Folks, I wanted to bring your attention to this conference on Feb. 24 from the Information Economy Project at George Mason University. The pitch:

The assembly line of our knowledge-based economy begins with technology discovery and ends with the moving target of a consumer market. Connectivity is funded and rewarded through exchanges of time, money, and digital goods. The conversation in this conference will identify key priorities in technology policy for innovation, network investment, and content delivery models. Articles will be published in a special issue of the Journal of Law, Economics & Policy.

See the website for speakers, schedule, and RSVP info.

My seen-it-all cool was shaken yesterday when I examined how a Senate cybersecurity bill would scythe down legal protections for privacy. Anyone participating in government “cybersecurity exchanges” would have nearly total immunity from liability under any law. No Privacy Act, no ECPA, no E-Government Act, no contract law, no privacy torts. The scuttlebutt is that Senator Reid (D-NV) may push this especially hard as payback to the Internet for the SOPA/PIPA debacle.

In the push for cybersecurity legislation, Congress is driven far more by its desire to act (and D.C. lobbyists’ desire to have Congress act) than by any plausible contribution it can make to the difficult problem of securing computers, networks, and data. That’s why this cybersecurity bill, and all others I have seen, have greater costs than benefits.

Read about the devastation for privacy and the rule of law on offer in a current draft in “The Senate’s SOPA Counterattack?: Cybersecurity the Undoing of Privacy.”

On the podcast this week, Catherine Tucker, Douglas Drane Career Development Professor in IT and Management, and Assistant Professor of Marketing at MIT’s Sloan School of Management, discusses her paper with Avi Goldfarb in the Journal of Competition Law and Economics entitled, Substitution Between Offline and Online Advertising Markets. According to Tucker, the FTC treats online advertising as a distinct market from offline advertising for antitrust purposes. She describes the study she and Goldfarb conducted, where they sought to determine whether online advertising could serve as a substitute for offline advertising. Tucker also discusses Google’s role in online advertising, how its auction mechanism affects pricing, and the difference between search advertising and display advertising. The conversation ends with a discussion on policy implications on how dominant players in online advertising should be viewed.

Related Links

• Substitution between Offline and Online Advertising Markets, by Tucker & Goldfarb
• “Google faces antitrust glare on Capitol Hill”, Washington Post
• “Google Now Owns 44% of Global Advertising Market”, Search Engine Watch

To keep the conversation around this episode in one place, we’d like to ask you to comment at the webpage for this episode on Surprisingly Free. Also, why not subscribe to the podcast on iTunes?

Over at TIME.com I take a look at the different approaches to cybersecurity now being considered by Congress:

But what can congress do to improve cybersecurity? One line of thinking reportedly embodied by the Senate legislation, though details of that bill are not yet available, would tell network owners how to protect their systems. The Department of Homeland Security would be charged with creating security rules and punishing companies that did not comply. Such a prescriptive approach may not be very helpful, however. …

The bipartisan approach moving forward in the House, on the other hand, takes a different approach. At the center of the PRECISE Act is the creation of a non-profit National Information Sharing Organization (NISO) that would serve as a clearinghouse for the voluntary exchange of cybersecurity threat information between government and industry. Under the NISO umbrella, as long as they only share information for cybersecurity purposes, industry and government would be exempt from privacy laws that today restrict collaboration.

Read the whole thing at TIME.com.

I honestly don’t know. I haven’t been following his work, and, by saying I don’t know, I don’t imply that he didn’t achieve anything. But it’s utterly unclear from this interview with Nancy Scola what he achieved as chief technology officer in the Obama Administration the last few years.

I was piqued by the amusing—almost comical—claims to specificity he makes, right from the outset:

What is the elevator pitch on what you’ve been doing since you were named Chief Technology Officer of the United States?
What I do is advance the president’s innovation agenda by incorporating his bottom-up theory of change. To be very specific about it, I execute the president’s innovation strategy in a manner that taps into the expertise of the American people to solve big problems.

There is nothing specific about, “I execute the president’s innovation strategy in a manner that taps into the expertise of the American people to solve big problems.” If you were to look up “vague” in the dictionary, that sentence would illustrate the first definition of the word.

Ever notice how people say, “I don’t mean to interrupt,” when they are interrupting? How they say, “to make a long story short,” when it’s already too late? Chopra says he’s going to be specific as he heads into empty generalities. Further along in the interview , he talks about his role and his involvement, which would be interesting meta-information if it set the stage for describing accomplishment.

So the question stands: What things happened under Aneesh Chopra that wouldn’t have happened in his absence?

Caveats: Aneesh Chopra seems like a nice guy. I don’t doubt his sincerity or intention to have done good things. I don’t think he’s unique among bureaucrats in not having identifiable achievements. I am open to learning what he did achieve. He just hasn’t explained it himself.

This line of questioning also may seem disrespectful. Chopra has acted as a public servant the last few years and deserves credit for that, some would argue. But I disagree that the claim to “public service” should act as insulation against being held to account for performance. What did Aneesh Chopra achieve?

…on the Google privacy policy change.

The idea that people should be able to opt out of a company’s privacy policy strikes me as ludicrous.

Plus she embeds a valuable discussion among her Xtranormal friends.

Read the whole thing. Watch the whole thing. And, if you actually care, take some initiative to protect your privacy from Google, a thing you are well-empowered to do by the browser and computer you are using to view this post.

Over at TIME.com I write that if you didn’t like SOPA because it threatened free speech, then you probably won’t like the new “Right to be Forgotten” proposed in the EU. Prof. Jane Yakowitz contributes some great insights to the piece. What I dislike most about the rule is that it subordinates expression to privacy:

[T]he new law would flip the traditional understanding of privacy as an exception to free speech. What this means is that if we treat free expression as the more important value, then one has to prove a harmful violation of privacy before the speaker can be silenced. Under the proposed law, however, it’s the speaker who must show that his speech is a “legitimate” exception to a claim of privacy. That is, the burden of proof is switched so that speakers are the ones who would have to justify their speech.

Read the whole thing at TIME.com.

On the podcast this week, Reuben Grinberg, a recent Yale Law School graduate now in private practice in New York City, discusses his paper, published in the Hastings Science & Technology Law Journal entitled, Bitcoin: An Innovative Alternative Digital Currency. Grinberg first gives a brief overview of Bitcoin, the decentralized, digital currency. According to Grinberg, Bitcoin can maintain sustainability, even though it is not backed by an institution or commodity, but it must overcome several hurdles. Grinberg then discusses the potential security problems and legal issues Bitcoin faces. He also describes some of the unique qualities of Bitcoin, including the ability to conduct transactions anonymously. Grinberg ends the discussion with his thoughts on what Bitcoin could potentially become.

Related Links

• Bitcoin: An Innovative Alternative Digital Currency, by Grinberg
• “Online Cash Bitcoin Could Challenge Governments, Banks”, Time Techland
• bitcoin.org
• The Rise and Fall of Bitcoin, Wired

To keep the conversation around this episode in one place, we’d like to ask you to comment at the webpage for this episode on Surprisingly Free. Also, why not subscribe to the podcast on iTunes?

A new report says the opposite, though perhaps “legacy” entertainment companies are failing to keep up.

By any measure, it appears that we are living in a true Renaissance era for content. More money is being spent overall. Households are spending more on entertainment. And a lot more works are being created.

Good news! Check out: “The Sky is Rising.”

[Cross-posted at Reason.org]

This week Google announced that it is grouping 60 of its Web services, such as Gmail, the Google+ social network, YouTube and Google Calendar, under a single privacy policy that would allow the company to share user data between any of those services. These changes will be effective March 1.

Although we have yet to see it play out in practice, this likely means that if you use Google services, the videos you play on YouTube may automatically be posted to your Google+ page. If you’ve logged an appointment in your Google calendar, Google may correlate the appointment time with your current location and local traffic conditions and send you an email advising you that you risk being late.

At the same time, if you’ve called in sick with the intention of going fishing, that visit to the nearby state park might show up your Google+ page, too.

The policy, however, will not include Google’s search engine, Google’s Chrome web browser, Google Wallet or Google Books.

The decision quickly touched off discussion as to whether Google was pushing the collection and manipulation too far. The Federal Trade Commission is already on its back over data sharing and web tracking. With this latest decision, although it’s not that far from how Facebook, Hotmail and Foursquare work, just more streamlined, Google, some say, is all but flouting user and regulatory concerns.

But let’s not rush to condemn this move. I, for one, want to see what happens because Google is boldly putting the privacy paradox to the test.

Going by my own Google search, the term “privacy paradox” has been kicked around for almost ten years. Boiled down, it describes the repeated finding that while individuals express a high degree of concern for privacy protection online, few, in practice, take advantage of privacy safeguards when they are offered.

This apparent contradictory behavior has been noted in a number of studies, including a noted 2007 paper in the Journal of Consumer Affairs.  A 2005 Pew Internet Study, cited at the time by Forbes, found that that 54 percent believe that Web sites invade their privacy when they track behavior. But the same study showed that 64 percent were willing to give up personal information to get access to a Web site.

