The Volokh Conspiracy

It’s been a pleasure to blog this week.  I hope you’ve enjoyed this conversation and I’d love to continue it.  If you’re interested in reading more, check out our book, Wild West 2.0.  It is the most-discussed Internet policy book of 2010 (Jimmy Wales called it “an invaluable guide” to the “brave new world of the Internet”) and it sold out Amazon.com once already.  Or, contact me directly through my site at davidcthompson.com.  Thanks again to Eugene and the whole Volokh Conspiracy for inviting me to participate this week.

This week, we’ve discussed the “Wild West 2.0” metaphor for the Internet.  Today, I’m going to present a few quick ideas that didn’t make it into this week’s posts.   I don’t have enough space to flesh them all out, but I hope to provoke some thoughts and discussions that will continue beyond this week.

What will widespread surveillance and facial recognition do to privacy?

It’s always been the law in the U.S. that images you take in public are yours to use non-commercially.  There are a few exceptions around security, peeping Toms, and so-called “upskirt” photography, but basically you can take a photo from any public place and make any non-commercial use of it.

There are good reasons for this policy, ranging from a basic respect for the free press and free expression, to the First Amendment.

But, today, facial recognition is quickly becoming available on a wide scale.  For just one example, an application called Face.com allows Facebook users to use photo recognition to find their friends in photos (even if they have not been tagged, or if they have removed their tag).  Using the tool, it’s often possible to find hundreds of untagged photos of your friends (or yourself) posted by other people.

The Face.com developers just released an API (programming interface) to allow other websites to use the same technology.  So far, Face.com has restricted use of the technology to known faces, but nothing technological prevents them from using their database of hundreds of millions of Facebook photos to identify millions of people in public photos.

The results of just one company unleashing photo recognition on the Internet could be huge.  There are more than 3 billion photos on the site Flickr.com  , and billions more in the unstructured Web, on sites like Facebook, and in automated surveillance systems (every time you walk past a security camera, imagine your name being logged).

The figures above don’t even count the fact that some forms of advocacy corporate surveillance would increase in a world with easy facial recognition.  Why would anti-abortion groups not photograph every person who walks into an abortion clinic, use facial recognition to identify them, and use public name-and-address databases (see below) to target mailings (or harassment) to each person’s home?  Why would anti-gay advocates not do the same for people who frequent gay bars, or liberals target “Tea Party” activists, or statists target libertarians, etc?  Or insurance companies outside bars to monitor drinking and driving, smoking, or any other risk factor that could increase rates?

What does this mean for privacy?   If the freedom to take and post photos cannot or should not be changed, should there be regulation of the uses of facial recognition software?  Should it be a privacy tort to publicly identify private citizens by name if they are walking into an abortion clinic, a gay bar, a Tea Party rally, a divorce lawyer’s office, a police station (to “snitch”), or a substance abuse treatment facility?  What does it mean when Google indexes a list of these names and it comes up first for a search for your name?  How will it affect job prospects, inter-personal relations, and more?

Will we all just get over it and not care that our friends are getting abortions or divorces?  Will anti-gay groups get over the fact that some people visit gay bars?  Will political opponents stop harassing each other?   I hope so, but my hopes are dim.

The end result might be that we all wear low-fitting baseball caps each day, or the aptly-named “FlickrBlockrs” sunglasses that started as an art project but might fill a real need.   But should individuals have to proactively monitor their public image so fiercely?  (Read more about our ideas for privacy in the book, Wild West 2.0.)

Will the future allow a binary public/private distinction?

Right now, the law generally recognizes facts as “public” or “private” with very little gray area in between.  This has caused problems in the Fourth Amendment context, where seemingly-private facts (like your bank account information) are not considered “private” for Fourth Amendment purposes (thanks to the “third party doctrine,” the government simply ask your bank; many scholars find this doctrine problematic).

The Internet sharpened this problem by making “public-but-obscure” facts readily available online.  Privacy interests were often supported by practical obscurity; a court may have a list of all cases and convictions, but very few people bothered to trudge to the courthouse to find out.  The county clerk’s office may have a hardcopy list of home owners and their property values, but nobody actually checks.

