Adam Thierer's Blog, page 153

Recent media attention has resurrected the notion that criminal background checks for online dating sites are helpful and should even be required by law. Sunday's front page article in the New York Times described how companies selling background checks can "unmask Mr. or Ms. Wrong." And today's Good Morning America featured a segment called "Online Dating: Are you Flirting with a Felon?"

I was interviewed by both the Times and Good Morning America to say that these background checks are superficial, create a false sense of security, and that government should never mandate these for online dating sites. First of all, I should say that I'm personally involved in this issue. I met my wife on Match.com. We didn't screen each other, at least not for a criminal past. I remember doing a simple search on her screen name however, and for a while thinking she could be someone who she wasn't, though.

But for fun, I did a postmortem background check on myself, just to see what my now wife would have seen. First, I went to Intelius and spent $58 (warning: there's a constant barrage of confusing upsells) to see criminal, civil judgment, property, name, telephone and social networking data. The result: nothing harmful thankfully! But also nothing particularly helpful, either. And the report included a family member that isn't, and left out my brother that is. Then I went to MyMatchChecker and ordered the basic level screening (the two most expansive products–"Getting Serious" and "All About Me"–require social security numbers, which I doubt most people will not learn about the other until they actually get married). The site made it easy to not include all relevant info, and I didn't, so there's a delay on my check. But let's assume it's all good too (ahem).

So would my wife have used the absence of a negative history to assume I was a good person? Well, she shouldn't have. Although these criminal screenings can help in some situations, they still have some serious shortcomings. They result in false negatives when criminal records don't appear or may not include felony arrests that were plead down to misdemeanors.

And these sort of criminal screenings are not very inclusive–at all. According to True.com, the only dating site that screens every member, their database for the District of Columbia would catch only those people sent to jail between 1987 and 2002 (in addition to registered sex offenders, which anyone can search for free). But here's the clincher, many counties don't even report their criminal records to a publicly accessible central database. The last time I checked, in Illinois only 4 out of 102 counties report to a centralized database accessible to companies that perform background screenings. That's a huge amount of people excluded from the background pool.

When I went to testify in Illinois a few years ago, one member off a House Judiciary committee, an ex-FBI agent, understood the failures of screenings that are conducted with a name only. He differentiated criminal screenings with the more thorough and reliable background check (based on social security number, date of birth, fingerprints, employment history, etc.) and helped persuade his colleagues that a dating bill that promotes screenings would create more harm than good.

Because these criminal checks are incomplete and often inaccurate, I also worry about the false positives that could exist, mistakenly leading one to believe that the other person is worse than they actually are. If my report came back with some speeding tickets—hypothetically speaking, of course—would she have met me for our first date? Well, I guess it's too late now!

But there is good new here. There's zero evidence that meeting people online is any more dangerous than meeting them at bars, or social functions or through friends. Indeed, there is anecdotal evidence to suggest that the Internet makes such exchanges more transparent, rather than less.

Still, you should always be cautious when meeting people offline that you've met online. As a newly married Internet policy expert I know its good policy to share my wife's feelings on this topic. And to protect yourself, she says to keep in mind the 3 Ps:

Meet in a public space,
Limit the amount of personal information you give out
Phone a friend to let them know where you'll be on your date

-Braden Cox

Well, there really isn't anything left to be said about Net Neutrality regulation that hasn't already been said a million times before.  Yes, it is the most important technology policy battle of our time, but man, I am sick of it!  Anyway, I've summarized the "The 5-Part Case against Net Neutrality Regulation" here before, so consult that for details, as well as this paper by Berin Szoka and me, "Net Neutrality, Slippery Slopes & High-Tech Mutually Assured Destruction."

But on this day when the Federal Communications Commission (FCC) is enshrining an audacious new regulatory regime for the Internet, I'm going to ignore the shoddy economics behind the effort, the unjustifiable legal basis for it, and the whole stinking undemocratic process leading up to it.  Instead, I just want to focus on the one element of the fight that continues to interest me most, and which, ironically, the one thing that almost all intellectual combatants agree upon: Regulation is prone to excessive special interest influence.  I cannot possibly articulate this concern more succinctly than professors David Farber and Gerald Faulhaber have in this Atlantic op-ed today, "Net Neutrality: No One Will Be Satisfied, Everyone Will Complain." They note that:

"When the FCC asserts regulatory jurisdiction over an area of telecommunications, the dynamic of the industry changes. No longer are customer needs and desires at the forefront of firms' competitive strategies; rather firms take their competitive battles to the FCC, hoping for a favorable ruling that will translate into a marketplace advantage. Customer needs take second place; regulatory 'rent-seeking' becomes the rule of the day, and a previously innovative and vibrant industry becomes a creature of government rule-making."

