Adam Thierer's Blog, page 126

The Supreme Court will be issuing its opinion in the case Brown v. Entertainment Merchants Association any day now (TLF's previous coverage is here). The case was previously known as Schwarzenegger v. Entertainment Merchants Association, but Mr. Schwarzenegger has been trying to stay out of court of late. I was just sent a draft of the statement that the Eagle Forum Education & Legal Defense Fund, which filed an amicus brief in the case, is planning to release if the decision goes its way. The Eagle Forum Education & Legal Defense Fund was founded by Phyllis Schlafly.

[Not really. This is a joke (but the quotes are true).]

[date] – The Eagle Forum Education & Legal Defense Fund (we just say "F'ed") is happy to see that the U.S. Supreme Court has finally recognized that children are precious angels and need to be protected from reality. Its opinion in the Brown v. Entertainment Merchants Association case, released today, holds that states are free to ignore the First Amendment when it comes to children. While F'd has long advocated fidelity to the text of the U.S. Constitution, it believes "traditional values" are more important than some document written 224 years ago. In response to the many calls that our position in support of California's attempt to ban video games is hypocritical considering our mission is "to enable conservative and pro-family men and women to participate in the process of self-government and public policy making so that America will continue to be a land of individual liberty," and we support "parents' rights to guide the education of their own children … and to home-school without oppressive government regulations," we say don't listen to what we've said. "Be a 'doer, not a hearer only.'" (You can't argue with that–it's from the bible.)

As we stated in our amicus brief filing, "violent video games are the equivalent of 'fighting words' for kids who play them." To that end, and emboldened by today's decision, we are calling on Congress to "stop the violence" by enacting Federal restrictions similar to the California statute just upheld by the Supreme Court. Federal legislation is needed because digital downloads already represent 29% of game sales. Virtual "app stores" offered by companies such as Apple, Google, Amazon, and others allow children to access violent video games any time and from anywhere. Here are just a few examples of the sorts of games that are available on mobile phone app stores. They all "appeal[] to a deviant or morbid interest of minors" (to quote the language of the California law). Are your children playing these violent video games?

Office Jerk – Now known by the slighly less-offensive name "OfficeJK", the point of this game for the Android platform is to throw food, golf balls, a bug, a stapler, and even dynamite at a defenseless and nonviolent officemate.
Dig Dug – Video games have been violent from the very beginning, with the first videogame "Space War." Dig Dug, originally released in 1982 requires the player to kill "monsters" by either inflating them until they pop or dropping rocks on top of them (more on "crush videos" to come). Due to its age and the many emulators available for smartphones, this game is probably available for every platform including graphing calculators.
Plants vs. Zombies – Another game available on a wide variety of platforms from PCs to game consoles to portable devices and phones, this game has been nominated for multiple Interactive Achievement Awards, the "Casual Game of the Year Award, and was one of the Best games of 2009 according to website Gamezebo. As you might surmise from the title, the game involves killing zombies. But you don't just kill them by throwing fruits and vegetables at them (though that certainly does the trick on the early levels). Gameplay also involves explosions, rolling over zombies with giant walnuts, and literally mowing them down with lawn mowers. And the visuals are particularly disturbing, with limbs blown off and zombies literally turned to dust by explosions. It also makes fun of a special needs individual named "Crazy Dave."
Angry Birds – After the legality of "crush films" was barely upheld in 2008, it's surprising this game even exists. The user scores point by flinging small birds into buildings and various other structures in an attempt to get the structures to collapse on top of pigs. To quote the California law, this is "especially heinous, cruel, or depraved in that it involves torture or serious physical abuse to the victim[s]."

It's worth pointing out that with the exception of Office Jerk, which is unrated, all of the above games have been rated "Everyone" by the Entertainment Software Rating Board.

Phyllis Schlafly is not available for comment because she gets more self-fulfillment from "the daily duties of a wife and mother in the home."

Have you heard about 3D printing yet? Bre Pettis, founder of Makerbot, a company that sells a $1300 home 3D printer, was Wednesday night's guest on the The Colbert Report. And back in April, Public Knowledge kicked off what's sure to be a long public debate over the legal and policy questions raised by 3D printing with a half-day conference here in D.C.

Also called "additive manufacturing," 3D printing is the process of "printing" a three-dimensional object layer-by-layer with equipment that's not much different from ink-jet printers. Combine 3D printing with 3D scanning and you've got the first real step towards something that seems at first like total science fiction: A Star Trek replicator.

The Future is Here

The current state of the art in 3D scanning and printing is already quite advanced. There's already a growing legion of hobbyists building 3D printers in their basements and sharing object designs across the Internet. As in the early days of radio, these hobbyists are creators, not just consumers.