But online, these records are being rapidly digitized and made searchable.  And because they are all “public” information for privacy purposes, there is currently no restriction on how the information can be displayed.  So far, no case of which I am aware has held that online “white pages” or “dossier” sites (like Spokeo.com, WhitePages.com, Intelius.com, and many others) cannot create a dossier of private-seeming information like your income, hobbies, credit score, home address, phone number, political contributions, and more—just so long as each data point was drawn from a “public” source.

The result of the end of practical obscurity has turned a lot of privacy upside-down.  Criminals now routinely use public records databases for identity theft purposes (itself illegal, but hard to catch), to stalk their victims at home (same), and to identify candidates for burglary or other attacks.  Millions of people (below) now casually flip through their neighbors’ dirty laundry online, ranging from bankruptcy filings to property records to divorce records.  Maybe this information has always been “public,” but it was never so readily available.

Will the law continue to recognize only “public” and “private” information?  Or will it develop shades of gray to recognize that obscurity can protect privacy while allowing “legitimate” uses.  Scholars have discussed ways to limit data like property records to their original purpose (making sure property taxes are apportioned fairly) by encouraging states to strip names from the data before publication; of course, this works only if there are no other records that correlate names to addresses.  Will that be enough?  Or is it a good thing that all these facts are public?

Does the Law Recognize the 300 Million Little Brothers Problem?

The section above should suggest it, but her it is expressly: we no longer live in a nation of Big Brother; we live in a nation of 300 million Little Brothers.

Much of our law is based around fear of surveillance by the government (Big Brother).  The Fourth Amendment is the easiest example; it is based around a fear of an overly intrusive government acting in its role as sovereign.  Statutory law like the Electronic Communications Privacy Act also seeks to protect individual privacy against the government.  And laws like the Stored Communications Act and HIPPA prohibit corporations from revealing certain information about you.

But now an equally real risk is 300 million Little Brothers.  We’ve moved from the Panopticon—where the guards can see everything—to a suburb of glass houses where everyone can see each other.  This is a powerful development for politics (we can now watch the watchers), but it has changed inter-personal privacy as well.  What laws (if any) should be updated to reflect this new reality?  Or should we all just get used to living in public–to quote Google CEO Eric Schmidt “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.“  The power of the Internet is increasingly moving toward making sure that everybody knows what everybody does.  Is this the right direction?

David Thompson is co-author of the leading Internet policy book of 2010, Wild West 2.0 (Amazon) and general counsel of ReputationDefender, Inc.. The standard disclaimer applies: the views represented here are his alone and not those of any current or former employer.

Thanks again for the great responses in comments.  I’ve learned a lot about how people think about the Internet of 2010 and whether it fits the “Wild West 2.0” model.

On Monday, we discussed why the Internet of 2010 resembles the closing of the Wild West frontier.  On Tuesday, we talked about whether CDA 230 is appropriate for the Internet of 2010.  Yesterday, we talked about why CDA 230 is a subsidy to online libel.

Today, I want to present some ideas to preserve the best parts of anonymous free expression, while fixing the subsidy that Section 230 of the Communications Decency Act gives to libelous speech.  I’d love to hear your thoughts.

Online Anonymous Speech is a Good Thing

Anonymous online speech can be powerful and beneficial.  You are free to leave anonymous or pseudonymous comments on this site, which encourages free discussion of political issues.  Protesters in Iran can spread ideas, corporate whistleblowers can speak out, and the government is deterred from at least one form of intrusion into personal life.  On a personal level, you can explore your identity, research controversial causes or issues, or just vent frustration.  All of these are good things and worthy of preservation.

But in the offline world there is also accountability for anonymous speech that is libelous or invasive of privacy.  By taking control of the media away from The New York Times and putting it in the hands of individual bloggers, the Internet have empowered free expression and opinion, but also empowered hundreds of millions of people to anonymously libel each other and invade each others’ privacy.

Updating the Assumptions Underlying CDA 230

CDA 230 was based on a number of guesses about how the Internet of the then-future would work.  We’ve had almost fifteen years to test those assumptions.

To give a little perspective, in 1996, when Section 230 of the Communications Decency Act was passed, the first search engines like AltaVista and Lycos were just getting started, the Google founders were still in college, Netscape Navigator was the most popular browser, the first version of Microsoft Internet Explorer had just been released, and OS/2 was considered a viable operating system.

