If only our would-be “Net Nannies” in Congress, the FCC, FTC, state capitols and, of course, Brussels were more like the Park Service! The WSJ reports on “Why there are so few guardrails at the Grand Canyon:”

Sunday a crowd gathered in Acadia National Park, on Mount Desert Island along the Maine coast, to watch the surf, roaring with energy from an offshore hurricane, smash against the shore. A towering wave crashed over some onlookers, dragging half a dozen into the ocean. A 7-year-old girl drowned. Soon it was asked why officials had let the crowd get so near waters so dangerous. “The Park Service’s goal is to get people out into the park,” Acadia Chief Ranger Stuart West told Maine Public Broadcasting. “And we don’t want to take that opportunity away from the public.” It’s a measure of how coddled we’ve become that Mr. West’s simple and reasonable statement seems almost shocking. But the Park Service, with its emphasis on protecting the lands in its care, has developed a refreshingly laissez-faire attitude toward protecting visitors…. It seems that those who frequent the outdoors have an aversion to nanny-statism, which allows the Park Service to take a grown-up attitude toward its visitors: “Their safety is their responsibility,” says Ron Terry, Zion’s public information officer. “We couldn’t possibly put railings up everywhere. It wouldn’t be feasible, nor would we want to.”

Amen!  If only we took the same approach to the online environment:  educate users about the risks (real or subjective) to their privacy, safety or delicate sensibilities and empower them to the maximum extent possible to make decisions for themselves—or for parents to decide which “perilous canyon trails” to let their kids go down. The wonderful, unique thing about the online environment is that each user’s experience can be customized: Technological filters tools allow parents to create “guardrails” just for their kids (e.g., blacklists of sites inappropriate for kids), without needing to have a guardrail installed for all users (e.g., COPA).

The parallels continue when one considers the human tendency to mis-perceive risks, which creates “technopanics” in Internet policy just as it creates panics about the various health risks of the great outdoors:

We could all boycott the beach until sundown or protect ourselves by donning modified bee-keepers’ rigs—broad-brimmed hats, long-sleeved shirts and proper trousers. But few of us do. What a contrast with how we react when confronted with other threats and risks. Told of some minuscule risk attached to some chemical, we tend to panic, demanding that billions be spent to protect us from the slightest exposure. Phthalates—eek! And yet, with more than a million skin cancers diagnosed each year in the U.S., few of us hesitate to saunter outside sans sombrero. What gives? “Most people, including professionals, don’t understand relative risk,” says Seymour Garte, a professor of occupational health and author of “Where We Stand: A Surprising Look at the Real State of Our Planet.” We get nervous flying a commercial jet yet don’t think twice about driving the highway. “People are more often risk averse if they feel they aren’t in control of the exposure,” Prof. Garte says. The sun may present a clear and present danger, but we generally control how much of it we get, which makes us all too comfortable with getting all too much. But beyond that, we like getting out in the sun, whether to swim or golf, play tennis or hike along cliffs. And so we accept the risk and keep our oncological anxieties in check. It’s an attitude worth remembering the next time a health scare comes along. And in the meantime, don’t forget your hat and please be sure to hold the railing.

Again, user empowerment can help to reduce hysteria by making users feel like they’re in control of the situation.

On July 27th, The Progress & Freedom Foundation hosted a Capitol Hill panel discussion entitled “Online Child Safety, Privacy, and Free Speech: An Overview of Challenges in Congress & the States.” The event featured remarks from:

• Parry Aftab, Executive Director, WiredSafety.org
• Todd Haiken, Senior Manager of Policy, Common Sense Media
• Jim Halpert, Partner, DLA Piper
• Berin Szoka, Senior Fellow, The Progress & Freedom Foundation

We’ve just released the transcript of the event, which I have also pasted down below the fold in a Scribd document reader. Also, the audio for this event can be heard by clicking below:

Download mp3

Here is the full event description:

Online child safety, privacy, and free speech remain hotly debated issues at both the federal and state level. Bills introduced in Congress to address cyberbullying concerns propose either educational initiatives or a criminalization approach. Access to objectionable content also remains a concern and a new, government-mandated task force is looking into those issues. Meanwhile, state officials, including many state attorneys general, continue to explore age verification mandates for social networking sites and some have considered building on the federal Children’s Online Privacy Protection Act (COPPA) to expand “parental notification” mandates. The Federal Trade Commission (FTC) has recently announced an expedited review of COPPA to see if it is keeping up with new developments. The FTC is also exploring child safety in virtual worlds. New concerns about “sexting,” or the sending of sexual explicit images over mobile devices, has also raised new concerns led some lawmakers to ponder penalties.

How serious are these concerns? Is legislation or regulation needed to address them? What free speech issues are at stake? Should Congress take the lead or leave it to the States to experiment with different models? These and other issues were discussed by a panel of leading experts in the field of online safety and privacy policy.

Transcript PFF Online Child Safety Privacy Hill Event (7-27-2009) http://d.scribd.com/ScribdViewer.swf?document_id=18756666&access_key=key-1blb7az1ag406howibuk&page=1&version=1&viewMode=

Adam Thierer & I have just released a detailed examination (PDF) of brewing efforts to expand the Children’s Online Privacy Protection Act of 1998 to cover adolescents and potentially all social networking sites—an approach we call “COPPA 2.0.”

