The Volokh Conspiracy

I was on the NPR program “On Point” today discussing the Rutgers suicide and criminal liability for invasions of privacy online. You can listen to the program here; I come in at the 13-minute mark. Here’s the blurb about the program from the “On Point” homepage:

Tyler Clementi was eighteen years old. He closed the door to his college dorm room and had an intimate encounter. As it happens, it was with another man — and, unknown to Clementi, it was streamed over the Web by his roommate, from down the hall.

Tyler Clementi then killed himself. He jumped off one of the biggest bridges in the country.

Now, his roommate, Rutgers freshmen Dharun Ravi, and Molly Wei, Ravi’s friend, are facing invasion of privacy charges, which could result in up to five years in jail. Should they be charged with a hate crime?

Interestingly, I was on the same radio program back in 2003 making philosophically similar points in a totally different context. Back then, the issue was the Patriot Act, and there was a lot of hysteria about government surveillance. On the show, I tried to counsel caution, focus on what was actually in the law, draw analogies to off-line conduct, and make sure we weren’t letting our fears get the best of us. (I join at the 16-minute mark.) Today, the issue was cyberbullying and a criminal case that has a lot of people very upset. On the show, I tried to counsel caution, focus on what facts were actually known, draw analogies to off-line conduct, and make sure we weren’t letting our passions get the best of us. Hmm, I guess I’m just a “counsel caution” kind of guy.

So says Baldwin v. Fischer-Smith (Mo. Ct. App. July 6, posted on Westlaw a few days ago), in holding that a defendant whose Web page allegedly libeled a Missouri dog kennel could be sued in Missouri. (The defendant’s Web page specifically mentioned that the kennel was located in Missouri.) There’s a longstanding dispute about this question of personal jurisdiction, and the opinion basically just adheres to one side of the dispute; but it’s pretty readable, and might be of interest to people who have been following the issue.

A while back, I posted my early reaction to the SDNY’s decision in the long-running Viacom lawsuit asserting secondary copyright infringement on the part of Youtube. Here’s what I said then:

The case was/is enormously important — Youtube was asserting that it was immune under the Digital Millennium Copyright Act (specifically, Sec. 512(c)) from copyright infringement claims arising out of user postings. Sec 512(c) sets up a “notice-and-takedown” scheme under which website owners are immune from third-party infringements as long as they “respond expeditiously” when notified of specific infringements by copyright holders. Viacom was relying on a portion of the statute that denies the immunity if the website operator has “actual knowledge that the material . . . on the system or network is infringing” OR if “in the absence of such actual knowledge, [it is] aware of facts or circumstances from which infringing activity is apparent . . .”

The critical question in the case was: given that it is a matter of common knowledge that there’s lots and lots and lots of infringing activity on Youtube, does that make the infringing activity “apparent”? If so, the 512(c) immunity is unavailable for Youtube. The court — correctly, in my view — said no, it does not. The “facts and circumstances” to which the statute refers must be of “specific and identifiable infringements of particular items. Mere knowledge of prevalence of such activity in general is not enough.” Sec. 512, and the other immunities provided in the Act for online conduct, “place the burden of policing copyright infringement — identifying the potentially infringing material and adequately documenting infringement — squarely on the owners of copyright. We decline to shift a substantial burden from the copyright owner to the provider . . .”

One could easily argue that these copyright immunities in the DMCA were a critical feature allowing “Web 2.0″ and “user-generated content” sites (like Youtube, Facebook, Myspace, and many, many others) to flourish. This opinion (though it will probably be appealed) goes a long way to protecting those sites from further attack by the copyright police. Nice work, Judge Stanton!

In the aftermath of the decision, there’s been, predictably, a backlash from commentators inside (and occasionally outside) the entertainment industry, arguing either that the decision’s not really that important, or that it’s just plain badly reasoned. Ben Sheffner’s piece over on Copyrights & Campaigns criticism of the opinion is thoughtful, but ultimately wrong-headed. Sheffner makes an interesting observation:

Section 512(c) of the DMCA identifies two triggers for the obligation of the host to remove the subject material (if it wants to maintain the safe harbor). First is actual knowledge of infringement (which can be obtained through receipt of a facially valid takedown notice pursuant to Section 512(c)(3)). Second is where the host becomes “aware of facts or circumstances from which infringing activity is apparent.” Id. § 512(c)(1)(A)(ii). This latter situation is known as “red flag” infringement; the idea is that the host can’t claim the safe harbor if red flags are being waved in its face, suggesting the obvious presence of infringing activity. The Ninth Circuit gutted the red flag doctrine in Perfect 10 v. CC Bill, specifically in this thoroughly unconvincing paragraph:

Perfect 10 alleges that CCBill and CWIE were aware of a number of “red flags” that signaled apparent infringement. Because CWIE and CCBill provided services to “illegal.net” and “stolencelebritypics.com,” Perfect 10 argues that they must have been aware of apparent infringing activity. We disagree. When a website traffics in pictures that are titillating by nature, describing photographs as “illegal” or “stolen” may be an attempt to increase their salacious appeal, rather than an admission that the photographs are actually illegal or stolen. We do not place the burden of determining whether photographs are actually illegal on a service provider.