As I pointed out earlier this week in my essay on "Regulatory Capture: What the Experts Have Found," countless studies by some of the most respected economists and political scientists of our time have shown that, throughout the history of economic regulation, special interests have co-opt policymakers and political bodies (regulatory agencies, in particular) to further their own ends.   No less an authority than Roger Ebert, the movie critic and vocal Net Neutrality supporter, has pointed this out in a Tweet last night:

And yet Ebert still gives FCC regulation a big thumbs up!  What gives?  Why is it that so many smart people seem to held captive by the fiction that we can somehow build a better breed of bureaucrat or legislator that will somehow be immune to special interest influence?  I can't explain it, but all the wishful thinking in the world isn't going to change the reality that any government agency or process big enough to control our economy will be prone to influence by the those most affected by it.  No one has ever said it better than former U.S. President, and progressive hero, Woodrow Wilson:

"If the government is to tell big business men how to run their business, then don't you see that big business men have to get closer to the government even than they are now? Don't you see that they must capture the government, in order not to be restrained too much by it? Must capture the government? They have already captured it. Are you going to invite those inside to stay? They don't have to get there. They are there." [The New Freedom: A Call For the Emancipation of the Generous Energies of a People (1913) at 201-202.]

Yes, they are already there, now more than ever.  As I noted in my old essay on "Lawyers, Lawsuits and Net Neutrality Regulation," the Beltway is absolutely teeming with telecom, media, and technology lobbyists and lawyers hungry to grow the regulatory state in various ways.  Anyone here in town who has past copies of the Federal Communications Bar Association (FCBA) directory on their shelves knows this.  This compendium of people looking to influence public policy in this arena just grows and grows and grows. The last copy I received was practically as thick as a phone book. As I noted in that previous essay, the FCBA experienced absolutely explosive growth following passage of the Telecommunications Act of 1996 and the subsequent FCC regulatory uptick in activity.  But the growing FCBA ranks don't even begin to capture the true extent of what the journalist Jonathan Rauch has called "the parasite economy" at work in this field.  And there's a wicked self-perpetuating cycle of dependency at play here. The more these folks petition lawmakers and regulators asking for new law or clarifications of law, the more law gets created. As more law and regulation is created, more lawyers, consultants, economists and so on, are needed to figure out what it all means and how it all works. And when they all disagree about what it means and how it works, that leads to more congressional hearings and bill, more FCC inquiries and rulemakings, and then more lawsuits and court cases to adjudicate it all.  It never ends.

This is why I can't help but to be amused by all the delightfully naive talk on Twitter and in the blogosphere about how the FCC's move to impose Net Neutrality regulation is about "standing up for the little guy," "putting consumers first" or "preserving Net freedom and openness."  It all reminds me of a line from those rock-n'-roll sages Guns N' Roses: "I've worked too hard for my illusions just to throw them all away."   But I can't help but be jaded by actual history, in which special interests and Washington insiders co-opt each and every regulatory process in this field for their own ends. Let's recall what Tim Wu, the man who coined the term "Net neutrality" taught us in his new book, The Master Switch:

"Again and again in the histories I have recounted, the state has shown itself an inferior arbiter of what is good for the information industries. The federal government's role in radio and television from the 1920s through the 1960s, for instance, was nothing short of a disgrace…. Government's tendency to protect large market players amounts to an illegitimate complicity … [particularly its] sense of obligation to protect big industries irrespective of their having become uncompetitive." (p. 308)

Oh, and just wait till the so-called "consumer advocates" use this new Net Neutrality regulatory regime to push the FCC to impose price control on broadband billing schemes.  No doubt, those advocates will claim this as a great consumer victory. In reality, it will push us right back into the fine hell that was the world of regulated monopoly, which we have been trying to escape for last 20 years.  Why have we been trying to escape that world of price controls and rate-of-return regulation?  Because it was a raw deal for consumers, competition, and innovation.  The promise of "consumer protection" was cruel fiction that masqueraded the reality of special interest favoritism, sheltered markets, and sub-standard services.

So, you ask, what is "The Constructive Alternative to Net Neutrality Regulation"? Well, click on that last link and find out!  That paper by my former colleague Mike Wendy and me represents an attempt to outline some different approaches to dealing with network management disputes other than heavy-handed and preemptive "Mother, May I" forms of regulation.