In the marketplace, when search engines like Google began facing vocal pushback from users and regulators on its tracking of user search histories, one of Google’s competitors, Ask.com, tried to differentiate itself by unveiling AskEraser. Just like it sounds, the tool allows users to opt out of search tracking. As Forbes reported, users shrugged and AskEraser did nothing for Ask’s market share, while Google’s continued to grow.

Contrary to the first hysterical media reports, Google is not recording your whole digital life. There indeed is an opt-out: you don’t have to be part of the Google service ecosystem, which is far from the only game in town. Remember, browsing and search are outside this program. Everything else is available from other sources. Moreover, data is only shared if you’re logged in under your Google username. Otherwise you can look at all the YouTube videos and Google maps you want without anyone being the wiser.

I’ll admit the biggest outcry may come over the policy with regard to Android phones. Since you’re technically logged into your phone all the time, it seems tougher to opt out. But there are other devices aside from Android, even from Verizon, so consumer will have alternatives without having to change service providers. Nonetheless, given the popularity of the combination of mobility and social networking, seen not only in Google and Facebook, but in Twitter, Yelp! and Foursquare, it is arguable that a majority of users are not as concerned about their privacy as advocates of more restrictive regulations believe.

And arguable is the operative word. There indeed may be enough significant user backlash that Google backs off. In the last six months we’ve seen at least two instances of rapid market correction–Netflix’s decision not to go through with structurally separating mail and online video rental accounts and Bank of America’s reversal of its plan to charge online banking fees. Both occurred before the government could step in a provide its own (and no doubt clumsy) remedy.

Then again, there’s a significant body of research that suggests that, in spite of their own complaints, users may opt to accept greater benefits and convenience in exchange for more disclosure about their habits. With this mind, it will serve consumers best if companies like Google are allowed to experiment with the privacy paradox to find where actual boundaries are, rather than hamstringing potential innovation by pre-emptively and blindly setting them.

On Forbes yesterday, I posted a detailed analysis of the successful (so far) fight to block quick passage of the Protect-IP Act (PIPA) and the Stop Online Piracy Act (SOPA). (See “Who Really Stopped SOPA, and Why?“)  I’m delighted that the article, despite its length, has gotten such positive response.

As regular readers know, I’ve been following these bills closely from the beginning, and made several trips to Capitol Hill to urge lawmakers to think more carefully about some of the more half-baked provisions.

But beyond traditional advocacy–of which there was a great deal–something remarkable happened in the last several months. A new, self-organizing protest movement emerged on the Internet, using social news and social networking tools including Reddit, Tumblr, Facebook and Twitter to stage virtual teach-ins, sit-ins, boycotts, and other protests.

The article describes the political philosophy and origins of this movement, which I called “bitroots” activism. I warn both fans and detractors about the dangers facing this new global political force as it navigates the delicate transition from single-issue protest to a sustainable voice in shaping technology law and regulation.

But so far, at least, supporters of PIPA and SOPA won’t even acknowledge the existence of this third front, dismissing it as a stunt perpetrated by a few large technology companies.  That response not only misses the point, but makes clear the need for new forms of political dialogue over technology issues in the fist place.

As someone who spends time both in Silicon Valley and inside the Beltway, I’ve long been concerned about the lack of informed conversations between innovators and regulators, especially as the two come increasingly into conflict as their worlds move closer together. (That was the central theme of The Laws of Disruption, now available practically for free on Amazon!)

Now that the bitroots movement has coalesced, I can’t wait to see where it goes next. I have high hopes for this new awareness and activism, and for their intuitive understanding that the innovations that enable them are their best weapons for changing the political dialogue. Who knows? They may even wind up disrupting traditional forms of advocacy.

President Obama’s third full year in office came to an end last week, and I’ve reviewed how well he’s doing with one particular campaign promise on the Cato@LIberty blog. “Sunlight Before Signing” is the moniker for the president’s campaign promise to post online the bills Congress sends him for five days before signing them.

As we start the fourth year, he’s at just over 50% on fulfillment of the promise. Far less if you measure based on the number of pages that got the sunlight he promised.

Rebecca MacKinnon’s new book, Consent of the Networked: The Worldwide Struggle for Internet Freedom, is well-researched exploration of the forces driving Internet developments and policy across the globe today. She serves up an outstanding history of recent global protest movements and social revolutions and explores the role that Internet technologies and digital networks played in those efforts. She also surveys some of the recent policy fights here and abroad over issues such as online privacy, Net neutrality regulation, free speech matters, and the copyright wars. The Consent of the Networked is certainly worth reading and will go down as one of the most important Internet policy books of 2012.

A Call to Action

Of course, it’s not just a history lesson. MacKinnon has also issued a call-to-arms here. As a well-known web activist, MacKinnon has emerged as a leading force in the broad-based, if loosely-defined, “Net freedom” movement. The term “Net freedom,” she notes, means very different things to different people. It’s “like a Rorschach inkblot test: different people look at the same ink splotch and see very different things.” (p. 188)  Nonetheless, on the global stage, the Internet freedom movement is fundamentally tied up with efforts to hold both governments and corporate actors more accountable for their actions toward the Netizens, digital networks, and online speech and expression.

MacKinnon has rightly won praise for her efforts to devise an institutional structure and accompanying set of social/moral pressures that can get private actors to understand “why it is good for their business in the long run to be both responsible and publicly accountable when it comes to protecting users’ and customers’ rights.” (p. 182)  She was instrumental in setting up the Global Network Initiative (GNI), an effort to devise a set of best practices and a sort of voluntary code of conduct for online operators doing business in repressive states. The GNI lays out a set of principles for online expression, privacy, corporate transparency, and multi-stakeholder interaction that members are expected to live up to. Thus far, however, the only major corporate signatories are Microsoft, Google, and Yahoo.

Consent of the Networked is MacKinnon’s effort to take the “Net freedom” movement to the next level; to formalize it and to put in place a set of governance principles that will help us hold the “sovereigns of cyberspace” more accountable.  Many of her proposals are quite sensible. But my primary problem with MacKinnon’s book lies in her use of the term “digital sovereigns” or “sovereigns  of cyberspace” and the loose definition of “sovereignty” that pervades the narrative. She too often blurs and equates private power and political power, and she sometimes leads us to believe that the problem of the dealing with the mythical nation-states of “Facebookistan” and “Googledom” is somehow on par with the problem of dealing with actual sovereign power—government power—over digital networks, online speech, and the world’s Netizenry.

Back to Political Philosophy 101: What a Sovereign Is, and Isn’t

MacKinnon suggests that we need to begin to think about our interactions with various private digital intermediaries in much the same way many political philosophers have traditionally thought about the relationship between citizens and the state. Building on social contract theory (a la Hobbes, Locke, Rousseau, etc.), she seeks to apply “consent of the governed” notions to the digital sphere such that we might achieve as sort of “consent of the networked.” “It is time for the new digital sovereigns to recognize that their own legitimacy — their social if not legal license to operate — depends on whether they too will sufficiently respect citizens’ rights,” she argues. (p. 165) “It is time to upgrade the social contract over the governance of our digital lives to a Lockean level, so that the management of our identities and our access to information can more genuinely and sincerely reflect the consent of the networked.” (p. 165)

It sounds great in theory. In practice, however, this notion is highly problematic.  Private companies are not “sovereigns,” nor should we move to formally classify them as such. Equally problematic is MacKinnon’s quip about their “legal license to operate,” which raises other concerns.

First, let’s drill down a bit on the sovereignty point.

Sovereignty is, at root, about power; supreme power over a group in a defined geographic territory. In a Hobbesian sense, sovereignty is the coercive power to rule absolutely over those people. For a more extensive discussion, see Bertrand Russell’s magisterial A History of Western Philosophy. (Touchstone, 1945, pp. 546-557.)  Or we might also reference Blackstone who noted that “For legislature, as was before observed, is the greatest act of superiority that can be exercised by one being over another. Wherefore it is requisite to the very essence of a law, that it be made by the supreme power. Sovereignty and legislature are indeed convertible terms; one cannot subsist without the other.”

Of course, the uniquely American contribution to this discussion — flowing from the radicalism of the American Revolution — is that sovereignty lies in the people themselves and that only when they delegate some of that power to the state does the state come to have any legitimacy. Through “the consent of the governed” and the requisite constitutions or other contracting elements, “we the people” transfer power to governments to handle a variety of things that we deem better not left to private actors or actions. More on those powers in a sec.

But first, let’s be clear about the essential transfer of power that takes place here and why we shouldn’t take it lightly. At the heart of sovereignty lies the collectivization of force and coercion. In her essay “On the Source of the Authority of the State,” the British philosopher G.E.M. Anscombe’s pinpointed the “institutional violent coercive power” of the State as the crucial element of its sovereign authority over any group. “No political theory can be worth a jot, that does not acknowledge the violence of the state, or face the problem of distinguishing between states and syndicates,” Anscombe argued. This is just as true for the sort of sovereignty derived from the “consent of the governed” via the Lockean-American model as it is in the British tradition or any other system.

