Adam Thierer's Blog, page 103

On the podcast this week, Reuben Grinberg, a recent Yale Law School graduate now in private practice in New York City, discusses his paper, published in the Hastings Science & Technology Law Journal entitled, Bitcoin: An Innovative Alternative Digital Currency. Grinberg first gives a brief overview of Bitcoin, the decentralized, digital currency. According to Grinberg, Bitcoin can maintain sustainability, even though it is not backed by an institution or commodity, but it must overcome several hurdles. Grinberg then discusses the potential security problems and legal issues Bitcoin faces. He also describes some of the unique qualities of Bitcoin, including the ability to conduct transactions anonymously. Grinberg ends the discussion with his thoughts on what Bitcoin could potentially become.

Related Links

Bitcoin: An Innovative Alternative Digital Currency , by Grinberg"Online Cash Bitcoin Could Challenge Governments, Banks", Time Techlandbitcoin.orgThe Rise and Fall of Bitcoin, Wired

To keep the conversation around this episode in one place, we'd like to ask you to comment at the webpage for this episode on Surprisingly Free. Also, why not subscribe to the podcast on iTunes?

A new report says the opposite, though perhaps "legacy" entertainment companies are failing to keep up.

By any measure, it appears that we are living in a true Renaissance era for content. More money is being spent overall. Households are spending more on entertainment. And a lot more works are being created.

Good news! Check out: "The Sky is Rising."

[Cross-posted at Reason.org]

This week Google announced that it is grouping 60 of its Web services, such as Gmail, the Google+ social network, YouTube and Google Calendar, under a single privacy policy that would allow the company to share user data between any of those services. These changes will be effective March 1.

Although we have yet to see it play out in practice, this likely means that if you use Google services, the videos you play on YouTube may automatically be posted to your Google+ page. If you've logged an appointment in your Google calendar, Google may correlate the appointment time with your current location and local traffic conditions and send you an email advising you that you risk being late.

At the same time, if you've called in sick with the intention of going fishing, that visit to the nearby state park might show up your Google+ page, too.

The policy, however, will not include Google's search engine, Google's Chrome web browser, Google Wallet or Google Books.

The decision quickly touched off discussion as to whether Google was pushing the collection and manipulation too far. The Federal Trade Commission is already on its back over data sharing and web tracking. With this latest decision, although it's not that far from how Facebook, Hotmail and Foursquare work, just more streamlined, Google, some say, is all but flouting user and regulatory concerns.

But let's not rush to condemn this move. I, for one, want to see what happens because Google is boldly putting the privacy paradox to the test.

Going by my own Google search, the term "privacy paradox" has been kicked around for almost ten years. Boiled down, it describes the repeated finding that while individuals express a high degree of concern for privacy protection online, few, in practice, take advantage of privacy safeguards when they are offered.

This apparent contradictory behavior has been noted in a number of studies, including a noted 2007 paper in the Journal of Consumer Affairs.  A 2005 Pew Internet Study, cited at the time by Forbes, found that that 54 percent believe that Web sites invade their privacy when they track behavior. But the same study showed that 64 percent were willing to give up personal information to get access to a Web site.

In the marketplace, when search engines like Google began facing vocal pushback from users and regulators on its tracking of user search histories, one of Google's competitors, Ask.com, tried to differentiate itself by unveiling AskEraser. Just like it sounds, the tool allows users to opt out of search tracking. As Forbes reported, users shrugged and AskEraser did nothing for Ask's market share, while Google's continued to grow.

Contrary to the first hysterical media reports, Google is not recording your whole digital life. There indeed is an opt-out: you don't have to be part of the Google service ecosystem, which is far from the only game in town. Remember, browsing and search are outside this program. Everything else is available from other sources. Moreover, data is only shared if you're logged in under your Google username. Otherwise you can look at all the YouTube videos and Google maps you want without anyone being the wiser.

I'll admit the biggest outcry may come over the policy with regard to Android phones. Since you're technically logged into your phone all the time, it seems tougher to opt out. But there are other devices aside from Android, even from Verizon, so consumer will have alternatives without having to change service providers. Nonetheless, given the popularity of the combination of mobility and social networking, seen not only in Google and Facebook, but in Twitter, Yelp! and Foursquare, it is arguable that a majority of users are not as concerned about their privacy as advocates of more restrictive regulations believe.

And arguable is the operative word. There indeed may be enough significant user backlash that Google backs off. In the last six months we've seen at least two instances of rapid market correction–Netflix's decision not to go through with structurally separating mail and online video rental accounts and Bank of America's reversal of its plan to charge online banking fees. Both occurred before the government could step in a provide its own (and no doubt clumsy) remedy.