We don't want to go back to the future, folks.  Yet today's action by the FCC sets us on that path once again.

P.S. #1: Read these essays by FCC Commissioners Robert McDowell ("The FCC's Threat to Internet Freedom") and Meredith Attwell Baker ("Hands Off Tomorrow's Internet").

P.S. #2: Watch this Reason TV video, which answers the question, "Will Net Neutrality Save the Internet?":

FCC Commissioner Robert McDowell penned an outstanding piece in today's Wall Street Journal (subscription) on the commission's vote tomorrow on neutrality regulation.   The final paragraph is worth a Pulitzer:

On this winter solstice, we will witness jaw-dropping interventionist chutzpah as the FCC bypasses branches of our government in the dogged pursuit of needless and harmful regulation. The darkest day of the year may end up marking the beginning of a long winter's night for Internet freedom.

Strangely, McDowell's dire warning is similar to that of Senate Majority Comedian Al Franken, who warned today in the Huffington Post that if the proposed rules are adopted, "the Internet as we know it would cease to exist."    Of course, his reasoning is a bit different, as he calls for more, rather than less regulation. 

Despite complaints from Franken and others on the Left that the FCC proposal doesn't interfere enough with the Internet, the betting at the moment is that the FCC will adopt neutrality rules of some type or another tomorrow.   The the real battle begins, on two fronts.  In Congress, GOP members are anxious to use their new House majority (as well as their increased Senate heft)  to take a whack at regulation generally, and neutrality regulation specifically.   Secondly, in the courts, which decimated the FCC's prior attempt to impose neutrality rules, and will no doubt will look skeptically at these new ones.

Should be an interesting 2011.  (BTW, my own piece on the issue, released on Friday, can be found here.)

"Regulatory capture" occurs when special interests co-opt policymakers or political bodies — regulatory agencies, in particular — to further their own ends.  Capture theory is closely related to the "rent-seeking" and "political failure" theories developed by the public choice school of economics.  Another term for regulatory capture is "client politics," which according to James Q. Wilson, "occurs when most or all of the benefits of a program go to some single, reasonably small interest (and industry, profession, or locality) but most or all of the costs will be borne by a large number of people (for example, all taxpayers)."  (James Q. Wilson, Bureaucracy, 1989, at 76).

While capture theory cannot explain all regulatory policies or developments, it does provide an explanation for the actions of political actors with dismaying regularity.  Because regulatory capture theory conflicts mightily with romanticized notions of "independent" regulatory agencies or "scientific" bureaucracy, it often evokes a visceral reaction and a fair bit of denialism.  (See, for example, of New Republic's Jonathan Chait to Will Wilkinson's recent Economist column about the prevalence of corporatism in our modern political system.)  Yet, countless studies have shown that regulatory capture has been at work in various arenas: transportation and telecommunications; energy and environmental policy; farming and financial services; and many others.

I thought it might be useful to begin constructing a compendium of quotes from various economists and political scientists who have studied the regulatory process throughout history and identified regulatory capture or client politics as a major problem.  I would greatly appreciate having others suggest additional quotes and studies to add to this list since I plan to update it frequently and eventually work all of this into a future paper or book.

The following list is chronological and begins, surprisingly, with the thoughts of progressive hero Woodrow Wilson…

Woodrow Wilson, The New Freedom: A Call For the Emancipation of the Generous Energies of a People (1913) at 201-202:

"If the government is to tell big business men how to run their business, then don't you see that big business men have to get closer to the government even than they are now? Don't you see that they must capture the government, in order not to be restrained too much by it? Must capture the government? They have already captured it. Are you going to invite those inside to stay? They don't have to get there. They are there."

Anthony Downs, "An Economic Theory of Political Action in a Democracy," 65 Journal of Political
Economy 2 (1957), 135-150 at 136:

"…even if social welfare could be defined, and methods of maximizing it could be agreed upon, what reason is there to believe that the men who run the government would be motivated to maximize it? To state that they should do so does not mean that they will."

George Stigler, "The Theory of Economic Regulation," 2 Bell Journal of Economics and
Management Science 1, (1971) 3-21 at 3:

"…as a rule, regulation is acquired by the industry and is designed and operated primarily for its benefits."

George Stigler, "Can Regulatory Agencies Protect the Consumer?" in The Citizen and the State: Essays on Regulation (1975), at 183:

"Regulation and competition are rhetorical friends and deadly enemies: over the doorway of every regulatory agency save two should be carved: 'Competition Not Admitted.' The Federal Trade Commission's doorway should announce , "Competition Admitted in Rear," and that of the Antitrust Division, 'Monopoly Only by Appointment.'"

