Adam Thierer's Blog, page 49

Last week, it was my great pleasure to be invited on NPR’s “On Point with Tom Ashbrook,” to debate Jeffrey Rosen, a leading privacy scholar and the president and chief executive of the National Constitution Center. In an editorial in the previous Sunday’s New York Times (“Madison’s Privacy Blind Spot”), Rosen proposed “constitutional amendment to prohibit unreasonable searches and seizures of our persons and electronic effects, whether by the government or by private corporations like Google and AT&T.” He said his proposed amendment would limit “outrageous and unreasonable” collection practices and would even disallow consumers from sharing their personal information with private actors even if they saw an advantage in doing so.

I responded to Rosen’s proposal in an essay posted on the IAPP Privacy Perspectives blog, “Do We Need A Constitutional Amendment Restricting Private-Sector Data Collection?” In my essay, I argued that there are several legal, economic, and practical problems with Rosen’s proposal. You can head over to the IAPP blog to read my entire response but the gist of it is that “a constitutional amendment [governing private data collection] would be too sweeping in effect and that better alternatives exist to deal with the privacy concerns he identifies.” There are very good reasons we treat public and private actors differently under the law and there “are all far more practical and less-restrictive steps that can be taken without resorting to the sort of constitutional sledgehammer that Jeff Rosen favors. We can protect privacy without rewriting the Constitution or upending the information economy,” I concluded.

But I wanted to elaborate on one particular thing I found particularly interesting about Rosen’s comments when we were on NPR together. During the show, Rosen kept stressing how we needed to adopt a more European construction of privacy as “dignity rights” and he even said his proposed privacy amendment would even disallow individuals from surrendering their private data or their privacy because he viewed these rights as “unalienable.” In other words, from Rosen’s perspective, privacy pretty much trumps everything, even if you want to trade it off against other values. 

Privacy Paternalism?

I’ve been seeing more and more privacy advocates and scholars adopt this attitude, including Anita Allen, Julie Cohen, Siva Vaidhyanathan, and others. Allen, for example, says that privacy is such a “foundational” human right that it some cases the law should override individual choice when consumers act against their own privacy interests. Cohen and Vaidhyanathan make similar arguments in their recent books. Vaidhyanathan claims that consumers are being tricked by the “smokescreen” of “free” online services and “freedom of choice.” Although he admits that no one is forced to use online services and that consumers are also able to opt-out of most of services or data collection practices, he argues that “such choices mean very little” because “the design of the system rigs it in favor of the interests of the company and against the interests of users.” “Celebrating freedom and user autonomy is one of the great rhetorical ploys of the global information economy,” he says.“We are conditioned to believe that having more choices–empty though they may be–is the very essence of human freedom. But meaningful freedom implies real control over the conditions of one’s life.” These are the sort of arguments I increasingly hear made by privacy scholars when claiming that consumers simply can’t be left free to make choices for themselves in this regard. 



In an interesting recent article in the Harvard Law Review, privacy scholar Daniel Solove notes that what binds these thinkers and their work together is, in essence, a sort of privacy paternalism. The point of most modern privacy advocacy has been to better empower consumers to make privacy decisions for themselves. But, Solove notes, “the implication [of these privacy scholar's work] is that the law must override individual consent in certain instances.” Yet, if that choice is taken away from us by law, Solove notes, then privacy regulation, “risks becoming too paternalistic. Regulation that sidesteps consent denies people the freedom to make choices,” Solove argues.

Jeff Rosen now appears to be adopting the sort of approach Solove identifies by claiming that privacy is an “unalienable right” such that it cannot be traded away for other things. By making that choice for us, Rosen’s proposed amendment would, therefore, suffer from that same sort of privacy paternalism Solove identifies. In a forthcoming law review aritcle that will appear in the Maine Law Review, I identify some of the problems associated with privacy paternalism. Most obviously, these scholars should keep in mind that not everyone shares the same privacy values as they do and that many of us will voluntarily trade some of our data for the innovative information services and devices that we desire. If imposed in the form of legal sanctions, privacy paternalism would open the door to almost boundless controls on the activities of both producers and consumers of digital services, potentially limiting future innovations in this space.

For example, when we were on NPR together, Rosen mentioned wireless geolocation technology as a potential source of serious privacy harm, although he did not make it clear whether he wanted it stopped entirely or what. If used improperly, wireless geolocation technology certainly can raise serious privacy concerns. But wireless geolocation technology is also what powers the mapping and traffic services that most of us now take for granted. Many of us expect — no, we demand — that our digital devices be able to give us real-time mapping and traffic notification capabilities. And most of us are willing to make the minor privacy trade-off associated with sharing our location constantly in exchange for the right to receive these services, which are also provided to us free of charge.

So, what would Rosen’s proposed amendment have to say about this trade-off? Would these wireless geolocation technologies be banned altogether, even if consumers desire them? It isn’t really clear at this point because he hasn’t offered us many details about his proposal. But, to the extent it would preempt these technological capabilities on the grounds that our locational privacy is somehow in unalienable right, then that seems like a fairly paternalistic approach to policy and it it would seem to confirm Thomas Lenard and Paul Rubin’s claim that “many of the privacy advocates and writers on the subject do not trust the consumers for whom they purport to advocate.”

Such paternalism is particularly problematic in this case since privacy is such a highly subjective value and one that evolves over time. As Solove notes, “the correct choices regarding privacy and data use are not always clear. For example, although extensive self-exposure can have disastrous consequences, many people use social media successfully and productively.” Privacy norms and ethics are changing faster than ever today. One day’s “creepy” tool or service is often the next day’s “killer app.”

