberation Front, August 6, 2013.
• “Edith Ramirez’s ‘Big Data’ Speech: Privacy Concerns Prompt Precautionary Principle Thinking,” Technology Liberation Front, August 29, 2013.
• “When It Comes to Information Control, Everybody Has a Pet Issue & Everyone Will Be Disappointed,” Technology Liberation Front, April 29, 2011.
• “Copyright, Privacy, Property Rights & Information Control: Common Themes, Common Challenges,” Technology Liberation Front, April 10, 2012.
• “Can We Adapt to the Internet of Things?” IAPP Privacy Perspectives, June 19, 2013.
• “Why Do We Always Sell the Next Generation Short?” Forbes, January 8, 2012.
• “The Six Things That Drive ‘Technopanics,’” Forbes, March 4, 2012.

I’m pleased to announce the release of my latest law review article, “A Framework for Benefit-Cost Analysis in Digital Privacy Debates.” It appears in the new edition of the George Mason University Law Review. (Vol. 20, No. 4, Summer 2013)

This is the second of two complimentary law review articles I am releasing this year dealing with privacy policy. The first, “The Pursuit of Privacy in a World Where Information Control is Failing,” was published in Vol. 36 of the Harvard Journal of Law & Public Policy this Spring. (FYI: Both articles focus on privacy claims made against private actors — namely, efforts to limit private data collection — and not on privacy rights against governments.)

My new article on benefit-cost analysis in privacy debates makes a seemingly contradictory argument: benefit-cost analysis (“BCA”) is extremely challenging in online child safety and digital privacy debates, yet it remains essential that analysts and policymakers attempt to conduct such reviews. While we will never be able to perfectly determine either the benefits or costs of online safety or privacy controls, the very act of conducting a regulatory impact analysis (“RIA”) will help us to better understand the trade-offs associated with various regulatory proposals.

However, precisely because those benefits and costs remain so remarkably subjective and contentious, I argue that we should look to employ less-restrictive solutions — education and awareness efforts, empowerment tools, alternative enforcement mechanisms, etc. — before resorting to potentially costly and cumbersome legal and regulatory regimes that could disrupt the digital economy and the efficient provision of services that consumers desire. This model has worked fairly effectively in the online safety context and can be applied to digital privacy concerns as well.

The article is organized as follows. Part I examines the use of BCA by federal agencies to assess the utility of government regulations. Part II considers how BCA can be applied to online privacy regulation and the challenges federal officials face when determining the potential benefits of regulation. Part III then elaborates on the cost considerations and other trade-offs that regulators face when evaluating the impact of privacy-related regulations. Part IV discusses alternative measures that can be taken by government regulators when attempting to address online safety and privacy concerns. This article concludes that policymakers must consider BCA when proposing new rules but also recognize the utility of alternative remedies such as education and awareness campaigns, to address consumer concerns about online safety and privacy.

I’ve embedded the full article down below in a Scribd reader, but you can also download it from my SSRN page and my Mercatus author page.

A Framework for Benefit-Cost Analysis in Digital Privacy Debates by Adam Thierer

It was, to paraphrase Yogi Berra, déjà vu all over again.  Fielding calls last week from journalists about reports the NSA had been engaged in massive and secret data mining of phone records and Internet traffic, I couldn’t help but wonder why anyone was surprised by the so-called revelations.

Not only had the surveillance been going on for years, the activity had been reported all along—at least outside the mainstream media.  The programs involved have been the subject of longstanding concern and vocal criticism by advocacy groups on both the right and the left.

For those of us who had been following the story for a decade, this was no “bombshell.”  No “leak” was required.  There was no need for an “expose” of what had long since been exposed.

As the Cato Institute’s Julian Sanchez and others reminded us, the NSA’s surveillance activities, and many of the details breathlessly reported last week, weren’t even secret.  They come up regularly in Congress, during hearings, for example, about renewal of the USA Patriot Act and the Foreign Intelligence Surveillance Act, the principal laws that govern the activity.

In those hearings, civil libertarians (Republicans and Democrats) show up to complain about the scope of the law and its secret enforcement, and are shot down as being soft on terrorism.  The laws are renewed and even extended, and the story goes back to sleep.

But for whatever reason, the mainstream media, like the corrupt Captain Renault in “Casablanca,” collectively found itself last week “shocked, shocked” to discover widespread, warrantless electronic surveillance by the U.S. government.  Surveillance they’ve known about for years.

Let me be clear.  As one of the long-standing critics of these programs, and especially their lack of oversight and transparency, I have no objection to renewed interest in the story, even if the drama with which it is being reported smells more than a little sensational with a healthy whiff of opportunism.

In a week in which the media did little to distinguish itself, for example, The Washington Post stood out, and not in a good way.  As Ed Bott detailed in a withering post for ZDNet on Saturday, the Post substantially revised its most incendiary article, a Thursday piece that originally claimed nine major technology companies had provided direct access to their servers as part of the Prism program.

That “scoop” generated more froth than the original “revelation” that Verizon had been complying with government demands for customer call records.

Except that the Post’s sole source for its claims turned out to a PowerPoint presentation of “dubious provenance.”  A day later, the editors had removed the most thrilling but unsubstantiated  revelations about Prism from the article.  Yet in an unfortunate and baffling Orwellian twist, the paper made absolutely no mention of the “correction.”   As Bott points out, that violated not only common journalistic practice but the paper’s own revision and correction policy.

All this and much more, however, would have been in the service of a good cause–if, that is, it led to an actual debate about electronic surveillance we’ve needed for over a decade.

Unfortunately, it won’t.  The mainstream media will move on to the next story soon enough, whether some natural or man-made disaster.

And outside the Fourth Estate, few people will care or even notice when the scandal dies.  However they feel this week, most Americans simply aren’t informed or bothered enough about wholesale electronic surveillance to force any real accountability, let alone reform.  Those who are up in arms today might ask themselves where they were for the last decade or so, and whether their righteous indignation now is anything more than just that.

As Politico’s James Hohmann noted on Saturday, “Government snooping gets civil libertarians from both parties exercised, but this week’s revelations are likely to elicit a collective yawn from voters if past polling is any sign.”

Why so pessimistic?  I looked over what I’ve written on this topic in the past, and found the following essay, written in 2008, which appeared in slightly different form in my 2009 book, “The Laws of Disruption.”   It puts the NSA’s programs in historical context, and tries to present both the costs and benefits of how they’ve been implemented.  It points out why at least some aspects of these government activities are likely illegal, and what should be done to rein them in.

What I describe is just as scandalous, if not moreso, than anything that came out last week.

Yet I present it below with the sad realization that if I were writing it today–five years later–I wouldn’t need to change a single word.  Except maybe the last sentence.  And then, just maybe.

Searching Bits, Seizing Information

U.S. citizens are protected from unreasonable search and seizure of their property by their government.  In the Constitution, that right is enshrined in the Fourth Amendment, which was enacted in response to warrantless searches by British agents in the run-up to the Revolutionary War. Over the past century, the Supreme Court has increasingly seen the Fourth Amendment as a source of protection for personal space—the right to a “zone of privacy” that governments can invade only with probable cause that evidence of a crime will be revealed.

Under U.S. law, Americans have little in the way of protection of their privacy from businesses or from each other. The Fourth Amendment is an exception, albeit one that applies only to government.

But digital life has introduced new and thorny problems for Fourth Amendment law. Since the early part of the twentieth century, courts have struggled to extend the “zone of privacy” to intangible interests—a right to privacy, in other words, in one’s information. But to “search” and “seize” implies real world actions. People and places can be searched; property can be seized.

Information, on the other hand, need not take physical form, and can be reproduced infinitely without damaging the original. Since copies of data may exist, however temporarily, on thousands of random computers, in what sense do netizens have “property” rights to their information? Does intercepting data constitute a search or a seizure or neither?

The law of electronic surveillance avoids these abstract questions by focusing instead on a suspect’s expectations. Courts reviewing challenged investigations ask simply if the suspect believed the information acquired by the government was private data and whether his expectation of privacy was reasonable.

It is not the actual search and seizure that the Fourth Amendment forbids, after all, but unreasonable search and seizure. So the legal analysis asks what, under the circumstances, is reasonable. If you are holding a loud conversation in a public place, it isn’t reasonable for you to expect privacy, and the police can take advantage of whatever information they overhear. Most people assume, on the other hand, that data files stored on the hard drive of a home computer are private and cannot be copied without a warrant.

One problem with the “reasonable expectation” test is that as technology changes, so do user expectations. The faster the Law of Disruption accelerates, the more difficult it is for courts to keep pace. Once private telephones became common, for example, the Supreme Court required law enforcement agencies to follow special procedures for the search and seizure of conversations—that is, for wiretaps. Congress passed the first wiretap law, known as Title III, in 1968. As information technology has revolutionized communications and as user expectations have evolved, the courts and Congress have been forced to revise Title III repeatedly to keep it up to date.

In 1986, the Electronic Communications Privacy Act amended Title III to include new protection for electronic communications, including e-mail and communications over cellular and other wireless technologies. A model of reasonable lawmaking, the ECPA ensured these new forms of communication were generally protected while closing a loophole for criminals who were using them to evade the police. (By 2005, 92 percent of wiretaps targeted cell phones.)

As telephone service providers multiplied and networks moved from analog to digital, a 1994 revision required carriers to build in special access for investigators to get around new features such as call forwarding. Once a Title III warrant is issued, law enforcement agents can now simply log in to the suspect’s network provider and receive real-time streams of network traffic.

Since 1968, Title III has maintained an uneasy truce between the rights of citizens to keep their communications private and the ability of law enforcement to maintain technological parity with criminals. As the digital age progresses, this balance is harder to maintain. With each cycle of Moore’s Law, criminals discover new ways to use digital technology to improve the efficiency and secrecy of their operations, including encryption, anonymous e-mail resenders, and private telephone networks. During the 2008 terrorist attacks in Mumbai, for example, co-conspirators used television reports of police activity to keep the gunmen at various sites informed, using Internet telephones that were hard to trace.

As criminals adopt new technologies, law enforcement agencies predictably call for new surveillance powers. China alone employs more than 30,000 “Internet police” to monitor online traffic, what is sometimes known as the “Great Firewall of China.” The government apparently intercepts all Chinese-bound text messages and scans them for restricted words including democracy, earthquake, and milk powder.

The words are removed from the messages, and a copy of the original along with identifying information is stored on the government’s system. When Canadian human rights activists recently hacked into Chinese government networks they discovered a cluster of message-logging computers that had recorded more than a million censored messages.

Netizens, increasingly fearful that the arms race between law enforcement and criminals will claim their privacy rights as unintended victims, are caught in the middle. Those fears became palpable after the September 11, 2001, terrorist attacks and those that followed in Indonesia, London, and Madrid.  The world is now engaged in a war with no measurable objectives for winning, fought against an anonymous and technologically savvy enemy who recruits, trains, and plans assaults largely through international communication networks. Security and surveillance of all varieties are now global priorities, eroding privacy interests significantly.

