Adam Thierer's Blog, page 104

According to the BBC, the European Commission is apparently set to adopt formal rules guaranteeing a so-called "right to be forgotten" online.  As part of the Commission's overhaul of the 1995 Data Protection Directive, this new regulation will mandate that, "people will be able to ask for data about them to be deleted and firms will have to comply unless there are 'legitimate' grounds to retain it," the BBC reports.

I've written about "right to be forgotten" and "online eraser button" proposals before in my Forbes essay, "Erasing Our Past On The Internet," a Mercatus white paper on "Kids, Privacy, Free Speech & the Internet: Finding the Right Balance." and in this essay here on the TLF on "The Conflict Between a "Right to Be Forgotten" & Speech / Press Freedoms." While I can appreciate the privacy and reputational concerns that lead to calls for such information controls, the reality is that a mandatory "right to be forgotten" is a recipe for massive Internet censorship.  As I noted in those earlier essays, such notions conflict violently with speech rights and press freedoms. Enshrining into law such expansive privacy norms places stricter limits on others' rights to speak freely, or to collect and analyze information about others.

The ramifications for journalism are particularly troubling. Good reporting often requires being "nosy" while gathering facts. Journalists (and historians) might suddenly be subjected to restraints on their research and writing. The Brits have been struggling with this when trying to enforce gag orders and "super-injunctions" on media providers to protect privacy. It hasn't turned out well, especially since new social media platforms and speakers easily evade these rules. (See my Forbes column, "With Freedom of Speech, The Technological Genie Is Out of the Bottle.")

Thus, for a "right to be forgotten" to work, a more formal and robust information control regime will need to be devised to censor the Net and make it "forget"about the digital footprints we left online. Will the DMCA's "notice and takedown" model be applied? Beyond the chilling effect associated with dragnet takedowns of online information, it's unlikely that approach will really work. Keep in mind, this isn't as simple as just telling large social media operators to delete information on demand. The reality is, as computer scientist Ben Adida notes in his essay "(Your) Information Wants to be Free," the same forces and factors that complicate other forms of information control, such a copyright and speech restrictions, also complicate the protection of facts about you. "[I]nformation replication doesn't discriminate: your personal data, credit cards and medical problems alike, also want to be free. Keeping it secret is really, really hard," Adida correctly notes.

The fact is, information is instantaneously replicated online many times over on many different platforms — sometimes manually, sometimes automatically. Regulation will need to grapple with how to put the genie back in the bottle when countless others have already forwarded or commented on the piece of information someone later wants "forgotten." And how would automated online archiving / storage services be affected? Will such sites and services be expected to find and purge every possible mention / reference of the offending information? Will they be compensated for the countless requests they receive to delete countless pieces of digital information, or are they just expected to do that out of the goodness of their hearts?

I could go on, but instead I'd just ask that you read some of the essays I've already cited and then take a look at this outstanding essay on "9 Reasons Why a 'Right to be Forgotten' is Really Wrong," by Joris van Hoboken, a PhD candidate at the Institute for Information Law (IViR) at the University of Amsterdam. It's an outstanding critique of the notion.

Please keep in mind: Just because I raise questions like these it does not mean I'm opposed to the notion that online operators should be held to higher standards and be expected to properly safeguard our online information and perhaps even delete much of it upon request. But moving this process into the legal / regulatory arena opens up a huge Pandora's Box of potential problems. Censoring the Net — even when it's for a cause many favor — is very hard and will give rise to many unintended consequences.

In the ongoing debate over SOPA, PIPA, and rogue websites legislation, most commentators have focused on what Congress should and shouldn't do to combat these sites. Less attention, however, has been paid to the underlying assumption that these rogue websites represent a public policy problem. While no one has defended websites that defraud consumers by deceptively selling them fake pharmaceuticals and other counterfeit goods, many consumers who frequent "rogue websites" do so for the express purpose of downloading copyright infringing content.