Balancing Values; Considering Costs

As I will discuss in my forthcoming Maine Law Review article and I also discussed in my recent George Mason University Law Review article, at least here in the United States, consumer protection standards have traditionally depended on a clear showing of actual, not prospective or hypothetical, harm. In some cases, when the potential harm associated with a particular practice or technology is extreme in character and poses a direct threat to physical well-being, law has preempted the general presumption that ongoing experimentation and innovation should be allowed by default. But these are extremely rare scenarios, at least as it pertains to privacy concerns under American law, and they mostly involved health and safety measures aimed at preemptively avoiding catastrophic harm to individual or environmental well-being. In the vast majority of other cases, our culture has not accepted that paternalistic idea that law must “save us from ourselves” (i.e., our own irrationality or mistakes). As Solove notes in his recent essay, “People make decisions all the time that are not in their best interests. People relinquish rights and take bad risks, and the law often does not stop them.”



Sometimes privacy advocates also ignore the costs of preemptive policy action and don’t bother conducting a serious review of the potential costs of their regulatory proposals. As a result, preemptive policy action is almost always the preferred remedy to any alleged harm. “By limiting or conditioning the collection of information, regulators can limit market manipulation at the activity level,” Ryan Calo argues in a recent paper. “We could imagine the government fashioning a rule — perhaps inadvisable for other reasons―that limits the collection of information about consumers in order to reduce asymmetries of information.”

Unfortunately, Professor Calo does not fully consider the corresponding cost of such regulatory proposals in calling for the enactment of such a rule. If preemptive regulation slowed or ended certain information practices, it could stifle the provision of new and better services that consumers demand, as I have noted elsewhere. It might also trump other choices or values that consumers care about. While privacy is obviously an incredibly important value, we cannot assume that it is the only value, or the most important value, at stake here. Consumers also care about having access to a constantly growing array of innovative goods and services, and they also care about getting those goods and services at a reasonable price.

Moving from “Rights Talk” to Practical Privacy Solutions

This is the point in the essay where some readers are getting pretty frustrated with me and thinking I am some sort of nihilist who doesn’t give a damn about privacy. I assure you that nothing is further from the truth and that I care very deeply about privacy.

But if you really care about expanding the horizons of privacy protection in our modern world, at some point you have to accept that all the “rights talk” and top-down enforcement efforts in the world are not necessarily going to help as much as you wish they would. The same thing is true for online safety, digital security, and IP protection efforts: No matter how much you might wish the opposite was true, information control is just really, really hard. Legal and regulatory approaches to bottling up information flows will inevitably be several steps behind cutting-edge technological developments. (I’ve discussed these issues in several essays here, including: “Privacy as an Information Control Regime: The Challenges Ahead,” “Copyright, Privacy, Property Rights & Information Control: Common Themes, Common Challenges,” and “When It Comes to Information Control, Everybody Has a Pet Issue & Everyone Will Be Disappointed.”)

That doesn’t mean we should surrender in our efforts to identify more concrete privacy harms, but we should recognize that it will always be a hugely contentious matter and that a great many people will gladly trade away their privacy in a way that others will consider outrageous. In a free society, we must allow them to do so if they derive greater utility from other things. A paternalistic approach based on a sort of privacy fundamentalism will deny them the right to make that choice for themselves. And, practically speaking, no matter how much some might think that privacy values are “unalienable,” the reality is that there will be no way to stop many others from making different choices and relinquishing their privacy all the time.

Educating and empowering citizens is the better way to address this issue. We can try to teach them to make better privacy choices and treat their information, and information about others, with far greater care. We should also work to provide citizens more tools to help accomplish those goals. And if the problem is “information asymmetry” or some general lack of awareness about certain data collection and use practices, then let’s work even harder to make sure consumers are aware of those practices and what they can do about them.

It’s all part of the media literacy and digital citizenship agenda that we need to be investing much more of time and resources into. I outlined that approach in much more detail in this law review article. We need diverse tools and strategies for a diverse citizenry. We need to be talking to both consumers and developers about smarter data hygiene and sensible digital ethics. We need more transparency. We need more privacy privacy professionals working inside organizations to craft sensible data collection and use policies. And so on. Only by working to change attitudes about privacy, online “Netiquette,” and more ethical data use, can we really start to make a dent in this problem.

If nothing else, we must understand the limitations of information control in such highly context-specific harm scenarios. Prof. Rosen might want to ask himself how long it would take to even get his proposed constitutional amendment in place and what the chances are such a movement would even been successful. But, again, and far more importantly, Prof. Rosen and advocates of similar regulatory approaches should remember that their values are not shared by everyone and that, in a free society, a value as inherently subjective as privacy is likely to remain a hugely contentious, every-changing matter, especially when elevated to the level of constitutional rights talk. We need practical solutions to our privacy problems, not pie-in-the-sky Hail Mary schemes that are unlikely to go anywhere and, even if they did, would end up being too heavy-handed and potentially override individual autonomy in the process.

Last night, I appeared on a short segment on the PBS News Hour discussing, “What’s the future of privacy in a big data world?” I was also joined by Jules Polonetsky, executive director of the Future of Privacy Forum. If you’re interested, here’s the video. Transcript is here. Finally, down below the fold, I’ve listed a few law review articles and other essays of mine on this same subject.