In 1996, many people assumed that CDA 230 was necessary to a functioning Internet.  They believed that if hosts* had any liability (under any circumstances) for any content, they would stop providing platforms for user interaction.  * I use “hosts” to mean primarily websites that host user-generated content, like Facebook, discussion forums and blog hosts.

But in fifteen years of experience, we’ve seen that CDA 230 is not required for a thriving Internet.  Europe does not have a statute equivalent to CDA 230, the U.K. has stricter libel laws than the United States, and Directive 2000/31/EC requires EU member nations to enforce libel laws online.  But some estimates suggest that Internet use is actually higher in the U.K. than the U.S.  The same goes for Japan (hosts may be liable if they have knowledge of libel, higher Internet use than the U.S.) and Canada (hosts immune only if “innocent dissemination,” higher Internet use than U.S.).  Fast-growing nations like Brazil have experienced ten-fold increases in Internet use in the last decade, even without a local version of CDA 230.

Many people like the “Internet routes around  damage” metaphor to claim that CDA 230 is irrelevant. But right now, the US is the only major country with CDA 230 immunity.  There will always be jurisdictions like Sealandia, but the vast majority of the commercial Internet is based in the U.S., E.U., and Pacific Rim.  There will always be Freenet-type projects that evade all jurisdictions and have no commercial connections, but the vast majority of the network relies on advertising dollars.  And the mostly-effective U.S. online gambling ban suggests that the legal regime does matter after all.

We can also learn from the DCMA: we’ve seen that over-use of DMCA takedowns can lead to chilling effects.  (disclosure: My employer, ReputationDefender, does not send DMCA takedown notices.)  But we’ve also seen that even despite periodic abuses of the DCMA, the user-generated Internet has bloomed.  The DMCA did not, despite itself, kill the Internet.

The drafters of CDA 230 worked in an era when a user’s ISP and forum host were the same.  The Prodigy case led directly to CDA 230.  The cased turned on the actions of a Prodigy subscriber on a Prodigy-run message board inside Prodigy’s “walled-garden.”  Back then, it would have been easy to find the original defendant: Prodigy ran the forums and had a billing relationship with every poster.  The same was true of services like CompuServe and AOL.

Today, there is no connection between ISP and content host.  Instead of Prodigy serving as both ISP and forum host, today Comcast (as ISP) has no relationship with BlogSpot (as content host).  Because of the separation, it became near-impossible find the original defendant in many online libel cases.

Another faulty assumption of CDA 230 is that it would encourage websites to filter their content and produce a more civilized online world.  In the Prodigy case, the service as found liable in part because it selectively removed some libelous and obscene comments (the court: “Prodigy’s conscious choice, to gain the benefits of editorial control, has opened it up to a greater liability”).  The hope for CDA 230 was that, by removing any penalty for taking editorial control, more sites would exercise discretion and remove harmful content.

Of course, the last 15 years have taught us that CDA 230 has been used to support immunity for inaction as much as action.  Many sites have taken the grant of immunity intended to encourage editorial control and used it to abdicate responsibility.

Finally, CDA 230 is a law that assumed the Internet needed a subsidy to grow.  Almost fifteen years of open frontier Internet later, the Internet is approaching maturity (or at least its petulant teenage years) and it is questionable whether the Internet now deserves a special subsidy that no other form of media gets.  Even if the CDA 230 subsidy made sense in 1996, the assumption does not hold in 2010.

Market Solutions are Part of the Answer, But Not All of It

We’ve already seen some market influence toward record-keeping, such as the trend toward services like Facebook Connect.  Sites use identification to discourage users from abusing other users.  But as long as there is no barrier to entry and as long as humans love scandal, the market will not be able to fully correct for the race-to-the-tabloid-bottom effect of sites that benefit from the libel subsidy and encourage users to attack others.

There are also commercial services that help victims recover from online attacks, but these also do not substitute for a legal regime that discourages attacks in the first place.  (Disclosure: My employer provides services that help people build their online reputation before it is damaged, recover from attacks, keep their personal and professional lives separate, and protect their privacy.)  These services can be expensive, some forms of attack can never be fully eliminated, and mitigation does not take the place of prevention.  They cannot replace the proper legal regime, even if they help mitigate damages after the fact.