In other words, under Ninth Circuit precedent..., having material identified by its poster as “illegal” and “stolen” is not a red flag that infringing activity is taking place. One is left to wonder whether the panel would have ruled the same way had actual red flags been waved in the defendants’ faces.
Judge Stanton, incorrectly in my view, adopted CCBill’s holding without much analysis, further rendering red flag infringement a dead letter. The statute (and legistlative history) clearly indicate that some form of knowledge beyond that imparted via DMCA notices qualifies as knowledge of “facts or circumstances from which infringing activity is apparent,” thus triggering a site’s takedown obligation (on pain of losing the safe harbor). But after reading Judge Stanton’s opinion several times, I simply have no idea what would actually constitute such “red flag” knowledge. And, again, his opinion does not even scratch the surface of the evidence presented by Viacom on this issue, see, e.g, Viacom Br. at 5-24, 50-56, and explain why none of it would raise a red flag for a reasonable service provider in YouTube’s position.

Sheffner’s absolutely right — the courts are indeed in the process of making the “red flag” exception disappear. And good riddance to it.

[Incidentally, there should be a name for this rhetorical phenomenon -- where an opponent gives you, in the course of his criticism of a decision, ammunition for strengthening and even expanding its rationale. You see it a lot in dissenting opinions: "Under the majority's reading of sections 543(c)(1)(ii)--(vi), all a defendant need show to escape liability is blahblahblah . . ." - and then defendants start to argue (even citing to the dissent) that because they can show blahblahblah, they shouldn't be liable.]

Sec. 512 is a powerful defense precisely because it sets up a simple procedure: copyright owners find infringing material, they notify the host, the host takes it down, and the host is immune from liability. All steps along the way easily verifiable. “State of mind” inquiries — wasn’t it “apparent” from all the surrounding “facts and circumstances” that such-and-such was infringing? shouldn’t the host have known that? — are out of place here; among other things, they’re preposterously ill-suited to the scale of this problem. It would, I read recently, take you 15 years to watch the content uploaded to Youtube in a single day. What is, or is not, apparent to Youtube’s operators from this avalanche of material is not something we want to be arguing about, and it is not something I want web hosts to be worrying about. Judge Stanton got it spot on — the web host has no duty to act until the copyright owner identifies specific infringing material.

Do we want a powerful defense like this against claims of secondary copyright infringement on the Net? Damned right we do. I made the point in my earlier posting, and I think it’s interesting enough to reiterate. Virtually all of the wildly-successful 3d-party content sites on the Net — Youtube, Facebook, Twitter, Myspace, Flickr, Google News, Wikipedia, Blogger, . . . — come out of the U.S. Why is that? Why didn’t some college kid in the UK, or Italy, or Brazil, come up with the idea for Facebook? There are, I’m sure, lots and lots of factors at play — but I’m convinced that the existence of the immunity in sec. 512 in our copyright law is one of them. Even if Simon or Allessandra or Joao had the idea, and the technical wherewithal to pull it off, they’d be crushed before they got started – by many things, perhaps, but copyright liability is high on that list of crushers. Sec. 512 has meant that you can put your startup on line — even go to a bank or a VC and get financing — without worrying about potentially devastating copyright infringement liability. We don’t have many legislative successes in the copyright arena, so we should celebrate the ones we have.

[Thanks to Justin Gordon for one of the pointers]

As many of our readers know, I have long been fascinated by robotics, and have a particular interest in battlefield robotics and related questions of law.  I felt I was late to the cyberwarfare field – and don’t know enough about it – and so have left it for others.  But robotics ... well!  Robotics and the law, well, well!  However, one of the important features about Predator drones and UAVs as the US has developed them is that they involve important overlaps between robotics and cyber fields, because the UAV has to be controlled somehow from halfway around the world.  If the classic conceptual parts of a robot are

• gross locomotion and its ability to move and act in the physical world;
• the brain and computing and processing power; and
• sensors to bring data streams into the computational resources, so as to figure out how to move and what gross physical world actions to take ...

then, in the case of how the US uses UAVs, we need to add a fourth, the cyber component of communication and control over long distances.  At that point, questions of cyberattack on the robotic system become live.

This brings me to a movie I just watched last night on Netflix, Surrogates – from the comic book series of the same name to the Bruce Willis movie.  It manages to combine robotics with cyber.  Not bad – I thought the critics were overly tough, frankly, but then I have both low standards and low taste in movies.  I liked it.  I think it is a movie that Jack Goldsmith and anyone else working on cyber and robotics issues should see (I will assume that Glenn Reynolds has already watched it ... twice).  With popcorn.