On the scanning side, for $2,995 you can buy your own NextEngine 3D scanner, which can do a completely automated 360-degree scan of (the surface of) objects up to 5.1" x 3.8" in size at 0.005 inch accuracy in under 30 minutes. For larger objects, you can scan a portion at a time and automatically stitch the scans together via software. The easy-to-use device connects to Windows PCs via USB and includes all necessary software. Don't have $2,995? Not a problem. You can make your own 3D scanner with a cheap laser pointer, wine glass, videocamera or webcam, and a record player. No, really! Or just use the Microsoft Kinect Xbox 360 peripheral (example, source code). Too much effort? Get the $0.99 iPhone app or do it for free with any digital still camera and the My3DScanner website.

Once you've got a scan of the object you want to replicate (or you've created your own design using free software), you need a 3D printer. The printer that Jay Leno uses to replicate parts for his classic cars is now available for less than $15,000. For $1,299, you can buy a MakerBot Thing-O-Matic kit that you assemble (no pun intended) yourself. Still too much? You don't need to buy your own 3D printer when you can use someone else's. There are now several online 3D printing services where you can upload your scan or custom-designed 3D model and get the 3D printed model mailed to you. Pricing is based on the size of your object and the materials used and start at around $0.80 per cubic centimeter. Small trinkets and pieces of jewelry can be made for less than $30 each.

3D scanning and printing is already in use commercially today. There are already more than 10 million 3D printed hearing aids in use worldwide. Boeing is manufacturing some airplane parts using 3D printing. Again, Jay Leno is replicating worn-out parts to restore classic cars. And there's at least one vehicle that will have all of its exterior components made by 3D printers.

The next step in 3D printing is combining multiple materials, which will allow 3D printers to print working electronic devices. The end-game is a self-replicating machine, long an engineering dream. The open design RepRap project has already succeeded in printing all of the custom plastic parts needed to make another RepRap machine.

3D Printing and Intellectual Property

Just as the tape recorder did for music and the videocamera did for television and movies, 3D replicators will soon make duplication of physical objects much easier—with major, and probably obvious, intellectual property ramifications. Just as most people think nothing of photocopying a page from a book or magazine, in a few years people may think nothing of using a 3D copier to make a copy of an earring when the other is lost, making a left-handed copy of a pair of right-handed scissors, or simply buying a single candlestick at a store and then making five more copies at home. While current home 3D printers and scanners may not yet be up to the task of these examples (which all involve relatively simple exterior-scanning), it's worth pointing out that there's no Digital Rights Management (DRM) in current devices.

Digital Rights Management is a catch-all term for manufacturer-designed built-in restrictions meant to ensure that devices can not be used to infringe copyrights. That's why, for example, you can't simply copy a purchased iPhone app to a friend's iPhone. It's not difficult to envision a future where home 3D printers are restricted to printing only pre-approved designs and/or are limited in the resolution and/or materials so that they are really only good for trinkets. This sort of thing has happened with previous technologies. Soon after VCRs entered the market, Hollywood tried very hard to control them (see Sony v. Universal).

Sure, such DRM controls could be "hacked" just as people have hacked DRM systems on cellphones, ereaders, videogame systems, etc. There's even a great short story (or audiobook) by Bruce Sterling about a "fabrikator" owner hacking his device to print all sorts of things it's not supposed to print. Neal Stephenson's novel The Diamond Age revolves in large part over efforts to overcome the restrictions on nanotech-powered "matter compilers" intended to prevent users from compiling weapons or harmful substances.

It is also possible to envision a spectrum of DRM protections, ranging from—to use Jonathan Zittrain's much-ballyhooed terminology—perfectly "generative" 3D printers limited only by their technological capabilities to more "appliancized," regulated printers that are restricted to printing only approved designs in approved quantities. This is no different from how other industries operate today: Authors can decide to only distribute their books through DRM-protected services to DRM-protected ereaders or they can make them available without DRM. Recording artists and television and movie producers can do the same. Although there are a few cases of government-mandated DRM (e.g. the broadcast flag for television), most DRM systems are voluntary and market-negotiated. Personally, I don't see why the field of 3D printing should be any different. Some consumers may be willing to pay a lower price for a DRM-enabled 3D printer and others may prefer to pay more for an unencumbered printer. Let the market decide.

3D Printing and Product Liability

What I find more interesting than the intellectual property issues involved in 3D printing are the product liability issues. The industrial and then digital revolutions have all but killed the concept of "buyer beware." For how can the average buyer understand how today's consumer electronics work and all the ways they can fail or injure someone?