Additional reading:

Journal articles:

“The Pursuit of Privacy in a World Where Information Control Is Failing,” Harvard Journal of Law & Public Policy, 36 (2013): 409–55. 
“A Framework for Benefit-Cost Analysis in Digital Privacy Debates,” George Mason University Law Review, 20, no. 4 (Summer 2013): 1055–105.
“Technopanics, Threat Inflation, and the Danger of an Information Technology Precautionary Principle,” Minnesota Journal of Law, Science & Technology, 14 (2013): 309–86.

Testimony / Filings:

Senate Testimony on Privacy, Data Collection & Do Not Track, April 24, 2013.
Comments of the Mercatus Center to the FTC in Privacy & Security Implications of the Internet of Things, May 31, 2013.

Blog posts & opeds:

“Edith Ramirez’s ‘Big Data’ Speech: Privacy Concerns Prompt Precautionary Principle Thinking,” Technology Liberation Front, August 29, 2013.
“Relax and Learn to Love Big Data,” US News & World Report, September 13, 2013.


“Who Really Believes in ‘Permissionless Innovation’?” Technology Liberation Front, March 4, 2013.
“What Does It Mean to ‘Have a Conversation’ about a New Technology?” Technology Liberation Front, May 23, 2013.


“Planning for Hypothetical Horribles in Tech Policy Debates,” Technology Liberation Front, August 6, 2013.
“On the Line between Technology Ethics vs. Technology Policy,” Technology Liberation Front, August 1, 2013.
“Can We Adapt to the Internet of Things?” IAPP Privacy Perspectives, June 19, 2013.

Jack Schinasi discusses his recent working paper, Practicing Privacy Online: Examining Data Protection Regulations Through Google’s Global Expansion published in the Columbia Journal of Transnational Law. Schinasi takes an in-depth look at how online privacy laws differ across the world’s biggest Internet markets — specifically the United States, the European Union and China. Schinasi discusses how we exchange data for services and whether users are aware they’re making this exchange. And, if not, should intermediaries like Google be mandated to make its data tracking more apparent? Or should we better educate Internet users about data sharing and privacy? Schinasi also covers whether privacy laws currently in place in the US and EU are effective, what types of privacy concerns necessitate regulation in these markets, and whether we’ll see China take online privacy more seriously in the future.

Download

Related Links

Practicing Privacy Online: Examining Data Protection Regulations Through Google’s Global Expansion, SSRN
Journal of Transnational Law, Columbia University

John Schinasi discusses his recent working paper, Practicing Privacy Online: Examining Data Protection Regulations Through Google’s Global Expansion published in the Columbia Journal of Transnational Law. Schinasi takes an in-depth look at how online privacy laws differ across the world’s biggest Internet markets — specifically the United States, the European Union and China. Schinasi discusses how we exchange data for services and whether users are aware they’re making this exchange. And, if not, should intermediaries like Google be mandated to make its data tracking more apparent? Or should we better educate Internet users about data sharing and privacy? Schinasi also covers whether privacy laws currently in place in the US and EU are effective, what types of privacy concerns necessitate regulation in these markets, and whether we’ll see China take online privacy more seriously in the future.

Download

Related Links

Practicing Privacy Online: Examining Data Protection Regulations Through Google’s Global Expansion, SSRN
Journal of Transnational Law, Columbia University

On its face, Verizon won a resounding victory in Verizon v. FCC since the controversial net neutrality regulations were vacated by all three DC Circuit judges. This marks the second time in four years the FCC had its net neutrality enforcement struck down.

Look at published reactions, though, and you’ll see that both sides feel they suffered a damaging loss in yesterday’s decision.

Prominent net neutrality advocates say “the court loss was even more emphatic and disastrous than anyone expected” and a “FEMA-level fail.”

Conversely, critics of net neutrality say that it was a “big win for FCC” and that “the court has given the FCC near limitless power to regulate not just broadband, but the Internet itself.”

Most analysis of the case will point out that it’s a mixed bag for both sides. What is clear is that the net neutrality movement suffered an almost complete loss in the short term. The FCC’s regulations from the Open Internet Order preventing ISPs from “unreasonable discrimination” and “blocking” of Internet traffic were struck down. The court said those prohibitions are equivalent to common carrier obligations. Since ISPs are not common carriers–per previous FCC rulings–most of the Open Internet Order was vacated.

The long term is more uncertain and net neutrality critics have ample reason to be concerned. The court yesterday said the FCC has broad authority to regulate ISPs’ treatment of traffic under Section 706 of the 1996 Telecommunications Act. This somewhat unanticipated conclusion–given its breadth–leaves the FCC with several options if it wants to enact net neutrality or “net neutrality-lite” regulations.

Putting aside the possibility that the FCC or Verizon will appeal the decision, these are the developments to watch:

1. Title II reclassification.

The FCC could always reclassify ISPs as common carriers and subject them to common carrier obligations. I think this is unlikely for several reasons.

First, reclassification would absolutely poison relationships with Congressional Republicans, some important Democrats, and the broadband industry. This is a large reason why Chairman Genachowski did not seriously pursue reclassification in 2010. If anything, the political climate is worse for reclassification. Republicans and ISPs oppose reclassification more than Democrats and advocates support it.