A Proposal to Keep the Best and Jettison the Rest

How do we keep the best parts of online anonymous speech while jettisoning the ability of site owners to actively encourage libel or invasion of privacy?

This is not a balance between anonymity and accountability.  There will always be anonymity online thanks to services like Anonymizer and TOR.

I propose an opt-in system for web hosts:

Hosts that make a good-faith effort to keep sufficient records to locate content creators are granted CDA-style immunity, even if they have knowledge of liability-creating content.  Sites that do not keep records are immune unless they know that there is liability-creating content.  Good-faith attempts to filter shall not create knowledge liability for what is missed.

The system preserves the right to speak anonymously in both cases; nothing requires sites to reveal any information except on subpoena.  The system still allows sites to choose not to keep any records; if a site wants to allow completely anonymous interactions then it may do so.   No liability is ever imposed without knowledge of the content.  And the original goal of CDA 230 (to fix the filtering glitch in Prodigy) is respected without creating another race-to-the-bottom.

The system preserves First Amendment and free expression values while also respecting the right of non-speakers to privacy and quiet solitude.  It removes a subsidy to libel, and puts the Internet on even footing with other forms of media.  It is technologically neutral, and imposes no new burdens on sites that don’t currently have knowledge of liability-creating material.  And it harmonizes US and foreign law, to make cross-border websites easier to maintain.

Tomorrow: Future Problems in Reputation and Privacy

David Thompson is co-author of the leading Internet policy book of 2010, Wild West 2.0 (Amazon) and general counsel of ReputationDefender, Inc.. The standard disclaimer applies: the views represented here are his alone and not those of any current or former employer.

In the early Internet, it was impossible to find isolated references to people, places, and things.   Many users navigated using directories like the original Yahoo, and early search tools like Gopher (structured documents) and Archie (FTP) were limited .

The search engines changed everything.  Starting with Lycos and AltaVista, information was freed from obscurity.  Suddenly, no matter where on the Internet your name might be mentioned, a search engine could find it.

On Monday, we discussed why the Internet is a new frontier.  On Tuesday ,we questioned whether Section 230 of the Communications Decency Act of 1996 still fits the Internet of 2010.  Today, I’ll explain how the rise of search engines since 1996 has changed reputation and privacy, and why CDA 230 subsidizes libel by preventing speakers and facilitators from internalizing the costs of their actions.

Google Has Changed How Information is Consumed

I don’t think Google is evil.

But Google is far from perfect.  Google creates the illusion that just ten search results reflect some meaningful judgment on a person’s life.  For example, the top five Google search results for any search term get 88% of the clicks.  The over-attention given to the first few Google results is partly user error, but it’s also a form of rational ignorance on the part of searchers: Google gives good enough results most of the time, so there is little incentive to look deeper.

The attention given to the first few Google results would be fine if Google always provided accurate, balanced, and relevant information.  Unfortunately, it doesn’t.  Google has no way to measure whether websites contain information that is true, fair, or proportionate.  Instead, Google uses rough heuristics—most notably the number of links to a page—to try to calculate a page’s popularity.  Popularity substitutes for relevancy, often with comical results (remember “miserable failure?”).

Online, Google search drops users onto a website with no context or history of the site.  There’s no indication whether a site is a parody (witness Salon being fooled by Landover Baptist), populated by anonymous trolls, a personal rant, or anything else.  Of course, it is possible for users to perform this research for each and every site they visit–but the evidence is that they simply don’t (witness the Times of London being fooled by anonymous postings on a soccer website).

Rational ignorance?  Possibly. Through experience, I’ve learned with law-related sites are reliable, which are tabloid, and which are garbage—but I haven’t had reason or opportunity to do the same for medicine, sports, fashion, or any of hundreds of other areas, and it’s questionable whether we should subsidize it further.

Google has Leveled the Playing Field – For Better and Worse

Google has elevated the ramblings of a lone speaker to the same visibility as the New York Times.  This is a wonderful development for politics and freedom.  It is a frightening development for personal privacy.

In the old days, the major media (think New York Times) was very unlikely to write about you.  Your privacy was generally at the mercy of your neighbors and acquaintances—who often had to stake their own reputations when they chose to attack yours.  If something rose to the level of defamation, it was usually easy to find the defendant and fight it out in court.