Instead, many states impose strict liability on manufacturers for defects based on the belief that "the costs of injuries resulting from defective products [should be] borne by the manufacturers that put such products on the market rather than by the injured persons who are powerless to protect themselves." (Greenman v. Yuba Power Products, Inc., 377 P.2d 897 (1963), qtd. in Congressional Research Service, Products Liability: A Legal Overview, CRS Issue Brief, Jun. 3, 2005). Without strict liability for manufacturers, even if a consumer could prove an injury is due to a design or manufacturing defect, the injured consumer would likely only be able to recover from the retailer that sold them the defective product. But a major injury claim could bankrupt a retailer. So, rather than requiring the injured party to establish a chain of liability from the retailer to the distributor, supplier, and ultimately to the manufacturer, strict liability allows plaintiffs to directly sue the manufacturer of a product that caused injury.

When 3D print shops (one online directory lists over 600 such companies already in existence) become as commonplace as Kinko's … sorry, FedEx Office, will they be considered the manufacturer? Imposing strict liability on them would likely kill 3D print shops.

Ponoko, a web-based 3D printing service that also allows designers to set up their own virtual CafePress for 3D objects) clearly disclaims any liability in its terms and conditions: "We accept no liability for any products displayed on the website, do not give any warranty nor make any representation about any products on the website, and are neither a seller nor agent of the designer, seller or buyer." While that may seem to settle the matter, as someone in the audience at Public Knowledge's event muttered, that might wel change the first time a child is injured by a 3D-printed item.

3D print shops like Ponoko allow designers to design and sell real physical products to real consumers without ever having seen the like Lulu's print-on-demand for authors." Presumably the designer would order and inspect at least one product themselves before making the product available to the public, but if they design a product that requires tolerances near the limits of what the 3D print shop's equipment is capable of, some of the products may work just fine while others may fail catastrophically. Should the problem be considered a design defect for which the designer is responsible or a manufacturing defect for which the manufacturer (the 3D print shop) is responsible? Should both be responsible? This problem has likely already been dealt with in the traditional realm of product liability, but traditionally, designers of retail products were large companies. That means they had the resources to extensively test products before releasing them to market, they could purchase insurance and legal counsel, and they (hopefully) had the funds to pay for damages.

If a lone designer sells his or her wares through a Ponoko product gallery, placing liability on the designer for design, but not manufacturing, defects makes sense. But if the designer is a near-penniless "maker" artist, there's no point in suing them. Personal injury attorneys tend to focus their sights on entities with deep pockets–and rightly so. And if a designer posts a design with a creative commons license to Thingiverse that is subsequently redesigned by a string of other designers (e.g. the planetary gearbox clock, or Stephen Colbert's head), it may be very difficult indeed identifying which designer is responsible for the defect. While a "maker beware" doctrine may be sufficient for trinkets that people can print themselves (regardless of where they get the design), the widespread use of more complex and costly 3D-printed objects may be limited until there is some entity willing to provide a warranty.

Policy Implications

3D printing and scanning technology is about to change the world. Bre Pettis likened the Public Knowledge conference to the first meeting of the Homebrew Computer Club, which was seen as a watershed moment in the personal computer revolution. I share his excitement in attending the dawn of a new industry that could prove as important (possibly more important) as the Internet. But as the two examples above make clear, 3D printing raises serious policy questions.

Although the technologies involved are different, there are lots of similarities in the ways the public, media, and lawmakers respond to new technologies, whether the telegraph, Internet, or 3D printing. As Tom Standage has documented and Ithiel de Sola Pool predicted, "All of this has happened before, and it will all happen again."

As we watch this new industry develop, the following questions will likely frame many debates:

Which more important: The freedom to innovate or the need to hold someone responsible for any harms that occur?
Where should liability lie when the exact cause of an injury cannot be determined?
Should the law treat amateurs differently than professionals? If so, where should the line between them be drawn?
What should the government's role be in protecting intellectual property?
Is the new technology a "natural monopoly" that must be regulated.

These questions are not unique to 3D printing. But unlike the Internet, which spent its first few years safely ensconced in the military industrial complex, away from malevolent users, malware, spam, and the court system, 3D printing is, by definition, based in the real world. Thus these questions will likely have to be answered sooner rather than later.

This morning, the Federal Communications Commission (FCC) released its eagerly-awaited "Future of Media" report. The 475-page final report is entitled, "The Information Needs of Communities: The Changing Media Landscape in a Broadband Age."  [Here's a 2-page summary and the official press release.]  The report is a bit overdue; the effort was supposed to be wrapped up late last year. Comments in the proceeding were filed over a year ago. Here are some of the major ones. Also, here is the 80-page monster filing that I submitted with my former PFF colleagues Berin Szoka and Ken Ferree.