[youtube]http://www.youtube.com/watch?v=Zl_h9RaL0es[/youtube]

(Robots as caregivers have suddenly been surging to the front pages of the newspapers – the Wall Street Journal, followed by the New York Times.  I’ll say more about the implications of that later.)

Judge Stanton in the SDNY has granted Youtube’s motion for summary judgment in in the long-running copyright infringement lawsuit brought by Viacom (and, in a nice soccer-related twist, The English Football Association’s Premier League was another (losing) plaintiff). [The full text of the decision is here]

The case was/is enormously important — Youtube was asserting that it was immune under the Digital Millennium Copyright Act (specifically, Sec. 512(c)) from copyright infringement claims arising out of user postings. Sec 512(c) sets up a “notice-and-takedown” scheme under which website owners are immune from third-party infringements as long as they “respond expeditiously” when notified of specific infringements by copyright holders. Viacom was relying on a portion of the statutory immunity, which denies the immunity if the website operator has “actual knowledge that the material or an activity using the material on the system or network is infringing” OR if “in the absence of such actual knowledge, [it is] aware of facts or circumstances from which infringing activity is apparent . . .”

The critical question in the case was: given that it is a matter of common knowledge that there’s lots and lots and lots of infringing activity on Youtube, does that mean that “infringing activity is apparent” and that, accordingly, the 512(c) immunity is unavailable for Youtube? The court — correctly, in my view — said no, that’s not what it means. The “facts and circumstances” to which the statute refers must be of “specific and identifiable infringements of particular items. Mere knowledge of prevalence of such activity in general is not enough.” Sec. 512, and the other immunities provided in the Act for online conduct, “place the burden of policing copyright infringement — identifying the potentially infringing material and adequately documenting infringement — squarely on the owners of copyright. We decline to shift a substantial burden from the copyright owner to the provider . . .”

One could easily argue that these copyright immunities in the DMCA were a critical feature allowing “Web 2.0″ and “user-generated content” sites (like Youtube, Facebook, Myspace, and many, many others) to flourish. This opinion (though it will probably be appealed) goes a long way to protecting those sites from further attack by the copyright police. Nice work, Judge Stanton!

[Thanks to Justin Gordon for the pointer]

This week’s The New Republic features a cover story by Harvard Law School’s Jack Goldsmith on cyberwar.  (June 24, 2010.)  It’s a long, serious review essay, using Richard A. Clarke and Robert K. Knake’s new book, Cyber War, as the hook.  But Jack goes well beyond a book review into the rapidly expanding literature on the subject – expanding across technical computer science and engineering, software, security, strategic, and legal lines.  Terrifically well written and intelligent, I strongly recommend it (full disclosure: I haven’t read the book under review) – whether you know the field or are looking to get an overview of it.  One thing is clear, it is not going away.

Years ago I decided my inner geek comparative advantage was in robotics, but I read this essay with particular attention to its discussion of complexity of systems, and just how hard it is to get a handle on cyber systems, and their diffuse, distributed natures:

Many factors make computer systems vulnerable, but the most fundamental factor is their extraordinary complexity. Most computers connected to the Internet are general-purpose machines designed to perform multiple tasks. The operating-system software that manages these tasks–as well as the computer’s relationship to the user–typically has tens of millions, and sometimes more than one hundred million, lines of operating instructions, or code. It is practically impossible to identify and to analyze all the different ways these lines of code can interact or might fail to operate as expected. And when the operating-system software interfaces with computer processors, various software applications, Web browsers, and the endless and endlessly complex pieces of hardware and software that constitute the computer and telecommunications networks that make up the Internet, the potential for unforeseen mistakes or failures becomes unfathomably large.

The complexity of computer systems often leads to accidental mistakes or failures. We have all suffered computer crashes, and sometimes these crashes cause serious problems. Last year the Internet in Germany and Sweden went down for several hours due to errors in the domain name system that identifies computers on the Internet. In January of this year, a software problem in the Pentagon’s global positioning system network prevented the Air Force from locking onto satellite signals on which they depend for many tasks. The accident on the Washington Metro last summer, which killed nine people and injured dozens, was probably caused by a malfunction in the computer system that controls train movements. Three years ago, six stealth F-22 Raptor jets on their maiden flights were barely able to return to base when their onboard computers crashed.

The same complexity that leads to such malfunctions also creates vulnerabilities that human agents can use to make computer systems operate in unintended ways. Such cyber threats come in two forms. A cyber attack is an act that alters, degrades, or destroys adversary computer systems or the information in or transiting through those systems. Cyber attacks are disruptive activities. Examples include the manipulation of a computer system to take over an electricity grid, or to block military communications, or to scramble or erase banking data. Cyber exploitations, by contrast, involve no disruption, but merely monitoring and related espionage on computer systems, as well as the copying of data that is on those systems. Examples include the theft of credit card information, trade secrets, health records, or weapons software, and the interception of vital business, military, and intelligence communications.