But there’s another essential element to sovereignty, properly understood: the impossibility of escaping the reach of that authority. Commenting on Anscombe’s framework, Jenny Teichman and Katherine C. Evans, authors of Philosophy: A Beginner’s Guide, note that “there surely must be some difference between a state and a voluntary association… The chief difference between a voluntary association and a state is that you can resign from a voluntary association, but it is never possible to resign from the state.” (p. 105).

The American Revolution gave us a new way of thinking about this, too. Because true sovereignty lies with the people, even after we transfer some of it to the state as an agent of power over us, we can later change our minds and take that power back. Of course, that’s much easier said than done, especially if we are talking about a full-blown revolution being required to accomplish the return of that power to the people such that we might contract with a new sovereign entity.

But the important point here is that, while the state does exist and retains the power we have delegated to it, it (a) possess unique coercive powers over us and (b) the possibility of escaping their rule is often quite limited, sometimes by geographic or economic realities, other times by efforts by the sovereign to restrict flight.

The same facts do not hold for corporate entities. That is the essential insight missing from MacKinnon’s narrative. “Facebookistan” and “Googledom” are cute labels, but let us not pretend for one moment that there is any legitimacy whatsoever to their “rule” over us.  They do not possess such coercive powers over us and we are able to escape their “territories” any time we want, or not even join them in the first place if we don’t want to.

Not to put too fine a point on it, but here are the three essential things that sovereign governments can do that “Facebookistan,” “Googledom” or any other corporations cannot: (1) Imprison you. (2) Tax you. (3) Confiscate your property.  But that’s not the end of the list. There are many other powers that are exclusive to governments. For example, they can: coin money, regulate various forms of commerce, form standing armies, form treaties with foreign sovereigns, declare war on those foreign sovereigns with those aforementioned standing armies, etc, etc). But those big three powers are the ones that matter most.

While, in theory, “we the people” could contract with Facebook, Google, or another private entity to hold these powers and literally become “sovereigns of cyberspace” ruling over us, the reality is that that has never happened and isn’t about to any time soon. In fact, no corporation holds these powers unless governments deputize them — whether willingly or reluctantly — to become henchmen of the State. That’s a crucial point, and one often misunderstood in debates about Internet freedom, online privacy, digital copyright, and online freedom of speech. Luckily, that distinction is not lost on MacKinnon. In fact, she nails what it so insidious about it. More on that point in a moment.

The Self-fulfilling Prophecy Problem

But first, there’s another major problem with MacKinnon’s suggestion that we think of certain private digital entities as “sovereigns.”  We might think of it as “the self-fulfilling prophecy problem”: If you declare certain digital operators to be “sovereigns” or even “essential social facilities” to use public utility parlance, then you should not be at all surprised when the very act of affixing that label (and concurrent obligations) on a particular platform or company tends to lock it in as the preferred or only choice in its sector.

If, for example, we had a formal “constitutional convention” for Facebookistan and its users (God only knows how such a thing would work), it could very well tip the market in favor of Facebook being the primary or preferred choice for social networking going forward.  This has been a long-standing problem in the field of communications where public utility regulation often shelters a “utility” from competition once it is enshrined as such. Or, by forcing standardization or a common platform, regulation can help lock it in for the long-haul and erect de jure or de facto barriers to entry that restrict beneficial innovation and disruption of market leaders.

The last thing we want to do is lock-in Facebook or Google as market leaders by declaring that we need special rules governing MacKinnon’s mythical sovereigns of “Facebookistan” and “Googledom.” Those countries do not exist, nor should the law declare that they do. [Note: I have a paper coming out next month on “The Perils of Classifying Social Media Platforms as Public Utilities” that will address these issues in more detail.]

The Velocity of “Tech Titan” Meltdowns also Undercuts “Sovereignty” Claims

Importantly, MacKinnon also fails to consider the rapid rise and fall of these supposed digital sovereigns. In my work attacking the Lessig-Zittrain-Wu school of thinking about cyberlaw and digital economics, I’ve argued that there’s a serious short-sightedness and a needlessly pessimistic outlook among many Internet academics today. [See my book chapter from The Next Digital Decade: “The Case for Internet Optimism, Part 2 – Saving the Net from Its Supporters.”]

Creative destruction and disruptive technologies continue to upend tech markets and displace supposedly “dominant” digital giants with increasingly regularity. Change and churn are the only constants in an economy built largely on the foundations of binary code. Absolutely nothing that was sitting on our desktops in 1995 remains there today (can you name another sector like that?), and most of the first generation of “tech titans” have already faded from the picture. If MacKinnon had written her book just a decade ago, would she have referred to AOL as a “sovereign of cyberspace”? If she had penned it five years ago, would she have fretted about “MySpace-istan”?

By contrast, the reign of most actual “sovereigns” is usually measured in decades, even centuries. That is far longer than the brief time in the sun that most digital providers and platforms enjoy today. Markets discipline and sometimes severely punish those that don’t satisfy the desires of users and customers.

Power Begets Power: The Dangers of Middleman Deputization

But let’s get back to the dangers of middleman deputization. It should be obvious that any move to treat digital operators more like “sovereigns” will likely end up ensuring that actual sovereigns rope them into a host of regulatory regimes. This is why I was dismayed by MacKinnon’s “legal license to operate” line, even though she never fully develops what she means by that. It seems to imply that these entities only exist by the good graces of the State and that they could be used to accomplish a variety of government goals.

I was relieved, therefore, to see what a nice job MacKinnon does documenting and critiquing the many ways that governments already enlist digital intermediaries into a variety of regulatory efforts, including: copyright enforcement, online child safety, online harassment / defamation, and national security / law enforcement matters. In one of the best portions of the book, she takes on policymakers and academics who increasingly call for increased intermediary deputization, which often diminishes users’ liberties in one fashion or another. “Internet companies around the world face mounting pressure from governments not just to block websites but to delete a wide range of content from the Internet completely, as well as track what their users are doing so they can be prosecuted or cut off if they do anything illegal,” she correctly notes. (p. 93)

MacKinnon also takes on Cass Sunstein and some of the other contributors to the troubling recent book The Offensive Internet. Several of the academics who penned essays for that collection call for expanded intermediary policing of the Net as well as new laws aimed at limiting online anonymity. These deputization mandates would open the door to excessive government control of speech and also raise serious privacy and security issues. MacKinnon wonders: “Can Sunstein and his coauthors be so naïve as to think that power holders in the twenty-first century United States are different from power holders in any other place or time?” (p. 89)  Excellent question!

MacKinnon notes that South Korea adopted a law demanding websites with more than 100,000 visitors per day to obtain the real names, addresses, and national ID numbers of all users upon account creation. The law followed concerns similar to those raised by American critics who are worried about online harassment. “But this legal solution pursued by a democratically elected parliament ended up being used by economically and politically powerful people in South Korea to stifle speech they happened to find threatening,” MacKinnon notes. She recalls the case of South Korean blogger Park Dae-sung, who was arrested and jailed under the law for “spreading false information to harm the public interest.” (p. 90) In reality, Park had done little more than blog critically about the country’s economic policies and found himself loathed by many inside the government as a result.

Regrettably, this was not an isolated case. Other Koreans were charged under the law before it was finally overturned in mid-2011, but not before much of the personal information collected by the government was stolen by Chinese hackers. “Herein lies the dangerous slippery slope in legislation to curb anonymity,” argues MacKinnon. “[T]he people of South Korea,” she notes, “learned a painful lesson about why excessive data retention and ID requirements can make citizens less rather than more secure.” (p. 91)

Here in the United States, we are lucky that 47 U.S.C. § 230, commonly known as “Section 230,” shields online operators from liability for information posted or published on their systems by users, ensuring that they cannot be deputized by governments to more aggressively police — even self-censor — their sites for various types of online content that public officials wanted curbed. I’ve argued that Sec. 230 is “the greatest Internet law” because it grants online intermediaries generous leeway to determine what content and commerce travels over their systems without the fear that they will be overwhelmed by lawsuits if other parties object to some of that content. Many of the online social media and e-commerce sites that we know and love today — Yelp, Twitter, eBay, etc. — might not exist without Sec. 230’s protections. Moreover, many users would find their online liberties and privacy in greater peril without Sec. 230’s protections.

Still, as MacKinnon correctly notes, many digital intermediaries are pressured (and sometimes required) to serve as the handmaidens of government. This is particularly problematic when it comes to the forcible surrender of personal information or technological capabilities to government officials. When government officials come knocking on a company’s door asking for user records, files, search histories, or whatever else, that’s obviously a huge problem.

But, as I noted in this debate with Lawrence Lessig a few years ago, this is a problem we should handle by putting more constraints on our government(s), not by imposing more regulations on code or coders. While, as a general principle, it is wise for companies to minimize the amount of data they collect about consumers or websurfers, we need not force that by law. And we should certainly hold companies to high standards when it comes to data security and breach. But, again, the best way to deal with many of the surveillance and data collection threats that MacKinnon worries about in her book is to tightly limit the powers of government to access private information through intermediaries in the first place. Most obviously, we could start by tightening up the Electronic Communications Privacy Act and other laws that limit government data access. And continuing to defend Section 230 against attacks is essential. If we’re going to be legislating about the Internet, we need more laws like that to create a high and tight firewall between government and our online communities.