Theodore J. Lowi, The End of Liberalism: The Second Republic of the United States (2nd Ed., 1969, 1979) at 280:

"a considerable proportion of federal regulation, regardless of its own claim to consumer protection, has the systematic effect of constituting and maintaining a sector of the economy or the society. These are the policies of receivership by regulation."

Alfred Kahn, The Economics of Regulation: Principles and Institutions (1971):

"When a commission is responsible for the performance of an industry, it is under never completely escapable pressure to protect the health of the companies it regulates, to assure a desirable performance by relying on those monopolistic chosen instruments and its own controls rather than on the unplanned and unplannable forces of competition." (p. 12)

"Responsible for the continued provision and improvement of service, [the regulatory commission] comes increasingly and understandably to identify the interest of the public with that of the existing companies on whom it must rely to deliver goods." (p. 46)

Milton and Rose Friedman, Free to Choose (1980) at 193:

"Every act of intervention establishes positions of power.  How that power will be used and for what purposes depends far more on the people who are in the best position to get control of that power and what their purposes are than on the aims and objectives of the initial sponsors of the intervention."

Robert Higgs, Crisis and Leviathan: Critical Episodes in the Growth of American Government (1987) at 8:

"The government's regulatory agencies have created or sustained private monopoly power more often than they have precluded or reduced it.  This result was exactly what  many interested parties desired from government regulation, though they would have been impolitic to have said so in public."

Jeffrey M. Berry, The Interest Group Society (1989) at 151:

"The ties between interest groups and [regulatory] agencies can become too close. A persistent criticism by political scientists is that agencies that regulate businesses are overly sympathetic to the industries they are responsible for regulating.  Critics charge that regulators often come from the businesses they regulate and thus naturally see things from an industry point of view.  Even if regulators weren't previously involved in the industry, they have been seen as eager to please powerful clientele groups rather than have them complain to the White House or to the agency's overseeing committees in Congress."

Douglass North, "Economic Performance through Time," 84 American Economic Review 3, (1994), 359-363 at 360:

"Institutions are not necessarily or even usually created to be socially efficient; rather they, or at least the formal rules, are created to serve the interests of those with the bargaining power to create new rules."

Tim Wu, The Master Switch: The Rise and Fall of Information Empires (2010) at 308:

"Again and again in the histories I have recounted, the state has shown itself an inferior arbiter of what is good for the information industries. The federal government's role in radio and television from the 1920s through the 1960s, for instance, was nothing short of a disgrace…. Government's tendency to protect large market players amounts to an illegitimate complicity … [particularly its] sense of obligation to protect big industries irrespective of their having become uncompetitive."

Additional readings:

Frédéric Boehm, "Regulatory Capture Revisited – Lessons from Economics of Corruption" (2007) http://www.icgg.org/downloads/Boehm%20-%20Regulatory%20Capture%20Revisited.pdf
Ernesto Dal Bo, "Regulatory Capture: A Review," Oxford Review of Economic Policy (2006), http://oxrep.oxfordjournals.org/content/22/2/203.short
William W. Bratton and Joseph A. McCahery, "Regulatory Capture, Public Interest, and the Public Agenda: Toward a Synthesis," 73 North Carolina Law Review 1861 (1995)
Michael E. Levine and Jennifer L. Forrence, "Regulatory Capture, Public Interest, and the Public Agenda: Toward a Synthesis" 6 Journal of Law, Economics, and Organization (1990), 167-198.
David Martimort, "The Life Cycle of Regulatory Agencies: Dynamic Capture and Transaction Costs," 66 Review of Economic Studies 4 (October 1999), 929-947,  http://onlinelibrary.wiley.com/doi/10.1111/1467-937X.00114/abstract
J.J. Lafont & Jean Tirole, "The Politics of Government Decision-Making: A Theory of Regulatory Capture" 106 Quarterly Journal of Economics 4 (Nov. 1991) 1089-1127.
Fred S. McChesney, "Rent Extraction and Rent Creation in the Economic Theory of Regulation," Journal of Legal Studies 16, (1987) 101-118.

Advocates of regulation will credit regulators for the fact that major browser providers Microsoft and Mozilla are going after online "tracking." In forthcoming versions of their browsers, they will provide controls that protect against unwanted monitoring even better than the controls that now exist.

When consumer advocates cluster in Washington, D.C., asking federal agencies to solve consumer issues, of course, any progress on the issues will be credited to the threat of coercion. But experiments like these have no controls.