Then again, there's a significant body of research that suggests that, in spite of their own complaints, users may opt to accept greater benefits and convenience in exchange for more disclosure about their habits. With this mind, it will serve consumers best if companies like Google are allowed to experiment with the privacy paradox to find where actual boundaries are, rather than hamstringing potential innovation by pre-emptively and blindly setting them.

 

On Forbes yesterday, I posted a detailed analysis of the successful (so far) fight to block quick passage of the Protect-IP Act (PIPA) and the Stop Online Piracy Act (SOPA). (See "Who Really Stopped SOPA, and Why?")  I'm delighted that the article, despite its length, has gotten such positive response.

As regular readers know, I've been following these bills closely from the beginning, and made several trips to Capitol Hill to urge lawmakers to think more carefully about some of the more half-baked provisions.

But beyond traditional advocacy–of which there was a great deal–something remarkable happened in the last several months. A new, self-organizing protest movement emerged on the Internet, using social news and social networking tools including Reddit, Tumblr, Facebook and Twitter to stage virtual teach-ins, sit-ins, boycotts, and other protests.

The article describes the political philosophy and origins of this movement, which I called "bitroots" activism. I warn both fans and detractors about the dangers facing this new global political force as it navigates the delicate transition from single-issue protest to a sustainable voice in shaping technology law and regulation.

But so far, at least, supporters of PIPA and SOPA won't even acknowledge the existence of this third front, dismissing it as a stunt perpetrated by a few large technology companies.  That response not only misses the point, but makes clear the need for new forms of political dialogue over technology issues in the fist place.

As someone who spends time both in Silicon Valley and inside the Beltway, I've long been concerned about the lack of informed conversations between innovators and regulators, especially as the two come increasingly into conflict as their worlds move closer together. (That was the central theme of The Laws of Disruption, now available practically for free on Amazon!)

Now that the bitroots movement has coalesced, I can't wait to see where it goes next. I have high hopes for this new awareness and activism, and for their intuitive understanding that the innovations that enable them are their best weapons for changing the political dialogue. Who knows? They may even wind up disrupting traditional forms of advocacy.

President Obama's third full year in office came to an end last week, and I've reviewed how well he's doing with one particular campaign promise on the Cato@LIberty blog. "Sunlight Before Signing" is the moniker for the president's campaign promise to post online the bills Congress sends him for five days before signing them.

As we start the fourth year, he's at just over 50% on fulfillment of the promise. Far less if you measure based on the number of pages that got the sunlight he promised.

Rebecca MacKinnon's new book, Consent of the Networked: The Worldwide Struggle for Internet Freedom, is well-researched exploration of the forces driving Internet developments and policy across the globe today. She serves up an outstanding history of recent global protest movements and social revolutions and explores the role that Internet technologies and digital networks played in those efforts. She also surveys some of the recent policy fights here and abroad over issues such as online privacy, Net neutrality regulation, free speech matters, and the copyright wars. The Consent of the Networked is certainly worth reading and will go down as one of the most important Internet policy books of 2012.

A Call to Action

Of course, it's not just a history lesson. MacKinnon has also issued a call-to-arms here. As a well-known web activist, MacKinnon has emerged as a leading force in the broad-based, if loosely-defined, "Net freedom" movement. The term "Net freedom," she notes, means very different things to different people. It's "like a Rorschach inkblot test: different people look at the same ink splotch and see very different things." (p. 188)  Nonetheless, on the global stage, the Internet freedom movement is fundamentally tied up with efforts to hold both governments and corporate actors more accountable for their actions toward the Netizens, digital networks, and online speech and expression.

MacKinnon has rightly won praise for her efforts to devise an institutional structure and accompanying set of social/moral pressures that can get private actors to understand "why it is good for their business in the long run to be both responsible and publicly accountable when it comes to protecting users' and customers' rights." (p. 182)  She was instrumental in setting up the Global Network Initiative (GNI), an effort to devise a set of best practices and a sort of voluntary code of conduct for online operators doing business in repressive states. The GNI lays out a set of principles for online expression, privacy, corporate transparency, and multi-stakeholder interaction that members are expected to live up to. Thus far, however, the only major corporate signatories are Microsoft, Google, and Yahoo.

Consent of the Networked is MacKinnon's effort to take the "Net freedom" movement to the next level; to formalize it and to put in place a set of governance principles that will help us hold the "sovereigns of cyberspace" more accountable.  Many of her proposals are quite sensible. But my primary problem with MacKinnon's book lies in her use of the term "digital sovereigns" or "sovereigns  of cyberspace" and the loose definition of "sovereignty" that pervades the narrative. She too often blurs and equates private power and political power, and she sometimes leads us to believe that the problem of the dealing with the mythical nation-states of "Facebookistan" and "Googledom" is somehow on par with the problem of dealing with actual sovereign power—government power—over digital networks, online speech, and the world's Netizenry.