This drew my attention in part because of my interest in complexity and complex systems interacting one another in another part of my work – finance and financial regulation.  Duke’s Steve Schwarcz and I are doing a book on financial regulation reform, and our approach – in a field currently getting saturated with books on this very topic – is to offer pragmatic, basic heuristics, rules of thumb, really, for how financial regulation needs to be designed.  Not some super deep conceptualization, but something much more practical.

The same pragmatic assessment applies to diagnosing What Went Wrong, so to speak, in financial regulation.  We have settled on the three homely, but still useful, categories of complexity, complacence, and conflicts (cupidity we take for granted).  They’re useful because they’re homely.  Complexity hides conflicts that undermine basic duties of loyalty, and breeds complacency that undermines basic duties of care, and they feed back into the development of more complexity.  They stoke each other.

Professor Schwarcz has a Washington University Law Review paper on the issue of regulating complexity in finance and financial regulation, from which we are drawing for the book.  I recommend it, partly for those interested in financial regulation issues and complexity – but I also recommend it as a way of thinking comparatively about complexity in other settings that cross-weave technological and legal-regulatory divides.

It’s been a pleasure to blog this week.  I hope you’ve enjoyed this conversation and I’d love to continue it.  If you’re interested in reading more, check out our book, Wild West 2.0.  It is the most-discussed Internet policy book of 2010 (Jimmy Wales called it “an invaluable guide” to the “brave new world of the Internet”) and it sold out Amazon.com once already.  Or, contact me directly through my site at davidcthompson.com.  Thanks again to Eugene and the whole Volokh Conspiracy for inviting me to participate this week.

This week, we’ve discussed the “Wild West 2.0” metaphor for the Internet.  Today, I’m going to present a few quick ideas that didn’t make it into this week’s posts.   I don’t have enough space to flesh them all out, but I hope to provoke some thoughts and discussions that will continue beyond this week.

What will widespread surveillance and facial recognition do to privacy?

It’s always been the law in the U.S. that images you take in public are yours to use non-commercially.  There are a few exceptions around security, peeping Toms, and so-called “upskirt” photography, but basically you can take a photo from any public place and make any non-commercial use of it.

There are good reasons for this policy, ranging from a basic respect for the free press and free expression, to the First Amendment.

But, today, facial recognition is quickly becoming available on a wide scale.  For just one example, an application called Face.com allows Facebook users to use photo recognition to find their friends in photos (even if they have not been tagged, or if they have removed their tag).  Using the tool, it’s often possible to find hundreds of untagged photos of your friends (or yourself) posted by other people.

The Face.com developers just released an API (programming interface) to allow other websites to use the same technology.  So far, Face.com has restricted use of the technology to known faces, but nothing technological prevents them from using their database of hundreds of millions of Facebook photos to identify millions of people in public photos.

The results of just one company unleashing photo recognition on the Internet could be huge.  There are more than 3 billion photos on the site Flickr.com  , and billions more in the unstructured Web, on sites like Facebook, and in automated surveillance systems (every time you walk past a security camera, imagine your name being logged).

The figures above don’t even count the fact that some forms of advocacy corporate surveillance would increase in a world with easy facial recognition.  Why would anti-abortion groups not photograph every person who walks into an abortion clinic, use facial recognition to identify them, and use public name-and-address databases (see below) to target mailings (or harassment) to each person’s home?  Why would anti-gay advocates not do the same for people who frequent gay bars, or liberals target “Tea Party” activists, or statists target libertarians, etc?  Or insurance companies outside bars to monitor drinking and driving, smoking, or any other risk factor that could increase rates?

What does this mean for privacy?   If the freedom to take and post photos cannot or should not be changed, should there be regulation of the uses of facial recognition software?  Should it be a privacy tort to publicly identify private citizens by name if they are walking into an abortion clinic, a gay bar, a Tea Party rally, a divorce lawyer’s office, a police station (to “snitch”), or a substance abuse treatment facility?  What does it mean when Google indexes a list of these names and it comes up first for a search for your name?  How will it affect job prospects, inter-personal relations, and more?

Will we all just get over it and not care that our friends are getting abortions or divorces?  Will anti-gay groups get over the fact that some people visit gay bars?  Will political opponents stop harassing each other?   I hope so, but my hopes are dim.

The end result might be that we all wear low-fitting baseball caps each day, or the aptly-named “FlickrBlockrs” sunglasses that started as an art project but might fill a real need.   But should individuals have to proactively monitor their public image so fiercely?  (Read more about our ideas for privacy in the book, Wild West 2.0.)

Will the future allow a binary public/private distinction?