Decisions about the qualities of goods and services are made out at the leading edge of consumer demand, where producers work to anticipate developing public interests. Meeting demand after it has been realized is a recipe for business failure because competitors getting there before the others win market share and profits. Laggards are losers.

You can tell when regulators push for something that does not match up with consumer demand as perceived in the business sector. The regulators get nowhere. That would be the FTC's call a decade ago for a suite of regulations requiring "notice, choice, access, and security." The current push for "tracking" controls does appear to meet up with consumer demand, and, again, the browser providers are working on it years ahead of what any regulation would have required.

I've put "tracking" in scare quotes because the open question is just what anyone means by the word. The report linked above notes a comment from Google, provider of the Chrome browser:

"The idea of 'Do Not Track' is interesting, but there doesn't seem to be consensus on what 'tracking' really means, nor how new proposals could be implemented in a way that respects people's current privacy controls," said the company…

Maybe Google will be the laggard and loser for not moving on "tracking" as fast as its competitors. That's one approach, while Microsoft and Mozilla will each take a different tack to the problem. The result will be an experiment that does have controls. The browser provider that meets up with consumer interests, in the consumer-friendliest way, wins. Such would not be the case if a federal regulation—yes, one-size-fits-all—determined what "tracking" was and how browsers or others would provide protection against it.

Marketplace competition will do better than any other known method for determining what "tracking" means to consumers and what to do about it. There is no privacy advocate, there is no technologist, no advocacy group, nor academic who knows what to do here.

The one thing I recommend is that do-not-track efforts should control the content of the header and the domains the browser communicates with. Simply putting a "do-not-track" signal in the header would punt the problem back to regulators and the cadre that surrounds them. This group would come up with something that satisfies itself, the regulatory community, but that does not digest and reconcile actual consumers' competing interests in privacy, convenience, access to content, and so on.

This week saw the release of another major government privacy report, this one from the Department of Commerce.  The report called for expanded oversight and a new Privacy Policy Office within the Commerce Department. [Good summary of the report is here, and make sure to see Braden's post about it here.]  The Commerce Dept. green paper follows a report from the Federal Trade Commission (FTC) just a few weeks ago. The FTC report also endorsed a new regulatory framework, including a so-called "Do Not Track" mechanism to allow easier consumer opt-outs of online data collection and advertising.

Commenting on the gradual move toward a mandatory opt-in world for online advertising / data collection, Corey Kronengold of Digiday makes an argument that Berin Szoka and I have tried to develop here in the past.  Namely, if government regulation "breaks" the implicit online quid pro quo currently governing online sites and services — i.e., that you get lots of free stuff in exchange for tolerating ads and data collection — then something must give.  In all likelihood, that means paywalls will go up and prices will increase from zero to something higher.  In his essay, "Taking Issue: The Value of Privacy," Kronengold argues:

The value chain of online publishing is increasingly complex. And most consumers don't have any interest in understanding the mechanics of targeting, data collection and re-selling, and ad revenue sharing. If continued access to free web content is what consumers are after, this has to change. Not participating in the value exchange is not an option. Yet we continue to struggle to explain. We need to do a better job of explaining the options and the consequences of those choices. When we can more clearly explain the benefits of allowing third party data to be bought and sold, users, and our government, are much more likely to allow us to continue to do so.

Providing users with the ability to "opt-out" of targeting, seems like a good idea on the surface, but doesn't adequately address how web publishers and content owners should conduct business. Highlighting that disparity on Monday, one Digiday:Target attendee suggested that publishers simply not deliver content to users who had opted out or turned off their cookies. My applause in support of the idea was met by a deafening silence and confused looks.  The idea of a "cookie wall" that I proposed last week seems to be an easy solution. Tied in to a data exchange and with transparency, we could very easily explain the value proposition to users. With cookies on, you are worth $25. Without cookies, you are worth $1. How much content can you buy for $25 vs $1? There. Now you get it.

You have the right to protect your privacy. Content creators and distributors have the right to not give you content without getting something in return. Why is that so hard for users, the FTC and the Commerce Department to understand?

Kronengold is right; this trade-off should be relatively apparent to most of us and yet it isn't. He's probably on to something when he suggests that online developers "need to do a better job of explaining the options and the consequences of those choices."  In a sense, web publishers have let users enjoy an ad-supported free ride for a long time now and failed to "more clearly explain the benefits of allowing third party data to be bought and sold," as Kronengold notes.

This must change, and quick.  Greater transparency is an essential first step by web publishers and service developers to better inform their users of how the value proposition works. I'd love to see some site and service developers make this value proposition / trade-off more explicit by putting a theoretical price tag on their content or services if they were forced to curtail data collection / advertising.