The emphasis on security over privacy is likely to be felt for decades to come. Some of the loss has already been felt in the real world. To protect ourselves from future attacks, everyone can now expect more invasive surveillance of their activities, whether through massive networks of closed-circuit TV cameras in large cities or increased screening of people and luggage during air travel.

The erosion of privacy is even more severe online. Intelligence is seen as the most effective weapon in a war against terrorists. With or without authorization, law enforcement agencies around the world have been monitoring large quantities of the world’s Internet data traffic. Title III has been extended to private networks and Internet phone companies, who must now insert government access points into their networks. (The FCC has proposed adding other providers of phone service, including universities and large corporations.)

Because of difficulties in isolating electronic communications associated with a single IP address, investigators now demand the complete traffic of large segments of addresses, that is, of many users. Data mining technology is applied after the fact to search the intercepted information for the relevant evidence.

Passed soon after 9/11, the USA Patriot Act went much further. The Patriot Act abandoned many of the hard-fought controls on electronic surveillance built into Title III. New “enhanced surveillance procedures” allow any judge to authorize electronic surveillance and lower the standard for warrants to seize voice mails.

The FBI was given the power to conduct wiretaps without warrants and to issue so-called national security letters to gag network operators from revealing their forced cooperation. Under a 2006 extension, FBI officials were given the power to issue NSLs that silenced the recipient forever, backed up with a penalty of up to five years in prison.

Gone is even a hint of the Supreme Court’s long-standing admonitions that search and seizure of information should be the investigatory tool of last resort.

Despite the relaxed rules, or perhaps inspired by them, the FBI acknowledged in 2007 that it had violated Title III and the Patriot Act repeatedly, illegally searching the telephone, Internet, and financial records of an unknown number of Americans. A Justice Department investigation found that from 2002 to 2005 the bureau had issued nearly 150,000 NSLs, a number the bureau had grossly under-reported to Congress.

Many of these letters violated even the relaxed requirements of the Patriot Act. The FBI habitually requested not only a suspect’s data but also those of people with whom he maintained regular contact—his “community of interest,” as the agency called it. “How could this happen?” FBI director Robert Mueller asked himself at the 2007 Senate hearings on the report. Mueller didn’t offer an answer.

Ultimately, a federal judge declared the FBI’s use of NSLs unconstitutional on free-speech grounds, a decision that is still on appeal. The National Security Agency, which gathers foreign intelligence, undertook an even more disturbing expansion of its electronic surveillance powers.

Since the Constitution applies only within the U.S., foreign intelligence agencies are not required to operate within the limits of Title III. Instead, their information- gathering practices are held to a much more relaxed standard specified in the Foreign Intelligence Surveillance Act. FISA allows warrantless wiretaps anytime that intercepted communications do not include a U.S. citizen and when the communications are not conducted through U.S. networks. (The latter restriction was removed in 2008.)

Even these minimal requirements proved too restrictive for the agency. Concerned that U.S. operatives were organizing terrorist attacks electronically with overseas collaborators, President Bush authorized the NSA to bypass FISA and conduct warrantless electronic surveillance at will as long as one of the parties to the information exchange was believed to be outside the United States.

Some of the president’s staunchest allies found the NSA’s plan, dubbed the Terrorist Surveillance Program, of dubious legality. Just before the program became public in 2005, senior officials in the Justice Department refused to reauthorize it.

In a bizarre real-world game of cloak-and-dagger, presidential aides, including future attorney general Alberto Gonzales, rushed to the hospital room of then-attorney general John Ashcroft, who was seriously ill, in hopes of getting him to overrule his staff. Justice Department officials got wind of the end run and managed to get to Ashcroft first. Ashcroft, who was barely able to speak from painkillers, sided with his staff.

Many top officials, including Ashcroft and FBI director Mueller, threatened to resign over the incident. President Bush agreed to stop bypassing the FISA procedure and seek a change in the law to allow the NSA more flexibility. Congress eventually granted his request.

The NSA’s machinations were both clumsy and dangerous. Still, I confess to having considerable sympathy for those trying to obtain actionable intelligence from online activity. Post-9/11 assessments revealed embarrassing holes in the technological capabilities of most intelligence agencies worldwide. (Admittedly, it also revealed repeated failures to act on intelligence that was already collected.) Initially at least, the public demanded tougher measures to avoid future attacks.

Keeping pace with international terror organizations and still following national laws, however, is increasingly difficult. For one thing, communications of all kinds are quickly migrating to the cheaper and more open architecture of the Internet. An unintended consequence of this change is that the nationalities of those involved in intercepted communications are increasingly difficult to determine.

E-mail addresses and instant-message IDs don’t tell you the citizenship or even the location of the sender or receiver. Even telephone numbers don’t necessarily reveal a physical location. Internet telephone services such as Skype give their customers U.S. phone numbers regardless of their actual location. Without knowing the nationality of a suspect, it is hard to know what rights she is entitled to.

The architecture of the Internet raises even more obstacles against effective surveillance. Traditional telephone calls take place over a dedicated circuit connecting the caller and the person being called, making wiretaps relatively easy to establish. Only the cooperation of the suspect’s local exchange is required.

The Internet, however, operates as a single global exchange. E-mails, voice, video, and data files—whatever is being sent is broken into small packets of data. Each packet follows its own path between connected computers, largely determined by data traffic patterns present at the time of the communication.

Data may travel around the world even if its destination is local, crossing dozens of national borders along the way. It is only on the receiving end that the packets are reassembled.

This design, the genius of the Internet, improves network efficiency. It also provides a significant advantage to anyone trying to hide his activities. On the other hand, NSLs and warrantless wiretapping on the scale apparently conducted by the NSA move us frighteningly close to the “general warrant” American colonists rejected in the Fourth Amendment. They were right to revolt over the unchecked power of an executive to do what it wants, whether in the name of orderly government, tax collection, or antiterrorism.

In trying to protect its citizens against future terror attacks, the secret operations of the U.S. government abandoned core principles of the Constitution. Even with the best intentions, governments that operate in secrecy and without judicial oversight quickly descend into totalitarianism. Only the intervention of corporate whistle-blowers, conscientious government officials, courts, and a free press brought the United States back from the brink of a different kind of terrorism.

Internet businesses may be entirely supportive of government efforts to improve the technology of policing. A society governed by laws is efficient, and efficiency is good for business. At the same time, no one is immune from the pressures of anxious customers who worry that the information they provide will be quietly delivered to whichever regulator asks for it. Secret surveillance raises the level of customer paranoia, leading rational businesses to avoid countries whose practices are not transparent.

Partly in response to the NSA program, companies and network operators are increasingly routing information flow around U.S. networks, fearing that even transient communications might be subject to large-scale collection and mining operations by law enforcement agencies. But aside from using private networks and storing data offshore, routing transmissions to avoid some locations is as hard to do as forcing them through a particular network or node.

The real guarantor of privacy in our digital lives may not be the rule of law. The Fourth Amendment and its counterparts work in the physical world, after all, because tangible property cannot be searched and seized in secret. Information, however, can be intercepted and copied without anyone knowing it. You may never know when or by whom your privacy has been invaded. That is what makes electronic surveillance more dangerous than traditional investigations, as the Supreme Court realized as early as 1967.

In the uneasy balance between the right to privacy and the needs of law enforcement, the scales are increasingly held by the Law of Disruption. More devices, more users, more computing power: the sheer volume of information and the rapid evolution of how it can be exchanged have created an ocean of data. Much of it can be captured, deciphered, and analyzed only with great (that is, expensive) effort. Moore’s Law lowers the costs to communicate, raising the costs for governments interested in the content of those communications.

The kind of electronic surveillance performed by the Chinese government is outrageous in its scope, but only the clumsiness of its technical implementation exposed it. Even if governments want to know everything that happens in our digital lives, and even if the law allows them or is currently powerless to stop them, there isn’t enough technology at their disposal to do it, or at least to do it secretly.

So far.

It’s not the culmination–that will come soon–but a major step in work I direct at the Cato Institute to improve government transparency has been achieved. I’ll be announcing and extolling it Wednesday at the House Administration Committee’s Legislative Data and Transparency conference. Here’s a quick survey of what we’ve been doing and the results we see on the near horizon.

After president Obama’s election in 2008, we recognized transparency as a bipartisan and pan-ideological goal at an event entitled: “Just Give Us the Data.” Widespread agreement and cooperation on transparency has held. But by the mid-point of the president’s first term, the deep-running change most people expected was not materializing, and it still has not. So I began working more assiduously on what transparency is and what delivers it.

In “Publication Practices for Transparent Government” (Sept. 2011), I articulated ways the government should deliver information so that it can be absorbed by the public through the intermediary of web sites, apps, information services, and so on. We graded the quality of government data publication in the aptly named November 2012 paper: “Grading the Government’s Data Publication Practices.”

But there’s no sense in sitting around waiting for things to improve. Given the incentives, transparency is something that we will have to force on government. We won’t receive it like a gift.

So with software we acquired and modified for the purpose, we’ve been adding data to the bills in Congress, making it possible to learn automatically more of what they do. The bills published by the Government Printing Office have data about who introduced them and the committees to which they were referred. We are adding data that reflects:

• What agencies and bureaus the bills in Congress affect;

• What laws the bills in Congress effect: by popular name, U.S. Code section, Statutes at Large citation, and more;

• What budget authorities bills include, the amount of this proposed spending, its purpose, and the fiscal year(s).

We are capturing proposed new bureaus and programs, proposed new sections of existing law, and other subtleties in legislation. Our “Deepbills” project is documented at cato.org/resources/data.

This data can tell a more complete story of what is happening in Congress. Given the right Web site, app, or information service, you will be able to tell who proposed to spend your taxpayer dollars and in what amounts. You’ll be able to tell how your member of Congress and senators voted on each one. You might even find out about votes you care about before they happen!

Having introduced ourselves to the community in March, we’re beginning to help disseminate legislative information and data on Wikipedia.

The uses of the data are limited only by the imagination of the people building things with it. The data will make it easier to draw links between campaign contributions and legislative activity, for example. People will be able to automatically monitor ALL the bills that affect laws or agencies they are interested in. The behavior of legislators will be more clear to more people. Knowing what happens in Washington will be less the province of an exclusive club of lobbyists and congressional staff.

In no sense will this work make the government entirely transparent, but by adding data sets to what’s available about government deliberations, management and results, we’re multiplying the stories that the data can tell and beginning to lift the fog that allows Washington, D.C. to work the way it does–or, more accurately, to fail the way it does.