Right now, the law generally recognizes facts as “public” or “private” with very little gray area in between.  This has caused problems in the Fourth Amendment context, where seemingly-private facts (like your bank account information) are not considered “private” for Fourth Amendment purposes (thanks to the “third party doctrine,” the government simply ask your bank; many scholars find this doctrine problematic).

The Internet sharpened this problem by making “public-but-obscure” facts readily available online.  Privacy interests were often supported by practical obscurity; a court may have a list of all cases and convictions, but very few people bothered to trudge to the courthouse to find out.  The county clerk’s office may have a hardcopy list of home owners and their property values, but nobody actually checks.

But online, these records are being rapidly digitized and made searchable.  And because they are all “public” information for privacy purposes, there is currently no restriction on how the information can be displayed.  So far, no case of which I am aware has held that online “white pages” or “dossier” sites (like Spokeo.com, WhitePages.com, Intelius.com, and many others) cannot create a dossier of private-seeming information like your income, hobbies, credit score, home address, phone number, political contributions, and more—just so long as each data point was drawn from a “public” source.

The result of the end of practical obscurity has turned a lot of privacy upside-down.  Criminals now routinely use public records databases for identity theft purposes (itself illegal, but hard to catch), to stalk their victims at home (same), and to identify candidates for burglary or other attacks.  Millions of people (below) now casually flip through their neighbors’ dirty laundry online, ranging from bankruptcy filings to property records to divorce records.  Maybe this information has always been “public,” but it was never so readily available.

Will the law continue to recognize only “public” and “private” information?  Or will it develop shades of gray to recognize that obscurity can protect privacy while allowing “legitimate” uses.  Scholars have discussed ways to limit data like property records to their original purpose (making sure property taxes are apportioned fairly) by encouraging states to strip names from the data before publication; of course, this works only if there are no other records that correlate names to addresses.  Will that be enough?  Or is it a good thing that all these facts are public?

Does the Law Recognize the 300 Million Little Brothers Problem?

The section above should suggest it, but her it is expressly: we no longer live in a nation of Big Brother; we live in a nation of 300 million Little Brothers.

Much of our law is based around fear of surveillance by the government (Big Brother).  The Fourth Amendment is the easiest example; it is based around a fear of an overly intrusive government acting in its role as sovereign.  Statutory law like the Electronic Communications Privacy Act also seeks to protect individual privacy against the government.  And laws like the Stored Communications Act and HIPPA prohibit corporations from revealing certain information about you.

But now an equally real risk is 300 million Little Brothers.  We’ve moved from the Panopticon—where the guards can see everything—to a suburb of glass houses where everyone can see each other.  This is a powerful development for politics (we can now watch the watchers), but it has changed inter-personal privacy as well.  What laws (if any) should be updated to reflect this new reality?  Or should we all just get used to living in public–to quote Google CEO Eric Schmidt “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.“  The power of the Internet is increasingly moving toward making sure that everybody knows what everybody does.  Is this the right direction?

David Thompson is co-author of the leading Internet policy book of 2010, Wild West 2.0 (Amazon) and general counsel of ReputationDefender, Inc.. The standard disclaimer applies: the views represented here are his alone and not those of any current or former employer.

Thanks again for the great responses in comments.  I’ve learned a lot about how people think about the Internet of 2010 and whether it fits the “Wild West 2.0” model.

On Monday, we discussed why the Internet of 2010 resembles the closing of the Wild West frontier.  On Tuesday, we talked about whether CDA 230 is appropriate for the Internet of 2010.  Yesterday, we talked about why CDA 230 is a subsidy to online libel.

Today, I want to present some ideas to preserve the best parts of anonymous free expression, while fixing the subsidy that Section 230 of the Communications Decency Act gives to libelous speech.  I’d love to hear your thoughts.

Online Anonymous Speech is a Good Thing

Anonymous online speech can be powerful and beneficial.  You are free to leave anonymous or pseudonymous comments on this site, which encourages free discussion of political issues.  Protesters in Iran can spread ideas, corporate whistleblowers can speak out, and the government is deterred from at least one form of intrusion into personal life.  On a personal level, you can explore your identity, research controversial causes or issues, or just vent frustration.  All of these are good things and worthy of preservation.

But in the offline world there is also accountability for anonymous speech that is libelous or invasive of privacy.  By taking control of the media away from The New York Times and putting it in the hands of individual bloggers, the Internet have empowered free expression and opinion, but also empowered hundreds of millions of people to anonymously libel each other and invade each others’ privacy.

Updating the Assumptions Underlying CDA 230

CDA 230 was based on a number of guesses about how the Internet of the then-future would work.  We’ve had almost fifteen years to test those assumptions.

To give a little perspective, in 1996, when Section 230 of the Communications Decency Act was passed, the first search engines like AltaVista and Lycos were just getting started, the Google founders were still in college, Netscape Navigator was the most popular browser, the first version of Microsoft Internet Explorer had just been released, and OS/2 was considered a viable operating system.