But today, anybody with a blog can (and all too often does) smear you, defame you, or invade your privacy.  Their motivations are many: politics (if you read VC, you might have strong opinions), envy (think job promotion), mischief (think 4chan), etc.  If you don’t have a big presence in Google before being attacked, Google will inevitably find the smear and bring it to the top of your search results: and tabloid material often rises to the top of a Google search because it gets the most clicks and attention.

This mechanism takes place even if the same content offline would undoubtedly be considered libelous or invasive-of-privacy.  (If you disagree with offline liability for libel and invasion of privacy, you probably won’t agree with this either.)  In many cases, you can’t find the original poster (it would take a lawyer, two subpoenas, and months).  The host shrugs and says “CDA 230, not my problem” and rationally declines to name the creator (his customer).

Further, online defamation and privacy invasions can outlive the original speaker.  In the offline world, most libelers stop once they are found.  Online, hosts need not remove libelous or privacy-invasive information even after it has been found to be liability-creating.  “Zombie content” lives on even after the original creator wants it gone (much to privacy advocates’ chagrin, Facebook does not delete all content when you delete your account), or even if the original creator has passed away or gone offline.

This has real consequences for real people.  Consider false-but-hard-to-disprove allegations.  How do you respond if a political opponent, a personal enemy, or simply a random stranger creates a blog claiming that you harassed or had an affair with a subordinate?  What do people think when they see that in the first three Google results?  It’s true that more speech can help push the false information down in search results, but it is near-impossible to prove the negative.  And once that seed of doubt is planted (“did Obama shake hands with the President of Iran?” “was Kerry at a rally with Jane Fonda?”  ) your name is forever tarnished.

Or consider the case of true-but-private information.   Some anti-libertarians may question the Fourth Amendment by asking “If you have nothing to hide, then why should you care if we search you?”  But should we cede our privacy so easily?  What if a “peeping tom” photo of you ends up at the top of a search for your name?  Your daughter’s name?  It may be clearly illegal offline, but that doesn’t stop it from being distributed online without recourse.

CDA 230 Removes the Internalization of the Cost of Libel

I agree with commenters who have pointed out that stopping free speech online is (1) impractical, (2) inconsistent with the First Amendment, and (3) a bad idea.

But, consider how CDA 230 is subsidizing libel.  Speech liability (libel, slander, invasion of privacy, etc) exists to make sure that a speaker can’t impose certain forms of harm on others (unfairly ruining a reputation) without feeling some cost herself.  In the offline world, this risk of speech liability is largely internalized by the speaker and knowing facilitators: would-be authors of libelous publications know that they will be found and sued, and newspapers stop running advertisements they know to be false in order to stay out of court.

But online, the speakers often disappear thanks to anonymity and the lack of effective record-keeping by hosts.  And, thanks to CDA 230, hosts suffer no liability even if they know that users are using the platform to defame others, profit from the resulting tabloid attention.  CDA 230 goes so far that, under current law, a site owner could knowingly create a site that expressly encourages users to create false and malicious information.

In these cases, CDA 230 acts as a subsidy by removing liability (cost internalization) away from the speaker and host.  There’s no incentive for hosts to keep records about their users; in a race to attract users, hosts have rationally advertised their lack of record-keeping–even though the lack of records imposes an external cost on defamation and privacy victims.  There’s no incentive for hosts to remove content; Google rewards them (with web traffic) for keeping libelous material online–even though the material imposes external costs on victims.  And there’s no incentive for users to not create libelous materials; in many cases there’s little practical chance of being found—even though it can take a victim years to clean up the damage.

The result has been a high-speed race to the tabloid bottom online among many content hosts.  In a race to stand out in Google’s search results, which deliver users without context or background, some sites have encouraged tabloid anonymity (think JuicyCampus) rather than thought-through content (think VC).  Maybe the market will correct the imbalance, but so far it has responded to the subsidy for libelous speech by producing more of it.

Tomorrow: Fixing the CDA 230 subsidy

David Thompson is co-author of the leading Internet policy book of 2010, Wild West 2.0 (Amazon) and general counsel of ReputationDefender, Inc.. The standard disclaimer applies: the views represented here are his alone and not those of any current or former employer.