Back to Political Philosophy 101: What a Sovereign Is, and Isn't

MacKinnon suggests that we need to begin to think about our interactions with various private digital intermediaries in much the same way many political philosophers have traditionally thought about the relationship between citizens and the state. Building on social contract theory (a la Hobbes, Locke, Rousseau, etc.), she seeks to apply "consent of the governed" notions to the digital sphere such that we might achieve as sort of "consent of the networked." "It is time for the new digital sovereigns to recognize that their own legitimacy — their social if not legal license to operate — depends on whether they too will sufficiently respect citizens' rights," she argues. (p. 165) "It is time to upgrade the social contract over the governance of our digital lives to a Lockean level, so that the management of our identities and our access to information can more genuinely and sincerely reflect the consent of the networked." (p. 165)

It sounds great in theory. In practice, however, this notion is highly problematic.  Private companies are not "sovereigns," nor should we move to formally classify them as such. Equally problematic is MacKinnon's quip about their "legal license to operate," which raises other concerns.

First, let's drill down a bit on the sovereignty point.

Sovereignty is, at root, about power; supreme power over a group in a defined geographic territory. In a Hobbesian sense, sovereignty is the coercive power to rule absolutely over those people. For a more extensive discussion, see Bertrand Russell's magisterial A History of Western Philosophy. (Touchstone, 1945, pp. 546-557.)  Or we might also reference Blackstone who noted that "For legislature, as was before observed, is the greatest act of superiority that can be exercised by one being over another. Wherefore it is requisite to the very essence of a law, that it be made by the supreme power. Sovereignty and legislature are indeed convertible terms; one cannot subsist without the other."

Of course, the uniquely American contribution to this discussion — flowing from the radicalism of the American Revolution — is that sovereignty lies in the people themselves and that only when they delegate some of that power to the state does the state come to have any legitimacy. Through "the consent of the governed" and the requisite constitutions or other contracting elements, "we the people" transfer power to governments to handle a variety of things that we deem better not left to private actors or actions. More on those powers in a sec.

But first, let's be clear about the essential transfer of power that takes place here and why we shouldn't take it lightly. At the heart of sovereignty lies the collectivization of force and coercion. In her essay "On the Source of the Authority of the State," the British philosopher G.E.M. Anscombe's pinpointed the "institutional violent coercive power" of the State as the crucial element of its sovereign authority over any group. "No political theory can be worth a jot, that does not acknowledge the violence of the state, or face the problem of distinguishing between states and syndicates," Anscombe argued. This is just as true for the sort of sovereignty derived from the "consent of the governed" via the Lockean-American model as it is in the British tradition or any other system.

But there's another essential element to sovereignty, properly understood: the impossibility of escaping the reach of that authority. Commenting on Anscombe's framework, Jenny Teichman and Katherine C. Evans, authors of Philosophy: A Beginner's Guide, note that "there surely must be some difference between a state and a voluntary association… The chief difference between a voluntary association and a state is that you can resign from a voluntary association, but it is never possible to resign from the state." (p. 105).

The American Revolution gave us a new way of thinking about this, too. Because true sovereignty lies with the people, even after we transfer some of it to the state as an agent of power over us, we can later change our minds and take that power back. Of course, that's much easier said than done, especially if we are talking about a full-blown revolution being required to accomplish the return of that power to the people such that we might contract with a new sovereign entity.

But the important point here is that, while the state does exist and retains the power we have delegated to it, it (a) possess unique coercive powers over us and (b) the possibility of escaping their rule is often quite limited, sometimes by geographic or economic realities, other times by efforts by the sovereign to restrict flight.

The same facts do not hold for corporate entities. That is the essential insight missing from MacKinnon's narrative. "Facebookistan" and "Googledom" are cute labels, but let us not pretend for one moment that there is any legitimacy whatsoever to their "rule" over us.  They do not possess such coercive powers over us and we are able to escape their "territories" any time we want, or not even join them in the first place if we don't want to.

Not to put too fine a point on it, but here are the three essential things that sovereign governments can do that "Facebookistan," "Googledom" or any other corporations cannot: (1) Imprison you. (2) Tax you. (3) Confiscate your property.  But that's not the end of the list. There are many other powers that are exclusive to governments. For example, they can: coin money, regulate various forms of commerce, form standing armies, form treaties with foreign sovereigns, declare war on those foreign sovereigns with those aforementioned standing armies, etc, etc). But those big three powers are the ones that matter most.