In 1996, many people assumed that CDA 230 was necessary to a functioning Internet.  They believed that if hosts* had any liability (under any circumstances) for any content, they would stop providing platforms for user interaction.  * I use “hosts” to mean primarily websites that host user-generated content, like Facebook, discussion forums and blog hosts.

But in fifteen years of experience, we’ve seen that CDA 230 is not required for a thriving Internet.  Europe does not have a statute equivalent to CDA 230, the U.K. has stricter libel laws than the United States, and Directive 2000/31/EC requires EU member nations to enforce libel laws online.  But some estimates suggest that Internet use is actually higher in the U.K. than the U.S.  The same goes for Japan (hosts may be liable if they have knowledge of libel, higher Internet use than the U.S.) and Canada (hosts immune only if “innocent dissemination,” higher Internet use than U.S.).  Fast-growing nations like Brazil have experienced ten-fold increases in Internet use in the last decade, even without a local version of CDA 230.

Many people like the “Internet routes around  damage” metaphor to claim that CDA 230 is irrelevant. But right now, the US is the only major country with CDA 230 immunity.  There will always be jurisdictions like Sealandia, but the vast majority of the commercial Internet is based in the U.S., E.U., and Pacific Rim.  There will always be Freenet-type projects that evade all jurisdictions and have no commercial connections, but the vast majority of the network relies on advertising dollars.  And the mostly-effective U.S. online gambling ban suggests that the legal regime does matter after all.

We can also learn from the DCMA: we’ve seen that over-use of DMCA takedowns can lead to chilling effects.  (disclosure: My employer, ReputationDefender, does not send DMCA takedown notices.)  But we’ve also seen that even despite periodic abuses of the DCMA, the user-generated Internet has bloomed.  The DMCA did not, despite itself, kill the Internet.

The drafters of CDA 230 worked in an era when a user’s ISP and forum host were the same.  The Prodigy case led directly to CDA 230.  The cased turned on the actions of a Prodigy subscriber on a Prodigy-run message board inside Prodigy’s “walled-garden.”  Back then, it would have been easy to find the original defendant: Prodigy ran the forums and had a billing relationship with every poster.  The same was true of services like CompuServe and AOL.

Today, there is no connection between ISP and content host.  Instead of Prodigy serving as both ISP and forum host, today Comcast (as ISP) has no relationship with BlogSpot (as content host).  Because of the separation, it became near-impossible find the original defendant in many online libel cases.

Another faulty assumption of CDA 230 is that it would encourage websites to filter their content and produce a more civilized online world.  In the Prodigy case, the service as found liable in part because it selectively removed some libelous and obscene comments (the court: “Prodigy’s conscious choice, to gain the benefits of editorial control, has opened it up to a greater liability”).  The hope for CDA 230 was that, by removing any penalty for taking editorial control, more sites would exercise discretion and remove harmful content.

Of course, the last 15 years have taught us that CDA 230 has been used to support immunity for inaction as much as action.  Many sites have taken the grant of immunity intended to encourage editorial control and used it to abdicate responsibility.

Finally, CDA 230 is a law that assumed the Internet needed a subsidy to grow.  Almost fifteen years of open frontier Internet later, the Internet is approaching maturity (or at least its petulant teenage years) and it is questionable whether the Internet now deserves a special subsidy that no other form of media gets.  Even if the CDA 230 subsidy made sense in 1996, the assumption does not hold in 2010.

Market Solutions are Part of the Answer, But Not All of It

We’ve already seen some market influence toward record-keeping, such as the trend toward services like Facebook Connect.  Sites use identification to discourage users from abusing other users.  But as long as there is no barrier to entry and as long as humans love scandal, the market will not be able to fully correct for the race-to-the-tabloid-bottom effect of sites that benefit from the libel subsidy and encourage users to attack others.

There are also commercial services that help victims recover from online attacks, but these also do not substitute for a legal regime that discourages attacks in the first place.  (Disclosure: My employer provides services that help people build their online reputation before it is damaged, recover from attacks, keep their personal and professional lives separate, and protect their privacy.)  These services can be expensive, some forms of attack can never be fully eliminated, and mitigation does not take the place of prevention.  They cannot replace the proper legal regime, even if they help mitigate damages after the fact.

A Proposal to Keep the Best and Jettison the Rest

How do we keep the best parts of online anonymous speech while jettisoning the ability of site owners to actively encourage libel or invasion of privacy?

This is not a balance between anonymity and accountability.  There will always be anonymity online thanks to services like Anonymizer and TOR.

I propose an opt-in system for web hosts:

Hosts that make a good-faith effort to keep sufficient records to locate content creators are granted CDA-style immunity, even if they have knowledge of liability-creating content.  Sites that do not keep records are immune unless they know that there is liability-creating content.  Good-faith attempts to filter shall not create knowledge liability for what is missed.