If a new privacy regulatory regime is implemented, we may get our answer, anyway. When confronted with stark choices such as those Kronegold suggests — namely, "cookie walls" or paywalls demanding fee for service — the response of users could take one of two forms:

Users (especially those who are highly privacy sensitive) might gladly accept the trade-off and pay something more for those sites and services instead of having data collected or ads served; or,
Users might revolt against the resulting paywalls, subscriptions, micropayment schemes, tiered services, etc, and demand government intervention in the name of "fairness."  We might even hear talk of "gouging" and calls for price regulation, even though developers would have no choice but to raise prices to cover costs in the absence of advertising support.

I think that latter scenario is more likely than the former and it troubles me greatly. I hope I'm wrong, however, and the former is the case.  Of course, some mix of the two could be the end result.  Who knows. But regulation will have consequences. Of that much we can be certain.

I want to make three things clear here.  First, I have no problem with online sites and application providers charging for what they offer us.  I'm merely suggesting here that many others will likely have a problem with it since they have grown accustomed to "free" online services.  Second, I have no idea how much sites and services might seek to charge for their services but I must assume that they will cost something more than the $0.00 they currently charge.  Third, as I noted in this exchange with Julian and Tim Lee, I'm not anti-choice in terms of the decisions consumers make in this regard. What I object to is the idea of the government artificially tilting markets in certain directions by facilitating ad blocking or regulatory limitations on data collection. It's one thing for consumers to take advantage of tools that arise spontaneously in the marketplace, such as AdBlock Plus, the latest cookie controls, or even new tools like those Microsoft recently announced for IE9.  It's an entirely different matter for the government to be mandating such things from above.  Thus, I'm not anti-choice, rather, I am anti-intervention as it pertains to government mandates made in the name of expanding privacy or choice since the government's thumb on the scales would distort the organic, experimental evolution of these markets.  And I'm particular concerned about the dangers of intervention since regulation could unleash scenarios like those I described in #2 above. As we know from the study of economic history, regulatory interventions always beget additional interventions to correct for unforeseen circumstances or unintended consequences.

More than anything else, I just want the surreal 'something-for-nothing' quality of these debates to cease.  Those who criticize data collection or online advertising and call for expanded regulation should be required to provide a strict cost-benefit analysis of the restrictions they propose.  In particular, regulatory advocates should explain to us how the content and services supported currently by advertising and marketing will be possible if those techniques are choked off.  Importantly, the "harm" critics claim advertising or data collection efforts give rise to must be concrete, not merely conjectural.  Too much is at stake to allow otherwise.

Earlier today the Commerce Department's Internet Policy Task Force issued its expected privacy report. Commerce waded into shark-filled privacy waters and produced a report that overall is thoughtful, comprehensive and has lots of meat for strengthening the nation's privacy framework. Of course, we have our quibbles too. On first read, here's what I like and what concerns me:

Like:

"Dynamic policies". The report appropriately proposes what it calls "dynamic policies." We agree that technology and information flows are constantly changing, so a privacy policy regulatory framework should not be static, nor should it be proscriptive.
Privacy Policy Office. Because it would be located within Commerce, the office would be a vital advocate for online companies doing business overseas. It could help outreach with European regulators and coordinate certification procedures to enable cross-border data flows.
Transparency through purpose specification and use limitation (NOT collection limitation and data minimization). The report proposes consumer assurances principles that would require data collectors to specify all the reasons for collecting personal information and then specify limits on the use of that information. This is a flexible approach compared to proscriptive regulations limiting data collection and requiring data minimization.
Encourage Global Interoperability. In our comments, NetChoice advocated strongly for international privacy reciprocation, and where appropriate, harmonization.
ECPA Review. We like how the report calls for a review of the Electronic Communications Privacy Act (ECPA). The law is outdated and doesn't do a good job of clarifying the roles of online companies when responding to law enforcement requests.