(Thanks for the great comments!  I’ll be speaking in Las Vegas this afternoon 3:45 pm today at the EduComm conference at the Mirage, Ballroom D.)

Anonymous and pseudonymous speech dates back at least to the early days of the printing press.   Anonymous online speech has been a powerful force for change in situations ranging from simple campus disputes to political protests in Iran.  And the technology of the Internet makes it unlikely that any attempt to eliminate anonymous speech could succeed.

That said, the fact that there always will be anonymous online communication does not tell us whether it deserves subsidy.  Yesterday, I explained why the Internet is a new frontier.  Today, I challenge that Section 230 the Communications Decency Act of 1996 provides a subsidy to anonymous online speech, and ask whether that subsidy is sustainable in the closed frontier era of the Internet.

To be clear: I am in favor of anonymous online speech, and sometimes I’m also a user of it.  I disagree strongly with Eric Schmidt’s opinion of privacy and anonymity.  My goal this week is not to destroy anonymous online speech, but instead to figure out how to best preserve its value while curbing abuses, especially in light of the growing regulatory pressure that arises at the close of a frontier.

Offline Speech Combines Practical Anonymity with Legal Accountability

Offline, speech has never been absolute.  In the offline world, the right to speak comes also comes with the responsibility of the familiar speech torts.  If someone publishes false statements about you, you can sue them for libel.  If someone publishes “peeping tom” photos of you or other true-but-private information, you may sue them for invasion of privacy (and they may also be criminally prosecuted).  And so on.

What makes this legal regime possible is the fact that offline anonymity is imperfect: we leave traces of our identity in every interaction.  You may seem anonymous when you pay cash to buy a pack of gum at a grocery store, but the transaction is anonymous only so long as it is inconsequential; if you passed a counterfeit $100 bill, you would quickly discover that you could be tracked by your fingerprints, your DNA, and by your image on store cameras.  Conscious attempts to preserve anonymity offline are tolerated only so long as no laws are broken; and even then there are limits on social toleration of anonymity (compare wearing masks at a political rally with wearing masks at a bank).

In the offline world, the result is a reasonably well-balanced system: it is possible to speak anonymously for political or personal reasons, but the worst abuses are deterred.

The Online World Provides Near-Perfect Anonymity, Less Accountability

Online, things aren’t so simple.

Unlike in the offline world, anonymity is the default online, and near-perfect anonymity is easily achieved.  Unless you choose to identify yourself, there are very few clues to who you are when posting online.  And some of these clues (such as IP address logs) are intentionally swept away by websites; there is no requirement that websites store IP logs or any other pseudo-identifying information, and some sites advertise that they provide perfectly anonymous services.

Practically, if you are defamed online, you are at least several steps away from finding your attacker–at a minimum, it requires getting a lawyer, filing a lawsuit, and issuing a subpoena to the web host and another to an ISP (more on this tomorrow).  Neither is required to keep any records, and many choose not to.  The same is true if your privacy is violated by a peeping tom and the photos posted online, if your child is threatened, and so forth.  In all too many cases, the trail has gone cold before redress can be sought.  These aren’t cases of political protest or uprising; they are shocking cases where defamation liability is certain if the defendant can be found.

What’s even more peculiar is that online, the U.S. legal system allows site owners to continue profit from hosting content they know to be illegal, even after they have been notified of its illegality—and, in fact, even after a (rare) underlying libel lawsuit has been completed.

This surprising result occurs because of Section 230 of the Communications Decency Act.  Congress set out to regulate online indecency, but the majority of the Act was struck down on First Amendment grounds in 1997.  Section 230 survived.  It limits the liability of “interactive computer service providers” for “information provided by another information content provider,” with a statutory exception for intellectual property and child pornography.   This vague language has been widely interpreted as giving almost-complete immunity to blogs and forums for the actions of their users, no matter how vile that content may be.

This immunity for hosts is a sharp distinction from the offline world.   In the offline world, “hosts” are often held liable for content provided by others: book publishers are liable for illegal content provided by authors, newspapers can be liable for content provided by advertisers, and even swap meets can be liable for infringing content sold by vendors.