As Julian Sanchez explains over on Cato-at-Liberty, how the latter category of rogue websites (including The Pirate Bay and, until last week, MegaUpload) affects the U.S. economy and social welfare is hotly contested in the economic literature:

[I]t's become an indisputable premise in Washington that there's an enormous piracy problem, that it's having a devastating impact on U.S. content industries, and that some kind of aggressive new legislation is needed tout suite to stanch the bleeding. Despite the fact that the [GAO] recently concluded that it is "difficult, if not impossible, to quantify the net effect of counterfeiting and piracy on the economy as a whole," our legislative class has somehow determined that . . . this is an urgent priority. Obviously, there's quite a lot of copyrighted material circulating on the Internet without authorization, and other things equal, one would like to see less of it. But does the best available evidence show that this is inflicting such catastrophic economic harm—that it is depressing so much output, and destroying so many jobs—that Congress has no option but to Do Something immediately? Bearing the GAO's warning in mind, the data we do have doesn't remotely seem to justify the DEFCON One rhetoric that now appears to be obligatory on the Hill. The International Intellectual Property Alliance . . . actually paints a picture of industries that, far from being "killed" by piracy, are already weathering a harsh economic climate better than most, and have far outperformed the overall U.S. economy through the current recession.

Julian makes several great points, and his essay is well worth reading in its entirety.

Nevertheless, in my view, rogue websites dedicated to the infringement of U.S. copyrights pose a public policy problem that merits not only serious congressional attention, but also prompt (albeit prudent) legislative action. While I'm relieved that the flawed SOPA and PIPA bills seem unlikely to pass in their current forms, I also think it would be unwise for Congress to dither on rogue sites legislation for years in search of "credible data" about how such sites impact our economy.

Why am I urging policymakers act without "all the facts?" Two reasons. First, I'm quite skeptical that we'll obtain anything resembling dispositive data on the question of how rogue websites impact consumer welfare in the foreseeable future. Countless academics have spent years seeking to understand how often consumers download content on rogue websites, how frequently consumers substitute unlawful content for the lawful kind, and the extent to which copyright infringement indirectly benefits creators by inducing greater overall content consumption. Yet reliable data on these topics remains the stuff of dreams.

Second, the ease with which U.S. consumers can and do access near-perfect infringing copies of movies, songs, television shows, and video games gives rise to a reasonable presumption that we'd probably be better off if Congress were to throw up at least some carefully-constructed roadblocks to obstruct rogue sites. That's because if such roadblocks are erected, the consumers most likely to shift from unlawful to lawful consumption of content are also the same consumers who are most likely to benefit social welfare (and the U.S. economy) if they pay more for the content they value and enjoy.

Imagine two hypothetical "pirates" (or users who frequently infringe on copyrighted works, if you prefer less loaded terminology). Pirate #1 is a broke college sophomore with a subsidized ultra-fast broadband connection and eons of spare time on his hands. While this pirate lacks the disposable income to pay for content at virtually any price, he's perfectly willing to spend hours on end sitting hunched over a laptop in his dorm room scouring various Web forums for links to his favorite TV shows and movies, most of which are available unlawfully on cyberlockers, Bittorrent, Usenet, etc.

Pirate #2 is a 30-something, tech-savvy mid-career IT professional with plenty of disposable income. Even though he owns a Blu-ray player and could afford to buy or rent several discs per month, he instead opts to download Blu-ray image files on his 50Mbps Verizon FiOS connection and watches them on a laptop hooked up to his high-def television. Using his Mastercard, he spends $10 a month to subscribe to a popular Seychelles-based content search website that enables him to find picture-perfect movie rips in seconds. Although he has the means to pay for content, he sees no reason to bother with physical discs, DRM, and platform restrictions given that pirated content is so much cheaper, and virtually as accessible. While he ultimately purchases some of the content he acquires unlawfully, attending the occasional live concert and theatrical performance, he only does so occasionally. He has few moral qualms about his behavior; with millions of other consumers paying for the content he enjoys, what difference can one more legitimate purchaser make? (Julian correctly observes that some individuals who "sample" music through illicit outlets ultimately spend more money on artists because they're more likely to attend live performances. However, given the growing prevalence of free and lawful sources of music "samples," and considering that piracy's effects on creators of other types of content (e.g. movies, TV shows, video games) is far less ambiguous, the "file sharing actually benefits artists" hypothesis is hardly persuasive).