Quick refresher… Federal policymakers have been taking a greater interest in the health of media and journalism in recent years. In 2009, the Senate held hearings about "the future of journalism," and Senator Benjamin L. Cardin (D-MD) introduced the "Newspaper Revitalization Act," which would allow newspapers to become tax-exempt non-profits in an effort to help them stay afloat. In 2010, the Federal Trade Commission hosted two workshops asking "How Will Journalism Survive the Internet Age?" and also released a staff report on "Potential Policy Recommendations to Support the Reinvention of Journalism." (As I noted here and here, the FTC was blasted for that report and quickly backed off the issue. The agency has since gone radio silent on the issue.) The FCC also launched its "Examination of the Future of Media and Information in a Digital Age" in 2010, and today's report wraps up their work on this front.

My first reaction after scanning the FCC's final report is one of relief. For those of us who care about the First Amendment, media freedom, and free-market experimentation with new media business models, it feels like we've dodged a major bullet. The report does not recommend sweeping regulatory actions that might have seen Washington inserting itself into the affairs of the press or bailing out dying business models.

By contrast, when the FCC and FTC started their respective proceedings, things looked very grim from a policy perspective. The discussion was being completely dominated by groups like Free Press and their founders, the neo-Marxist media scholar Robert W. McChesney and Nation editor John Nichols.  Here are some old essays and papers that summarize the radical "media reform" agenda they set forth over the past few years:

A "Public Option" for Media? The Free Press Plan to Put Journalists on the Public Dole
Free Press, Robert McChesney & the "Struggle" for Media
Socializing Media in Order to Save It
The Wrong Way to Reinvent Media, Part 1: Taxing Devices & Networks to Subsidize Media, by Adam Thierer & Berin Szoka, March 24, 2010
The Wrong Way to Reinvent Media, Part 2: Broadcast Spectrum Fees for Public Media, by Adam Thierer, March 29, 2010
The Wrong Way to Reinvent Media, Part 3: Media Vouchers, by Adam Thierer & Berin Szoka, April 14, 2010
The Wrong Way to Reinvent Media, Part 4: Expanding Postal Subsidies, by Adam Thierer & Berin Szoka, April 20, 2010
The Wrong Way to Reinvent Media, Part 5: Media Bailouts & Welfare for Journalists, by Adam Thierer & Berin Szoka, April 30, 2010

To the FCC's great credit, the agency's final report didn't fall for most of these gimmicks or those radical calls for state intervention. The report's recommendations are actually quite limited in scope and relatively innocuous in nature (although some of them are extremely amorphous and could be open to expansionist interpretations later on). Here are the major recommendations:

Accelerate move from paper to online disclosure. Disclosure information required by the FCC should be moved online from filing cabinets to the Internet so the public can more easily gain access to valuable information.  FCC should eliminate burdensome rules and streamline disclosures about local programming by moving files online.
Remove barriers to innovation and online entrepreneurship by pushing for universal broadband deployment and adoption.  Achieving this goal would remove cost barriers,strengthen online business models, expand consumer pools and ensure that the news and information landscape serves communities to the maximum possible benefit of citizens.
Target existing federal spending at local media.  Existing government advertising spending, such military recruiting and public health ads, should be targeted toward local media whenever possible. Each year, the federal government spends roughly $1 billion in advertising without maximizing potential benefits to local media.
Repeal Fairness Doctrine, terminate localism proceeding and replace "enhanced disclosure" with a new streamlined system of online disclosure. Broadcasters would disclose amount of programming about the community and other important information.
Discourage "pay-for-play" arrangements – in which TV stations allow advertisers to dictate on-air content without disclosing to viewers – by requiring online disclosure of such arrangements.
Re-assess whether the satellite TV's set-aside for educational programming and cable TV leased access systems are working; put satellite disclosure online.
There should be state-based C-SPAN in every state. Cable and satellite operators, public broadcasters and PEG channels should work toward that goal, and policymakers should consider offering incentives for those media organizations that take such steps, or to those that provide support for local cable news operations.
Re-establish tax certificate program for small businesses including minorities and women.
Policymakers should consider clarifications or changes in tax rules that would make it easier for nonprofit news operations to develop sustainable business models.
Focus on historically underserved when policymakers craft strategies and rules.

While I can't endorse all of these recommendations — especially those that involve more spending or tax code tinkering — I think most of these policy proposals are relatively unobjectionable. Again, this is pretty far removed from the radical Free Press / McChesney agenda that guided the Federal Trade Commission's controversial report.  I will likely have more to say about the FCC's specific policy recommendations after getting through the entire 475-page report this weekend.