Against this default of host liability, CDA 230 was expressly designed as a subsidy to encourage growth of the fledgling Internet of 1996.  It was thought necessary to allow some level of frontier anarchy, some level of protection from the lawyers.  By subsidizing online speech, it was hoped that the Internet would blossom into the communications medium it has become.  In that light, CDA 230 was probably a good law for 1996.

But after nearly 15 years of CDA 230, many think that it has run its course.  The Internet has matured and no longer needs a special exemption from offline law.  Any law consistent with the First Amendment will preserve vibrant online discussion.  And, through nearly 15 years of experience, we’ve seen the good and the bad sides of CDA 230: sites like Volokh.com seek to inform and support positive discussions, but also CDA 230 has also empowered cesspools that profit from encouraging commenters to libel and defame outsiders.  These sites often advertise their consequence-free policies, and profit from the resulting tabloid attention they receive.

Why Does the Frontier Metaphor Matter?

I talked about the frontier yesterday because CDA Section 230 is fundamentally a law made for the open frontier.  It is a law that subsidizes the growth of the frontier and the experimentation with new models of communication, at the direct expense of enforcement of existing laws.  The problem for CDA 230 is that the frontier days are coming to an end: sex, drugs, and gambling have all been shut down, will CDA 230 be next?

Just like at the end of the Old West, online today there is a culture clash between the early and late arrivers.  Those who have been using the Internet for years like the current system (call it “it might be anarchy, but it’s our anarchy”).  The newcomers want the Internet to be more like the rest of society; safe, stable, and predictable.  The concept of self-defense online is foreign to them, and they wonder why law enforcement hasn’t done more to protect them.

People who didn’t grow up with the Internet will inevitably want to curb the abuses (which do undoubtedly exist, more on that tomorrow). Proposals by Internet outsiders to regulate online abuses have ranged from an “internet ID card” requirement (China and UAE), to calls to ban some forms of online  speech based on their “hate speech” content (United States), to a plan to license journalists and bloggers (Michigan), to rejiggering the Internet Protocol to end anonymity (United Nations), to an online aggregator tax (United States — call it a Stamp Tax for the Reddit Generation).

There’s plenty to dislike about all of the above proposals; it’s hard to come up with a less libertarian set of policy ideas.  But the increasing frequency of these proposals suggests there is a strong push for reform.

Perhaps the best way to preserve the core value of free speech is to limit the special subsidy given by CDA 230?  Thursday, I’ll present some ideas on how to protect the right to anonymous speech while addressing the abuses that CDA 230 has encouraged.

Tomorrow: Why Google changed everything, and why Section 230 matters so much

David Thompson is co-author of the leading Internet policy book of 2010, Wild West 2.0 (Amazon) and general counsel of ReputationDefender, Inc.. The standard disclaimer applies: the views represented here are his alone and not those of any current or former employer.

A gold rush.  A wide-open anything-goes frontier.  Prostitution.  Gambling.  Drugs.  Lax law enforcement. Vigilantism and mob justice.  Petty scammers at every turn.

The subject?  Not the dusty Wild West of American history, but instead the Internet of just 10 years ago.

In the last decade, the Internet has gone from open frontier populated by a select few, to a regular part of life for a majority of Americans and Europeans.   Predictably, the change from sparse frontier to societal integration has caused rather significant cultural clashes between early adopters and latecomers.  Disputes rage about whether we should view and regulate the Internet like an open frontier or like the rest of “offline” society.

This week, I will try to answer that question by exploring the similarities between the Internet and the original Wild West frontier.  I’ll examine what the close of the Wild West frontier teaches us about the next 10 years of the Internet.  As an example, I’ll focus on what the frontier experience tells us about online privacy and laws like Section 230 of the Communications Decency Act.  On Friday, I also hope to take a quick look at the broad impact of the Internet on the future of privac.

I look forward to discussing these issues with readers; this site has managed to consistently attract some of the brightest and most civilized commenters online.  I’m happy to take questions, comments, and suggestions.  And thank you, Eugene, for the kind introduction; I’m proud to be able to contribute to such an important community.