Second, the content companies–like Google, Hulu, and Netflix–who would ostensibly benefit from net neutrality seem to have cooled to the idea. Part of content companies’ waning interest in net neutrality, I suspect, is exhaustion. This fight has gone on for a decade with little to show for it. They may also realize that ISPs are not likely to engage in truly abusive behaviors. Broadband speeds and capacity have advanced substantially in a decade and concerns about being squeezed out have lessened. There are also powerful norms that ISPs are not likely to violate. Consumers don’t like unseemly behavior by ISPs–like throttling a competing VoIP or video provider. If only because of the PR risk, ISPs have significant incentives to maintain the level of service they have historically provided.

Third, reclassification is a time-consuming and legally fraught process. Even the most principled net neutrality proponents don’t want ISPs subjected to every applicable Title II obligation. But “forbearance” of Title II regulations means several regulatory proceedings, each one potentially subject to litigation.

Finally, Chairman Tom Wheeler, fortunately, does not appear to be an ideologue willing to spend most of his tenure as chairman re-fighting this bitter fight. His comments last month were telling:

I think we’re also going to see a two-sided market where Netflix might say, ‘well, I’ll pay in order to make sure that . . . my subscriber receives, the best possible transmission of this movie.’ I think we want to let those kinds of things evolve.

This statement struck dread in the hearts of many net neutrality proponents. I’ve always believed he was talking about specialized services when he made this statement since pay-for-priority deals were essentially banned by the Open Internet Order. Regardless, his apparent comfort with changing pricing dynamics in two-sided markets indicates he is not a net neutrality partisan. I suspect Chairman Wheeler wants to make his name as the chairman who guided America to a mobile future. His priorities seem to be in getting spectrum auctions right, not in rehashing old battles.

2. Pay for priority deals.

The legal uncertainties need to be settled before ISPs begin looking at prioritization deals, but they’ll probably pursue some. For example, gaming services might want to pay ISPs to make sure gamers receive low latency connections and large enterprise customers might want prioritized traffic for services like virtual desktops for, say, on-the-road employees. No one knows how common these deals will be. In any case, these deals will probably be closely monitored by the FCC for perceived abuses of market power, as explained next.

3. Increased FCC scrutiny using Section 706.

Substantial and disruptive scrutiny of ISPs’ traffic management from the FCC is the long-term fear. It now appears that the FCC has many tools to regulate how ISPs treat traffic under Section 706. I call this net neutrality-lite but 706 authority has the potential to be a more powerful weapon than the Open Internet Order. Not only can the FCC use 706 to regulate ISPs through adjudications, the mere threat of using 706 against ISPs may induce compliance. If there is a bright side to the court’s recognition of the FCC’s 706 authority, it’s that it makes Title II reclassification of ISPs less likely.

Verizon v. FCC was mostly a win for those of us who viewed the Open Internet Order as a regulatory overreach. Risks remain since net neutrality as a policy goal will not die, but reclassification is a long shot, fortunately. Policy watchers will be analyzing Wheeler’s actions, in particular, to see whether the FCC pursues its Section 706 authority to regulate ISPs. Hopefully the court’s decision is accepted as final and marks the end of the most heated battles over net neutrality. The FCC could then turn its attention to important issues like spectrum auctions, the IP transition, and the rapidly changing television market.

When Google announced it was acquiring digital thermostat company Nest yesterday, it set off another round of privacy and security-related technopanic talk on Twitter and elsewhere. Fear and loathing seemed to be the order of the day. It seems that each new product launch or business announcement in the “Internet of Things” space is destined to set off another round of Chicken Little hand-wringing. We are typically told that the digital sky will soon fall on our collective heads unless we act preemptively to somehow head-off some sort of pending privacy or security apocalypse.

Meanwhile, however, a whole heck of lot of people are demanding more and more of these technologies, and American entrepreneurs are already engaged in heated competition with European and Asian rivals to be at the forefront of the next round Internet innovation to satisfy those consumer demands. So, how is this going to play out?

This gets to what becoming the defining policy issue of our time, not just for the Internet but for technology policy more generally: To what extent should the creators of new technologies seek the blessing of public officials before they develop and deploy their innovations? We can think of this as “the permission question” and it is creating a massive rift between those who desire more preemptive, precautionary safeguards for a variety of reasons (safety, security, privacy, copyright, etc.) and those of us who continue to believe that permissionless innovation should be the guiding ethos of our age. The chasm between these two worldviews is only going to deepen in coming years as the pace of innovation around new technologies (the Internet of Things, wearable tech, driverless cars, 3D printing, commercial drones, etc) continues to accelerate.

Sarah Kessler of Fast Company was kind enough to call me last night and ask for some general comments about Google buying Nest and she also sought out the comments of Marc Rotenberg of EPIC about privacy in the Internet of Things era more generally. Our comments provide a useful example of the divide between these two worldviews and foreshadow debates to come:

With an estimated 50 billion connected objects coming online by 2050, some see good reason to put policies in place that regulate the new categories of data they will collect about the people who use those products. “The basic problem with the Internet of Things, unless privacy safeguards are established up front, is that users will lose control over the data they generate,” Marc Rotenberg, the president of the Electronic Privacy Information Center, told Fast Company in an email. Others see the emerging category as a perfect reason to block omnibus attempts to regulate user data. “If we spend all of our time living in fear of hypothetical worst-case scenarios, then the best-case scenarios will never come about,” says Adam Thierer, a Senior Research Fellow at George Mason University’s Mercatus Center. “That’s the nature of how innovation works. You have to allow for risks and experimentation, and even accidents and failures, if you want to get progress.”