MacKinnon’s Net Governance Ideas

I apologize for dwelling so long on the point about sovereignty, but I believe it’s essential we not start thinking of private operators as “sovereigns” for the reasons I’ve outlined.  Anyway, MacKinnon has many other ideas about Net governance in the book that are less controversial. In fact, I find myself largely in agreement with many of her recommendations.

For example, she wants to “expand the technical commons” by building and distributing more tools to help activists and make organizations more transparent and accountable. These would include circumvention and anonymization tools, software and programs that allow both greater data security and portability, and devices and network systems to expand the range of communication and participation, especially in more repressed countries.  All terrific ideas.

MacKinnon would also like to see neitzens “devise more systematic and effective strategies for organizing, lobbying, and collective bargaining with the companies whose service we depend upon — to minimize the chances that terms of service, design choices, technical decisions, or market entry strategies could put people at risk or result in infringement of their rights.” (p. 247)  This also makes sense as part of a broader push for improved corporate social responsibility. When people band together — as consumers, users, citizens, etc. — they can provide a powerful check on corporate behavior and encourage the evolution of new social and market norms. There are so many Internet advocacy organizations out there doing this now that I sometimes wonder if some of them would be better off merging to increase their collective bargaining power. But that’s a discussion for another day.

What Role for Law?

In terms of law, it’s not always clear what MacKinnon is after, even if it is obvious she’s open to more regulation, so long as it’s for what she regards as the right purpose. “There is a need for regulation and legislation based on solid data and research (as opposed to whatever gets handed to legislative staffers by lobbyists) as well as consultation with a genuinely broad cross-section of people and groups affected by the problem the legislation seeks to solve, along with those likely to be affected by the proposed solutions,” she says. (p. 172) While this implies an openness to political solutions to “net freedom” and privacy problems, MacKinnon never really makes it clear how we strike the right balance. Adding to the confusion is the very next line: “In many other situations, government regulation—especially when large numbers or people have good reason not to trust the motives of the regulators or legislators in question—can create as many problems as it solves.”

In other words, the standard for green-lighting government action seems to be this: When we can trust the motives of the regulators and legislators in question, then it’s fine to bring politics into the equation. Sorry, but that’s still a fairy subjective test.

It’s worth noting that, on balance, MacKinnon expresses serious reservations about the wisdom of many government solutions. And, as noted above with regards to deputization solutions, she certainly appreciates the many unintended consequences of regulation. She notes how regulation so often lags far behind innovation. “A broader and more intractable problem with regulating technology companies is that legislation appears much too late in corporate innovation and business cycles,” MacKinnon argues. (p. 174)  She notes that proposals like the Global Online Freedom Act (GOFA), which aimed to devise legal solutions and penalties for companies doing business in repressive regimes, ultimately won’t work.  Not only were the issues evolving too quickly for GOFA to be a solution, but its “one-size-fits-all legislative approach” didn’t make sense for the multiplicity of businesses, countries, cultures, and laws that are out there.

Despite these reservations, she seems entirely at ease with expanded government privacy mandates and Net neutrality regulation, among others. Yet, she grows more concerned when referencing efforts to legislate on copyright, child safety, defamation, and national security matters. And so we arrive back at a problem I have previously labeled the “selective morality problem” within modern cyberlaw debates: People hate Internet regulation… until they love it!  I’ve expanded on this notion at greater length in my essays, “When It Comes to Information Control, Everybody Has a Pet Issue & Everyone Will Be Disappointed,” And so the IP & Porn Wars Give Way to the Privacy & Cybersecurity Wars,” and more recently, “SOPA & Selective Memory about a Technologically Incompetent Congress.”

Like most other Internet policy scholars today, I don’t suspect MacKinnon will ever come around to embracing a more consistent, across-the-board approach to keeping government’s paws off the Net, but I would appreciate it if smart folks like her would at least acknowledge the inconsistency in their views as well as the danger of opening the door to government meddling for their pet concerns, since that will undoubtedly open it up wider and wider to all the other issues that people want handled politically. Eventually, this is how governments across the globe will wrap their tentacles tightly around every facet of online life and commerce. No one today mounts a consistent defense of cyber-liberty.

The problem is that MacKinnon, like so many other well-intentioned academics and activists today, seems to imagine that she’ll be able to dictate when the law gets used to do “the right thing” and then later we can just shut down the regulatory process and stop misguided legislative adventures. But you can’t have your cake and eat it too, even though that seems to be the operational assumption here. Again, we see that when she warns of the danger of regulatory capture and argues law should not be based on “whatever gets handed to legislative staffers by lobbyists.” Well, I hate to be such a cynic, but good luck with that!  If you want to know why I am such a cynic, take a look at my growing compendium, “Regulatory Capture: What the Experts Have Found.” It does not make for fun reading but the lesson is unambiguous: Increasing the scope of political meddling for some issues — even those you think worthwhile — will inevitably increases the grim reality of more Net regulation and more industry capture. It continues to be the #1 reason I prefer civil society-based and market-based solutions over governmental solutions, even when I sympathize with the concerns regulatory advocates raise.

Closing Thoughts

Despite the nitpicks I’ve raised here, there’s much to like in Rebecca MacKinnon’s Consent of the Networked. In particular, it offers a rich history of modern Net governance debates that is not to be missed. In particular, her coverage of China and the Net is second to none. More generally, she’s just a terrific all-around researcher and writer; her old journalism skills really paid off here. Other scholars in the field would do well to use her book as a model for how to communicate complex ideas in a clear and convincing fashion.

Cyberlaw and Internet policy scholars and students would be wise to read MacKinnon’s Consent of the Networked alongside Milton Mueller’s Networks and States: The Global Politics of Internet Governance [reviewed here], Evgeny Morozov’s The Net Delusion [reviewed here], and Access Contested: Security, Identity, and Resistance in Asian Cyberspace by Deibert, Palfrey, Rohozinski and Zittrain. Of course, the work of David G. Post and David R. Johnson is also mandatory reading on this topic. They were writing about Net governance before Net governance was cool. Post’s recent book, In Search of Jefferson’s Moose: Notes on the State of Cyberspace, [review here] is very much worth reading, as well as his much older 1998 essay, “The ‘Unsettled Paradox’: The Internet, the State, and the Consent of the Governed.” Also, David Johnson’s recent chapter in The Next Digital Decade closely tracks MacKinnon’s thinking on Net governance and is worth checking out. It’s entitled, “Democracy in Cyberspace: Self-Governing Netizens & a New, Global Form of Civic Virtue, Online.” There are many other important essays in that volume, too. I should also mention the massive collection of essays that Wayne Crews and I edited and bound together for Cato back in 2003. The volume was entitled Who Rules the Net? Internet Governance and Jurisdiction. There were some terrific essays in there on topics related to MacKinnon’s book.  Finally, for an international perspective on some of these issues, students should check out Chris Marsden’s recent book, Internet Co-Regulation: European Law, Regulatory Governance and Legitimacy in Cyberspace.

Down below you will find some additional links to explore Consent of the Networked and Rebecca MacKinnon’s other research and advocacy. Again, I recommend you add the book to your collection.

[Reminder: All my tech policy book reviews can be found here.]

Additional Reading:

• Official site for Consent of the Networked
• MacKinnon’s blog, “RConversation”
• MacKinnon’s recent Washington Post oped, “Why doesn’t Washington understand the Internet?”
• Global Network Initiative (GNI)
• MacKinnon interviewed on “Democracy Now” with Amy Goodman
• MacKinnon’s TED talk, “Let’s Take Back the Net”

My latest Forbes column is entitled “Why Doesn’t Society Just Fall Apart?” and it’s a short review of Bruce Schneier’s latest book, Liars & Outliers: Enabling the Trust that Society Needs to Thrive.  It’s an interesting exploration of the societal pressures that combine to ensure that (most!) societies don’t go off the rails and end in anarchic violence. In particular, he identifies and discusses four “societal pressures” combine to help create and preserve trust within society. Those pressures include: (1) Moral pressures; (2) Reputational pressures; (3) Institutional pressures; and (4) Security systems. By “dialing in” these societal pressures in varying degrees, trust is generated over time within groups.

Of course, these societal pressures also fail on occasion, Schneier notes. He explores a host of scenarios — in organizations, corporations, and governments — when trust breaks down because defectors seek to evade the norms and rules the society lives by. These defectors are the “liars and outliers” in Schneier’s narrative and his book is an attempt to explain the complex array of incentives and trade-offs that are at work and which lead some humans to “game” systems or evade the norms and rules others follow.

The most essential lesson Schneier teaches us is that perfect security is an illusion. We can rely on those four societal pressures in varying mixes to mitigate problems like theft, terrorism, fraud, online harassment, and so on, but it would be foolish and dangerous to believe we can eradicate such problems completely. “There can be too much security,” Schneier explains, because, at some point, constantly expanding security systems and policies will result in rapidly diminishing returns. Trying to eradicate every social pathology would bankrupt us and, worse yet, “too much security system pressure lands you in a police state,” he correctly notes.