The system preserves the right to speak anonymously in both cases; nothing requires sites to reveal any information except on subpoena.  The system still allows sites to choose not to keep any records; if a site wants to allow completely anonymous interactions then it may do so.   No liability is ever imposed without knowledge of the content.  And the original goal of CDA 230 (to fix the filtering glitch in Prodigy) is respected without creating another race-to-the-bottom.

The system preserves First Amendment and free expression values while also respecting the right of non-speakers to privacy and quiet solitude.  It removes a subsidy to libel, and puts the Internet on even footing with other forms of media.  It is technologically neutral, and imposes no new burdens on sites that don’t currently have knowledge of liability-creating material.  And it harmonizes US and foreign law, to make cross-border websites easier to maintain.

Tomorrow: Future Problems in Reputation and Privacy

David Thompson is co-author of the leading Internet policy book of 2010, Wild West 2.0 (Amazon) and general counsel of ReputationDefender, Inc.. The standard disclaimer applies: the views represented here are his alone and not those of any current or former employer.

In the early Internet, it was impossible to find isolated references to people, places, and things.   Many users navigated using directories like the original Yahoo, and early search tools like Gopher (structured documents) and Archie (FTP) were limited .

The search engines changed everything.  Starting with Lycos and AltaVista, information was freed from obscurity.  Suddenly, no matter where on the Internet your name might be mentioned, a search engine could find it.

On Monday, we discussed why the Internet is a new frontier.  On Tuesday ,we questioned whether Section 230 of the Communications Decency Act of 1996 still fits the Internet of 2010.  Today, I’ll explain how the rise of search engines since 1996 has changed reputation and privacy, and why CDA 230 subsidizes libel by preventing speakers and facilitators from internalizing the costs of their actions.

Google Has Changed How Information is Consumed

I don’t think Google is evil.

But Google is far from perfect.  Google creates the illusion that just ten search results reflect some meaningful judgment on a person’s life.  For example, the top five Google search results for any search term get 88% of the clicks.  The over-attention given to the first few Google results is partly user error, but it’s also a form of rational ignorance on the part of searchers: Google gives good enough results most of the time, so there is little incentive to look deeper.

The attention given to the first few Google results would be fine if Google always provided accurate, balanced, and relevant information.  Unfortunately, it doesn’t.  Google has no way to measure whether websites contain information that is true, fair, or proportionate.  Instead, Google uses rough heuristics—most notably the number of links to a page—to try to calculate a page’s popularity.  Popularity substitutes for relevancy, often with comical results (remember “miserable failure?”).

Online, Google search drops users onto a website with no context or history of the site.  There’s no indication whether a site is a parody (witness Salon being fooled by Landover Baptist), populated by anonymous trolls, a personal rant, or anything else.  Of course, it is possible for users to perform this research for each and every site they visit–but the evidence is that they simply don’t (witness the Times of London being fooled by anonymous postings on a soccer website).

Rational ignorance?  Possibly. Through experience, I’ve learned with law-related sites are reliable, which are tabloid, and which are garbage—but I haven’t had reason or opportunity to do the same for medicine, sports, fashion, or any of hundreds of other areas, and it’s questionable whether we should subsidize it further.

Google has Leveled the Playing Field – For Better and Worse

Google has elevated the ramblings of a lone speaker to the same visibility as the New York Times.  This is a wonderful development for politics and freedom.  It is a frightening development for personal privacy.

In the old days, the major media (think New York Times) was very unlikely to write about you.  Your privacy was generally at the mercy of your neighbors and acquaintances—who often had to stake their own reputations when they chose to attack yours.  If something rose to the level of defamation, it was usually easy to find the defendant and fight it out in court.

But today, anybody with a blog can (and all too often does) smear you, defame you, or invade your privacy.  Their motivations are many: politics (if you read VC, you might have strong opinions), envy (think job promotion), mischief (think 4chan), etc.  If you don’t have a big presence in Google before being attacked, Google will inevitably find the smear and bring it to the top of your search results: and tabloid material often rises to the top of a Google search because it gets the most clicks and attention.

This mechanism takes place even if the same content offline would undoubtedly be considered libelous or invasive-of-privacy.  (If you disagree with offline liability for libel and invasion of privacy, you probably won’t agree with this either.)  In many cases, you can’t find the original poster (it would take a lawyer, two subpoenas, and months).  The host shrugs and says “CDA 230, not my problem” and rationally declines to name the creator (his customer).

Further, online defamation and privacy invasions can outlive the original speaker.  In the offline world, most libelers stop once they are found.  Online, hosts need not remove libelous or privacy-invasive information even after it has been found to be liability-creating.  “Zombie content” lives on even after the original creator wants it gone (much to privacy advocates’ chagrin, Facebook does not delete all content when you delete your account), or even if the original creator has passed away or gone offline.