Last week, I wrote about this conflict of visions in my dispatch from the CES show and this topic is also the focus of my forthcoming eBook, “Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom.” To reiterate what I already said, my book will describe the future of the Internet of Things and all technology policy as a grand battle the “precautionary principle” and “permissionless innovation.” The “precautionary principle” refers to the belief that new innovations should be curtailed or disallowed until their developers can prove that they will not cause any harms to individuals, groups, specific entities, cultural norms, or various existing laws, norms, or traditions. The other worldview, “permissionless innovation,” refers to the notion that experimentation with new technologies and business models should generally be permitted by default. Unless a compelling case can be made that a new invention will bring serious harm to society, innovation should be allowed to continue unabated and problems, if they develop at all, can be addressed later.

While those adhering to the precautionary principle mindset tend to favor “top-down” legalistic approaches to solving those potential problems that might creep up, those of us who favor the premissionless innovation approach favor “bottom-up” solutions that evolve over time but do not interrupt the ongoing experimentation and innovation that consumers demand. What does a “bottom-up” approach mean in practice? Education and empowerment, social pressure, societal norms, voluntary self-regulation, and targeted enforcement of existing legal norms (especially through the common law) are almost always superior to top-down, command-and-control regulatory edits and bureaucratic schemes of a “Mother, May I” (i.e., permissioned) nature.

We really should not underestimate the power of norms and public pressure to “regulate” in this regard, perhaps even better than law, which tends to be too slow-moving to make much of a difference. In my book I spend a great deal of time talking about how other technological innovations have been shaped by social norms, public pressure, and press attention. That same will be true for the Internet of Things and various new technologies I discuss in my book. Others will gradually adapt to the new technological realities and integrate these new devices and services into their lives over time.

Perhaps, then, it will be the case that if Google does something particularly bone-headed with Nest that a public backlash will ensue. Or maybe some consumers will just reject Nest and look for other options, which is apparently what Rotenberg is doing according to the Fast Company article. Of course, as I noted in concluding the interview, others may act quite differently and accept Nest and other new Internet of Things technologies, even if there are some privacy or security downsides. As I told Sarah Kessler, while I was visiting the consumer electronics show last week, I heard it was freezing back here in DC. If I would have had Nest in my house, perhaps Google Now could have alerted me to the dangerously low temps in my house and suggested that I raise the temp remotely before my pipes froze. As I noted to Kessler:

“Would that have been creepy?” he says. “To me it would have been helpful. So for everything that people regard as a negative, I can usually find a positive. And if there’s that balance there, then it should be left to individuals to decide for themselves how to decide that balance.”

Finally, since I often get accused of being some sort of nihilist in these debates, I want to make it clear that ethics should influence all these discussions, but I prefer that we not impose ethics in a heavy-handed, inflexible way through preemptive, proscriptive regulatory controls. It makes more sense to wait and see how things play out before regulating to address harms, once we figure out which ones are real. (See the second and third essays listed below for more on ethics and technological innovation.) But we absolutely need to be engaging in robust societal discussions about digital ethics, digital citizenship, privacy and security by design, and sensible online etiquette. I’ve spent a lifetime writing about the power of that approach in the context of online child safety and I think it is equally applicable for privacy and security-related matters. In particular, we need to talk to our kids and our future technologists and innovators about smarter digital habits that respect the safety, security, and privacy of others. Those conversations can help us chart a more sensible path forward without sacrificing the many benefits that accompany the ongoing technological revolution we are blessed to be experiencing today.

____________

Additional Reading:

“Who Really Believes in ‘Permissionless Innovation’?” Technology Liberation Front, March 4, 2013.
“What Does It Mean to ‘Have a Conversation’ about a New Technology?” Technology Liberation Front, May 23, 2013.
“On the Line between Technology Ethics vs. Technology Policy,” Technology Liberation Front, August 1, 2013.
“Planning for Hypothetical Horribles in Tech Policy Debates,” Technology Liberation Front, August 6, 2013.
“Edith Ramirez’s ‘Big Data’ Speech: Privacy Concerns Prompt Precautionary Principle Thinking,” Technology Liberation Front, August 29, 2013.
“When It Comes to Information Control, Everybody Has a Pet Issue & Everyone Will Be Disappointed,” Technology Liberation Front, April 29, 2011.
“Copyright, Privacy, Property Rights & Information Control: Common Themes, Common Challenges,” Technology Liberation Front, April 10, 2012.
“Can We Adapt to the Internet of Things?” IAPP Privacy Perspectives, June 19, 2013.
“Why Do We Always Sell the Next Generation Short?” Forbes, January 8, 2012.
“The Six Things That Drive ‘Technopanics,’” Forbes, March 4, 2012.

With each booth I pass and presentation I listen to at the 2014 International Consumer Electronics Show (CES), it becomes increasingly evident that the “Internet of Things” era has arrived. In just a few short years, the Internet of Things (IoT) has gone from industry buzzword to marketplace reality. Countless new IoT devices are on display throughout the halls of the Las Vegas Convention Center this week, including various wearable technologies, smart appliances, remote monitoring services, autonomous vehicles, and much more.

This isn’t vaporware; these are devices or services that are already on the market or will launch shortly. Some will fail, of course, just as many other earlier technologies on display at past CES shows didn’t pan out. But many of these IoT technologies will succeed, driven by growing consumer demand for highly personalized, ubiquitous, and instantaneous services.

But will policymakers let the Internet of Things revolution continue or will they stop it dead in its tracks? Interestingly, not too many people out here in Vegas at the CES seem all that worried about the latter outcome. Indeed, what I find most striking about the conversation out here at CES this week versus the one about IoT that has been taking place in Washington over the past year is that there is a large and growing disconnect between consumers and policymakers about what the Internet of Things means for the future.