Schneier’s framework is particularly useful when addressing a variety of security dilemmas in the field of information policy. “Parasites are all over the Internet,” he notes, and “new technologies, new innovations, and new ideas increase the scope of defection in several dimensions.” Whether its spam, malware attacks, data theft, copyright piracy, or cybersecurity, the defectors have a first-mover advantage in that “they get to try the new attack first.” The Net and new digital networks and technologies have created a never-ending cat-and-mouse game: “It’s a race between the ability to deceive and the ability to detect deception,” Schneier notes. Again, there are no silver-bullet solutions because “this process never ends.” As he correctly concludes, we must accept the fact that “security is a process, not a product.”

I recommend Schneier’s book and encourage your to read my entire review over at Forbes.

In the wake of last week’s big SOPA showdown, a lot of people are talking about the expanded presence and power of the Internet, online operators, and digital Netizens in Washington policy debates. I certainly don’t mean to diminish the importance of this particular episode. It certainly is historic, regardless of how you feel about the specifics of SOPA. What does concern me, however, is the way this episode is prompting questions about how much more “engagement” Internet companies need to consider inside the Beltway. For example, today’s Wall Street Journal features an article on “The Web’s Growing Muscle” and notes:

The Internet industry has found a rare sweet spot in Washington. With Google in the lead, the companies have begun building a strong traditional lobbying force in Washington. And, to complement that inside game, websites’ millions of users have become a powerful outside weight on Congress. What’s more, in a rare Washington double play, the concerns of Internet companies have found a sympathetic ear both in the Democratic White House and among Republican presidential candidates who otherwise can’t agree with Barack Obama on anything.

The piece concludes with a quote from an anonymous media executive saying “People are looking at what Google spent on lobbying and wondering, ‘Can we match that?’ It has to be a big spend.”

I cannot possibly think of anything more demoralizing than that. The idea that web companies should spend more of their time in Washington showering politicians with cash instead of out there in the real world innovating and making consumers happy is extremely troubling. I wrote about this growing trend in my 2010 Cato essay on “The Sad State of Cyber-Politics.” I built that essay around an old manifesto by Cypress Semiconductor CEO T. J. Rodgers on “Why Silicon Valley Should Not Normalize Relations with Washington, D.C.“  Rodgers had argued that “The political scene in Washington is antithetical to the core values that drive our success in the international marketplace and risks converting entrepreneurs into statist businessmen,” and that “The collectivist notion that drives policymaking in Washington is the irrevocable enemy of high-technology capitalism and the wealth creation process.”

But no one was listening then and they certainly aren’t listening now. We find ourselves in the midst a mad rush to see who can open a bigger, fancier office in Washington and have glitzier parties to make the political class happy. As I noted in the Cato essay:

There’s enormous pressure on the high-tech sector to actually become more entrenched in coming years, at least to remain “competitive” with other companies who have planted a flag inside the Beltway. Recently, for example, Reid Hoffman, founder of LinkedIn, a social networking site for professionals, worried that policymakers tend to ignore high-tech startups. “We don’t have an entrepreneurship lobby,” he said, “because entrepreneurs are off doing it.” As if that was a bad thing! In particular, he fretted about startups not getting their share of recent stimulus funding and argued that “It’s much easier when you’re embedded in the political infrastructure to respond to immediate things” such as nabbing stimulus dollars, he said.

Am I being naive about all this? Don’t these new tech companies have to have armies of lobbyists pressing the flesh and greasing the palms here in DC in order to compete against other entrenched competitors who are doing to same thing?  Perhaps, but there’s always been self-fulfilling circularity to the argument that you have to be here in order to “be a player” or “have a seat at the table.” The end result of that thinking is always the same: more lobbying, more logrolling, more of “the big spend.” And then we end up with one giant cesspool of protected markets, protracted legal nightmares, bloated bureaucracies, and widespread regulatory capture. Welcome to the wonderful world of crony capitalism! And your tech sector superstars are now falling all over themselves to make sure they have that proverbial “seat at the table” so they can feast at this Big Government supper.

It makes me sick to my stomach to even think about it. So, I’ll continue right on being a naive dope and conclude this piece the same way I concluded my old Cato essay on the sad state of cyber-politics:

For that small remnant of believers in real Internet Freedom — freedom from incessant government techno-meddling — we will never stop hoping that disputes among high-tech companies might be settled in the marketplace instead of within regulatory agencies and congressional committee rooms. And we must continue our push to discourage high-tech companies from an excessive “normalization” of relations with the parasitic culture that dominates Washington by reminding them, as Rodgers noted in 2000, “that free minds and free markets are the moral foundation that has made our success possible. We must never allow those freedoms to be diminished for any reason.”

Just let me dream, people.

From Cato’s “Job Opportunities” page:

Policy Analyst, Telecommunications and Internet Governance

The Cato Institute seeks a policy analyst to work on telecommunications and Internet governance issues. The suitable candidate will have several years of work experience in the field of telecommunications and Internet law and policy. An advanced degree in law or economics is preferred

Sought-after qualifications include: familiarity with or practice before the Federal Communications Commission; familiarity with the technical and governance bodies of the Internet; familiarity with and/or work experience on Capitol Hill; a solid background in the First Amendment and other civil liberties; familiarity with classical liberal history and scholarship; strong analytical reasoning skills; the ability to simplify complex issues in oral and written communications; and good interpersonal skills. Responsibilities include monitoring developments in government regulation and oversight of telecommunications and Internet governance at all governmental levels; researching and writing on these topics in all formats (research papers, policy briefs, editorials, blogposts, etc.); and public speaking. Candidates must support Cato’s mission of promoting individual liberty, free markets and limited government.

Information on how to apply here.

Cybersecurity is one of the issues that the President may touch upon tonight in his State of the Union speech, and Senate Majority Leader Harry Reid has said he is ready to move on comprehensive cybersecurity legislation soon. This all raises the question: what is the problem we’re trying to fix?

In an important new working paper for the Mercatus Center at George Mason University, Eli Dourado asks if there is a market failure in cybersecurity that requires a government response. He concludes that policymakers may be jumping to conclusions a little too hastily.

Proponents of cybersecurity regulation make the case that private network owners do not completely internalize cyber risks. The reason, they say, is that a loss stemming from a cyber attack, against a financial network for example, will affect not just the network owner, but thousands of consumers as well. As a result, private network owners won’t spend the socially optimal amount on to meet that risk. That is a market failure, they say, and only government intervention can ensure that we get the right amount of cybersecurity.

In his paper, however,Dourado shows that the presence of an externality does not necessarily mean that there is a market failure. Externalities are often internalized by private parties without government intervention. This is true both generally and in the realm of cybersecurity. Policy makers, he says, should therefore be careful not to enact cybersecurity legislation just because they observe an externality. Regulating when there is no market failure will likely have dire unintended consequences.

You can download the paper at Mercatus.org.

According to the BBC, the European Commission is apparently set to adopt formal rules guaranteeing a so-called “right to be forgotten” online.  As part of the Commission’s overhaul of the 1995 Data Protection Directive, this new regulation will mandate that, “people will be able to ask for data about them to be deleted and firms will have to comply unless there are ‘legitimate’ grounds to retain it,” the BBC reports.

I’ve written about “right to be forgotten” and “online eraser button” proposals before in my Forbes essay, “Erasing Our Past On The Internet,” a Mercatus white paper on “Kids, Privacy, Free Speech & the Internet: Finding the Right Balance.” and in this essay here on the TLF on “The Conflict Between a “Right to Be Forgotten” & Speech / Press Freedoms.” While I can appreciate the privacy and reputational concerns that lead to calls for such information controls, the reality is that a mandatory “right to be forgotten” is a recipe for massive Internet censorship.  As I noted in those earlier essays, such notions conflict violently with speech rights and press freedoms. Enshrining into law such expansive privacy norms places stricter limits on others’ rights to speak freely, or to collect and analyze information about others.

The ramifications for journalism are particularly troubling. Good reporting often requires being “nosy” while gathering facts. Journalists (and historians) might suddenly be subjected to restraints on their research and writing. The Brits have been struggling with this when trying to enforce gag orders and “super-injunctions” on media providers to protect privacy. It hasn’t turned out well, especially since new social media platforms and speakers easily evade these rules. (See my Forbes column, “With Freedom of Speech, The Technological Genie Is Out of the Bottle.”)

Thus, for a “right to be forgotten” to work, a more formal and robust information control regime will need to be devised to censor the Net and make it “forget”about the digital footprints we left online. Will the DMCA’s “notice and takedown” model be applied? Beyond the chilling effect associated with dragnet takedowns of online information, it’s unlikely that approach will really work. Keep in mind, this isn’t as simple as just telling large social media operators to delete information on demand. The reality is, as computer scientist Ben Adida notes in his essay “(Your) Information Wants to be Free,” the same forces and factors that complicate other forms of information control, such a copyright and speech restrictions, also complicate the protection of facts about you. “[I]nformation replication doesn’t discriminate: your personal data, credit cards and medical problems alike, also want to be free. Keeping it secret is really, really hard,” Adida correctly notes.