At this point, data curator Molly Bohmer and Cato interns Michelle Newby and Ryan Mosely have marked up 75% of the bills introduced in Congress so far. As we fine-tune our processes, we expect essentially to stay current with Congress, making timely public oversight of government easier.

This is not the culmination of the work. We now require people to build things with the data–the Web sites, apps, and information services that can deliver transparency to your door. I’ll be promoting our work at Wednesday’s conference and in various forums over the coming weeks and months. Watch for government transparency to improve when coders get a hold of the data and build the tools and toys that deliver this information to the public in accessible ways.

There’s a powerful irony lurking underneath the executive order and OMB memorandum on open data that the White House released in tandem today: We don’t have data that tells us what agencies will carry out these policies.

It’s nice that the federal government will work more assiduously to make available the data it collects and creates. And what President Obama’s executive order says is true: “making information resources easy to find, accessible, and usable can fuel entrepreneurship, innovation, and scientific discovery that improves Americans’ lives and contributes significantly to job creation.” GPS and weather data are the premier examples.

But government transparency was the crux of the president’s 2008 campaign promises, and it is still the rightful expectation of the public. Government transparency is not produced by making interesting data sets available. It’s produced by publishing data about the government’s deliberations, management, and results.

Today’s releases make few, if any, nods to that priority. They don’t go to the heart of transparency, but threaten to draw attention away from the fact that basic data about our government, including things as fundamental as the organization of the executive branch of government, are not available as open data.

Yes, there is still no machine-readable government organization chart. This was one of the glaring faults we found when we graded the publication practices of Congress and the executive branch last year, and this fault remains. The coders who may sift through data published by various agencies, bureaus, programs, and projects can’t sift through data reflecting what those organizational units of government are.

Compare today’s policy announcements to events coming up on Capitol Hill in the next two weeks.

On Thursday next week (May 16), the House Committee on Oversight and Government Reform will host a “DATA Demonstration Day” to illustrate to Congress and the media how technology may cut waste and improve oversight if federal spending data is structured and transparent. (That would include my hobby-horse, the machine-readable federal government organization chart.) We’ll be there demo-ing how we at Cato are adding data to the bills Congress publishes.

On May 22nd, the House Administration Committee is hosting its 2013 Legislative Data and Transparency Conference. This is an event at which various service providers to the House will announce not just policies, but recent, new, and upcoming improvements in publication of data about the House and its deliberations. (We’ll be there, too.)

The administration’s open data announcements are entirely welcome. Some good may come from these policies, and they certainly do no harm (barring procurement boondoggles–which, alas, is a major caveat). But I hope this won’t distract from the effort to produce government transparency, which I view as quite different from the subject of the new executive order and memorandum. The House of Representatives still seems to be moving forward on government transparency with more alacrity.

Susan W. Brenner, associate dean and professor of law at the University of Dayton School of Law,  discusses her new paper published in the Minnesota Journal of Law, Science & Technology entitled “Cyber-threats and the Limits of Bureaucratic Control.”

Brenner argues that the approach the United States, like other countries, uses to control threats in real-space is ill-suited for controlling cyberthreats. She explains that because this approach evolved to deal with threat activity in a physical environment, it is predicated on a bureaucratic organizations. This is not an effective way of approaching cyber-threat control, she argues. 

Brenner also explains why congressional efforts at cybersecurity legislation are flawed and why U.S. authorities persist in pursuing antiquated strategies that cannot provide an effective cyberthreats defense system. She outlines an alternative approach to the task of protecting the country from cyberthreats, and approach that is predicated on older, more fluid threat control strategies.

Download

Related Links

• Cyber-Threats and the Limits of Bureaucratic Control, Brenner
• Cybercrime and the Law, Brenner
• Cyberwar: you lack imagination, Brenner
• Approaches to Cybercrime Jurisdiction, Brenner

I’m excited to announce the release of my latest law review article, “The Pursuit of Privacy in a World Where Information Control is Failing,” which appears in the next edition (vol. 36) of the Harvard Journal of Law & Public Policy. This is the first of two complimentary law review articles that I will be releasing this year dealing with privacy policy. The second, which will be published later this summer by the George Mason University Law Review, is entitled, “A Framework for Benefit-Cost Analysis in Digital Privacy Debates.” (FYI: Both articles focus on privacy claims made against private actors — namely, efforts to limit private data collection — and not on privacy rights against governments.)

The new Harvard Journal article is divided into three major sections. Part I focuses on some of normative challenges we face when discussing privacy and argues that there may never be a widely accepted, coherent legal standard for privacy rights or harms here in the United States. It also explores the tensions between expanded privacy regulation and online free speech. Part II turns to the many enforcement challenges that are often ignored when privacy policies are being proposed or formulated and argues that legislative and regulatory efforts aimed at protecting privacy must now be seen as an increasingly intractable information control problem. Most of the problems policymakers and average individuals face when it comes to controlling the flow of private information online are similar to the challenges they face when trying to control the free flow of digitalized bits in other information policy contexts, such as online safety, cybersecurity, and digital copyright.

If the effectiveness of law and regulation is limited by the normative considerations discussed in Part I and the practical enforcement complications discussed in Part II, what alternatives remain to assist privacy-sensitive individuals? I address that question in Part III of the paper and argue that the approach America has adopted to deal with concerns about objectionable online speech and child safety offers a path forward on the privacy front as well. A so-called “3-E” solution that combines consumer education, user empowerment, and selective enforcement of existing targeted laws and other legal standards (torts, anti-fraud laws, contract law, and so on), has helped society achieve a reasonable balance in terms of addressing online safety while also safeguarding other important values, especially freedom of expression.  That does not mean perfect online safety exists, not only because the term means very different things to different people, but because it would be impossible to achieve in the first instance as a result of information control complications. But the “3-E” approach has the advantage of enhancing online safety without sweeping regulations being imposed that could undermine the many benefits information networks and online services offer individuals and society.  This same framework can guide online privacy decisions—both at the individual household level and the public policy level.

I’ve embedded the full article down below in a Scribd reader, but you can also download it from my SSRN page and it should be available on the HJLPP website shortly. [Update 4/16: It is now live on the site.] In coming weeks, I hope to do some blogging that builds on the themes and arguments I develop in this article.

The Pursuit of Privacy in a World Where Information Control is Failing

In my Cato paper, “Publication Practices for Transparent Government,” I talked about the data practices that will produce more transparent government. The government can and should improve the way it provides information about its deliberations, management, and results.

“But transparency is not an automatic or instant result of following these good practices,” I wrote, “and it is not just the form and formats of data.”

It turns on the capacity of the society to interact with the data and make use of it. American society will take some time to make use of more transparent data once better practices are in place. There are already thriving communities of researchers, journalists, and software developers using unofficial repositories of government data. If they can do good work with incomplete and imperfect data, they will do even better work with rich, complete data issued promptly by authoritative sources.

We’re not just sitting around waiting for that to happen.

Based on the data modeling reported in “Grading the Government’s Data Publication Practices,” and with software we acquired and modified for the purpose, we’ve been marking up the bills introduced in the current Congress with “enhanced” XML that allows computers to automatically gather more of the meaning found in legislation. (Unfamiliar with XML? Several folks have complimented the explanation of it and “Cato XML” in our draft guide.)

No, we are not going to replace the lawyers and lobbyists in Washington, D.C., quite yet, but our work will make a great deal more information about bills available automatically.

And to build society’s capacity “to interact with the data and make use of it,” we’re hoping to work with the best outlet for public information we know, Wikipedia, making data about bills a resource for the many Wikipedia articles on legislation and newly passed laws.

Wikipedia is a unique project, both technically and culturally, so we’re convening a workshop on March 14th and 15th to engage Wikipedians and bring them together with data transparency folks, hopefully to craft a path forward that informs the public better about what happens in Washington, D.C. We’ve enlisted Pete Forsyth of Wiki Strategies to help assemble and moderate the discussion. Pete was a key designer of the Wikimedia Foundation’s U.S. Public Policy Initiative—a pilot program that guided professors and students in making substantive contributions to Wikipedia, and that led to the establishment of the Foundation’s Global Education Program.

The Thursday afternoon session is an open event, a Wikipedia tutorial for the many inexperienced editors among us. It’s followed by a Sunshine Week reception open to all who are interested in transparency.

On Friday, we’ll roll up our sleeves for an all-day session in which we hope Wikipedians and experienced government data folks will compare notes and produce some plans and projects for improving public access to information.

You can view a Cato event page about the workshop here. To sign up, go here, selecting which parts of the event you’d like to attend. (Friday attendance requires a short application.)

For some Wikipedians, particularly, this may be their first direct experience with the Cato Institute. We are known, of course, for policy positions that contest the current size and scope of government, but transparency, and the hope with getting data on to Wikipedia, is meant to provide the public with neutral information tools that all communities can use to oversee the government and advocate for what they want.

From Cato’s first event on transparency, and again in “Publication Practices,” I’ve emphasized that transparency is a sort of win-win bet.

Government transparency is a widely agreed-upon value, but it is agreed upon as a means toward various ends. Libertarians and conservatives support transparency because of their belief that it will expose waste and bloat in government. If the public understands the workings and failings of government better, the demand for government solutions will fall and democracy will produce more libertarian outcomes. American liberals and progressives support transparency because they believe it will validate and strengthen government programs. Transparency will root out corruption and produce better outcomes, winning the public’s affection and support for government.

Though the goals may differ, pan-ideological agreement on transparency can remain. Libertarians should not prefer large government programs that are failing. If transparency makes government work better, that is preferable to government working poorly. If the libertarian vision prevails, on the other hand, and transparency produces demand for less government and greater private authority, that will be a result of democratic decisionmaking that all should respect and honor.

…

By putting out data that is “liquid” and “pure,” governments can meet their responsibility to be transparent, and they can foster this evolution toward a body politic that better consumes data. Transparency is likely to produce a virtuous cycle in which public oversight of government is easier, in which the public has better access to factual information, in which people have less need to rely on ideology, and in which artifice and spin have less effectiveness. The use of good data in some areas will draw demands for more good data in other areas, and many elements of governance and public debate will improve.

Hope to see you March 14th and 15th.

Obama’s talked a big game about online privacy. He promised reform during the 2008 campaign. A year ago, the White House proposed a “Privacy Bill of Rights.” But so far, the Administration’s delivered little more than fine words. Worse, they’ve focused on the wrong problems.

Government has an important role to play in protecting consumer privacy, but its snooping and surveillance are far bigger problems—which have only grown worse. While Washington talks of a new commercial privacy “Bill of Rights,” the real Bill of Rights is in peril.

The American Revolution erupted, in large part, out of seething resentment at British privacy intrusions—without judicial supervision. Virginia adopted its own Bill of Rights shortly before the Declaration of Independence, including what later became Madison’s Fourth Amendment to the Constitution: “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated.” Law enforcement must generally obtain a warrant before conducting a search—which means convincing a judge that probable cause exists to believe a crime has been committed.