Even without having finished the entire report, I feel comfortable saying this: The FCC's "Information Needs of Communities" report is an impressive achievement and will be used as a reference document for decades to come.  The report offers an excellent overview of the state of the media marketplace and provides a relatively balanced assessment of both the good and bad trends shaping media and journalism today.

I congratulate Steve Waldman and the entire team experts that the FCC brought together to compile this report. But most of all I am relieved to see that the agency generally restrained itself here and avoided going down the dangerous path I once feared it might.

Finally, I am just a happy camper any day I see the Federal Communications Commission send out a Tweet like this:

A couple of news items this week have vindicated some opinions I'd previously expressed here, and they're all about Apple, so how can I can pass up the opportunity to note them, right?

A while back I wrote that as long as iOS devices had a standards-compliant browser, innovation would be safe:

Apple has come under fire by some supporters of an open internet and open software platforms such as Jonathan Zittrain and Tim Wu, who argue that Apple's walled garden approach to devices and software will lead us to a more controlled and less innovative world. In particular, they point to the app store and Apple's zealous control over what apps consumers are allowed to purchase and run on their devices. Here's the thing, though: Every Apple device comes with a web browser. A web browser is an escape hatch from Apple's walled garden. And Apple has taken a backseat to no one in nurturing an open web.

This week comes word that the Financial Times, unhappy with having to give Apple a 30% cut of it's subscription revenues, has dropped its iOS app in favor of a web app. Read the story; it's quite interesting. As far as I can tell, the web app, written in cutting edge HTML5, is as good as the native app.

The second piece of news is that Apple has quietly backed down from its controversial requirement that an in-app newspaper or magazine subscription be the "same price or less than it is offered outside the app". "Apple also removed the requirement that external subscriptions must be also offered as an in-app purchase."

What this tells me is that the market works, and when companies make boneheaded moves, they can't force users or publishers to go along with it by sheer will. Back when the subscription issue was blowing up I wrote that Apple did not have the market power to make this stick:

Digital publishing is very much a contestable market. I hardly need to point out that the day after Apple's announcement, Google made public its own very competitive subscription service. And while the iPad is ahead of the game right now, Android tablets are only now beginning to hit the market. If declining iPhone market share is any indication, Android will nip at Apple's heels in the tablet space as well. And let's not forget other formidable (and somewhat-formidable) competitors in the likes of HP's WebOS, Microsoft-Nokia, and RIM.

Let's now talk about the real threat to app innovation. There's news today that Apple has finally caved in to political pressure from members of Congress and banned DUI checkpoint apps from the app store. RIM had already complied, and Google has yet to respond. You can see, though, how apps are more susceptible to nanny state meddling than to monopolization.

The day many had expected is finally here. This Reuters headline says it all: Senators seek crackdown on "Bitcoin" currency.

The main target of Sens. Chuck Schumer and Joe Manchin is Silk Road–the online illicit drug bazaar run via the TOR network–but bitcoin, the currency of choice on Silk Road, is also in their sights. (Also, Sens. Roy Blunt and Claire McCaskill are also getting in on the action.) In a recent letter Schimer and Manchin have asked the DOJ and DEA to shut down Silk Rpad, and "seize" the website's domain. More to the point, in his press conference, which you can watch here, Schumer said that bitcoin is "an online form of money laundering used to disguise the source of money, and to disguise who's both selling and buying the drug."

As the DOJ and DEA plan a response and this issue develops, I though I'd offer some initial thoughts:

Bitcoin is digital cash, and like any form of cash, it can be used for good or for ill. Because, like all cash, it is largely anonymous, it will be used by persons looking to evade official scrutiny. This could be contributing anonymously to unpopular causes like Wikileaks, but it could also mean buying drugs online. We don't ban hard to trace paper cash because we understand that there's nothing inherently bad about it; it's what people do with it that's can be problematic. Bitcoin should be treated the same way.

That said about what I think ought to be, what's really interesting is what will be regardless of normative values. That is, can Silk Road and bitcoin "cracked down"?

The federal government is no doubt going to go after Silk Road. This sets up another "natural experiment" like the one presented by LulzSec taking bitcoin donations. Given that the site exists as a .onion an anonymous hidden service via TOR, will the feds be able to find who's behind it and shut it down? We'll see. They certainly won't be able to "seize the domain" as Schumer and Manchin's letter suggests. If a year from now the site is still operating, will we be able to say that government does not "possess any methods of enforcement we have true reason to fear."