The fact is, information is instantaneously replicated online many times over on many different platforms — sometimes manually, sometimes automatically. Regulation will need to grapple with how to put the genie back in the bottle when countless others have already forwarded or commented on the piece of information someone later wants “forgotten.” And how would automated online archiving / storage services be affected? Will such sites and services be expected to find and purge every possible mention / reference of the offending information? Will they be compensated for the countless requests they receive to delete countless pieces of digital information, or are they just expected to do that out of the goodness of their hearts?

I could go on, but instead I’d just ask that you read some of the essays I’ve already cited and then take a look at this outstanding essay on “9 Reasons Why a ‘Right to be Forgotten’ is Really Wrong,” by Joris van Hoboken, a PhD candidate at the Institute for Information Law (IViR) at the University of Amsterdam. It’s an outstanding critique of the notion.

Please keep in mind: Just because I raise questions like these it does not mean I’m opposed to the notion that online operators should be held to higher standards and be expected to properly safeguard our online information and perhaps even delete much of it upon request. But moving this process into the legal / regulatory arena opens up a huge Pandora’s Box of potential problems. Censoring the Net — even when it’s for a cause many favor — is very hard and will give rise to many unintended consequences.

[P.S. Here's a podcast conversation about these issues where Jerry Brito and I discuss the ramifications of such a regulatory regime.]

In the ongoing debate over SOPA, PIPA, and rogue websites legislation, most commentators have focused on what Congress should and shouldn’t do to combat these sites. Less attention, however, has been paid to the underlying assumption that these rogue websites represent a public policy problem. While no one has defended websites that defraud consumers by deceptively selling them fake pharmaceuticals and other counterfeit goods, many consumers who frequent “rogue websites” do so for the express purpose of downloading copyright infringing content.

As Julian Sanchez explains over on Cato-at-Liberty, how the latter category of rogue websites (including The Pirate Bay and, until last week, MegaUpload) affects the U.S. economy and social welfare is hotly contested in the economic literature:

[I]t’s become an indisputable premise in Washington that there’s an enormous piracy problem, that it’s having a devastating impact on U.S. content industries, and that some kind of aggressive new legislation is needed tout suite to stanch the bleeding. Despite the fact that the [GAO] recently concluded that it is “difficult, if not impossible, to quantify the net effect of counterfeiting and piracy on the economy as a whole,” our legislative class has somehow determined that . . . this is an urgent priority. Obviously, there’s quite a lot of copyrighted material circulating on the Internet without authorization, and other things equal, one would like to see less of it. But does the best available evidence show that this is inflicting such catastrophic economic harm—that it is depressing so much output, and destroying so many jobs—that Congress has no option but to Do Something immediately? Bearing the GAO’s warning in mind, the data we do have doesn’t remotely seem to justify the DEFCON One rhetoric that now appears to be obligatory on the Hill. The International Intellectual Property Alliance . . . actually paints a picture of industries that, far from being “killed” by piracy, are already weathering a harsh economic climate better than most, and have far outperformed the overall U.S. economy through the current recession.

Julian makes several great points, and his essay is well worth reading in its entirety.

Nevertheless, in my view, rogue websites dedicated to the infringement of U.S. copyrights pose a public policy problem that merits not only serious congressional attention, but also prompt (albeit prudent) legislative action. While I’m relieved that the flawed SOPA and PIPA bills seem unlikely to pass in their current forms, I also think it would be unwise for Congress to dither on rogue sites legislation for years in search of “credible data” about how such sites impact our economy.

Why am I urging policymakers act without “all the facts?” Two reasons. First, I’m quite skeptical that we’ll obtain anything resembling dispositive data on the question of how rogue websites impact consumer welfare in the foreseeable future. Countless academics have spent years seeking to understand how often consumers download content on rogue websites, how frequently consumers substitute unlawful content for the lawful kind, and the extent to which copyright infringement indirectly benefits creators by inducing greater overall content consumption. Yet reliable data on these topics remains the stuff of dreams.

Second, the ease with which U.S. consumers can and do access near-perfect infringing copies of movies, songs, television shows, and video games gives rise to a reasonable presumption that we’d probably be better off if Congress were to throw up at least some carefully-constructed roadblocks to obstruct rogue sites. That’s because if such roadblocks are erected, the consumers most likely to shift from unlawful to lawful consumption of content are also the same consumers who are most likely to benefit social welfare (and the U.S. economy) if they pay more for the content they value and enjoy.

Imagine two hypothetical “pirates” (or users who frequently infringe on copyrighted works, if you prefer less loaded terminology). Pirate #1 is a broke college sophomore with a subsidized ultra-fast broadband connection and eons of spare time on his hands. While this pirate lacks the disposable income to pay for content at virtually any price, he’s perfectly willing to spend hours on end sitting hunched over a laptop in his dorm room scouring various Web forums for links to his favorite TV shows and movies, most of which are available unlawfully on cyberlockers, Bittorrent, Usenet, etc.

Pirate #2 is a 30-something, tech-savvy mid-career IT professional with plenty of disposable income. Even though he owns a Blu-ray player and could afford to buy or rent several discs per month, he instead opts to download Blu-ray image files on his 50Mbps Verizon FiOS connection and watches them on a laptop hooked up to his high-def television. Using his Mastercard, he spends $10 a month to subscribe to a popular Seychelles-based content search website that enables him to find picture-perfect movie rips in seconds. Although he has the means to pay for content, he sees no reason to bother with physical discs, DRM, and platform restrictions given that pirated content is so much cheaper, and virtually as accessible. While he ultimately purchases some of the content he acquires unlawfully, attending the occasional live concert and theatrical performance, he only does so occasionally. He has few moral qualms about his behavior; with millions of other consumers paying for the content he enjoys, what difference can one more legitimate purchaser make? (Julian correctly observes that some individuals who “sample” music through illicit outlets ultimately spend more money on artists because they’re more likely to attend live performances. However, given the growing prevalence of free and lawful sources of music “samples,” and considering that piracy’s effects on creators of other types of content (e.g. movies, TV shows, video games) is far less ambiguous, the “file sharing actually benefits artists” hypothesis is hardly persuasive).

Turning back to the issue of rogue sites legislation, a law that serves only to make it impossible for Pirate #1 (and the millions in America like him) to access infringing content won’t do anybody much good. Content creators won’t get paid more, as Pirate #1 has no money, while the aggregate utility society derives from artists’ expressive works will decrease. Instead of enjoying movies and music acquired unlawfully, Pirate #1 will simply find another, presumably inferior, way to spend his free time. It’s a no-win situation.

But a law that makes it impossible for Pirate #2 (and the millions like him) to access infringing content would almost certainly benefit content creators — and society at large. No longer able to download movies, TV shows, and video games illegally, Pirate #2 might consume less overall content, but he’ll also pay for a lot more lawfully-acquired content. He’ll spend less of his disposable income on goods and services other than content, meaning some legitimate businesses will experience a decline in revenue. But since Pirate #2′s overall spending habits will more closely match his true consumption preferences, society’s aggregate resources will likely end up being allocated more efficiently than before .

The virtue of a “follow the money” approach to rogue websites is that it’s likely to curb piracy by users like Pirate #2, who are already willing and able to pay for legitimate content. Users who have a credit card and use it to pay for infringing content — or for services that facilitate access to infringing content — presumably have at least some disposable income to spend on expressive works. While rogue websites legislation is likely to leave many, if not most, websites that facilitate piracy unaffected, disabling U.S. payment services from doing business with a handful of especially popular offshore piracy sites will frustrate users. Many of these users will simply seek out alternatives, but some users will give up and “go legitimate.” By driving piracy further underground, such a law might cause users like Pirate #1 to spend more of their relatively worthless time seeking out infringing content. But this is the Internet we’re talking about; the determined user will find what he seeks, no matter the roadblocks lawmakers throw up.

Whether a targeted law aimed at combating offshore rogue sites’ revenue sources would, on net, measurably benefit the U.S. economy is far from certain. But even a law that has greater-than-even odds of improving aggregate social welfare by the equivalent of a few hundred million dollars amounts to a step in the right direction. In a world of uncertainty, we all make decisions with harshly limited knowledge every day. All else equal, making highly-informed decisions is vastly superior to educated guesses, but educated guesses are often the best feasible option.

In an ideal world, of course, Congress would be focused on far more crucial legislative priorities than combating rogue websites, such as solving the entitlement mess, fixing America’s overly litigious legal system, reining in the ever-growing regulatory state, and even reforming the Copyright Act to reduce the insanely long term of copyright protection. But given that both the House and Senate Judiciary Committees, which handle copyright legislation, seem more focused on undermining our liberty and prosperity than on enhancing it — from data retention to employment verification mandates to the PATRIOT Act renewal — passing a consensus rogue websites bill may be the best of all feasible outcomes this session of Congress.