The Fourth Amendment applies to digital files just like paper files—but only if you don’t give them to a third party. That caveat makes some sense offline: if you gave your diary away, would you really expect it will stay secret? But online, it makes no sense at all: we increasingly store our most private communications on in the “cloud”—on servers owned by Dropbox, Google, Facebook, etc. Congress attempted to fill this judge-made gap in Fourth Amendment protections by passing the Electronic Communications Privacy Act in 1986. But the law protects only data held for short periods—and thus no longer protects us.

Meanwhile, government snooping has grown significantly. Google last week published an updated report showing the company received nearly two and a half times as many requests from law enforcement for user data as in the same period in 2009. Most of these came without a warrant. That isn’t necessarily a problem, since these numbers include both requests for “content” (emails, documents) and basic subscriber information (name, etc.)—and even the Fourth Amendment doesn’t require a warrant for the latter. (After all, law enforcement needs to be able to build an investigation to establish probable cause.) Google, like Facebook, Yahoo! and Microsoft all insist on getting warrants for content information. But smaller companies with fewer lawyers probably don’t. No one really knows how much unconstitutional snooping goes on because Google’s transparency report is quite unusual.

Those internet companies that do insist on warrants generally started doing so only after a federal appellate court in 2010 ruled that the Fourth Amendment requires them—despite that pesky “third party doctrine.” Shortly after the White House report, the Supreme Court handed down a landmark decision in U.S. v Jones requiring a warrant for planting a tracking device on a car. More importantly, five justices called on Congress to craft new legislative protections for location data. Justice Sotomayor lamented the lack of effective protection for content data.

There’s bipartisan support for such reforms but it’s thin. The Senate finally passed a warrant requirement for content in December, handing the matter over to the House. The good news is that the House Republican and Senate Democratic chairmen of the judiciary committees have pledged to work together on a fix. The bad news is that the issue hasn’t yet been made a priority by either party’s leadership. And the Republican-led bill to require a warrant for location data faces a harder fight from law enforcement agencies that still insist they shouldn’t have to bother convincing courts for permission to track our movements.

And still, the Administration has said nothing. The Commerce Department, which drafted the “Bill of Rights” report, is supposed to promote American competitiveness—but doesn’t realize that many American businesses hesitate to adopt cloud-based enterprise software solutions, lest they give a backdoor into their files to Obama’s regulators—who boldly talk about “crucifying ” American companies. That mistrust is an even bigger problem overseas: American companies like Amazon and Salesforce dominate the cloud computing market, yet struggle to get Europeans, in particular, to trust them. Respecting our Constitution would be good for business—if we did it.

Still worse is the mistrust at home and abroad created by the Foreign Intelligence Surveillance and Patriot Acts, which allow national security agencies to snoop online with little judicial oversight—and often without any notice to those whose online communications have been wiretapped. Obama just signed an extension to FISA, despite promises he made as a Senator to filibuster any such bill. Many worry the act legalizes a surveillance program that inadvertently sweeps up Americans’ communications even though its aim is to collect information outside the U.S. The Administration offered no support when a bipartisan coalition tried to “require a report on the impact of the FISA Amendments Act of 2008 on the privacy of the people of the United States.”

Europeans bitterly resent these laws, particularly because they deny recourse to non-U.S. citizens who might be spied on. They’re now threatening to block data transfers to the U.S., essentially shutting off digital trade, by deeming that the U.S. no longer has “adequate” privacy protections. Yet the Commerce Department and the Federal Trade Commission have stayed mum. Why?

As the chief U.S. privacy regulator, the FTC holds the bully pulpit. They haven’t been shy about calling for new legislation to grow their own powers—but haven’t said a word about the problem of unchecked government access. They’ve spent the last four years talking about the threat posed by tracking—by advertisers, not government, as if anyone ever went to jail because of getting the wrong online ad. They want to make our approach to privacy regulation more European to maintain our “adequacy” status—but ignore the Europeans’ bigger concern: government snooping.

They’ve also failed to focus on bigger privacy threats to consumers—like identity theft, the number one complaint at the FTC for over a decade. Under Bush, the FTC focused its limited resources on combating the theft and breach of sensitive online information. Obama’s FTC has held a flurry of privacy workshops, but none focused on identity theft. Congress has failed to pass legislation to set minimum standards for securing consumer data, and the FTC has not used its rulemaking power in the one area where regulation is quite justified. This has left the agency to set security standards piecemeal, in a series of enforcement actions that do little to guide companies on sound data security. The FTC now faces its first court challenge about this approach—and could lose.

In short, if 2012 was a good year for privacy, it’s only because the bar has been set so low—and it wasn’t because the Administration delivered the kind of “Change” he promised on the 2008 campaign. 2013 could turn out better. The ECPA content fix could pass quickly, especially if Republicans eager to shed their stodgy image decide to make it a signature issue. But ECPA reform will be incomplete until it includes the location fix and the other principles around which 77 civil liberties groups, companies and trade associations have rallied in the “Digital Due Process” coalition, founded nearly three years ago. FISA doesn’t seem likely to get better anytime soon, but there is some cause for celebration on government access: Late last year, Congress finally reconstituted the Privacy and Civil Liberties Oversight Board, a key recommendation of the 9/11 Commission. Congress now just needs to confirm the Board’s chairman and appropriate $2 million to fund it—a small price to pay for some degree of oversight on government access. Finally, the retirement of FTC Chairman Jon Leibowitz seems imminent. The new chairman’s confirmation hearings offer a golden opportunity to make clear that privacy protection from government is inextricably intertwined with protection by government against corporate abuses and the negligence that leads to real harms like identity theft.

Any of these developments would be well worth celebrating on Privacy Day 2014.

[Crossposted at Forbes.com]

It’s time to roll out transparency grades!

This isn’t anything innovative, but part of my strategy for improving government transparency is to give public recognition to the political leaders who get ahead on transparency and public disapprobation to those who fall behind. So I have a Cato Institute report coming out Monday that assesses how well government data is being published. (Oversight data, that is: reflecting deliberations, management, and results.)

I went ahead and previewed it on the Cato blog last night. The upshot? I find that President Obama lags House Republicans in terms of data transparency.

Neither are producing stellar data, but Congress’s edge is made more acute by the strong transparency promises the president made as a campaigner in 2008, which are largely unrealized. My pet peeve is the lack of a machine-readable government organization chart, not even at the agency and bureau level. The House is showing modest success and promising signs with some well structured data at docs.house.gov and good potential at beta.congress.gov.

I hustled to get these grades out before the election, and maybe there are one or two marginal voters who this study might sway. How it might sway them is an open question, and I’ve had some interesting reaction to the release of the study, such as: Is this electioneering? Shouldn’t there be an assessment of Romney on transparency?

It’s not electioneering, which is advocating for a specific candidate or party. The study says nothing about what to do with the information it provides. I do believe politicians should be held to account for their transparency practices. The primary way politicians are held accountable is at the ballot box. Thus, communicating to the public about the performance of public officials in a given area at election time is one of the best ways to affect their behavior.

The methodology used in this report gives us the ability to track progress going forward, and it creates better incentives for improvement because you can tie the quality of actual important data to the officials responsible for it. But it doesn’t allow us to go back in time and grade the condition of data in the past (barring a huge effort to recreate what resources were available). And it doesn’t allow us to grade candidates for office, who don’t have any responsibility for any data we care about. So I can say, because I believe it, that President Obama is almost certainly better than President Bush was, and I’ve heard that Mitt Romney was bad on transparency as a governor. But I don’t have data to confirm these things.

We’ll do this study again—and better!—in two years, and again in four. We will be measuring progress and calling it out for the public to consider. We’ve put together a pretty good methodology for assessing data publication, I think, and the division of responsibility for data among political leaders is pretty clear. So this instrument will be a way for the public to assess progress on something they want.

Thanks to the folks at GovTrack.us, the National Priorities Project, OMB Watch, and the Sunlight Foundation, who helped me review the government’s data publication practices. (Their help does not imply agreement with MY conclusions.)

Consumers should be aware that “government transparency” also applies to the data consumers voluntarily provide to the FCC when they participate in a government-run broadband measurement program.

The most egregious aspect of these broadband measurement programs, however, is that the FCC kept the public in the dark for more than a year by failing to disclose that its mobile testing apps were collecting user locations (by latitude and longitude) and unique handset identification numbers that the FCC’s contractors can make available to the public.

The Federal Communications Commission (FCC) recently announced a new program to measure mobile broadband performance in the United States. The FCC believes it is “difficult” for consumers to get detailed information about their mobile broadband performance, and that “transparency on broadband speeds drives improvement in broadband speeds.” The FCC does not, however, limit transparency to broadband speeds. Consumers should be aware that “government transparency” also applies to the data consumers voluntarily provide to the FCC when they participate in a government-run broadband measurement program. Information collected by the FCC about individual consumers may be “routinely disclosed” to other federal agencies, states, or local agencies that are investigating or prosecuting a civil or criminal violation. Some personal information, including individual IP address, mobile handset location data, and unique handset identification numbers, may be released to the public.

This blog post describes the FCC’s broadband measurement programs and highlights the personal data that may be disclosed about those who participate in them.

Consumers who wish to participate in an FCC testing program should first read all of the applicable privacy policies to understand how the government and its third-party vendors will use their data. The FCC has not yet determined how it will implement its new mobile broadband measurement program, and is seeking public input about appropriate methodologies for testing mobile performance at an open meeting, which will be held today from 9:30 AM to 11:00 AM Eastern in the FCC’s Meeting Room (TW-C305) at 445 12th Street SW, Washington, DC 20554. The meeting will also be live streamed here. Given the FCC’s poor track record describing the information it actually collects, consumers should consider raising questions regarding the FCC’s privacy policies and testing methodologies at this open meeting.

The FCC’s Broadband Measurement Programs

The FCC’s new mobile testing initiative expands its ongoing “Measuring Broadband America” program. The current program measures the performance of residential wired and wireless broadband service in the United States using several different tests.

Under the “FCC SamKnows Broadband Community” program, the agency tests the broadband connections of residential consumers who volunteer to use a wireless router running custom software provided by SamKnows, a British company retained under contract by the FCC. The wireless routers, known as “White Boxes,” began shipping to U.S. consumers in September 2010. The FCC released its first report on wireline broadband performance in August 2011, and a second report in July 2012. All network traffic generated by consumers using SamKnows flows through the White Boxes, and continuously monitors personal consumer data until the participant affirmatively opts out of the program.  SamKnows says its “goal is to embed [its] software suite into internet [sic] enabled devices . . . globally.”