When every device has a sensor, a chip, and some sort of networking capability, amazing opportunities become available to consumers. And that’s what has them so excited and ready to embrace these new technologies. But those same capabilities are exactly what raise the blood pressure of many policymakers and policy activists who fear the safety, security, or privacy-related problems that might creep up in a world filled with such technologies.

But at least so far, most consumers don’t seem to share the same worries. Instead, they are too busy shouting “More, More, More!” IoT technologies have generated enormous interest and every projection I’ve seen so far shows that explosive growth can be expected across all classes of devices. ABI Research estimates that there are more than ten billion wirelessly connected devices in the market today and more than thirty billion devices expected by 2020. Last year Cisco projected that by 2020 thirty-seven billion intelligent things will be connected and communicating but has now apparently revised that estimate upward to 40 or 50 billion. Thus, we are well on the way to a world where “everyone and everything will be connected to the network.”

Yet, it remains unclear what the IoT public policy landscape will look like in coming years and what disposition lawmakers and regulators will adopt toward these new amazing new technologies. Two distinct policy disposition are clashing over what approach should govern the future of innovation in this space.

I discussed this tension during a CES panel this morning on “The Internet of Things and the Home of the Future.” It featured outstanding opening remarks by FTC Commissioner Maureen K. Ohlhausen, who made the case for regulatory humility and focusing on how these new technologies can empower individuals in important new ways. “The Internet has evolved in one generation from a network of electronically interlinked research facilities in the United States to one of the most dynamic forces in the global economy, in the process reshaping entire industries and even changing the way we interact on a personal level,” she noted. “And the Internet of Things offers the promise of even greater progress ahead for consumers and competition.” I strongly encourage you to read Commissioner Ohlhausen’s entire speech. It is terrific and sets exactly the right tone for these discussions.

After Commissioner Ohlhausen spoke, we had a panel discussion that was expertly moderated by tech policy guru Larry Downes and which included remarks from Robert M. McDowell (Hudson Institute), Jeff  Hagins, (Smart Things), Robert Pepper (Cisco), Marc Rogers (Lookout), and me.

When I spoke, I described the future of the Internet of Things as a grand battle of two alternative worldviews: the “precautionary principle” and “permissionless innovation.” The “precautionary principle” refers to the belief that new innovations should be curtailed or disallowed until their developers can prove that they will not cause any harms to individuals, groups, specific entities, cultural norms, or various existing laws, norms, or traditions. The other worldview, “permissionless innovation,” refers to the notion that experimentation with new technologies and business models should generally be permitted by default. Unless a compelling case can be made that a new invention will bring serious harm to society, innovation should be allowed to continue unabated and problems, if they develop at all, can be addressed later.

I’ll soon be releasing a new eBook about this conflict of visions. The book will be called, “Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom” and it should be out in the next few weeks. In it, I will explain how precautionary principle thinking is increasingly creeping into modern information technology policy discussions, explain how that is dangerous and must be rejected, and argue that policymakers should instead unapologetically embrace and defend the permissionless innovation vision — not just for the Internet but also for all new classes of networked technologies and platforms.

This intellectual tension is already evident in debates over the Internet of Things. While we are still very early in this debate, we can expect rising calls for preemptive regulatory controls on IoT technologies based on various safety, security, and especially privacy rationales.  If the precautionary principle mentality wins out and trumps the permissionless innovation ethos that has already powered the first wave of the digital revolution, it will have profound ramifications.

As I’ll note in my forthcoming eBook, preserving and extending the permissionless innovation ethos to the Internet of Things is not about “protecting corporate profits” or assisting any particular technology, industry sector, or set of innovators. Rather, preserving an environment in which permissionless innovation can flourish is about ensuring that individuals as both citizens and consumers continue to enjoy the myriad benefits that accompany an open, innovative information ecosystem. More profoundly, this general freedom to innovate is essential for powering the next great wave of industrial innovation and rejuvenating our dynamic, high-growth economy. Even more profoundly, this is about preserving social and economic freedom more generally while rejecting the central-planning mentality and methods that throughout history have stifled human progress and prosperity.

Safety, security, and privacy problems will continue to persist, of course, and we should work to find practical, “bottom-up” solutions to them. As I detail in my eBook, education and empowerment, social pressure, societal norms, voluntary self-regulation, transparency efforts, and targeted enforcement of existing legal norms (especially through the common law) are almost always superior to “top-down,” command-and-control regulatory edits and bureaucratic schemes of a “Mother, May I” (i.e., permissioned) nature. Preemptive technological controls of that sort would limit new innovation in this space and sacrifice the many benefits that will flow to consumers from continued experimentation.

Those who advocate precautionary regulatory approaches to the Internet of Things should think through to consequences of preemptively prohibiting technological innovation and realize that not everyone shares their same values, especially pertaining to privacy, which is a highly subjective concept that is often difficult to legislate around. We should instead find ways work with together to seek out those practical, bottom-up solutions that will help individuals, institutions, and society learn how to better cope with technological change over time. Using this approach, we can embrace our dynamic future together without doing permanent damage to our innovative minds and economy.