Turning back to the issue of rogue sites legislation, a law that serves only to make it impossible for Pirate #1 (and the millions in America like him) to access infringing content won't do anybody much good. Content creators won't get paid more, as Pirate #1 has no money, while the aggregate utility society derives from artists' expressive works will decrease. Instead of enjoying movies and music acquired unlawfully, Pirate #1 will simply find another, presumably inferior, way to spend his free time. It's a no-win situation.

But a law that makes it impossible for Pirate #2 (and the millions like him) to access infringing content would almost certainly benefit content creators — and society at large. No longer able to download movies, TV shows, and video games illegally, Pirate #2 might consume less overall content, but he'll also pay for a lot more lawfully-acquired content. He'll spend less of his disposable income on goods and services other than content, meaning some legitimate businesses will experience a decline in revenue. But since Pirate #2′s overall spending habits will more closely match his true consumption preferences, society's aggregate resources will likely end up being allocated more efficiently than before .

The virtue of a "follow the money" approach to rogue websites is that it's likely to curb piracy by users like Pirate #2, who are already willing and able to pay for legitimate content. Users who have a credit card and use it to pay for infringing content — or for services that facilitate access to infringing content — presumably have at least some disposable income to spend on expressive works. While rogue websites legislation is likely to leave many, if not most, websites that facilitate piracy unaffected, disabling U.S. payment services from doing business with a handful of especially popular offshore piracy sites will frustrate users. Many of these users will simply seek out alternatives, but some users will give up and "go legitimate." By driving piracy further underground, such a law might cause users like Pirate #1 to spend more of their relatively worthless time seeking out infringing content. But this is the Internet we're talking about; the determined user will find what he seeks, no matter the roadblocks lawmakers throw up.

Whether a targeted law aimed at combating offshore rogue sites' revenue sources would, on net, measurably benefit the U.S. economy is far from certain. But even a law that has greater-than-even odds of improving aggregate social welfare by the equivalent of a few hundred million dollars amounts to a step in the right direction. In a world of uncertainty, we all make decisions with harshly limited knowledge every day. All else equal, making highly-informed decisions is vastly superior to educated guesses, but educated guesses are often the best feasible option.

In an ideal world, of course, Congress would be focused on far more crucial legislative priorities than combating rogue websites, such as solving the entitlement mess, fixing America's overly litigious legal system, reining in the ever-growing regulatory state, and even reforming the Copyright Act to reduce the insanely long term of copyright protection. But given that both the House and Senate Judiciary Committees, which handle copyright legislation, seem more focused on undermining our liberty and prosperity than on enhancing it — from data retention to employment verification mandates to the PATRIOT Act renewal — passing a consensus rogue websites bill may be the best of all feasible outcomes this session of Congress.

If lawmakers act swiftly but carefully — holding a handful of additional hearings, focusing on crafting legislation that Silicon Valley can tolerate (if not embrace), and emphasizing a transparent process — there may still be hope for prudent rogue websites legislation this session. And that could be a good thing.

Over at TIME.com, I consult public choice theory to glean the meaning of last week's SOPA protest success:

The SOPA blackout protest last week was an unprecedented event. Its massive success — with dozens of members of Congress switching their stance in one day under the withering intensity of thousands of phone calls — surprised even the activists who spurred the protest. So does this mean that we are entering the much-heralded era of Internet-powered citizen democracy?

Read the whole thing here.

Today, the Supreme Court issued its decision in U.S. v. Jones, unanimously holding that law enforcement violated the Fourth Amendment by affixing a GPS tracker to a vehicle to monitor its movements without obtaining a search warrant from a court. The following statement can be attributed to Berin Szoka, President of TechFreedom:

This was an easy case: law enforcement plainly trespassed on private property protected by the Fourth Amendment. But as the majority notes, today's holding is only the bare minimum of the Constitution's protections. The harder question awaits the Court: When does purely electronic surveillance—without physical trespass—violate the Fourth Amendment?