In March 2010, the FCC made available a software-based broadband speed test (i.e., a test that does not require hardware supplied by SamKnows) for both wired and wireless Internet access. These tests are collectively known as the “Consumer Broadband Test.” The wireline test is still available in its “beta” version and allows consumers to choose between two testing companies: Ookla and M-Lab. The mobile version, which was developed by Ookla and appears substantially similar to Ookla’s own Speedtest.net app, is available for both the Google Android and Apple iOS operating systems and can be downloaded from their apps stores and the federal government’s official web portal. These apps monitor, collect, and report a consumer’s mobile data rates, latency, and user location when initiated on the handset.

Finally, consumers who do not have broadband Internet access available at their home can submit a “Broadband Dead Zone Reporting Form” to the FCC that includes their home address. The FCC is apparently using these reports to create a “Broadband Dead Zone Registry.”

Why Is the FCC Asking You to Help It Measure Broadband Speeds?

The FCC asserts that its tests are necessary because information regarding broadband performance is not readily available to consumers and could be inaccurate. Now that the FCC has gotten into the broadband speed testing market, however, other providers of these services have begun to question the accuracy of the FCC’s tests and whether there is a need for government testing.

When the FCC announced that it had contracted with SamKnows to measure wireline broadband speeds, Ookla stated that the FCC’s plan to conduct expensive tests that gather small samples of data similar to that which is already widely available in the market “offers little added insight into the discussion of the speed, quality, and availability of broadband connections across the nation and is an unacceptable waste of taxpayer money.” Ookla offers free broadband speed testing for wired and wireless connections at speedtest.net, free broadband quality testing at pingtest.net, and monthly snapshots of global broadband performance at Net Index. In fact, the FCC’s current mobile measurement apps are based on Ookla’s free speedtest.net app.

There are many other commercial sources of broadband performance available as well. For example, PC Magazine performs annual field tests of mobile broadband speeds in 30 cities nationwide using three vehicles over a three-week period. In its most recent tests, it completed 60,000 test cycles and published test results by region, carrier, and technology (3G and 4G).

Given the readily available commercial alternatives, there is no compelling reason for consumers to participate in the FCC’s broadband measurement programs. There is at least one very good reason, however, for consumers to avoid participating in the FCC’s tests. The tests collect your personal data, and once you’ve volunteered to provide it to the government, it can do virtually anything it wants with it.

The Privacy Act and Government Data Sharing

In its most recent Privacy Act filing, the FCC describes the personal information it maintains about consumers who participate in its broadband measurement programs:

• The street address, city, state, and zip code, of each individual who elects to participate in the Broadband Dead Zone Report survey and each individual who participates in both the wired and wireless versions of the Consumer Broadband Test;
• The Internet Protocol (IP) address of each individual who elects to participate in both the wired and wireless versions of the Consumer Broadband Test;
• The unique handset identification number of each individual’s smartphone used to access the mobile Consumer Broadband Test; and
• The location (in latitude and longitude) reported by each user’s handset at the moment the user initiates the mobile Consumer Broadband Test.

The use of this data is not, however, limited to the FCC.

The Privacy Act, 5 U.S.C. § 552a, governs the collection, use, and dissemination of personal information by the federal government and its contractors. The Privacy Act generally prohibits federal agency disclosure of records maintained on individuals, but that prohibition is subject to a number of exceptions. One exception allows a federal agency to share personal data with federal, state, or local agencies for civil or criminal law enforcement activities. Another exception includes “routine use,” which allows the use of personal data for “a purpose [that] is compatible with the purpose for which [the personal data] was created.”

The FCC’s privacy policy and system of records for its broadband measurement programs reveals that the agency makes liberal use of these exceptions. The FCC is routinely sharing this personal data with federal, state, or local agencies whenever “there is an indication of a violation or potential violation of a statute, regulation, rule, or order,” and with the Department of Justice when it is relevant to litigation. There are virtually no limits on the use or disclosure of personal data by the FCC’s contractors.

IP addresses, mobile handset location, and unique handset identification numbers may be shared with FCC software partners as part of the Consumer Broadband Test application. These partners may publish the IP address, mobile handset location, unique handset identification numbers, and broadband performance data, or otherwise make this information available to the public (but the IP address is not associated with a street address).

The FCC is thus allowing its contractors to publicly disclose personal information that the FCC itself cannot publish.

The most egregious aspect of these broadband measurement programs, however, is that the FCC kept the public in the dark for more than a year by failing to disclose that its mobile testing apps were collecting user locations (by latitude and longitude) and unique handset identification numbers that the FCC’s contractors can make available to the public. The FCC first proposed its system of records for broadband measurement on December 30, 2009, when the program was known as the “Broadband Unavailability Survey and Broadband Quality Test.” On April 7, 2010, after it launched the “Consumer Broadband Test” (including its mobile testing apps), the FCC revised its system of records to reflect the broadband measurement program it had actually implemented, with one critical exception: The FCC’s system of records did not disclose that its mobile testing apps collect user locations and unique handset identification numbers. The FCC also failed to flag the collection of this data in its Privacy Threshold Analysis, which was conducted in May 2010.

Although the FCC finally disclosed the collection of this data in a formal filing on July 14, 2011, the FCC’s privacy policy still fails to mention the collection of mobile handset locations and unique handset identification numbers. This information is also unavailable in the Android and iOS app stores or on USA.gov, where consumers are most likely to download the mobile apps.

Representative Ed Markey, the co-chairman of the Congressional Privacy Caucus, believes “Consumers should know and have the choice to say no to software on their mobile devices that is transmitting their personal and sensitive information.” He introduced a bill this month that would require private companies to disclose the type of information mobile monitoring software would collect, where it would be sent, and how it would be used. The bill would also require that companies obtain consent from consumers before using sensitive information and – ironically – that such agreements be filed with the FCC and FTC. Markey may want reconsider whether the FCC should be given authority to oversee mobile privacy agreements given its own failures to disclose the type of data it collects and its acquiescence to its vendor demands to publicly disclose sensitive information.

Consumers who volunteer to participate in a government program deserve accurate and transparent disclosures regarding the personal information that will be collected and the protection that information will receive. The FCC hasn’t met that obligation in its broadband measurement programs. Consumers who are considering participation in the FCC’s new mobile measurement program should demand accountability from the FCC and its third-party contractors before agreeing to provide sensitive data.

This seems like a logical follow-up to Berin Szoka’s previous post about technology, social activism, and government power. ReasonTV has produced this important short clip on “Cops Vs. Cameras: The Killing of Kelly Thomas & The Power of New Media.” It documents how the combined power of citizen journalism, social media, and surveillance video can ensure that our police authorities are held accountable for their actions. In this particular case, it can hopefully win some justice for Kelly Thomas, the homeless Fullerton, California man who was brutally beaten to death by police officers on the night of July 5, 2011.

There is live video from the horrific beating here, but I caution you it is not for the faint of heart. Watching the last moments of man’s life slip away from repeated blows to the head while he begs for his life and calls out for his father is, well, stomach-turning. But imagine if this video and the other citizen videos that were taking that night had not existed. As the ReasonTV clip notes, the Fullerton police department basically ignored requests for more information about the case until Kelly’s father (who was former police officer himself) took cell photos of his son’s beaten face in the hospital and released them to the public. Then the citizen videos of the beating were posted on YouTube and went viral. And then, finally, mainstream media started paying attention. And now the surveillance video from a nearby street camera has been released after citizens and activists demanded it.

While we spend a lot of time today worrying about the privacy implications of new technologies, especially surveillance technologies, episodes like these make it clear that there are also powerful benefits from these new surveillance tools. David Brin first pointed this out in his provocative 1997 book, The Transparent Society, in which he noted:

While new surveillance and data technologies pose vexing challenges, we may be wise to pause and recall what worked for us so far. Reciprocal accountability — a widely shared power to shine light, even on the mighty — is the unsung marvel of our age, empowering even eccentrics and minorities to enforce their own freedom. Shall we scrap civilization’s best tool – light — in favor of a fad of secrecy?

Of course, that doesn’t mean we shouldn’t take steps to limit the surveillance powers of our government over the citizenry. We absolutely must. But we must draw a distinction between the tools and their uses and make sure we do not go overboard with what Brin called the “fad of secrecy” such that new privacy rules limit the use and spread of these technologies.

For far too long governments have avoided accountability for their actions because of a lack of transparency. Nowhere has this been more dismaying that in matters of policing. While our law enforcement officers deserve respect for the hard jobs they have to keep the public safe, they also must account for their actions when they go too far precisely because we grant them coercive powers held by no other group in society. Luckily, new technologies can help us keep their power in check and hold them accountable. While some authorities are fighting back and trying to limit citizen efforts to record them and hold them accountable, the genie is already well out of the bottle. These surveillance tools are not going away and law enforcement authorities will now be forced to live under the gaze of an empowered citizenry. Hopefully that increases transparency and accountability in all policing activities going forward. Read Brin’s short 2011 essay “Sousveillance: A New Era for Police Accountability” for greater elaboration.

The Mercatus Center at George Mason University has just released my new white paper, “The Perils of Classifying Social Media Platforms as Public Utilities.” [PDF] I first presented a draft of this paper last November at a Michigan State University conference on “The Governance of Social Media.” [Video of my panel here.]

In this paper, I note that to the extent public utility-style regulation has been debated within the Internet policy arena over the past decade, the focus has been almost entirely on the physical layer of the Internet. The question has been whether Internet service providers should be considered “essential facilities” or “natural monopolies” and regulated as public utilities. The debate over “net neutrality” regulation has been animated by such concerns.

While that debate still rages, the rhetoric of public utilities and essential facilities is increasingly creeping into policy discussions about other layers of the Internet, such as the search layer. More recently, there have been rumblings within academic and public policy circles regarding whether social media platforms, especially social networking sites, might also possess public utility characteristics. Presumably, such a classification would entail greater regulation of those sites’ structures and business practices.

Proponents of treating social media platforms as public utilities offer a variety of justifications for regulation. Amorphous “fairness” concerns animate many of these calls, but privacy and reputational concerns are also frequently mentioned as rationales for regulation. Proponents of regulation also sometimes invoke “social utility” or “social commons” arguments in defense of increased government oversight, even though these notions lack clear definition.

Social media platforms do not resemble traditional public utilities, however, and there are good reasons why policymakers should avoid a rush to regulate them as such. Treating these nascent digital services as regulated utilities would harm consumer welfare because public utility regulation has traditionally been the archenemy of innovation and competition. Furthermore, treating today’s leading social media providers as digital essential facilities threatens to convert “natural monopoly” or “essential facility” claims into self-fulfilling prophecies. Related proposals to mandate “API neutrality” or enforce a “Separations Principle” on integrated information platforms would be particularly problematic. Such regulation also threatens innovation and investment. Marketplace experimentation in search of sustainable business models should not be made illegal.