As Adam explained on Larry Magid’s CNET podcast, COPPA mandates certain online privacy protections for children under 13, most importantly that websites obtain the “verifiable consent” of a child’s parent before collecting personal information about that child or giving that child access to interactive functionality that might allow the child to share their personal information with others. The law was intended primarily to “enhance parental involvement in a child’s online activities” as a means of protecting the online privacy and safety of children.

Yet advocates of expanding COPPA—or “COPPA 2.0″—see COPPA’s verifiable parental consent framework as a means for imposing broad regulatory mandates in the name of online child safety and concerns about social networking, cyber-harassment, etc. Two COPPA 2.0 bills are currently pending in New Jersey and Illinois. The accelerated review of COPPA to be conducted by the FTC next year (five years ahead of schedule) is likely to bring to Washington serious talk of expanding COPPA—even though Congress clearly rejected covering adolescents age 13-16 when COPPA was first proposed back in 1998.

We’ll discuss some of the key points of our paper in a series of blog posts, but here are the top nine reasons for rejecting COPPA 2.0, in that such an approach would:

• Burden the free speech rights of adults by imposing age verification mandates on many sites used by adults, thus restricting anonymous speech and essentially converging—in terms of practical consequences—with the unconstitutional Children’s Online Protection Act (COPA), another 1998 law sometimes confused with COPPA;
• Burden the free speech rights of adolescents to speak freely on—or gather information from—legal and socially beneficial websites;
• Hamper routine and socially beneficial communication between adolescents and adults;
• Reduce, rather than enhance, the privacy of adolescents, parents and other adults because of the massive volume of personal information that would have to be collected about users for authentication purposes (likely including credit card data);

• Would likely be the subject of massive fraud or evasion since it is not always possible to definitively verify the parent-child relationship, or because the system could be “gamed” in other ways by determined adolescents;
• Do nothing to prevent offshore sites and services from operating outside these rules;
• Present major practical challenges for law enforcement officials in the face of such evasion by both domestic users and offshore sites;
• Could destroy opportunities for new or smaller website operators to break into the market and offer competing services and innovations, thus contributing to consolidation of online content and services by erecting barriers to entry; and
• Violate the Commerce Clause of the U.S. Constitution, since Internet activity clearly represents interstate commerce that states have no authority to regulate.

Statue at FTC Headquarters: “Man Controlling Trade” (We’re rooting for the horse!)

Adam Thierer and I have just released a new PFF paper entitled “Targeted Online Advertising: What’s the Harm & Where Are We Heading?” (PDF) about the FTC’s new “Self-Regulatory Principles for Online Behavioral Advertising.”  Adam lampooned some of the attitudes at play in this debate in a great rant yesterday.

But we give the FTC credit for resisting calls to abandon self-regulation, and for its thoughtful consideration of the danger in stifling advertising-the economic engine that has supported a flowering of creative expression and innovation online content and services.  That said, we continue to have our doubts about the FTC’s approach, however-well intentioned:

1. Where is this approach heading?  Will a good faith effort to suggest best practices eventually morph into outright government regulation of the online advertising marketplace?
2. What, concretely, is the harm we’re trying to address?  We have asked this question several times before and have yet to see a compelling answer.
3. What will creeping “co-regulation” mean for the future of “free” Internet services?  Is the mother’s milk of the Internet-advertising-about to be choked off by onerous privacy mandates?

We stand at an important crossroads in the debate over the online marketplace and the future of a “free and open” Internet. Many of those who celebrate that goal focus on concepts like “net neutrality” at the distribution layer, but what really keeps the Internet so “free and open” is the economic engine of online advertising at the applications and content layers. If misguided government regulation chokes off the Internet’s growth or evolution, we would be killing the goose that laid the golden eggs.

The dangers of regulation to the health of the Internet are real, but the ease with which government could disrupt the economic motor of the Internet (advertising) is not widely understood-and therein lies the true danger in this debate.  The advocates of regulation pay lip service to the importance of advertising in funding online content and services but don’t seem to understand that this quid pro quo is a fragile one: Tipping the balance, even slightly, could have major consequences for continued online creativity and innovation.

As we conclude:  Self-regulatory efforts can be refined, especially through technological innovation to better satisfy the concerns of policymakers, privacy advocates, and average consumers.  For example, if websites and ad networks participating in a self-regulatory framework supplemented their current “natural language” privacy policies with equivalent “machine-readable” code, that data could be “read” by browser tools that would implement pre-specified user preferences by blocking the collection of information depending on whether the privacy policies of certain websites or ad networks met the user’s preferences about data-use. Such robust and granular disclosure, if implemented for behavioral advertising, would exceed the wildest dreams of those who argue that users currently do not read privacy policies-without disrupting the browsing experience or cluttering websites.  But this system would only work if users had to make real choices about paying for”‘free” content and services by disclosing their personal information.

Truly privacy sensitive users should be free to opt out of whatever tracking they find objectionable-but not without a cost:  The less data they agree to share, the less content and services they can fairly expect to receive for free.  Concretely, this means that they might not be able to access certain sites, content, or functionality without watching extra (untargeted ads), or paying for that content or service (assuming such a micropayment model can be worked out).  Of course, there will always be ways to “cheat” in such a system, but Commissioner Harbour is exactly right on one point:  Each content creator and service provider must be “free to strike whatever balance it deems appropriate.” This freedom is vital to the Internet’s future because the easier we make it for some users to get “something for nothing,” the smaller will be the economic base for the content and services everyone else takes for granted.  Again, there is no free lunch.

You can download our paper in PDF form on the PFF website or view it below in Scribd.  (Click the rectangle-in-rectangle button at the top right to maximize the iPaper viewer.)