At the very least, the Court must reconsider the "third party" doctrine invented by lower courts, which denies us protection for information we share with trusted third parties like "cloud" services that host our email, photos, and documents. The Court should make clear that Fourth Amendment protections hinge not on keeping information secret, but on whether we take steps to preserve that information as private. That, not the "reasonable expectation of privacy," is the standard the Court applied in its landmark 1967 Katz decision. It is also the only standard that will effectively protect Americans' privacy in the digital age.

[Cross posted at TechFreedom.org]

(Cross posted at Reason.org)

Americans got a preview of what life would be like under the U.S. Senate's Protect Intellectual Property Act (PIPA) when the Department of Justice and the FBI yesterday shut down Megaupload.com and arrested its founder and six other executives on charges of illegally sharing copyrighted material.

The move comes in the middle of a vociferous debate on PIPA and its House counterpart, the Stop Online Piracy Act (SOPA) and provides more fuel for opponents who argue that the bills threaten to undermine legal, legitimate mechanisms that are integral to the Internet technological and social utility (See my commentary posted on Reason yesterday afternoon).

PIPA supporters have argued that worries about Internet censorship and user disruption are exaggerated and the bill's real goal is to target shadowy "rogue" sites that deal in counterfeit merchandise and pirated video downloads. Yesterday we found out just who the Feds thinks these rogue sites are.

Megaupload.com is a major commercial file-sharing site used by millions of consumers and businesses in the course of daily business. Users park large files that can then be shared among friends, family or professional workgroups. It competes directly with other such services such as Dropbox and RapidUpload. Megaupload claims to have about 50 million daily visits and even DoJ notes that at one point it was estimated to be the 13th most frequently visited site on the Internet.

Can infringing material be found on Megaupload? No doubt it can. But infringing material can also be found on YouTube and just about every other file-sharing site. The courts have held that these sites are not liable for infringement as long as they honor cease and desist notices to take down offending content.

The DoJ's indictment rests on the claim that Megaupload.com first and foremost was in the business of piracy. The seven executives arrested yesterday (a group that did not include the company's CEO, Swizz Beatz, the husband of singer Alicia Keyes) are being charged with racketeering. The indictment claims that Megaupload.com robbed artists, musicians and authors of $500 million, and that the site is actually a front for a worldwide conspiracy.

These charges might yet be true, but the supposition shouldn't trump due process (See Jerry Brito's post below). That it did brings the precise concerns of PIPA and SOPA critics into high relief. In addition to the arrest, the Feds have forced Megaupload.com to shut down, essentially seizing not only private property of Megaupload, but the documents, photos, videos and artwork of millions of legitimate users–some of it crucial to their livelihoods–on what amounts to a thin pretext that could be applied to any file-sharing site. Anonymous, the loosely knit "hacktivist" group, made its feelings known with its retaliatory DDoS attacks on DoJ, FBI, MPAA and RIAA sites yesterday, but I think there's more blowback to come. A significant number of average Americans lost time, money and digital property yesterday in what they perceive as a massive overreach by a DoJ that is already under fire for its blundering tactics (Fast and Furious, the Black Friday poker site shutdowns). I'll bet the phones were ringing off the hook in many Congressional offices this morning.

Moreover, the charges may not stick. By all accounts, Megaupload is gearing up for a fight. As its lead attorney notes, case law, including the YouTube decision, favors the company. Plus there's the fact there are no copyright  judgments currently against it. It reportedly has also been working to iron out copyright issues with rightsholders, and has garnered support from a cross-section of artists and performers–the very community that the government alleges Megaupload has been ripping off. But even it wins, it might be a Phyrric victory, because by the time the legal dust settles, Megaupload may well be out of business. Elsewhere, Dropbox and RapidUpload execs must be sweating.

The takeaway from all this is that SOPA and PIPA will codify these DoJ tactics. And with the Megaupload siezure sitting out there as Exhibit A, no one can take the Feds at their word that they will exercise any restraint or discretion in their definition of a "rogue" site.

The best hope is that Megaupload turns out to be the egg that make the omelet. The good news out of this week of contentious debate is that is that Senate Majority Leader Harry Reid has pulled the Tuesday PIPA vote from the floor calendar. In the lower chamber, House Judiciary Committee Chairman Lamar Smith said his panel won't take up "there is wider agreement on a solution."