If lawmakers act swiftly but carefully — holding a handful of additional hearings, focusing on crafting legislation that Silicon Valley can tolerate (if not embrace), and emphasizing a transparent process — there may still be hope for prudent rogue websites legislation this session. And that could be a good thing.

Over at TIME.com, I consult public choice theory to glean the meaning of last week’s SOPA protest success:

The SOPA blackout protest last week was an unprecedented event. Its massive success — with dozens of members of Congress switching their stance in one day under the withering intensity of thousands of phone calls — surprised even the activists who spurred the protest. So does this mean that we are entering the much-heralded era of Internet-powered citizen democracy?

Read the whole thing here.

Today, the Supreme Court issued its decision in U.S. v. Jones, unanimously holding that law enforcement violated the Fourth Amendment by affixing a GPS tracker to a vehicle to monitor its movements without obtaining a search warrant from a court. The following statement can be attributed to Berin Szoka, President of TechFreedom:

This was an easy case: law enforcement plainly trespassed on private property protected by the Fourth Amendment. But as the majority notes, today’s holding is only the bare minimum of the Constitution’s protections. The harder question awaits the Court: When does purely electronic surveillance—without physical trespass—violate the Fourth Amendment?

At the very least, the Court must reconsider the “third party” doctrine invented by lower courts, which denies us protection for information we share with trusted third parties like “cloud” services that host our email, photos, and documents. The Court should make clear that Fourth Amendment protections hinge not on keeping information secret, but on whether we take steps to preserve that information as private. That, not the “reasonable expectation of privacy,” is the standard the Court applied in its landmark 1967 Katz decision. It is also the only standard that will effectively protect Americans’ privacy in the digital age.

[Cross posted at TechFreedom.org]

(Cross posted at Reason.org)

Americans got a preview of what life would be like under the U.S. Senate’s Protect Intellectual Property Act (PIPA) when the Department of Justice and the FBI yesterday shut down Megaupload.com and arrested its founder and six other executives on charges of illegally sharing copyrighted material.

The move comes in the middle of a vociferous debate on PIPA and its House counterpart, the Stop Online Piracy Act (SOPA) and provides more fuel for opponents who argue that the bills threaten to undermine legal, legitimate mechanisms that are integral to the Internet technological and social utility (See my commentary posted on Reason yesterday afternoon).

PIPA supporters have argued that worries about Internet censorship and user disruption are exaggerated and the bill’s real goal is to target shadowy “rogue” sites that deal in counterfeit merchandise and pirated video downloads. Yesterday we found out just who the Feds thinks these rogue sites are.

Megaupload.com is a major commercial file-sharing site used by millions of consumers and businesses in the course of daily business. Users park large files that can then be shared among friends, family or professional workgroups. It competes directly with other such services such as Dropbox and RapidUpload. Megaupload claims to have about 50 million daily visits and even DoJ notes that at one point it was estimated to be the 13th most frequently visited site on the Internet.

Can infringing material be found on Megaupload? No doubt it can. But infringing material can also be found on YouTube and just about every other file-sharing site. The courts have held that these sites are not liable for infringement as long as they honor cease and desist notices to take down offending content.

The DoJ’s indictment rests on the claim that Megaupload.com first and foremost was in the business of piracy. The seven executives arrested yesterday (a group that did not include the company’s CEO, Swizz Beatz, the husband of singer Alicia Keyes) are being charged with racketeering. The indictment claims that Megaupload.com robbed artists, musicians and authors of $500 million, and that the site is actually a front for a worldwide conspiracy.

These charges might yet be true, but the supposition shouldn’t trump due process (See Jerry Brito’s post below). That it did brings the precise concerns of PIPA and SOPA critics into high relief. In addition to the arrest, the Feds have forced Megaupload.com to shut down, essentially seizing not only private property of Megaupload, but the documents, photos, videos and artwork of millions of legitimate users–some of it crucial to their livelihoods–on what amounts to a thin pretext that could be applied to any file-sharing site. Anonymous, the loosely knit “hacktivist” group, made its feelings known with its retaliatory DDoS attacks on DoJ, FBI, MPAA and RIAA sites yesterday, but I think there’s more blowback to come. A significant number of average Americans lost time, money and digital property yesterday in what they perceive as a massive overreach by a DoJ that is already under fire for its blundering tactics (Fast and Furious, the Black Friday poker site shutdowns). I’ll bet the phones were ringing off the hook in many Congressional offices this morning.

Moreover, the charges may not stick. By all accounts, Megaupload is gearing up for a fight. As its lead attorney notes, case law, including the YouTube decision, favors the company. Plus there’s the fact there are no copyright  judgments currently against it. It reportedly has also been working to iron out copyright issues with rightsholders, and has garnered support from a cross-section of artists and performers–the very community that the government alleges Megaupload has been ripping off. But even it wins, it might be a Phyrric victory, because by the time the legal dust settles, Megaupload may well be out of business. Elsewhere, Dropbox and RapidUpload execs must be sweating.

The takeaway from all this is that SOPA and PIPA will codify these DoJ tactics. And with the Megaupload siezure sitting out there as Exhibit A, no one can take the Feds at their word that they will exercise any restraint or discretion in their definition of a “rogue” site.

The best hope is that Megaupload turns out to be the egg that make the omelet. The good news out of this week of contentious debate is that is that Senate Majority Leader Harry Reid has pulled the Tuesday PIPA vote from the floor calendar. In the lower chamber, House Judiciary Committee Chairman Lamar Smith said his panel won’t take up “there is wider agreement on a solution.”

Looks like the good guys might just win one.

Here’s Mike Riggs take on Reason.com’s Hit and Run.

[Cross posted from TechFreedom]

Today, the Digital Advertising Alliance, a group of leading digital ad agencies and online ad networks, unveiled a campaign to bring attention to AdChoices, its icon-based system allowing users to opt-out of behavioral advertising. The following statement can be attributed to Berin Szoka, President of TechFreedom:

In the 1990s, Congress tried and failed to regulate Internet content. Instead, the courts have required an approach grounded in user empowerment, education and enforcement of existing laws against fraud and deception. Today, we’re seeing the the advertising industry build on this approach for consumer protection on privacy. The AdChoices campaign launched last summer empowers consumers to make their own choices on privacy. The ad campaign launched today educates consumers on how to use this tool. The Digital Advertising Alliance has promised to enforce industry’s principles. Consumer advocates should hold them to that promise. It’s also fair to insist that empowerment and education improve over time. But today, for once, let’s give the ad industry credit for doing the right thing.

The Megaupload folks are not the most sympathetic defendants, to say the least. They likely knew very well they were profiting from piracy, and they probably induced it as well. Anonymous’s attacks in retaliation for the arrests and domain seizures, therefore, threaten to destroy the good will the Internet community generated the previous day with the SOPA protests. That all said, we can’t lose sight of the principle because of the bad actors involved.

This case shows that law enforcement is perfectly capable of securing international cooperation and taking direct action against large piracy operations overseas. The Megaupload principals were arrested and they now face extradition and trial. So why do we need due-process-free domain seizures or tinkering with the inner workings of the Internet to combat piracy?

This case also reminds us that the federal government already has the power to seize .com, .net, .org and other U.S.-registered domains. Stopping SOPA is one thing, but now the task should be rolling back excessive government powers to control information online.

The balance struck by the DMCA, which gives safe harbor to sites that take down allegedly infringing content when notified by the owner, is the right one. No safe harbor is available to sites that have actual knowledge that they are benefiting from pirated content, as is probably the case with Megaupload.

I thought Todd Zywicki, a senior scholar with the Mercatus Center at George Mason University, did a nice job on Judge Napolitano’s “Freedom Watch” show addressing the contentious question of whether government should be regulating food advertising in order to somehow make American kids healthier. Todd pointed out how the advertising guidelines currently being developed are anything but “voluntary” and noted that there are many causes of childhood obesity. Watch the clip here:

Importantly, Todd also notes that there are First Amendment issues in play here. Commercial free speech is not completely without constitutional protection, as I noted in my recent Charleston Law Review article on “Advertising, Commercial Speech & First Amendment Parity.”

Finally, as we always note here about regulation generally — especially restrictions on advertising — there is no free lunch (excuse the pun in this case!). Advertising has traditionally been the great subsidizer of media and information in America. It has also kept competitors on their toes and kept prices in check.  These benefits are lost when we regulate advertising. So, while some nanny state-ers would like to convince us that they simply have the best interests of our kids in mind, the reality is that the regulations they favor will likely drive up costs for families and limit their choices of both products and media platforms, both of which are subsidized by advertising.

Tune in here 12-1:45pm today for the livestream (below) of TechFreedom‘s joint Capitol Hill briefing, “Unintended Consequences of Rogue Website Crackdown,” co-sponsored by the Competitive Enterprise Institute and the Cato Institute. Our expert panel will discuss the recent outpouring of public opposition to the Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA), what’s next for these troublesome bills, possible compromises, and the proposed alternative, Online Protection and Enforcement of Digital Trade (OPEN) Act. Our panelists are:

Follow the discussion on the #SOPAnel hashtag or submit a question for the panel to @Tech_Freedom!