If the federal government seeks to go after bitcoin, it won't be able to take down the network. That's just impossible as far as I can tell. The weakest link in the bitcoin ecosystem, however, are the exchanges, like Mt Gox. These allow you to trade your bitcoins for dollars and vice versa. At this point, there's not a lot you can buy with bitcoins, so the ability to trade them to a widely accepted currency is important.
According to Gavin Andresen, the lead developer of the bitcoin project, Mt Gox "is careful to comply with all anti-money-laundering laws and regulations." I'd love to know more about this. As far as I can tell, we know very little about who runs Mt Gox and how they comply with the law.

Even if the federal government is able to shut down Silk Road and exchanges like Mt Gox, we will quickly see others take their place. Silk Road will be supplanted by another anonymart (to use Kevin Kelly's phrase), and we'll see a replay of the drug war we know too well from meatspace. As for exchanges, we'll see new ones pop up, likely in jurisdictions with liberal banking laws, and it will be interesting to see if Congress tries to make it illegal for financial institutions and payment processors to deal with them, just as they've made it illegal to deal with offshore online casinos. What I hope we'll see emerge is a properly licensed and legally compliant domestic exchange that is as committed to fighting money laundering as Citibank. That would certainly help test bitcoin's legality. This great paper by Reuben Grinberg that gives me hope that, for now at least, there's nothing inherently illegal about trading bitcoins.

Facebook announced yesterday that it had finished most of the global roll-out, begun in the U.S. last December. Now ZDNet reports that European Privacy regulators are already planning a probe of this. Emil Protalinski writes:

"Tags of people on pictures should only happen based on people's prior consent and it can't be activated by default," Gerard Lommel, a Luxembourg member of the so-called Article 29 Data Protection Working Party, told BusinessWeek. Such automatic tagging "can bear a lot of risks for users" and the group of European data protection officials will "clarify to Facebook that this can't happen like this."

No doubt our friends at the Extra-Paternalist Internet Cops (EPIC) will jump into the fray with another of their many complaints to the FTC, dripping with outrage that Facebook has "opted us into" this feature. But what's the big deal, really?  Emil explains how things work:

When you upload new photos, Facebook uses software similar to that found in many photo editing tools to match your new photos to other photos you're tagged in. Similar photos are grouped together and, whenever possible, Facebook suggests the name(s) your friend(s) in the photos. In other words, the square that magically finds faces in a photo now suggests names of your Facebook friends to streamline the tagging process, especially with the same friends in multiple uploaded photos.

Lifehacker explains how easy it is for Facebook users to opt-out of having their friends seeing the automatically generated suggestion to tag their face (as Facebook did  in its own announcement):

Head your Privacy Settings and click on Customize Settings.
Scroll down to the "Suggest Photos of Me to Friends" setting and hit "Edit Settings".
In the drop-down on the right, hit "Disable".

See the screenshots here. So, in short: The feature that's upsetting the privacy regulationistas is a feature that saves us time and effort in tagging our friends in photos we upload—unless our friends have opt-outed of having their photos auto-suggested.

Just think about all the time users spent tagging their friends photo by photo—and the value lost from all the photos that aren't tagged because they're just not worth tagging. That's exactly why Google's Picasa photo management software has been using precisely this feature for some time—with nary a peep from the privacy regulationistas. Tagging is pro-user in a number of ways:

It's actually pro-privacy! When you're tagged in a photo, you get an email or an on-site notification telling you a friend has uploaded a photo of you to the site, giving you at least the opportunity to ask that person—your friend, after all—not just to remove the tag, but potentially to remove the photo, or to limit its visibility. Without tagging, you might never know the photo was on the site!
Tagging facilitates dialogue among friends about shared experiences.
It creates a sort of annotated phot0-diary of our lives. It's easy to trivialize this, but over time, I think people will increasingly come to think of photos they and their friends and loved ones have been tagged in as the modern-day equivalents of their photo albums.

Now, if Facebook were automatically placing these tags on photos we uploaded, I could understand why some users would be upset.  But what's the problem with making it easier for users to tag their friends? Facebook has apologized in comments to the BBC, saying: "We should have been more clear with people during the roll-out process when this became available to them." It's probably true that Facebook could do more to inform—or remind—privacy-sensitive users how to opt-out of features like this one or otherwise increase their privacy settings. For example, perhaps a quarterly reminder to all users about privacy controls could help to allay concerns that users don't appreciate how protect their own privacy? And whenever launching new products, the company really should do more to flag changes clearly in a very direct way to users.

But I'm not sure any amount of prior explanation would have satisfied the privacy worrywarts at EPIC and and in Europe.

A Right Not to Be Mentioned?