Looks like the good guys might just win one.

Here's Mike Riggs take on Reason.com's Hit and Run.

[Cross posted from TechFreedom]

Today, the Digital Advertising Alliance, a group of leading digital ad agencies and online ad networks, unveiled a campaign to bring attention to AdChoices, its icon-based system allowing users to opt-out of behavioral advertising. The following statement can be attributed to Berin Szoka, President of TechFreedom:

In the 1990s, Congress tried and failed to regulate Internet content. Instead, the courts have required an approach grounded in user empowerment, education and enforcement of existing laws against fraud and deception. Today, we're seeing the the advertising industry build on this approach for consumer protection on privacy. The AdChoices campaign launched last summer empowers consumers to make their own choices on privacy. The ad campaign launched today educates consumers on how to use this tool. The Digital Advertising Alliance has promised to enforce industry's principles. Consumer advocates should hold them to that promise. It's also fair to insist that empowerment and education improve over time. But today, for once, let's give the ad industry credit for doing the right thing.

The Megaupload folks are not the most sympathetic defendants, to say the least. They likely knew very well they were profiting from piracy, and they probably induced it as well. Anonymous's attacks in retaliation for the arrests and domain seizures, therefore, threaten to destroy the good will the Internet community generated the previous day with the SOPA protests. That all said, we can't lose sight of the principle because of the bad actors involved.

This case shows that law enforcement is perfectly capable of securing international cooperation and taking direct action against large piracy operations overseas. The Megaupload principals were arrested and they now face extradition and trial. So why do we need due-process-free domain seizures or tinkering with the inner workings of the Internet to combat piracy?

This case also reminds us that the federal government already has the power to seize .com, .net, .org and other U.S.-registered domains. Stopping SOPA is one thing, but now the task should be rolling back excessive government powers to control information online.

The balance struck by the DMCA, which gives safe harbor to sites that take down allegedly infringing content when notified by the owner, is the right one. No safe harbor is available to sites that have actual knowledge that they are benefiting from pirated content, as is probably the case with Megaupload.

I thought Todd Zywicki, a senior scholar with the Mercatus Center at George Mason University, did a nice job on Judge Napolitano's "Freedom Watch" show addressing the contentious question of whether government should be regulating food advertising in order to somehow make American kids healthier. Todd pointed out how the advertising guidelines currently being developed are anything but "voluntary" and noted that there are many causes of childhood obesity. Watch the clip here:

Importantly, Todd also notes that there are First Amendment issues in play here. Commercial free speech is not completely without constitutional protection, as I noted in my recent Charleston Law Review article on "Advertising, Commercial Speech & First Amendment Parity."

Finally, as we always note here about regulation generally — especially restrictions on advertising — there is no free lunch (excuse the pun in this case!). Advertising has traditionally been the great subsidizer of media and information in America. It has also kept competitors on their toes and kept prices in check.  These benefits are lost when we regulate advertising. So, while some nanny state-ers would like to convince us that they simply have the best interests of our kids in mind, the reality is that the regulations they favor will likely drive up costs for families and limit their choices of both products and media platforms, both of which are subsidized by advertising.

Tune in here 12-1:45pm today for the livestream (below) of TechFreedom's joint Capitol Hill briefing, "Unintended Consequences of Rogue Website Crackdown," co-sponsored by the Competitive Enterprise Institute and the Cato Institute. Our expert panel will discuss the recent outpouring of public opposition to the Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA), what's next for these troublesome bills, possible compromises, and the proposed alternative, Online Protection and Enforcement of Digital Trade (OPEN) Act. Our panelists are:

Ryan Radia, Associate Director of Technology Studies, CEI
Larry Downes, Senior Adjunct Fellow, TechFreedom
Julian Sanchez, Research Fellow, Cato
James Gattuso, Senior Research Fellow in Regulatory Policy, Heritage Foundation
Allan Friedman, Research Director, Center for Technology Innovation, Brookings Institution
Dan Kaminsky, Security Researcher

Follow the discussion on the #SOPAnel hashtag or submit a question for the panel to @Tech_Freedom!