Concerns:

The Uncertainty of FIPPs. The report advocates the creation of Fair Information Practice Principles (FIPPs) that could be voluntarily adopted by industry. But what would the look like? The report mentions, but doesn't explicitly endorse, FIPPs from the Department of Homeland Security—which are of course binding on government, and might not all be desirable for the private sector. According to the report, the proposed Privacy Policy Office would coordinate these. The FIPPs have been wrongly characterized as a consumer privacy "bill of rights" by some media outlets (they are industry codes of conduct, not affirmative consumer rights).
Privacy Policy Office. While we like this, we're also concerned by it. The process of convening multi-stakeholders means multi-viewpoints and multi-disagreements. We'd prefer the marketplace to be the venue and consumers to be the ultimate arbiter on privacy principles.
National Requirements for Security Breaches. The report calls for Congressional legislation to create a nationwide data security breach law. But is this really necessary? 46 states already have a relatively consistent and reasonable approach toward how companies should safeguard data and the processes involved when there's a breach.
FTC Rulemaking. The report leaves open for further comment whether the FTC needs enhanced (APA) rulemaking authority in the privacy area. NetChoice has opposed giving the FTC blanket, no-hold-barred APA authority, and we'd also oppose this for an issue as broad as privacy.

Likes and concerns aside, 2011 is shaping up to be a busy privacy year! Look forward to working with stakeholders from government, industry and civil society to help refine and implement some of the core recommendations of this document.

The Sixth Circuit ruled on Tuesday that criminal investigators must obtain a warrant to seize user data from cloud providers, voiding parts of the notorious Stored Communication Act.  The SCA allowed investigators to demand providers turn over user data under certain circumstances (e.g., data stored more than 180 days) without obtaining a warrant supported by probable cause.

I have a very long piece analyzing the decision, published on CNET this evening.  See "Search Warrants and Online Data:  Getting Real." (I also wrote extensively about digital search and seizure in "The Laws of Disruption.")  The opinion is from the erudite and highly-readable Judge Danny Boggs.    The case is notable if for no other reason than its detailed and lurid description of the business model for Enzyte, a supplement that promises to, well, you know what it promises to do….

The SCA's looser rules for search and seizure created real headaches for cloud providers and weird results for criminal defendants.  Emails stored on a user's home computer or on a service provider's computer for less than 180 days get full Fourth Amendment protection.  But after 180 days the same emails stored remotely lose some of their privacy under some circumstances.   As the commercial Internet has evolved (the SCA was written in 1986), these provisions have become increasingly anomalous, random and worrisome, both to users and service providers.  (As well as to a wide range of public interest groups.)

Why 180 days?  I haven't had a chance to check the legislative history, but my guess is that in 1986 data left on a service provider's computer would have taken on the appearance of being abandoned.

Assuming the Sixth Circuit decision is upheld and embraced by other circuits, digital information will finally be covered by traditional Fourth Amendment protections regardless of age or location.  Which means that the government's ability to seize emails (Tuesday's case applied only to emails, but other user data would likely get the same treatment) without a warrant that is based on probable cause will turn on whether or not the defendant had a "reasonable expectation of privacy" in the data.  If the answer is yes, a warrant will be required.

(If the government seizes the data anyway, the evidence could be excluded as a penalty.  The "exclusionary rule" was not invoked in the Warshak case, however, because the government acted on a good-faith belief that the SCA was Constitutional.)

Where does the "reasonable expectation of privacy" test come from?  The Fourth Amendment protects against "unreasonable" searches and seizures, and, since the Katz decision in 1968, Fourth Amendment cases turn on an analysis of whether a criminal defendant's  expectation of privacy in whatever evidence is obtained was reasonable.

Katz involved an electronic listening device attached to the outside of a phone booth—an early form of electronic surveillance.  Discussions about whether a phone conversation could be "searched" or "seized" got quickly metaphysical, so the U.S. Supreme Court decided that what the Fourth Amendment really protected was the privacy interest a defendant had in whatever evidence the government obtained.  "Reasonable expectation of privacy" covered all the defendant's "effects," whether tangible or intangible.

Which means, importantly, that not all stored data would pass the test requiring a warrant.   Only stored data that the user reasonably expects to be kept private by the service provider would require a warrant.  Information of any kind that the defendant makes no effort to keep private—e.g., talking on a  cell phone in a public place where anyone can hear—can be used as evidence without a warrant.

Here the Warshak court suggested that if the terms of service were explicit that user data would not be kept private, then users wouldn't have a reasonable expectation of privacy that the Fourth Amendment protected.  On the other hand, terms that reserved the service provider's own right to audit or inspect user data did not defeat a reasonable expectation of privacy, as the government has long argued.

An interesting test case, not discussed in the opinion, would be Twitter.  Could a criminal investigator demand copies of a defendant's Tweets without a warrant, arguing that Tweets are by design public information?  On the one hand, Twitter users can exclude followers they don't want.  But at the same time, allowed followers can retweet without the permission of the original poster.   So, is there a reasonable expectation of privacy here?