Remedies less onerous than regulation are available. Transparency and data-portability policies would solve many of the problems that concern critics, and numerous private empowerment solutions exist for those users concerned about their privacy on social media sites.

Finally, because social media are fundamentally tied up with the production and dissemination of speech and expression, First Amendment values are at stake, warranting heightened constitutional scrutiny of proposals for regulation. Social media providers should possess the editorial discretion to determine how their platforms are configured and what can appear on them.

This 63-page paper can be found on the Mercatus site here, on SSRN, or on Scribd.  I’ve also embedded it below in a Scribd reader. Eventually, a shorter version of this paper will appear as a chapter in a MIT Press book.

Social Networks as Public Utilities [Adam Thierer]

Paying close attention to language can reveal what’s going on in the world around you.

Note the simple but important differences between the phrases “open government” and “open government data.” In the former, the adjective “open” modifies the noun “government.” Hearing the phrase, one would rightly expect a government that’s more open. In the latter, “open” and “government” modify the noun “data.” One would expect the data to be open, but the question whether the government is open is left unanswered. The data might reveal something about government, making government open, or it may not.

David Robinson and Harlan Yu document an important parallel shift in policy focus through their paper: “The New Ambiguity of ‘Open Government.'”

Recent public policies have stretched the label “open government” to reach any public sector use of [open] technologies. Thus, “open government data” might refer to data that makes the government as a whole more open (that is, more transparent), but might equally well refer to politically neutral public sector disclosures that are easy to reuse, but that may have nothing to do with public accountability.

It’s a worthwhile formal articulation and reminder of a trend I’ve noted in passing once or twice.

There’s nothing wrong with open government data, but the heart of the government transparency effort is getting information about the functioning of government. I think in terms of a subject-matter trio—deliberations, management, and results—data about which makes for a more open, more transparent government. Everything else, while entirely welcome, is just open government data.

President Obama’s third full year in office came to an end last week, and I’ve reviewed how well he’s doing with one particular campaign promise on the Cato@LIberty blog. “Sunlight Before Signing” is the moniker for the president’s campaign promise to post online the bills Congress sends him for five days before signing them.

As we start the fourth year, he’s at just over 50% on fulfillment of the promise. Far less if you measure based on the number of pages that got the sunlight he promised.

Remember when you had to wait until the end of the month to see your bank statement?

Last week, on the cusp of failing to pass any annual appropriations bills ahead of the October 1 start of the new fiscal year, congressional leaders came up with a short-term government funding bill (or “continuing resolution”) that would fund the government until November 18th. For whatever reason, that deal (H.R. 2608) wasn’t ready to go before the end of the week, so Congress passed an even shorter-term continuing resolution (H.R. 2017) that funds the government until tomorrow, October 4th.

Every weekend, I hunch over my computer and update key records in the database of WashingtonWatch.com, a government transparency website I run as a non-partisan, non-ideological resource. Then I put a summary of what’s going on into an email like this one (subscribe!) that goes out to 7,000 or so of my closest friends.

Last weekend, the Library of Congress’ THOMAS website, which is one of my resources, was down a good chunk of the time for maintenance. Even after it came up again, some materials such as bill text and committee reports weren’t available. (They had come up by the wee hours this morning.) Maintenance is necessary sometimes, though when the service provider I use for the WashingtonWatch.com email does maintenance, it’s usually for an hour or so in the middle of a weekend night.

But when I went to update the database to reflect last week’s passage of H.R. 2017, I could find no record of its public law number. When a bill becomes a law, it gets a public law number starting with the number of the Congress that passed and then a sequential number, like Public Law No. 112-29. The Government Printing Office’s FDsys system lets you browse public laws. At this writing, it isn’t updated to reflect the passage of new laws last week. When THOMAS came back up, its public laws page also had no data to reflect the passage of that continuing resolution last week (and still doesn’t, also at this writing).

There is barely any news reporting on humdrum details about governing like the passage of a law expending $40 billion in taxpayer funds. (That’s about what H.R. 2017 spends to operate the government four more days, roughly $400 per U.S. family.) Where can you confirm with an official source that this happened?

The winning data resource this week, if by default, is Whitehouse.gov, which has a page dedicated to laws the president has signed. That page says that President Obama signed four new laws on Friday (Sept. 30). When might FDsys or THOMAS reflect this information? It’ll happen soon, and that data will start to propagate out to society.

But I think that’s not soon enough. A couple of days’ delay is a big deal.

If I were to take $400 in cash out of my bank account at an ATM, I could review that transaction from that instant forward on my bank’s website. If I had a concern or even a passing interest, I could just go look. That is an utterly unremarkable service in this day and age.

But it’s remarkable that such a service doesn’t exist in systems that are as important as our bank accounts. When Congress and the president pass a bill to spend $40 billion dollars, the fact of its passage is pretty much undocumented by any official sources until enough Mon-Fri, 9-to-5 work hours have passed.

In my recently published paper, Publication Practices for Transparent Government, I go through the things the government should do to make itself more transparent (thus improving public oversight and producing lots of felicitous outcomes). A practice I cite is “real-time or near-real-time publication.” Why? Because then any of the 300 million Americans who have an interest, real or passing, can see what is happening with their money as it happens, just like they can with their bank holdings. People like me (and many more) can propagate complete and timely information, making it that much more accessible.

When you’re talking about a potential audience of 200 million people and $40 billion in expense (one of the tiniest spending bills—others are much larger), it is not too much to ask to have the data published in real time.

I don’t expect a lot of people to join me at the barricades with pitchforks and torches on this one. Government transparency is an area ruled by implicit demand. People don’t know what they are missing, so they don’t know to suffer a sense of deprivation. I do that for them—all of them. (Heroic, idn’t it?)

Before too long, though, the government’s opacity will be recognized as a contributor to the public’s general—and strong—distaste for all that goes on in Washington, D.C. The idea of spending $400 per U.S. family without documenting every detail of it on the Internet will seem as absurd as waiting until the end of the month to see what happened in your bank account.

The Cato Institute is doing a live-streamed Capitol Hill briefing this morning—start-time 9:00 a.m. Eastern—on congressional transparency.

You can see and download all the materials being released to Hill staff on a Cato@Liberty blog post summarizing where congressional transparency stands: “needs improvement.”

You can watch the event live (or later on tape) and join the conversation at the Twitter hashtag #RateCongress.

The White House’s release of its “Open Government Action Plan” today is timely. I’ll be rolling out the product of several months’ work on government transparency Friday at a Cato Institute event called “Publication Practices for Transparent Government: Rating the Congress.”

The paper we’ll release commences as follows:

Government transparency is a widely agreed upon goal, but progress on achieving it has been very limited. Transparency promises from political leaders such as President Barack Obama and House Speaker John Boehner have not produced a burst of information that informs stronger public oversight of government.

The reason is not lack of planning documents, meetings, or websites, as reading the White House’s announcement today might suggest, but lack of specifically prescribed data publication practices that foster transparency. The government should publish data about its deliberations, management, and results in ways that make it amenable to all the varied uses of websites, researchers, reporters, and the public at large.

We’ll be grading the Congress on how well it’s doing with publication of data about formal legislative process. Congress is first because it’s low-hanging fruit. We’ll soon be turning to information the executive branch can make more transparent: budgets, appropriations, and spending.

The programs featured by the White House today—a new “We the People” petition platform, whistleblower protection, and an “Extractive Industries Transparency Initiative”—are fairly tangential. Fuller government transparency will be a product of specific good publication practices applied to data about the government’s deliberations, management, and results.

More information, and registration for Friday’s event, can be found here.

Data-transparent government is still a ways off, but some small steps forward are underway. To wit, my project WashingtonWatch.com, which is adding new data going to the costs of bills in Congress.

As detailed in an announcement that went up this morning, many more bills on the site will have cost estimates associated with them, the product of research being done at the National Taxpayers Union Foundation. Some bills spend pennies or less per U.S. family. Some spend $5,000 per family and more. Wouldn’t you like to know which are which?

The site has also begun displaying national debt information on a per-family, per-person, and per-couple basis. (Your debt—just for being an American—is about $45,000 dollars.)

I’ll have much more to say on government transparency in the coming months. In the meantime, you might do your part to avoid the next calamitous debt ceiling debate by following the day-to-day, month-to-month, and year-to-year in Congress using things like the WashingtonWatch.com weekly email newsletter.

If you haven’t seen it already, be sure to give a read to Friedman Prize winner Hernando de Soto‘s recent piece in Business Week, “The Destruction of Economic Facts.” It’s a fascinating perspective on the economic and financial turmoil that is wracking the United States and the world.

As de Soto perceives more easily from working in developing economies, an important input into functioning markets is good information—about property, ownership, debts, and so on. The “destruction of economic facts” is one of the roots of instability and uncertainty in Europe and the United States, he says. “In a few short decades the West undercut 150 years of legal reforms that made the global economy possible.”

The law and markets are information systems, says de Soto:

The rule of law is much more than a dull body of norms: It is a huge, thriving information and management system that filters and processes local data until it is transformed into facts organized in a way that allows us to infer if they hang together and make sense.

If you’re interested in information and transparency, it’s worth a read.

Late last week, the Project on Government Oversight‘s Danielle Brian took a little umbrage at a Huffington Post piece by former U.S. Deputy Chief Technology Officer Beth Noveck, who had been implementing the Obama Administration’s Open Government Initiative until she recently returned to New York Law School.

Brian’s piece suggests a slight schism in the transparency community, between what I believe are the “insider” and “outsider” camps. Brian leaves to the end a crucial point: “[C]an’t the two camps in the open government world peacefully co-exist? There’s just too much work to be done for us to get bogged down in denigrating each others’ agendas.” They most certainly can.

Noveck was a bit dismissive of the open government movement as perceived by much of the transparency community. “Many people, even in the White House,” she wrote, “still assume that open government means transparency about government.” Actually, Noveck continued, open government is “open innovation or the idea that working in a transparent, participatory, and collaborative fashion helps improve performance, inform decisionmaking, encourage entrepreneurship, and solve problems more effectively. By working together as team [sic] with government in productive fashion, the public can then help to foster accountability.”

Visualize the difference between these two approaches: open government as a tool for public oversight and open government as a tool for public participation. When open government is about public oversight, the wording connotes the public looking down from above on the work its servants are doing. When open government is about collaboration, the public is at best an equal partner, allowed to participate in the work of governing. Noveck’s unfortunate language choice treats accountability as a kind of dessert to which the public will be entitled when it has donated sufficient energies to making the government work better.

The administration’s December 2009 open government memorandum predicted this divide. In calling for each agency to publish three “high-value data sets,” it said:

High-value information is information that can be used to increase agency accountability and responsiveness; improve public knowledge of the agency and its operations; further the core mission of the agency; create economic opportunity; or respond to need and demand as identified through public consultation.