Re-read Monsieur Lommel's statement carefully: "Tags of people on pictures should only happen based on people's prior consent and it can't be activated by default."  His second concern, again, seems misplaced here: tags are being "activated" only when the user who uploads photos chooses to activate them.  But think carefully about his first claim: Should tags really "happen" based on prior consent from everyone we tagged?  How would tagging work on Facebook if, every time a user uploaded photos, and tagged their friends, each tagged friend had to grant "prior consent" for each tag to appear?

Lommel is essentially arguing for a "Right not to be mentioned (without prior consent)"—a close cousin of the so-called "Right to be Forgotten."  Sound crazy? It is, but it's also the logical extension of the dangerous conception of privacy as a "fundamental human right" to, as free speech scholar put it so brilliantly a decade ago, "Stop People from Speaking About You"—the title of his superb 1999 law review article. In other words, this is privacy as censorship. It is, as Eugene noted, a dangerous idea, one fundamentally inconsistent with an open society in which we are free to observe and comment on the world around us. See Adam Thierer's excellent post on these issues in the context of "forgetting" (i.e., mandatory deletion!).

The Alternative to Regulation: User Empowerment

In the end, features like auto-suggesting tagging will roll out because the vast majority of users find them incredibly useful and they increase the richness of user experience. EPIC and many Europeans seem intent on, as National Review once put it (at William F Buckley's most reactionary moment in his rhetoric), "stand[ing] athwart history, yelling Stop!"  That's what the opt-in obsession ultimately boils down to.

I can certainly understand that some users might not want their friends to tag them in certain photos (imagine the embarrassing or unflattering photo of last night's drunken revelries). But that doesn't mean Facebook shouldn't use auto-suggestions—or that we should accept the European "Right Not to Be Mentioned."

Instead, we should recognize the many layers of user empowerment and other forces at work here to to protect our privacy. That's explained pretty well in the dialogue box that appears when users change their privacy setting to turn off the auto-suggestion feature:

You're always in control of your tags on Facebook:

Only friends can tag you in photos

We'll notify you when a friend has tagged you

You can remove a friend's tag at any time

Tag suggestions are based only on photos you've allowed yourself to be tagged in

Wired's Brian Chen writes today about the "damage" caused to Apple's competitors and there own developers by products announced at yesterday's WWDC keynote, making several claims that are bit dubious, the most suspect of which was this claim about Apple's new cloud-focused trio:

Now, here's why iCloud, iOS 5 and Lion pack such a deadly punch against so many companies: Together, they strengthen Apple's lock-in strategy with vertical integration.

While I don't doubt that Apple is indeed going to deal a very deadly punch to many competitors with their version of cloud computing for consumers, I think using the term "lock-in" is going to far.  True lock-in would mean driving consumers down a one-way street where their data can't be moved to another platform (think Facebook prior to late last year) or driving up switching costs through cancellation fees ala the telecom industry.  Apple, on the other hand, is offering consumers a truly compelling user experience, not holding them hostage.

For example, files created in Pages—one of the iCloud-enabled apps—can be exported and uploaded to Google Docs. Similarly, your iTunes downloads can be added to your Amazon or Google music locker.  Meanwhile Apple's mail and calendar offerings use open standards and that data can also be easily moved to other platforms.

Yet Chen isn't alone in this lock-in theory, The Wall Street Journal's Rolfe Winkler has advanced the same thinking in a piece published yesterday:

What makes Apple's latest product compelling isn't unique technology; both Amazon.com and Google have Internet-based storage offerings. Rather, it is that Apple is doing more to lock in customers. According to IDC analyst Danielle Levitas, as they surrender more digital property to Apple servers, users become more likely to buy future generations of Apple products. Moving it all is complicated.

Certainly it's true that moving large amounts of data from one service to another won't be pretty, but is this a consequence of the specific choices made by Apple, or is this just part of the brave new world of cloud computing?

Aside from a few uber geeks building self-hosted cloud repositories for their own use, the world of all-my-data-everywhere-at-all-times is going to be facilitated by companies offering increasingly sophisticated and deeply integrated ways of making use of your digital detritus.  Users are bound to become accustomed to one set of visual vocabularies, functionalities, and workflows and some may find it hard to move to a competitor as a result.  But unless authorities ban product integration and force consumers to construct their own data syncing solutions piece-by-piece, these rather minor switching costs seem inevitable.

Open standards and low-commitment software-as-a-service offerings make the web an appealing place for geeks who always want the coolest, most advanced bit of software.  But, to the average consumer, getting all of those web-based widgets to work together is a daunting and often perplexing task.  If Apple can solve that consumer pain, that's a win, not a loss—even if it falls short of the geek ideal.