The Internet as Frontier Experience

The history of the Internet echoes the history of the American West.  We go into much greater detail in the book (Amazon), but even at a glance the parallels between Wild West 1.0 (1800s America) and Wild West 2.0 (the Internet of the 1990s and early 2000s) are clear:

• In the case of the original Wild West, a few early pioneers cleared the way for the (literal) gold rush of the 1840s.  Online, the pioneers of ARPANET cleared the way for the NASDAQ gold rush of the late 1990s.  Millions of dollars were made (and lost) in just a few years.
• The early Internet and Wild West were both populated only by a small, self-selected group of pioneers who sought out adventure and fortune.
• Both started with dramatically gender-skewed populations, with more than five men for every woman at times–and as the frontier closed the gender ratio drifted back toward 50/50.
• Both the Internet and the original Wild West developed their own culture and manners.  A sense of self-reliance and libertarian beliefs dominated in both places—a sense that any group could make their own fortune if they simply pulled hard enough on their bootstraps.  In both places, the freedom to experiment was considered important enough to justify discarding many old laws and morals.
• Even the forms of vice on both frontiers are similar: sex, drugs, and gambling.  In the Old West, prostitution was readily available, despite some nominal prohibitions.  Online it was possible to find prostitution openly advertised on relatively mainstream sites like Craigslist.  Gambling halls are rightfully a western movie cliché, and the early 2000s boom in Texas Hold ‘Em poker was largely attributed to online gambling.  Even the drug of choice has not changed in 150 years—the old west was notorious for the availability of opium, and in the early days of eBay it was easy to buy opium for recreational use.

The Moment of Transition from Open Frontier to Integrated Part of Society

In the Old West, the lawless days of the “Wild” West frontier eventually came to an end.  As eastern society caught up to the original Old West pioneers, a culture clash ensued.  The gambling halls were shut down, prostitution was gradually regulated away in all but one state, and vigilantism was slowly replaced by formal law enforcement.  Old-timers bemoaned the loss of the wild frontier; newcomers welcomed the stability of formal laws and familiar law enforcement.

Online, we are in the midst of the same transition from lawless frontier to integration with society.  It has become routine to talk about government regulation of the Internet—ranging from “net neutrality” to Facebook privacy.

Looking again at vice, the government has started to shut down the most serious sex, drugs, and gambling.  To take just a handful of examples, online gambling in the United States was curtailed in 2006 when the CEO of online gambling site BetOnSports was arrested as he changed planes in Texas, and the SAFE Port Act effectively banned online gambling by U.S. residents.   The online sale of narcotics was deterred in 2003 when the DOJ cracked down on eBay opium sales.  And online prostitution went at least somewhat underground in 2008 when 40 state attorneys general demanded that Craigslist remove its “erotic services” section (the practical effect of this move has been limited, but there are already renewed calls for further regulation).

This transition in the way the Internet is viewed and regulated–from a place frequented only by self-selected pioneers to part of everyday life for almost all of the West–creates a natural time to reexamine existing laws and consider whether they still fit the new reality of the Internet.  Different countries have had the chance to experiment with different legal regimes online, and we’ve been able to watch how law shaped the growth of the Internet.

In particular, it’s a time to consider the difference between the legal regimes of open and closed frontiers.   Open frontiers are often characterized by self-reliance, self-defense, exploration of new norms, and informal law enforcement.  But the lax regulation of the Internet often comes at a great price: spam, scams, fraudsters, online lynch mobs, and more.  Closed frontiers are often characterized by increasing similarity to the “old” society (often formed by combining elements of old and new), increasing formality, and active law enforcement.

We’re at a tipping point for the Internet.  It started as a classic open frontier, with no almost no law and complete freedom to experiment. But society has caught up, and is demanding changes to make the Internet more like the rest of the world.  For scholars and activists, the question is simple: how to keep the best parts of the Internet while while successfully integrating with offline society?

Ultimately, the lesson from the original Wild West is clear: in the end, the Internet will not stay wild forever.  Instead, “offline” society and the Internet will meet somewhere in the middle, each taking something from the other.  Now is the time to consider how we can best shape the future of the Internet using what we’ve learned by watching the close of other frontiers.

Tomorrow: Why Section 230 of the Communications Decency Act of 1996 doesn’t work in 2010.

David Thompson is co-author of the leading Internet policy book of 2010, Wild West 2.0 (Amazon) and general counsel of ReputationDefender, Inc.. The standard disclaimer applies: the views represented here are his alone and not those of any current or former employer.