While, in theory, "we the people" could contract with Facebook, Google, or another private entity to hold these powers and literally become "sovereigns of cyberspace" ruling over us, the reality is that that has never happened and isn't about to any time soon. In fact, no corporation holds these powers unless governments deputize them — whether willingly or reluctantly — to become henchmen of the State. That's a crucial point, and one often misunderstood in debates about Internet freedom, online privacy, digital copyright, and online freedom of speech. Luckily, that distinction is not lost on MacKinnon. In fact, she nails what it so insidious about it. More on that point in a moment.

The Self-fulfilling Prophecy Problem

But first, there's another major problem with MacKinnon's suggestion that we think of certain private digital entities as "sovereigns."  We might think of it as "the self-fulfilling prophecy problem": If you declare certain digital operators to be "sovereigns" or even "essential social facilities" to use public utility parlance, then you should not be at all surprised when the very act of affixing that label (and concurrent obligations) on a particular platform or company tends to lock it in as the preferred or only choice in its sector.

If, for example, we had a formal "constitutional convention" for Facebookistan and its users (God only knows how such a thing would work), it could very well tip the market in favor of Facebook being the primary or preferred choice for social networking going forward.  This has been a long-standing problem in the field of communications where public utility regulation often shelters a "utility" from competition once it is enshrined as such. Or, by forcing standardization or a common platform, regulation can help lock it in for the long-haul and erect de jure or de facto barriers to entry that restrict beneficial innovation and disruption of market leaders.

The last thing we want to do is lock-in Facebook or Google as market leaders by declaring that we need special rules governing MacKinnon's mythical sovereigns of "Facebookistan" and "Googledom." Those countries do not exist, nor should the law declare that they do. [Note: I have a paper coming out next month on "The Perils of Classifying Social Media Platforms as Public Utilities" that will address these issues in more detail.]

The Velocity of "Tech Titan" Meltdowns also Undercuts "Sovereignty" Claims

Importantly, MacKinnon also fails to consider the rapid rise and fall of these supposed digital sovereigns. In my work attacking the Lessig-Zittrain-Wu school of thinking about cyberlaw and digital economics, I've argued that there's a serious short-sightedness and a needlessly pessimistic outlook among many Internet academics today. [See my book chapter from The Next Digital Decade: "The Case for Internet Optimism, Part 2 – Saving the Net from Its Supporters."]

Creative destruction and disruptive technologies continue to upend tech markets and displace supposedly "dominant" digital giants with increasingly regularity. Change and churn are the only constants in an economy built largely on the foundations of binary code. Absolutely nothing that was sitting on our desktops in 1995 remains there today (can you name another sector like that?), and most of the first generation of "tech titans" have already faded from the picture. If MacKinnon had written her book just a decade ago, would she have referred to AOL as a "sovereign of cyberspace"? If she had penned it five years ago, would she have fretted about "MySpace-istan"?

By contrast, the reign of most actual "sovereigns" is usually measured in decades, even centuries. That is far longer than the brief time in the sun that most digital providers and platforms enjoy today. Markets discipline and sometimes severely punish those that don't satisfy the desires of users and customers.

Power Begets Power: The Dangers of Middleman Deputization

But let's get back to the dangers of middleman deputization. It should be obvious that any move to treat digital operators more like "sovereigns" will likely end up ensuring that actual sovereigns rope them into a host of regulatory regimes. This is why I was dismayed by MacKinnon's "legal license to operate" line, even though she never fully develops what she means by that. It seems to imply that these entities only exist by the good graces of the State and that they could be used to accomplish a variety of government goals.

I was relieved, therefore, to see what a nice job MacKinnon does documenting and critiquing the many ways that governments already enlist digital intermediaries into a variety of regulatory efforts, including: copyright enforcement, online child safety, online harassment / defamation, and national security / law enforcement matters. In one of the best portions of the book, she takes on policymakers and academics who increasingly call for increased intermediary deputization, which often diminishes users' liberties in one fashion or another. "Internet companies around the world face mounting pressure from governments not just to block websites but to delete a wide range of content from the Internet completely, as well as track what their users are doing so they can be prosecuted or cut off if they do anything illegal," she correctly notes. (p. 93)

MacKinnon also takes on Cass Sunstein and some of the other contributors to the troubling recent book The Offensive Internet. Several of the academics who penned essays for that collection call for expanded intermediary policing of the Net as well as new laws aimed at limiting online anonymity. These deputization mandates would open the door to excessive government control of speech and also raise serious privacy and security issues. MacKinnon wonders: "Can Sunstein and his coauthors be so naïve as to think that power holders in the twenty-first century United States are different from power holders in any other place or time?" (p. 89)  Excellent question!