As I noted at the time, it’s a very broad definition.

Without more restraint than that, public choice economics predicts that the agencies will choose the data feeds with the greatest likelihood of increasing their discretionary budgets or the least likelihood of shrinking them. That’s data that “further[s] the core mission of the agency” and not data that “increase[s] agency accountability and responsiveness.” It’s the Ag Department’s calorie counts, not the Ag Department’s check register.

Noveck wants us to put the calorie counts to use. Brian wants to see the check register.

There is no fundamental tension between these two agendas. Both are doable at the same time. The difference between them is that one is the openness agenda of the insider: using transparency, participation, and collaboration to improve on the functioning of government as it now exists.

The openness agenda of the outsider seeks information about the management, deliberation, and results of the government and its agencies. It is a reform (or “good government”) agenda that may well realign the balance of power between the government and the public. That may sound scary—it’s certainly complicates some things for insiders—but the “outsider” agenda is shared by groups across the ideological and political spectra. Its content sums to better public oversight and better functioning democracy, things insiders are not positioned to oppose.

I think these things will also reduce the public’s demand for government, or at least reduce the cost of delivering what it currently demands. But others who share the same commitment to transparency see it as likely to validate federal programs, root out corruption, and so on (a point I made in opening Cato’s December 2008 policy forum, “Just Give Us the Data!”) There are no losers in this bet. Better functioning programs and reduced corruption are better for fans of limited government than poorly functioning programs and corruption.

Forward on all fronts! The existence of two camps is interesting, but not confounding to the open government movement.

On this week’s John Stossel show on Fox Business Network, I debated Internet privacy, advertising, and data collection issues with Michael Fertik of Reputation.com. In the few minutes we had for the segment, I tried to reiterate a couple of keep points that we’ve hammered repeatedly here in the past:

• There’s no free lunch. All the free sites and service we enjoy online today are powered by advertising and data collection. [see this op-ed]
• There is no clear harm in most cases, or what some argue is harm also can have many benefits that are rarely discussed. [see this paper.]
• There’s little acknowledgement of the trade-offs involved in having government create an information control regime for the Internet. [see this filing and these three essays: 1, 2, 3.]
• The ultimate code of “fair information practices” is the First Amendment, which favors free speech, openness, and transparency over secrecy and information control. [see this piece.]
• “Hands Off the Net” is a policy that has served us well. There are dangerous ramifications for our economy and long-term Internet freedoms if we continue down the road of “European-izing” privacy law here in the States. [see this essay and this filing.]
• At some point, personal responsibility needs to come into the equation. With so many privacy enhancing empowerment tools already on the market, it begs the question: If consumers don’t take steps to use those tools, why should government intervene and take action for them?

Anyway, here’s the 7-min video of the debate between Fertik and me:

Last year I was asked by the Aspen Institute Communications and Society Program and the John S. and James L. Knight Foundation to author a study on models for local online hubs or community web portals. This paper was one of several commissioned by the Knight Foundation to implement the 15 recommendations found in the Knight Commission report on the Information Needs of Communities in a Democracy.  The specific Knight Commission recommendation I focused on in my white paper read as follows: “Ensure that every local community has at least one high-quality online hub.” More specifically, it said: “Communities should have at least one well-publicized portal that points to the full array of local information resources. These include government data feeds, local forums, community e-mail listservs, local blogs, local media, events calendars, and civic information. [The entire three paragraph recommendation can be read here.]

My resulting white paper is entitled, Creating Local Online Hubs: Three Models for Action, and it was released by the Aspen Inst. & Knight Foundation at an event this morning.  (Another Aspen/Knight white paper was simultaneously released on Government Transparency: Six Strategies for More Open and Participatory Government. It was written by Jon Gant and Nicol Turner-Lee.) A short summary of my report follows down below, and you can find the entire report online here.  I’ve also embedded the video of this morning’s launch event for both reports.

___

Creating Local Online Hubs: Three Models for Action

by Adam Thierer

— EXECUTIVE SUMMARY —

The Knight Commission on the Information Needs of Communities in a Democracy (Knight Commission) recommended that every local community have at least one high-quality online hub to help meet community information needs. While the Commission recognized that “it is not possible for any one Web site to aggregate all of the online information local residents want and need,” it believed that “communities should have at least one well-publicized portal that points to the full array of local information resources.” This paper outlines how local online hubs currently work, what their core ingredients are, and what it will take to bring more of them to communities across America.

This analysis makes three simplifying assumptions. First, while newer developments have supplanted the “portal” concept—namely, online search and social media—there is still something to be said for websites that can help to aggregate attention, highlight important civic information and activities and map public information resources. Second, it continues to make sense to focus on geographic communities for the reasons the Informing Communities report made clear: they are the physical places where people live and work and also elect their leaders. Third, the government’s role in creating high-quality online hubs will likely be quite limited and primarily focused on (a) opening up its own data and processes and (b) some limited funding at the margins for other local initiatives.

Luckily, there are many excellent, high-quality online hubs already in place in many communities. Unsurprisingly, however, those hubs tend to be found mostly in large and mid-sized cities. They can serve as models for online hubs in other communities; the question is how to get them built.

As we look to do so, we should keep in mind the great diversity of local communities and realize that there is no one-size-fits-all, best approach to designing high-quality local online hubs. We should not assume that a hub model that works well in one community will automatically work for another. The more experimentation, the better at this point.  Some communities may be served by multiple hubs that specialize in serving various informational needs, while other communities might get all those needs served by one site.

The primary concern going forward should be underserved communities. More thought needs to be put into how to deal with those communities who have nothing in place today. That can be facilitated by the close collaboration of various players. Building effective local hubs will require coordination among local governments and universities, libraries and other community organizations, local businesses, local media outlets and other patrons and supporters. It is particularly important to find community champions who can help lead these efforts. Many of the examples discussed in this paper began with the efforts of a small handful of inspired, active, civic-minded citizens who were looking to make a difference in their communities using digital technologies.

It is important, however, that we do not set the benchmark for success too high. The effectiveness of online community hubs should not necessarily be measured solely by the number of people visiting those sites on a regular basis. Availability and usability should trump actual site time in terms of effectiveness measures.

To advance the goal of a high-quality online hub in every community, there are certain tasks that various stakeholders will need to undertake. Among these are the following:

• Governments at all levels should ensure that these hubs are given access to all relevant data about the government and other community affairs organized by it.
• Local libraries   and other community organizations can help to develop content and resources for local hubs. In fact, local libraries may be one of the best places to start discussions about local information needs and identify stakeholders who can help facilitate local hub creation or improvement.
• Local businesses can support online hubs through direct financial sponsorship; in-kind donations of services, support and technology; or advertising support (in much the same way as they do for local newspapers and broadcast outlets.)
• Local media outlets could partner with one another or  others in the community to foster or assist local hubs, or to improve the local information resources offered on their own websites.
• Colleges and universities offer a wealth of capital, human and other resources to map and develop local information resources. Higher education stakeholders could develop a toolbox of technologies and templates for ready-made hubs or a “code toolbox” to make local hub creation easier, incubate successful models or host local hubs.
• Foundations and venture capitalists should support best-of-class programs and applications through matching grants, support efforts such as the Knight News Challenge or directly invest in innovative local community online hubs and programs.
• Governments can provide seed money, targeted grants and access to public facilities to spur the creation of local online hubs where they do not currently exist, taking care not to impose a particular hub vision from outside the community receiving support.

Creating Local Online Hubs: Three Models for Action http://d1.scribdassets.com/ScribdViewer.swf

A headline in the USA Today earlier this week screamed, “Hello, Big Brother: Digital Sensors Are Watching Us.”  It opens with an all too typical techno-panic tone, replete with tales of impending doom:

Odds are you will be monitored today — many times over. Surveillance cameras at airports, subways, banks and other public venues are not the only devices tracking you. Inexpensive, ever-watchful digital sensors are now ubiquitous.

They are in laptop webcams, video-game motion sensors, smartphone cameras, utility meters, passports and employee ID cards. Step out your front door and you could be captured in a high-resolution photograph taken from the air or street by Google or Microsoft, as they update their respective mapping services. Drive down a city thoroughfare, cross a toll bridge, or park at certain shopping malls and your license plate will be recorded and time-stamped. Several developments have converged to push the monitoring of human activity far beyond what George Orwell imagined. Low-cost digital cameras, motion sensors and biometric readers are proliferating just as the cost of storing digital data is decreasing. The result: the explosion of sensor data collection and storage.

Oh my God! Dust off you copies of the Unabomber Manifesto and run for your shack in the hills!

No, wait, don’t. Let’s instead step back, take a deep breath and think about this. As the article goes on to note, there will certainly be many benefits to our increasing “sensor society.”  Advertising and retail activity will become more personalized and offer consumers more customized good and services.  I wrote about that here at greater length in my essay on “Smart-Sign Technology: Retail Marketing Gets Sophisticated, But Will Regulation Kill It First?”  More importantly, ubiquitous digital sensors and data collection/storage will also increase our knowledge of the world around us exponentially and do wonders for scientific, environmental, and medical research.

But that won’t soothe the fears of those who fear the loss of their privacy and the rise of a surveillance society in which our every move is watched or tracked. So, let’s talk about what those of you who feel that way want to do about it.

The Challenge of Information Control

The USA Today quotes some people I know fairly well and have great respect for (Lee Tien, Chris Wolf, & Ryan Calo) raising various concerns but not really offering any specific recommendations. I suspect that it’s only a matter of time before we hear calls for regulation — even bans — of digital sensor / surveillance technologies.  On the other hand, things might unfold the way they did when RFID chips/tags came on the scene.  There was a lot of hysteria then, but things died down and — unless I missed something — no major restrictions on their use were instituted and RFID is in widespread use today.

But the “creepiness” or intrusiveness factor gets ratcheted up a bit with next-gen digital sensor technology, especially because they have become highly decentralized and dirt cheap. Practically every teenager is walking around with a powerful digital “sensor” or surveillance technology in the pocket today.  It’s called their phone.  Except they rarely use it to make calls.  They do, however, use it to record audio and video of themselves and the world around them and instantaneously share it will the planet. They also use geolocation technologies to pinpoint the movement of themselves and others in real time.

Meanwhile, new translation tools and biometric technologies are becoming widely available to average folk. Those of you who have played with Google Goggles on your smartphone know what I am talking about. Incredibly cool stuff, but you can see where it is heading. In a couple of years, we’ll have biometric buttons on our shirts feeding live streams of our daily movements and interactions into social networking sites and databases. We’ll use them to record our days and play them back later, or perhaps to just instantly scan and recognize faces and places in case we can’t remember them using our noggins. As a result, mountains of intimate data we be created, collected, collated, and cataloged on a daily basis. 