This event is the perfect way to celebrate  TechFreedom‘s one-year anniversary. Our theme for the last year has been two-fold: optimism about how technology can expand our capacity to choose for ourselves and skepticism about government meddling with the Internet. As Hayek famously said about the “curious task” of economics, TechFreedom’s task is to “demonstrate to men how little they really know about what they imagine they can design.”

We’re skeptical of SOPA and PIPA not because we’re against copyright, but for the same reason we’re skeptical of regulations aimed at protecting net neutrality, privacy, competition, and other legitimate values: Tinkering with the Internet is a perilous game—and policymakers rarely see the full implications of their interventions.

That’s why we’ve emphasized the need to consider the trade-offs of regulating extremely carefully—to minimize unintended burdens of any rogue website crackdown on cybersecurity, free speech, entrepreneurship, and global Internet governance. But we also want an open and judicious process for copyright’s sake! As we noted in our coalition letter with CEI and other free market groups, “If the public perceives this copyright legislation to be the product of a hasty and opaque process, respect for copyrights and trademarks will be diminished, not enhanced.”

Watch the Event in QuickTime (M4V)
Download a Podcast of the Event (MP3)

(Cross posted at reason.org)

It’s rare when the entire Internet industry rises up with one voice. Perhaps that’s why the protest against the House of Representatives’ Stop Online Piracy Act and its Senate counterpart, the Protect Intellectual Property Act (PIPA), is getting so much attention. In policy circles, usually one segment of the online industry is jockeying for favorable position against another. Today, with Wikipedia dark, Google taped over, and a host of other sites large and small raising awareness through home page notices, New Media is drawing its line in the sand against the most astounding government overreach into Internet regulation to date.

The bills amount to good intentions gone awry. True, sites that sell brand-name counterfeits and offer illegal downloads are easy to find and no honest user advocates intellectual property theft. But SOPA and PIPA are extremely coercive and heavy-handed, and as both bills have percolated up through the legislative process, opposition has steadily mounted. There have even been outright turnarounds. The Business Software Alliance, a strong supporter of antipiracy measures and an initial backer of SOPA, reversed its position upon examining the bill.

SOPA and PIPA essentially place responsibility-and cost-of policing the Web for IP violations on the shoulders of Web site owners through an electronic version of prior restraint. The law would require Internet service providers (ISPs) to take steps to prevent their customers’ web browsers from connecting to alleged pirating site. Search engines like Google would have to scrub alleged pirating sites from their search results, or else disable links to them. Web advertising delivery systems would be required to block distribution of banners and links. Finally, sites which revolve around user-generated content, such as Facebook and Wikipedia, would be liable for any pirated content or link posted by any one of their millions of visitors.

How do the bills define a site that’s counterfeiting products or pirating copyrighted content, or one that allows users to link to them? Not very specifically. The bills’ vague language gives the Justice Department enormous leeway with a very light burden of proof in designating offenders. In sum, the bill would give the FBI and federal prosecutors to power to declare illegal any site they don’t like.

It is not the least bit alarmist to call this censorship. If either SOPA or PIPA were to pass, for the first time, the U.S. government would be able to block what Americans can access via the Web. Even the provisions against Internet gambling did not go as far (you could still get to a gambling site, you just couldn’t transfer money to it). Bottom line: the bills propose ISPs and search engines deploy the same type of Internet blocking mechanisms used today by authoritarian regimes in China, Iran and Syria, just to name three. Worse, when a democratic system such as ours engages in it, it provides these governments with political cover.

This is not to give short shrift to the problem of IP theft. But we have other methods for dealing with the issue that don’t trample free speech or due process. The Digital Millennium Copyright Act ensures that copyright can be policed and protected on music download sites and video sharing sites such as YouTube. But it requires the property owner to take responsibility. As for the complaint that much of the Web’s IP theft originates off-shore, then perhaps the best course is for the U.S. government, as a representative of its citizens, to work through diplomatic channels and with international law enforcement and to bring offenders to justice. It’s harder, and it doesn’t generate headlines for politicians, but it respects the rights of Americans, and that should trump convenience.

More on SOPA:

The Internet on Strike

At the Top of Congress’ New Year Agenda? Regulate the Net

Don’t Rush Anti-Piracy Bill, Free Market Groups Urge

The New SOPA: Now With Slightly Less Awfulness!

As if my earlier essay on why “We Need More Attack Ads in Political Campaigns” wasn’t incendiary enough, allow me to heap praise on this outstanding new oped by Washington Post columnist Richard Cohen “In Defense of Big Money in Politics.”  Few things get me more steamed than when Democrats and Republicans decry “big money” in politics and claim we need to aggressively clamp down on it.  What’s even more insulting is when they say this is a smart way to encourage 3rd party political candidates and movements.

What’s really going on here is simple protectionism. The reason that today’s politicians want to regulate cash in campaigns is because the two parties already own the system. Believe me, as someone who has NEVER voted for a politician from either of the two leading parties, I would love for it to be the case that clamping down on campaign spending actually helped 3rd party candidates. Richard Cohen’s column explains why that certainly wasn’t the case with Eugene McCarthy’s historic 1968 challenge to Lyndon Johnson, which was fueled by “big money” contributions from a handful of major donors. Here’s how Cohen begins his piece:

Sheldon Adelson is supposedly a bad man. The gambling mogul gave $5 million to a Newt Gingrich-loving super PAC and this enabled Gingrich to maul Mitt Romney — a touch of opinion here — who had it coming anyway. Adelson is a good friend of Gingrich and a major player in Israeli politics. He owns a newspaper in Israel and supports politicians so far to the right I have to wonder if they are even Jewish. This is Sheldon Adelson, supposedly a bad man. But what about Howard Stein? The late chairman of the Dreyfus Corp. was a wealthy man but, unlike Adelson, a liberal Democrat. Stein joined with some other rich men — including Martin Peretz, the one-time publisher of the New Republic; Stewart Mott, a GM heir; and Arnold Hiatt of Stride Rite Shoes — to provide about $1.5 million for Eugene McCarthy’s 1968 challenge to Lyndon Johnson. Stein and his colleagues did not raise this money in itsy-bitsy donations but by chipping in large amounts themselves. Peretz told me he kicked in $30,000. That was a huge amount of money at the time.

As Cohen points out, while many campaign regulation fans today “pooh-pooh the argument that money is speech, they cannot deny that when McCarthy talked — when he had the cash for TV time or to set up storefront headquarters — that was political speech at the highest decibel.” Amen, brother. McCarthy changed history. His was easily the most important 3rd party run of the past half century, and one of the most important in American history.

If we want more serious 3rd party candidates, then we need more cash in politics. Lots more. Unlimited, direct to candidate contributions.  Let’s have Robert Redford and his Hollywood buddies open their checkbooks and fund a serious run by the Green Party, or let wealthy industrialists fund a Libertarian Party candidate. Or whatever else.

But won’t that be “corrupting,” the skeptics ask? We can handle that: Just demand transparency. Force them to tell us where the money is coming from. We already have laws that do that.

In the meantime, I would really appreciate it if all those politicians and academics who say they are just trying help out independents like me would just quit it. They are not helping us get more 3rd party voices into the American political system; they’re making it harder than ever for them to even exist.

On the podcast this week, Michael Weinberg, staff attorney with Public Knowledge, discusses his white paper entitled, It Will Be Awesome If They Don’t Screw This Up: 3D Printing, Intellectual Property, and the Fight Over the Next Great Disruptive Technology. The discussion begins with Weinberg describing 3D printing: the process of printing three dimensional objects layer-by-layer from a digital file on a computer. According to Weinberg the design method used for printing includes programs like AutoCad and 3D scanners that can scan existing objects, making it possible to print a 3D replica. He goes on to explain why he thinks 3D printing, coupled with the Internet, is a disruptive technology. Finally, Weinberg discusses the thesis of his paper, where he anticipates industries affected by potential disruption will not compete with or adapt to this technology, but rather, will seek legal protection through IP law to preemptively regulate 3D printing.

Related Links

• It Will Be Awesome If They Don’t Screw This Up: 3D Printing, Intellectual Property, and the Fight Over the Next Great Disruptive Technology, By Weinberg
• “Difference Engine: Making it”, The Economist
• Thingverse.com
• Anthony Atala: Printing a human kidney, TED

To keep the conversation around this episode in one place, we’d like to ask you to comment at the webpage for this episode on Surprisingly Free. Also, why not subscribe to the podcast on iTunes?

Over at TIME.com, I write that while some claim that Google Search Plus Your World violates antitrust laws, it likely doesn’t. But I note that Google does have a big problem on its hands: market reaction.

So if antitrust is not Google’s main concern, what is? It’s that user reaction to SPYW and other recent moves may invite the very switching and competitive entry that would have to be impossible for monopoly to hold. … Users, however, may not wait for the company to get it right. They can and will switch. And sensing a weakness, new competitors may well enter the search space. The market, therefore, will discipline Google faster than any antitrust action could.

Read the whole thing here.