MacKinnon notes that South Korea adopted a law demanding websites with more than 100,000 visitors per day to obtain the real names, addresses, and national ID numbers of all users upon account creation. The law followed concerns similar to those raised by American critics who are worried about online harassment. "But this legal solution pursued by a democratically elected parliament ended up being used by economically and politically powerful people in South Korea to stifle speech they happened to find threatening," MacKinnon notes. She recalls the case of South Korean blogger Park Dae-sung, who was arrested and jailed under the law for "spreading false information to harm the public interest." (p. 90) In reality, Park had done little more than blog critically about the country's economic policies and found himself loathed by many inside the government as a result.

Regrettably, this was not an isolated case. Other Koreans were charged under the law before it was finally overturned in mid-2011, but not before much of the personal information collected by the government was stolen by Chinese hackers. "Herein lies the dangerous slippery slope in legislation to curb anonymity," argues MacKinnon. "[T]he people of South Korea," she notes, "learned a painful lesson about why excessive data retention and ID requirements can make citizens less rather than more secure." (p. 91)

Here in the United States, we are lucky that 47 U.S.C. § 230, commonly known as "Section 230," shields online operators from liability for information posted or published on their systems by users, ensuring that they cannot be deputized by governments to more aggressively police — even self-censor — their sites for various types of online content that public officials wanted curbed. I've argued that Sec. 230 is "the greatest Internet law" because it grants online intermediaries generous leeway to determine what content and commerce travels over their systems without the fear that they will be overwhelmed by lawsuits if other parties object to some of that content. Many of the online social media and e-commerce sites that we know and love today — Yelp, Twitter, eBay, etc. — might not exist without Sec. 230's protections. Moreover, many users would find their online liberties and privacy in greater peril without Sec. 230's protections.

Still, as MacKinnon correctly notes, many digital intermediaries are pressured (and sometimes required) to serve as the handmaidens of government. This is particularly problematic when it comes to the forcible surrender of personal information or technological capabilities to government officials. When government officials come knocking on a company's door asking for user records, files, search histories, or whatever else, that's obviously a huge problem.

But, as I noted in this debate with Lawrence Lessig a few years ago, this is a problem we should handle by putting more constraints on our government(s), not by imposing more regulations on code or coders. While, as a general principle, it is wise for companies to minimize the amount of data they collect about consumers or websurfers, we need not force that by law. And we should certainly hold companies to high standards when it comes to data security and breach. But, again, the best way to deal with many of the surveillance and data collection threats that MacKinnon worries about in her book is to tightly limit the powers of government to access private information through intermediaries in the first place. Most obviously, we could start by tightening up the Electronic Communications Privacy Act and other laws that limit government data access. And continuing to defend Section 230 against attacks is essential. If we're going to be legislating about the Internet, we need more laws like that to create a high and tight firewall between government and our online communities.

MacKinnon's Net Governance Ideas

I apologize for dwelling so long on the point about sovereignty, but I believe it's essential we not start thinking of private operators as "sovereigns" for the reasons I've outlined.  Anyway, MacKinnon has many other ideas about Net governance in the book that are less controversial. In fact, I find myself largely in agreement with many of her recommendations.

For example, she wants to "expand the technical commons" by building and distributing more tools to help activists and make organizations more transparent and accountable. These would include circumvention and anonymization tools, software and programs that allow both greater data security and portability, and devices and network systems to expand the range of communication and participation, especially in more repressed countries.  All terrific ideas.

MacKinnon would also like to see neitzens "devise more systematic and effective strategies for organizing, lobbying, and collective bargaining with the companies whose service we depend upon — to minimize the chances that terms of service, design choices, technical decisions, or market entry strategies could put people at risk or result in infringement of their rights." (p. 247)  This also makes sense as part of a broader push for improved corporate social responsibility. When people band together — as consumers, users, citizens, etc. — they can provide a powerful check on corporate behavior and encourage the evolution of new social and market norms. There are so many Internet advocacy organizations out there doing this now that I sometimes wonder if some of them would be better off merging to increase their collective bargaining power. But that's a discussion for another day.

What Role for Law?

In terms of law, it's not always clear what MacKinnon is after, even if it is obvious she's open to more regulation, so long as it's for what she regards as the right purpose. "There is a need for regulation and legislation based on solid data and research (as opposed to whatever gets handed to legislative staffers by lobbyists) as well as consultation with a genuinely broad cross-section of people and groups affected by the problem the legislation seeks to solve, along with those likely to be affected by the proposed solutions," she says. (p. 172) While this implies an openness to political solutions to "net freedom" and privacy problems, MacKinnon never really makes it clear how we strike the right balance. Adding to the confusion is the very next line: "In many other situations, government regulation—especially when large numbers or people have good reason not to trust the motives of the regulators or legislators in question—can create as many problems as it solves."