If you’re looking to pursue an econ graduate degree, you should know that the Mercatus Center offers several amazing fellowships for both masters and PhD students. And while they’re mostly for econ students, the Adam Smith fellowship is open to students in other fields as well. In addition to money and a great education, you could get the chance to work with me, Adam, Eli, and Brent. Application deadlines are in March, so get going…

The PhD Fellowship is a three-year, competitive, full-time fellowship program for students who are pursuing a doctoral degree in economics at George Mason University. It includes full tuition support, a stipend, and experience as a research assistant working closely with Mercatus-affiliated Mason faculty. It is a total award of up to $120,000 over three years. The application deadline is February 1, 2014.

The MA Fellowship is a two-year, competitive, full-time fellowship program for students pursuing a master’s degree in economics at George Mason University who are interested in gaining advanced training in applied economics in preparation for a career in public policy. It includes full tuition support, a stipend, and practical experience as a research assistant working with Mercatus scholars. It is a total award of up to $80,000 over two years. The application deadline is March 1, 2014.

The Adam Smith Fellowship is a one-year, competitive fellowship for graduate students attending PhD programs at any university, in a variety of fields, including economics, philosophy, political science, and sociology. Smith Fellows receive a stipend and attend workshops and seminars on the Austrian, Virginia, and Bloomington schools of political economy. It is a total award of up to $10,000 for the year. The application deadline is March 15, 2014.

James Barrat, author of Our Final Invention: Artificial Intelligence and the End of the Human Era, discusses the future of Artificial Intelligence (AI). Barrat takes a look at how to create friendly AI with human characteristics, which other countries are developing AI, and what we could expect with the arrival of the Singularity. He also touches on the evolution of AI and how companies like Google and IBM and government entities like DARPA and the NSA are developing artificial general intelligence devices right now.

Download

Related Links

Our Final Invention: Artificial Intelligence and the End of the Human Era, Amazon
About the Author, Barrat
The Definitive Tech Books of 2013, Huffington Post

Over a month ago I testified at the Senate Homeland Security and Governmental Affairs Committee hearing on Bitcoin. I’ve been asked by the committee to submit answers to additional questions, and I thought I’d try to tap into the Bitcoin community’s wisdom by posting here the questions and my draft answers and inviting you to post in the comments any suggestions you might have. I’d especially appreciate examples of innovative uses of Bitcoin or interesting potential business cases. Thanks for your help!

Post-Hearing Questions for the Record

Submitted to Jerry Brito

From Senator Thomas R. Carper

“Beyond Silk Road: Potential Risks, Threats, and Promises of Virtual Currencies”

November 18, 2013

1. Overall, how would you assess the federal government’s activities thus far regarding virtual currencies and in what areas do you believe more work needs to be done?

The federal government’s approach to virtual currencies thus far has been understandably cautious.

On the anti-money-laundering and terrorist-financing front, FinCEN has issued guidance that adequately addresses virtual currencies, and it is heartening to see recent reports that the agency is clarifying for entrepreneur and consumers how they plan to apply that guidance. Additionally, with the tools already at their disposal, law enforcement has also successfully taken down the Silk Road online black market, as well as Liberty Reserve, a centralized digital currency favored by online criminals and responsible for laundering billions of dollars.

On the consumer protection front, state financial regulators are currently developing guidelines for the licensing of money transmitters, which are meant to ensure that such businesses are well-run and adequately capitalized. As noted in a question below, however, virtual currencies like Bitcoin are still not in use by very many consumers, and those who do use them likely understand the risks involved, giving regulators the luxury of seeing how the market develops and whether any problems arise before intervening.

One area where more guidance may be necessary is tax compliance. The IRS has indicated that it is working on guidance related to virtual currencies. Clear and simple rules for the tax treatment of virtual currency capital gains and other tax questions would be welcome.

2. Do you believe virtual currencies, including Bitcoin, fit into our current legal and regulatory framework? Do you see any gaps in our statutes and regulations regarding virtual currencies? Which agencies do you believe need to be at the forefront of the federal government’s work on virtual currencies?

To date we have seen that regulators have been able to apply existing law to virtual currencies. In the future, there may be situations in which existing law may not be able to fully account for virtual currencies. For example, to the extent we may some day see a Bitcoin futures market, the Commodities Future Trading Commission may want to exercise its authority over “foreign-exchange forwards” or “foreign-exchange swaps.” However, it would be difficult to justify that virtual currencies are “foreign” currency, which Congress did not define in Commodity Exchange Act presumably because the meaning was obvious at the time. That said, the CFTC would have no problem treating bitcoins as commodities, since “commodity” is defined very broadly by the Act. What this suggests is that rather than attempt to predict how current law may not become incompatible with virtual currency use, a better approach may be to wait for actual “cases and controversies” to arise and to intervene only if regulators cannot apply existing law. To do otherwise may invite unintended consequences or simply waste time and resources.

3. As I understand things, currently there is still a relatively very small group of people that use Bitcoin. That being the case, the full scope of the ramifications of the use of Bitcoin remains to be seen.

a. Can you share with us some examples of uses that might have a positive impact for consumers or the broader economy? What are some of the promises of this new technology, as you see them?

b. What kinds of businesses and opportunities might emerge around Bitcoin if the currency continues to grow?

I would refer you to pages 10 – 20 of Bitcoin: A Primer for Policymakers in which my colleague Andrea Castillo and I detail the ways Bitcoin may positively affect the economy, as well as the business opportunities it presents.

4. Since its introduction in 2008, Bitcoin has experienced a number of significant price swings. For example, in 2013, the price per Bitcoin fell from $266 in early April to $50 in late April, but today is hovering around $1000.

a. What factors have contributed to this volatility?