This event is the perfect way to celebrate  TechFreedom's one-year anniversary. Our theme for the last year has been two-fold: optimism about how technology can expand our capacity to choose for ourselves and skepticism about government meddling with the Internet. As Hayek famously said about the "curious task" of economics, TechFreedom's task is to "demonstrate to men how little they really know about what they imagine they can design."

We're skeptical of SOPA and PIPA not because we're against copyright, but for the same reason we're skeptical of regulations aimed at protecting net neutrality, privacy, competition, and other legitimate values: Tinkering with the Internet is a perilous game—and policymakers rarely see the full implications of their interventions.

That's why we've emphasized the need to consider the trade-offs of regulating extremely carefully—to minimize unintended burdens of any rogue website crackdown on cybersecurity, free speech, entrepreneurship, and global Internet governance. But we also want an open and judicious process for copyright's sake! As we noted in our coalition letter with CEI and other free market groups, "If the public perceives this copyright legislation to be the product of a hasty and opaque process, respect for copyrights and trademarks will be diminished, not enhanced."

(Cross posted at reason.org)

It's rare when the entire Internet industry rises up with one voice. Perhaps that's why the protest against the House of Representatives' Stop Online Piracy Act and its Senate counterpart, the Protect Intellectual Property Act (PIPA), is getting so much attention. In policy circles, usually one segment of the online industry is jockeying for favorable position against another. Today, with Wikipedia dark, Google taped over, and a host of other sites large and small raising awareness through home page notices, New Media is drawing its line in the sand against the most astounding government overreach into Internet regulation to date.

The bills amount to good intentions gone awry. True, sites that sell brand-name counterfeits and offer illegal downloads are easy to find and no honest user advocates intellectual property theft. But SOPA and PIPA are extremely coercive and heavy-handed, and as both bills have percolated up through the legislative process, opposition has steadily mounted. There have even been outright turnarounds. The Business Software Alliance, a strong supporter of antipiracy measures and an initial backer of SOPA, reversed its position upon examining the bill.

SOPA and PIPA essentially place responsibility-and cost-of policing the Web for IP violations on the shoulders of Web site owners through an electronic version of prior restraint. The law would require Internet service providers (ISPs) to take steps to prevent their customers' web browsers from connecting to alleged pirating site. Search engines like Google would have to scrub alleged pirating sites from their search results, or else disable links to them. Web advertising delivery systems would be required to block distribution of banners and links. Finally, sites which revolve around user-generated content, such as Facebook and Wikipedia, would be liable for any pirated content or link posted by any one of their millions of visitors.

How do the bills define a site that's counterfeiting products or pirating copyrighted content, or one that allows users to link to them? Not very specifically. The bills' vague language gives the Justice Department enormous leeway with a very light burden of proof in designating offenders. In sum, the bill would give the FBI and federal prosecutors to power to declare illegal any site they don't like.

It is not the least bit alarmist to call this censorship. If either SOPA or PIPA were to pass, for the first time, the U.S. government would be able to block what Americans can access via the Web. Even the provisions against Internet gambling did not go as far (you could still get to a gambling site, you just couldn't transfer money to it). Bottom line: the bills propose ISPs and search engines deploy the same type of Internet blocking mechanisms used today by authoritarian regimes in China, Iran and Syria, just to name three. Worse, when a democratic system such as ours engages in it, it provides these governments with political cover.

This is not to give short shrift to the problem of IP theft. But we have other methods for dealing with the issue that don't trample free speech or due process. The Digital Millennium Copyright Act ensures that copyright can be policed and protected on music download sites and video sharing sites such as YouTube. But it requires the property owner to take responsibility. As for the complaint that much of the Web's IP theft originates off-shore, then perhaps the best course is for the U.S. government, as a representative of its citizens, to work through diplomatic channels and with international law enforcement and to bring offenders to justice. It's harder, and it doesn't generate headlines for politicians, but it respects the rights of Americans, and that should trump convenience.

More on SOPA:

The Internet on Strike

At the Top of Congress' New Year Agenda? Regulate the Net

Don't Rush Anti-Piracy Bill, Free Market Groups Urge

The New SOPA: Now With Slightly Less Awfulness!