In other words, the standard for green-lighting government action seems to be this: When we can trust the motives of the regulators and legislators in question, then it's fine to bring politics into the equation. Sorry, but that's still a fairy subjective test.

It's worth noting that, on balance, MacKinnon expresses serious reservations about the wisdom of many government solutions. And, as noted above with regards to deputization solutions, she certainly appreciates the many unintended consequences of regulation. She notes how regulation so often lags far behind innovation. "A broader and more intractable problem with regulating technology companies is that legislation appears much too late in corporate innovation and business cycles," MacKinnon argues. (p. 174)  She notes that proposals like the Global Online Freedom Act (GOFA), which aimed to devise legal solutions and penalties for companies doing business in repressive regimes, ultimately won't work.  Not only were the issues evolving too quickly for GOFA to be a solution, but its "one-size-fits-all legislative approach" didn't make sense for the multiplicity of businesses, countries, cultures, and laws that are out there.

Despite these reservations, she seems entirely at ease with expanded government privacy mandates and Net neutrality regulation, among others. Yet, she grows more concerned when referencing efforts to legislate on copyright, child safety, defamation, and national security matters. And so we arrive back at a problem I have previously labeled the "selective morality problem" within modern cyberlaw debates: People hate Internet regulation… until they love it!  I've expanded on this notion at greater length in my essays, "When It Comes to Information Control, Everybody Has a Pet Issue & Everyone Will Be Disappointed," And so the IP & Porn Wars Give Way to the Privacy & Cybersecurity Wars," and more recently, "SOPA & Selective Memory about a Technologically Incompetent Congress."

Like most other Internet policy scholars today, I don't suspect MacKinnon will ever come around to embracing a more consistent, across-the-board approach to keeping government's paws off the Net, but I would appreciate it if smart folks like her would at least acknowledge the inconsistency in their views as well as the danger of opening the door to government meddling for their pet concerns, since that will undoubtedly open it up wider and wider to all the other issues that people want handled politically. Eventually, this is how governments across the globe will wrap their tentacles tightly around every facet of online life and commerce. No one today mounts a consistent defense of cyber-liberty.

The problem is that MacKinnon, like so many other well-intentioned academics and activists today, seems to imagine that she'll be able to dictate when the law gets used to do "the right thing" and then later we can just shut down the regulatory process and stop misguided legislative adventures. But you can't have your cake and eat it too, even though that seems to be the operational assumption here. Again, we see that when she warns of the danger of regulatory capture and argues law should not be based on "whatever gets handed to legislative staffers by lobbyists." Well, I hate to be such a cynic, but good luck with that!  If you want to know why I am such a cynic, take a look at my growing compendium, "Regulatory Capture: What the Experts Have Found." It does not make for fun reading but the lesson is unambiguous: Increasing the scope of political meddling for some issues — even those you think worthwhile — will inevitably increases the grim reality of more Net regulation and more industry capture. It continues to be the #1 reason I prefer civil society-based and market-based solutions over governmental solutions, even when I sympathize with the concerns regulatory advocates raise.

Closing Thoughts

Despite the nitpicks I've raised here, there's much to like in Rebecca MacKinnon's Consent of the Networked. In particular, it offers a rich history of modern Net governance debates that is not to be missed. In particular, her coverage of China and the Net is second to none. More generally, she's just a terrific all-around researcher and writer; her old journalism skills really paid off here. Other scholars in the field would do well to use her book as a model for how to communicate complex ideas in a clear and convincing fashion.

Cyberlaw and Internet policy scholars and students would be wise to read MacKinnon's Consent of the Networked alongside Milton Mueller's Networks and States: The Global Politics of Internet Governance [reviewed here], Evgeny Morozov's The Net Delusion [reviewed here], and Access Contested: Security, Identity, and Resistance in Asian Cyberspace by Deibert, Palfrey, Rohozinski and Zittrain. Of course, the work of David G. Post and David R. Johnson is also mandatory reading on this topic. They were writing about Net governance before Net governance was cool. Post's recent book, In Search of Jefferson's Moose: Notes on the State of Cyberspace, [review here] is very much worth reading, as well as his much older 1998 essay, "The 'Unsettled Paradox': The Internet, the State, and the Consent of the Governed." Also, David Johnson's recent chapter in The Next Digital Decade closely tracks MacKinnon's thinking on Net governance and is worth checking out. It's entitled, "Democracy in Cyberspace: Self-Governing Netizens & a New, Global Form of Civic Virtue, Online." There are many other important essays in that volume, too. I should also mention the massive collection of essays that Wayne Crews and I edited and bound together for Cato back in 2003. The volume was entitled Who Rules the Net? Internet Governance and Jurisdiction. There were some terrific essays in there on topics related to MacKinnon's book.  Finally, for an international perspective on some of these issues, students should check out Chris Marsden's recent book, Internet Co-Regulation: European Law, Regulatory Governance and Legitimacy in Cyberspace.