There are at least three reasons that the price of Bitcoin fluctuates so wildly. First, the total value of all outstanding bitcoins is still relatively low. This means that even a small absolute increase in interest in Bitcoin can send prices soaring.

Second, a large fraction of the existing stock of bitcoins seem, for now, to be held as a long-term investment. This means that the market is not very liquid.

Finally, when there is a change in the demand for Bitcoin, the supply of Bitcoin cannot adjust to accommodate it, so all of the adjustment has to happen in the price, rather than in the quantity. This effect may be somewhat offset for now by the fact that many bitcoins are held as investments, but it means that Bitcoin is likely to be relatively volatile even if people stop holding bitcoins as investments.

b. For those companies who are trying to build businesses around this technology, doesn’t this volatility concern you? What can be done so the price is not so volatile?

Merchants that accept payment in bitcoins and companies trying to build businesses around the protocol no doubt already take the volatility into consideration. For example, merchants that accept bitcoins often use a payment services like BitPay, which deposit dollars into merchant accounts on a daily basis, and companies like BitPay hedge against currency volatility. That said, as more and more consumers begin to use Bitcoin, the market will become more liquid and volatility should subside. Additionally, the development of a bitcoin futures market may also help stabilize the currency. Regulators can help combat volatility by allowing such a market to develop.

5. Most of the recent research and media coverage on virtual currencies has focused on Bitcoin. Are there other virtual currencies that we should be paying attention to?

It is important to keep in mind the difference between centralized and decentralized digital currencies. Centralized currencies like the defunct Liberty Reserve are of greater concern to law enforcement, as Special Agent Edward Lowery explained at the hearing. As for decentralized digital currencies, it is not surprising that Bitcoin has earned the lion’s share of attention since it is the first ever decentralized currency as well as the largest. Indeed, the economy of the next largest decentralized digital currency—Litecoin—is less than one-tenth that of Bitcoin. Competing decentralized currencies are very important, especially as they develop technical innovations, but the regulatory and law enforcement issues they raise are essentially the same as Bitcoin.

6. The point has been made to me that the way to see Bitcoin and virtual currencies today is a bit like we saw email or the internet itself 20 years ago. At the time, we thought email might replace mail but it was sort of complicated and difficult to work unless you were more technically minded. Obviously as the technology matured it became easier to use and more widely adopted and it’s changed the way we communicate in fundamental ways. With that said, if you could hazard a guess, what do you see for Bitcoin 20 years from now?

Email is a good analogy, but a better one might be the World Wide Web. As Mike Hearn, an engineer at Google who serves as one of Bitcoin’s core developers, says, “The Web started out as scientists simply showing documents to each other. You could link documents and embed images, but the true potential of the Web really came when these pages became interactive and started gaining more and more features allowing people to build things like Facebook or online shops. Those things are not documents, and now probably half the time people use the Web they aren’t really interacting with documents; they are actually using applications.”

Unlike email, the Web is a platform, which means that it can be programmed to be just about anything. Bitcoin is similarly a platform that can be programmed. As a result, it’s difficult to predict what developers and entrepreneurs allowed to freely innovate may come up with. However, some innovations that Bitcoin may make possible include micropayments, smart property, decentralized assurance contracts, and competitive arbitration services.

7. What can we as policymakers and legislators be doing to encourage innovation by good actors interested in being involved in the virtual currency space?

As I said in my testimony, policymakers’ first imperative should be to do no harm. Bitcoin and other decentralized digital currencies are an experiment, just as the wider Internet once was. The Internet has become the amazing engine of innovation and economic prosperity because it has largely been left alone by regulators. This was a deliberate policy articulated by President Clinton’s chief policy counsel Ira Magaziner, who was in charge of crafting the administration’s Framework for Global Electronic Commerce in July 1997. Its recommendations read in part:

The private sector should lead. The Internet should develop as a market driven arena not a regulated industry. Even where collective action is necessary, governments should encourage industry self-regulation and private sector leadership where possible.

Governments should avoid undue restrictions on electronic commerce. In general, parties should be able to enter into legitimate agreements to buy and sell products and services across the Internet with minimal government involvement or intervention. Governments should refrain from imposing new and unnecessary regulations, bureaucratic procedures or new taxes and tariffs on commercial activities that take place via the Internet.

Where governmental involvement is needed, its aim should be to support and enforce a predictable, minimalist, consistent and simple legal environment for commerce. Where government intervention is necessary, its role should be to ensure competition, protect intellectual property and privacy, prevent fraud, foster transparency, and facilitate dispute resolution, not to regulate.

Governments should recognize the unique qualities of the Internet. The genius and explosive success of the Internet can be attributed in part to its decentralized nature and to its tradition of bottom-up governance. Accordingly, the regulatory frameworks established over the past 60 years for telecommunication, radio and television may not fit the Internet. Existing laws and regulations that may hinder electronic commerce should be reviewed and revised or eliminated to reflect the needs of the new electronic age.

Electronic commerce on the Internet should be facilitated on a global basis. The Internet is a global marketplace. The legal framework supporting commercial transactions should be consistent and predictable regardless of the jurisdiction in which a particular buyer and seller reside.

The same principles should apply to Bitcoin today. If there is one thing policymakers could do today to encourage innovation by good actors in the Bitcoin space it is to signal to the traditional financial sector—especially in banking—that while Bitcoin presents some challenges, it is nothing to be feared, and they will not be penalized by regulators for servicing, working with, and even investing in Bitcoin-related businesses.