There's no answer to this simplified  hypothetical (yet), but it is precisely the kind of analysis that courts perform when a defendant challenges the government's acquisition of evidence without full Fourth Amendment process being followed.

To pick an instructive tangible evidence example, last month appellate Judge Richard Posner wrote a fascinating decision that shows the legal mind in its most subtle workings.  In U.S. v. Simms, the defendant challenged the inclusion of evidence that stemmed from a warranted search of his home and vehicle.  The probable cause that led to the warrant was the discovery in the defendant's trash of marijuana cigarette butts.  The defendant argued that the search leading to the warrant was a violation of the Fourth Amendment, since the trash can was behind a high fence on his property.

Courts have held that once trash is taken to the curb, the defendant has no "reasonable" expectation of privacy and therefore is deemed to consent to a police officer's search of that trash.  But trash cans behind a fence are generally protected by the Fourth Amendment, subject to several other exceptions.

Here Judge Posner noted that the defendant's city had an ordinance that prohibited taking the trash to the curb during the winter, out of concern that cans would interfere with snow plowing.  Instead, the "winter rules" require that trash collectors take the cans from the resident's property, and that the residents leave a safe and unobstructed path to wherever the cans are stored.  Since the winter rules were in effect, and the cans were left behind a fence but the gate was left open (perhaps stuck in the snow), and the police searched them on trash pickup day, the search did not violate the defendant's reasonable expectation of privacy.

For better or worse, this is the kind of analysis judges must perform in the post-Katz era, when much of what we consider to be private is not memorialized in papers or other physical effects but which is likely to be intangible—the state of our blood chemistry, information stored in various data bases, heat given off and detectable by infrared scanners.

The good news is that the Warshak case is a big step in including digital information under that understanding of the Fourth Amendment.  Search and seizure is evolving to catch up with the reality of our digital lives.

I really enjoyed this editorial in today's Wall Street Journal by sci-fi novelist Orson Scott Card, author of Ender's Game, among many other books.  Card engages in some interesting soul searching about the impact of the Net and digital technology on our lives, economy, and culture.  He concludes his essay by noting that:

We're still the same human beings we always were. Consumers still act like consumers; people still search for love and friendship. But the Internet has freed us from the boundaries of distance and many of the risks of embarrassment in social interactions. This re-sorted geography has brought its own pitfalls and forced us to create new rules of etiquette.

But just as I have no desire to give up cars, trains and planes to return to the hay-eating, vet-needing, poop-generating, one-horsepower horse, I don't want to go back to pre-Google research, pre-Amazon shopping, pre-blog newsmedia, or the loneliness of villages limited by geography.

Quite right.  Card is expressing the sort of "pragmatic optimism" I've written about here before in my essays about the ongoing battle between Internet optimists and pessimists.  I've tried to articulate a sort of middle ground position in this debate that embraces the amazing technological changes at work in today's Information Age but does so with a healthy dose of humility and appreciation for the disruptive impact and pace of that change. As I've noted before, we need to think about how to mitigate the negative impacts associated with technological change without adopting the paranoid tone or Luddite-ish recommendations of the pessimists.  Read Card's entire essay to get a better feel for how we can begin to think in that way.

Richard Bennett brought to my attention the release of the latest CTIA Semi-Annual Wireless Industry Survey. Lots of interesting facts worth examining.  I took two of the charts that appeared in the report and mashed them up to created this chart for the Mercatus Center depicting what has been happening with prices and investment in this sector.  Down below, I note why this is important.

Although it remains subject to some regulatory burdens and a variety of punishing taxes and fees, America's wireless marketplace can be considered a great deregulatory success story. Over the past two decades, the cellular marketplace has generally been treated with a lighter regulatory touch than wireline communications and other sectors that the Federal Communications Commission regulates. The result of that light-touch approach speaks for itself.

Cumulative capital investment has grown from just $2.6 billion in 1988 to just under $300 billion in 2010. That is a stunning level of investment growth in capital-intensive sector. Meanwhile, prices plummeted throughout the 1990s and then plateaued over the past decade. While average local monthly bills stood close to $100 in 1988, today monthly service averages just $47. Importantly, however, the quality-adjusted price of service has improved markedly over the past decade. Consumers are getting much more for their money today than they did in the past. Internet access, texting, video, games, movies, and much more are all available over mobile handsets today. It's not hyperbole to suggest that what we are carrying in our pockets and purses today is really more akin to a computer than a phone. Yet, competition and innovation keeps prices in check.

These statistics suggest that calls for more aggressive regulation of the wireless sector are unwarranted and would likely have a deleterious impact on consumer welfare.