If you're like me, you woke up at the crack of dawn today to maximize your enjoyment of World IPv6 Day. Don't want to miss a minute! If you're like me, you'll also say untruthful things as a very dry form of sarcasm. I hope you got that.

Whatever your interest in IPv6—learn more by reading this heresy—you should take interest in whether the next generation of the Internet protocol will erode or enhance your ability to protect privacy. That's a question that's been gnawing at me for a long time.

IPv4 was designed without enough numbers to accommodate the worldwide, multiple-device Internet we've got today. IPv5 seems to have disappeared—and I'm desperate to know what happened to it. (see above re: sarcasm) Now we're talking about IPv6, a major feature of which is that it has enough numbers to assign one to every device on the globe.

IPv6′s ginormous number space is great for simplifying the maintenance of quality communications on the modern Internet, but it could suck for privacy. You see, if every device can be assigned a permanent number, that number will act as a permanent identifier, and lots of privacy-reducing inferences can be drawn. I.e., "If I saw this IP number before, it's probably the same device and the same person I dealt with before." Communications and interactions that don't require or benefit from tracking become trackable anyway. We lose a structural protection of privacy.

Luckily, the designers of the IPv6 protocol thought of that. Christopher Parsons explains in a thorough post from last year that the IPv6 protocol calls for rolling assignment of randomized numbers for initiators of communications. A Web server has to have a fixed address, of course. It's the target of communications requests, and people need to know where to find it. But the computers that ask for content from such servers do not. IPv6 allows those devices to have transient, pretty darn random numbers that change with regularity. This way, the records of your surfing that come to rest in servers all over the world cannot be combined into a dossier of everything you ever did online. Your computer's IP address does not become your de facto worldwide identifier.

But here's the question: To what extent is this part of IPv6 being implemented? Are the organizations implementing IPv6 including randomized numbers for initiators of communications? Parsons has a clever turn of phrase suggesting one reason why they may not: "the 'security institutions' are better at dissolving privacy protections than the privacy community is at enshrining privacy in law." It could also be simply that there's some cost associated with IPv6′s randomization.

So, does anyone know the status of randomization in the IPv6 protocol? Is it being implemented?

The good news, I think, is that it seems fairly easy to test whether an ISP is deploying IPv6 in full or short-cutting on randomization. Set up a server out there, ping it with a consistent communication, and see if it sees the communication coming from a consistent IP address. If it does, then IPv6 randomization is not working. That's a problem.

Given the wisdom of "trust but verify," I suppose this is not only an appeal for information about present practice, but a request that some group of technical smarties out there set up a system for routine verification that IPv6 randomization is fully and properly implemented by Internet service providers and other major deployers of Internet protocol. If you've already done it, do tell! Thanks!

The U.S. government doesn't need to pick winners and losers and the last thing we should think about doing is messing up the Internet with inappropriate regulation.

Amen, sister! The above quote comes from Victoria Espinel, the U.S. Intellectual Property Enforcement Coordinator for the Office of Management and Budget (AKA the Copyright Czar), speaking at the World Copyright Summit in Brussels about how corporate innovation is often more effective than laws. She went on to explain that the cloud-based music services now offered by Apple, Amazon, and Google "may have the effect of reducing privacy by giving value to consumers …" Espinel is an Obama appointee, which calls into question the concerns voiced a year ago that the RIAA is taking over the Department of Justice.

The next stop on her speaking tour should be the Federal Communications Commission.

On May 26th, it was my great pleasure to participate in a panel discussion on "Growing Up with the Mobile Net," which was co-sponsored by the Congressional Internet Caucus and Common Sense Media. It was a conversation about kids' privacy, online safety, teen free speech rights, anonymity, and the possibility of expanding the Children's Online Privacy Protection Act (COPPA) and implementing the so-called "Internet Eraser Button."

I was joined on the panel by Jules Polonetsky, Co-chair and Director of the Future of Privacy Forum, and Alan Simpson, Vice President of Policy at Common Sense Media. And the session was very ably moderated, as always, by the supremely objective Tim Lordan.*  We really unpacked the "Eraser Button" and "right to be forgotten" notion and thought through the ramifications. And the discussion about the extent of First Amendment rights for teenagers was also interesting.

The video for this 48-minute session can be found on the Congressional Internet Caucus YouTube page here and is embedded below.

Note: During the session, Tim Lordan claimed that he takes no position and that if anyone says he take positions on issues that he will slap a super-injunction on them. Well, I say Tim Lordan is brimming with positions and he's letting them fly at every juncture. In fact, I've never met someone so full of controversial positions in my life as Tim Lordan! OK, so sue me Tim!