Down below you will find some additional links to explore Consent of the Networked and Rebecca MacKinnon's other research and advocacy. Again, I recommend you add the book to your collection.

[Reminder: All my tech policy book reviews can be found here.]

Additional Reading:


Official site for Consent of the Networked
MacKinnon's blog, "RConversation"
MacKinnon's recent Washington Post oped, "Why doesn't Washington understand the Internet?"
Global Network Initiative (GNI)
MacKinnon interviewed on "Democracy Now" with Amy Goodman
MacKinnon's TED talk, "Let's Take Back the Net"

My latest Forbes column is entitled "Why Doesn't Society Just Fall Apart?" and it's a short review of Bruce Schneier's latest book, Liars & Outliers: Enabling the Trust that Society Needs to Thrive.  It's an interesting exploration of the societal pressures that combine to ensure that (most!) societies don't go off the rails and end in anarchic violence. In particular, he identifies and discusses four "societal pressures" combine to help create and preserve trust within society. Those pressures include: (1) Moral pressures; (2) Reputational pressures; (3) Institutional pressures; and (4) Security systems. By "dialing in" these societal pressures in varying degrees, trust is generated over time within groups.

Of course, these societal pressures also fail on occasion, Schneier notes. He explores a host of scenarios — in organizations, corporations, and governments — when trust breaks down because defectors seek to evade the norms and rules the society lives by. These defectors are the "liars and outliers" in Schneier's narrative and his book is an attempt to explain the complex array of incentives and trade-offs that are at work and which lead some humans to "game" systems or evade the norms and rules others follow.

The most essential lesson Schneier teaches us is that perfect security is an illusion. We can rely on those four societal pressures in varying mixes to mitigate problems like theft, terrorism, fraud, online harassment, and so on, but it would be foolish and dangerous to believe we can eradicate such problems completely. "There can be too much security," Schneier explains, because, at some point, constantly expanding security systems and policies will result in rapidly diminishing returns. Trying to eradicate every social pathology would bankrupt us and, worse yet, "too much security system pressure lands you in a police state," he correctly notes.

Schneier's framework is particularly useful when addressing a variety of security dilemmas in the field of information policy. "Parasites are all over the Internet," he notes, and "new technologies, new innovations, and new ideas increase the scope of defection in several dimensions." Whether its spam, malware attacks, data theft, copyright piracy, or cybersecurity, the defectors have a first-mover advantage in that "they get to try the new attack first." The Net and new digital networks and technologies have created a never-ending cat-and-mouse game: "It's a race between the ability to deceive and the ability to detect deception," Schneier notes. Again, there are no silver-bullet solutions because "this process never ends." As he correctly concludes, we must accept the fact that "security is a process, not a product."

I recommend Schneier's book and encourage your to read my entire review over at Forbes.

In the wake of last week's big SOPA showdown, a lot of people are talking about the expanded presence and power of the Internet, online operators, and digital Netizens in Washington policy debates. I certainly don't mean to diminish the importance of this particular episode. It certainly is historic, regardless of how you feel about the specifics of SOPA. What does concern me, however, is the way this episode is prompting questions about how much more "engagement" Internet companies need to consider inside the Beltway. For example, today's Wall Street Journal features an article on "The Web's Growing Muscle" and notes:

The Internet industry has found a rare sweet spot in Washington. With Google in the lead, the companies have begun building a strong traditional lobbying force in Washington. And, to complement that inside game, websites' millions of users have become a powerful outside weight on Congress. What's more, in a rare Washington double play, the concerns of Internet companies have found a sympathetic ear both in the Democratic White House and among Republican presidential candidates who otherwise can't agree with Barack Obama on anything.

The piece concludes with a quote from an anonymous media executive saying "People are looking at what Google spent on lobbying and wondering, 'Can we match that?' It has to be a big spend."

I cannot possibly think of anything more demoralizing than that. The idea that web companies should spend more of their time in Washington showering politicians with cash instead of out there in the real world innovating and making consumers happy is extremely troubling. I wrote about this growing trend in my 2010 Cato essay on "The Sad State of Cyber-Politics." I built that essay around an old manifesto by Cypress Semiconductor CEO T. J. Rodgers on "Why Silicon Valley Should Not Normalize Relations with Washington, D.C."  Rodgers had argued that "The political scene in Washington is antithetical to the core values that drive our success in the international marketplace and risks converting entrepreneurs into statist businessmen," and that "The collectivist notion that drives policymaking in Washington is the irrevocable enemy of high-technology capitalism and the wealth creation process."