And there isn’t much we can do to stop this. As I noted in my essays on “Privacy as an Information Control Regime: The Challenges Ahead, and “The IP & Porn Wars Give Way to the Privacy & Cybersecurity Wars,” today’s information control efforts are greatly complicated by problems associated with (1) convergence, (2) scale, (3) volume, and (4) unprecedented individual empowerment / user-generation of content.  Thus, for better or worse, the information genies — porn, hate speech, spam, state secrets, pirated content, personal information, etc. — are out of their bottles and getting them back in will be an enormous challenge.

Darknet & the Decline of Practical Obscurity

In the context of personal privacy, the net result of all of this — to quote Jim Harper’s excellent 2006 book Identity Crisis — is the “decline of practical obscurity.”  “As practical obscurity declines,” Harper notes, “it becomes more likely that large quantities of data center on identified individuals  will be collected and more likely that it will be shared and used. With large collections if data highly correlated to precise identities, he consequences of being identified are changing.” (p. 163)  Harper rightly notes that may not be all bad. Again, there will be many benefits associated with this. But many others — especially those who are privacy fundamentalists and would have privacy trump most other values — won’t want to hear about possible benefits or trade-offs. It’s pretty much all bad from their perspective.

So, let’s get back to what we want to do about all this. Is “creepiness” enough of a harm to call in the code cops to undo progress?  If so, can we roll back the clock or put this particular technology back in the bottle?  I suppose that, with enough effort, we could.  But I can’t help but think about all the “darknet“-related critiques I’ve heard over the past decade about the futility of efforts to protect intellectual property or use DRM to secure IP against widespread dissemination. As I noted in my essay on “Two Paradoxes of Privacy Regulation,” many of these arguments have been set forth by the same people who now tell us they want to try to bottle up information in this context by “property-tizing” personal information.

But if the darknet critique holds for flows of copyrighted information, why would it not also hold for personal information?  Perhaps there is less incentive to push out personal information across the planet as aggressively as intellectual property, but that doesn’t mean there is no incentive to do so.  Many people will do it voluntarily each and every day when they put the most intimate details (and pictures / videos) of their lives online.  And, as they darknet critique informs us, once the information is out, it’s pretty much game over.

This is one reason why I’ve been mildly entertained by what some privacy regulatory advocates have said recently about “Do Not Track” regulation being able to stop or slow the technological arms race in the privacy arena.  “The header-based Do Not Track system appeals because it calls for an armistice in the arms race of online tracking,” says Rainey Reitman of EFF.  And the always provocative regulatory agitator Chris Soghoian argues that “opt out mechanisms… [could] finally free us from this cycle of arms races, in which advertising networks innovate around the latest browser privacy control.”  These guys should know better. There is no way in hell that Do Not Track would slow the technological “arms race” in this arena. If anything, a Do Not Track mandate will speed up that arms race and potentially just shift attention toward the development of Deep Packet Inspection (DPI) technologies or other, more invasive, forms of tracking.

I suppose they would argue that we’ll turn our attention to those technological developments as they happen, but that would make my point. There will be technological and marketplace responses to efforts to freeze current market structures, norms, and technologies in place. Again, for better or worse, progress happens.  It’s just that privacy advocates aren’t particularly fond of the consequences of technological progress in this regard and want to put a stop to it.  But they will fail.

Hyper-Transparency

At this point, some savvy readers might suspect I have fallen under the spell of David Brin and the vision he set forth in his 1997 book, The Transparent Society. There’s some truth to that, at least as it pertains to the empirical side of his argument. For those who forget his provocative thesis, Brin argued that:

While new surveillance and data technologies pose vexing challenges, we may be wise to pause and recall what worked for us so far. Reciprocal accountability — a widely shared power to shine light, even on the mighty — is the unsung marvel of our age, empowering even eccentrics and minorities to enforce their own freedom. Shall we scrap civilization’s best tool — light — in favor of a fad of secrecy?

Across the political spectrum, a “Strong Privacy” movement claims that liberty and personal privacy are best defended by anonymity and encryption, or else by ornate laws restricting what groups or individuals may be allowed to know. This approach may seem appealing, but there are no historical examples of it ever having worked.  Strong Privacy bears a severe burden of proof when they claim that a world of secrets will protect freedom… even privacy… better than what has worked for us so far — general openness.

Indeed, it’s a burden of proof that can sometimes be met! Certainly there are circumstances when/where secrecy is the only recourse… in concealing the location of shelters for battered wives, for instance, or in fiercely defending psychiatric records. These examples stand at one end of a sliding scale whose principal measure is the amount of harm that a piece of information might plausibly do, if released in an unfair manner. At the other end of the scale, new technologies seem to require changes in our definition of privacy. What salad dressing you use may be as widely known as what color sweater you wear on the street… and just as harmlessly boring.

The important thing to remember is that anyone who claims a right to keep something secret is also claiming a right to deny knowledge to others. There is an inherent conflict! Some kind of criterion must be used to adjudicate this tradeoff and most sensible people seem to agree that this criterion should be real or plausible harm… not simply whether or not somebody likes to keep personal data secret.

As a normative matter, I’m not entirely in league with Brin, but I do think he makes a very powerful case for transparency and openness trumping privacy and secrecy. (And isn’t it a delicious irony of information policy debates that the same crowd that is typically hammering on policymakers about the need for greater “openness” and transparency in all other matters suddenly wants to the opposite when our personal information is brought into the discussion?!)

But where I am entirely in agreement with Brin is with his empirical or practical case for understanding and, to some extent, accepting the world around us.  I wouldn’t necessarily label it the snarky “privacy is dead, just get over it,” but I would think it fair to call this philosophy “privacy is changing, and we need to learn how to live with it.”

Thinking about Concrete Harms & Targeted Solutions to Them

To be clear, I’m not against all forms of “privacy” law or regulation.  When it comes to government surveillance, I think we need more limitations on the State and the ability of public officials to access certain types of information, or act upon it. The key point here is that the solution to State surveillance concerns should not be bans on the technology. We instead need to shackle State actors and tightly delimit their power over our lives—such as by tightening up the Electronic Communications Privacy Act, as the Digital Due Process Coalition proposes, and by creating new protections for locational data, as Sen. Wyden has recently proposed.  And we should do so because the State possesses uniquely coercive powers over our lives and our property.

For privately aggregated data, it’s more complicated. I continue to think we can live with most forms of private data collection and aggregation since there are great benefits for society.  Most of the time, companies are just trying to sell us a more relevant product.  It’s hard for me to see the harm in that.  But there will be certain categories of personal information that will eventually need to be carved out of the mix.  I think health and financial information are the two primary categories in this case. It doesn’t mean we should take extreme steps to limit all data flows associated with them, but we will likely need to take some steps.  And most countries, including the U.S., already have targeted laws dealing with those two categories of personal information.  In this sense, I look at privacy regulation in much the same way I look at censorship.  The general default should be that openness and information sharing are permissible. But in some extreme cases — think child pornography — most of us can agree that the harm is quite tangible and significant enough to warrant repression of that information / content.

These are challenging issues and this is fertile ground for further academic investigation.  I think that we are only beginning to explore and understand the mechanics of information control regimes. As we continue that exploration, especially as we look to significantly broaden regulation of personal information flows, here are some questions for scholars to consider and debate:

• In the context of privacy and personal information, how far should law go to roll back digital progress or try to put the genie back in the bottle?
• Does the “darknet” theory have ramifications for the privacy debate?
• Can or should we have similar information control regimes for privacy, content control, defamation, intellectual property, cybersecurity, etc, or should each problem be treated/regulated differently?
• If, however, we adopt differing regulatory regimes for different classes of information, won’t the most restrictive regime become a model for the others?
• Finally, instead of attempting to stifle all information flows or block new technologies that facilitate information sharing, are we better off — as Brin suggests — channeling our energy in to increasing transparency across the board so that those who hold information about us are forced to reveal what they have or know?  Of course, that will lead some to suggest — as many privacy advocates do today — that we should be given more control over the uses of that information once it is in the wild.  Again, what I am assuming here is that that is increasingly an exercise in futility.

So I say in Politico today. Highlights:

During his first two years in office, the president generated a lot of heat in the transparency area — but little sunlight. House Republicans can quickly outshine Obama and the Democratic Senate. It all depends on how they implement the watch phrase of their amendment package: “publicly available in electronic form.” . . . The House can reach the gold standard for transparency if its new practices make introducing a bill and publishing the bill online the same thing. Moving a bill out of committee and posting the committee-passed version as online data must also be the same thing. Voting on a bill and publishing all data about the vote online must be standard procedure. . . . The transparency community owes it to Congress to say how it wants to get the data.

Of course, I’ve fooled you just a little bit. The whole thing is a highlight! (ahem) Read it.

This morning, a database of FY 2011 earmark requests was released by Taxpayers Against Earmarks, Taxpayers for Common Sense, and my own WashingtonWatch.com. With House Republicans generally eschewing earmarks this year, members of Congress and senators still sought over 39,000 earmarks, valued at over $130 billion dollars. Learn more on the relevant pages at Taxpayers for Common Sense, Taxpayers Against Earmarks, and WashingtonWatch.com.

This is transparency. The production of organized, machine-readable data has allowed these differing groups—an advocacy organization, a spending analysis group, and a “Web 2.0” transparency site—to expand the discussion about earmarks. The data is available to any group, to the press, and to political scientists and researchers.

Earmarking is a questionable practice, and, anticipating public scrutiny, House and Senate Republicans have determined to eschew earmarks for the time being. But the earmark requests in this database are still very much “live.” They could be approved in whatever spending legislation Congress passes for the 2011 fiscal year. They also tell us how our representatives acted before they got careful about earmarks.

Earmarks are a small corner of the federal policy process, of course, but when all legislation, budgeting, spending, and regulation has become more transparent—truly transparent, Senator Durbin—the public’s oversight of Congress will be much, much better. As I noted at the December 2008 Cato Institute conference, “Just Give Us the Data,” progressives believe that it would validate government programs and root out corruption. (That’s fine—corruption and ongoing failure in federal programs are not preferable.) I believe that demand for government will drop. The average American family pays about $100 per day for the operation of the federal government currently. That’s a lot.

Again, you can see how this data is in use, and you can use it yourself, by visiting Taxpayers for Common Sense, Taxpayers Against Earmarks, and WashingtonWatch.com. On the latter site, you can see a map of earmarks in your state and lists of earmarks by member of Congress and representative, then vote and comment on individual earmarks.

At considerable expense and effort, these sites have done what President Obama asked Congress to do in January. If earmarking is to continue, Congress could produce earmark data as a matter of course itself: The appropriations committees could take earmark requests online and immediately publish them, rather than using the opaque exchange of letters, phone calls, and—who knows—homing pigeons.

Congress should modernize and make itself more transparent. We’re showing the way.