But no one was listening then and they certainly aren't listening now. We find ourselves in the midst a mad rush to see who can open a bigger, fancier office in Washington and have glitzier parties to make the political class happy. As I noted in the Cato essay:

There's enormous pressure on the high-tech sector to actually become more entrenched in coming years, at least to remain "competitive" with other companies who have planted a flag inside the Beltway. Recently, for example, Reid Hoffman, founder of LinkedIn, a social networking site for professionals, worried that policymakers tend to ignore high-tech startups. "We don't have an entrepreneurship lobby," he said, "because entrepreneurs are off doing it." As if that was a bad thing! In particular, he fretted about startups not getting their share of recent stimulus funding and argued that "It's much easier when you're embedded in the political infrastructure to respond to immediate things" such as nabbing stimulus dollars, he said.

Am I being naive about all this? Don't these new tech companies have to have armies of lobbyists pressing the flesh and greasing the palms here in DC in order to compete against other entrenched competitors who are doing to same thing?  Perhaps, but there's always been self-fulfilling circularity to the argument that you have to be here in order to "be a player" or "have a seat at the table." The end result of that thinking is always the same: more lobbying, more logrolling, more of "the big spend." And then we end up with one giant cesspool of protected markets, protracted legal nightmares, bloated bureaucracies, and widespread regulatory capture. Welcome to the wonderful world of crony capitalism! And your tech sector superstars are now falling all over themselves to make sure they have that proverbial "seat at the table" so they can feast at this Big Government supper.

It makes me sick to my stomach to even think about it. So, I'll continue right on being a naive dope and conclude this piece the same way I concluded my old Cato essay on the sad state of cyber-politics:

For that small remnant of believers in real Internet Freedom — freedom from incessant government techno-meddling — we will never stop hoping that disputes among high-tech companies might be settled in the marketplace instead of within regulatory agencies and congressional committee rooms. And we must continue our push to discourage high-tech companies from an excessive "normalization" of relations with the parasitic culture that dominates Washington by reminding them, as Rodgers noted in 2000, "that free minds and free markets are the moral foundation that has made our success possible. We must never allow those freedoms to be diminished for any reason."

Just let me dream, people.

From Cato's "Job Opportunities" page:

Policy Analyst, Telecommunications and Internet Governance

The Cato Institute seeks a policy analyst to work on telecommunications and Internet governance issues. The suitable candidate will have several years of work experience in the field of telecommunications and Internet law and policy. An advanced degree in law or economics is preferred

Sought-after qualifications include: familiarity with or practice before the Federal Communications Commission; familiarity with the technical and governance bodies of the Internet; familiarity with and/or work experience on Capitol Hill; a solid background in the First Amendment and other civil liberties; familiarity with classical liberal history and scholarship; strong analytical reasoning skills; the ability to simplify complex issues in oral and written communications; and good interpersonal skills. Responsibilities include monitoring developments in government regulation and oversight of telecommunications and Internet governance at all governmental levels; researching and writing on these topics in all formats (research papers, policy briefs, editorials, blogposts, etc.); and public speaking. Candidates must support Cato's mission of promoting individual liberty, free markets and limited government.

Information on how to apply here.

Cybersecurity is one of the issues that the President may touch upon tonight in his State of the Union speech, and Senate Majority Leader Harry Reid has said he is ready to move on comprehensive cybersecurity legislation soon. This all raises the question: what is the problem we're trying to fix?

In an important new working paper for the Mercatus Center at George Mason University, Eli Dourado asks if there is a market failure in cybersecurity that requires a government response. He concludes that policymakers may be jumping to conclusions a little too hastily.

Proponents of cybersecurity regulation make the case that private network owners do not completely internalize cyber risks. The reason, they say, is that a loss stemming from a cyber attack, against a financial network for example, will affect not just the network owner, but thousands of consumers as well. As a result, private network owners won't spend the socially optimal amount on to meet that risk. That is a market failure, they say, and only government intervention can ensure that we get the right amount of cybersecurity.

In his paper, however,Dourado shows that the presence of an externality does not necessarily mean that there is a market failure. Externalities are often internalized by private parties without government intervention. This is true both generally and in the realm of cybersecurity. Policy makers, he says, should therefore be careful not to enact cybersecurity legislation just because they observe an externality. Regulating when there is no market failure will likely have dire unintended consequences.

You can download the paper at Mercatus.org.