This has real consequences for real people.  Consider false-but-hard-to-disprove allegations.  How do you respond if a political opponent, a personal enemy, or simply a random stranger creates a blog claiming that you harassed or had an affair with a subordinate?  What do people think when they see that in the first three Google results?  It’s true that more speech can help push the false information down in search results, but it is near-impossible to prove the negative.  And once that seed of doubt is planted (“did Obama shake hands with the President of Iran?” “was Kerry at a rally with Jane Fonda?”  ) your name is forever tarnished.

Or consider the case of true-but-private information.   Some anti-libertarians may question the Fourth Amendment by asking “If you have nothing to hide, then why should you care if we search you?”  But should we cede our privacy so easily?  What if a “peeping tom” photo of you ends up at the top of a search for your name?  Your daughter’s name?  It may be clearly illegal offline, but that doesn’t stop it from being distributed online without recourse.

CDA 230 Removes the Internalization of the Cost of Libel

I agree with commenters who have pointed out that stopping free speech online is (1) impractical, (2) inconsistent with the First Amendment, and (3) a bad idea.

But, consider how CDA 230 is subsidizing libel.  Speech liability (libel, slander, invasion of privacy, etc) exists to make sure that a speaker can’t impose certain forms of harm on others (unfairly ruining a reputation) without feeling some cost herself.  In the offline world, this risk of speech liability is largely internalized by the speaker and knowing facilitators: would-be authors of libelous publications know that they will be found and sued, and newspapers stop running advertisements they know to be false in order to stay out of court.

But online, the speakers often disappear thanks to anonymity and the lack of effective record-keeping by hosts.  And, thanks to CDA 230, hosts suffer no liability even if they know that users are using the platform to defame others, profit from the resulting tabloid attention.  CDA 230 goes so far that, under current law, a site owner could knowingly create a site that expressly encourages users to create false and malicious information.

In these cases, CDA 230 acts as a subsidy by removing liability (cost internalization) away from the speaker and host.  There’s no incentive for hosts to keep records about their users; in a race to attract users, hosts have rationally advertised their lack of record-keeping–even though the lack of records imposes an external cost on defamation and privacy victims.  There’s no incentive for hosts to remove content; Google rewards them (with web traffic) for keeping libelous material online–even though the material imposes external costs on victims.  And there’s no incentive for users to not create libelous materials; in many cases there’s little practical chance of being found—even though it can take a victim years to clean up the damage.

The result has been a high-speed race to the tabloid bottom online among many content hosts.  In a race to stand out in Google’s search results, which deliver users without context or background, some sites have encouraged tabloid anonymity (think JuicyCampus) rather than thought-through content (think VC).  Maybe the market will correct the imbalance, but so far it has responded to the subsidy for libelous speech by producing more of it.

Tomorrow: Fixing the CDA 230 subsidy

David Thompson is co-author of the leading Internet policy book of 2010, Wild West 2.0 (Amazon) and general counsel of ReputationDefender, Inc.. The standard disclaimer applies: the views represented here are his alone and not those of any current or former employer.

(Thanks for the great comments!  I’ll be speaking in Las Vegas this afternoon 3:45 pm today at the EduComm conference at the Mirage, Ballroom D.)

Anonymous and pseudonymous speech dates back at least to the early days of the printing press.   Anonymous online speech has been a powerful force for change in situations ranging from simple campus disputes to political protests in Iran.  And the technology of the Internet makes it unlikely that any attempt to eliminate anonymous speech could succeed.

That said, the fact that there always will be anonymous online communication does not tell us whether it deserves subsidy.  Yesterday, I explained why the Internet is a new frontier.  Today, I challenge that Section 230 the Communications Decency Act of 1996 provides a subsidy to anonymous online speech, and ask whether that subsidy is sustainable in the closed frontier era of the Internet.

To be clear: I am in favor of anonymous online speech, and sometimes I’m also a user of it.  I disagree strongly with Eric Schmidt’s opinion of privacy and anonymity.  My goal this week is not to destroy anonymous online speech, but instead to figure out how to best preserve its value while curbing abuses, especially in light of the growing regulatory pressure that arises at the close of a frontier.

Offline Speech Combines Practical Anonymity with Legal Accountability

Offline, speech has never been absolute.  In the offline world, the right to speak comes also comes with the responsibility of the familiar speech torts.  If someone publishes false statements about you, you can sue them for libel.  If someone publishes “peeping tom” photos of you or other true-but-private information, you may sue them for invasion of privacy (and they may also be criminally prosecuted).  And so on.

What makes this legal regime possible is the fact that offline anonymity is imperfect: we leave traces of our identity in every interaction.  You may seem anonymous when you pay cash to buy a pack of gum at a grocery store, but the transaction is anonymous only so long as it is inconsequential; if you passed a counterfeit $100 bill, you would quickly discover that you could be tracked by your fingerprints, your DNA, and by your image on store cameras.  Conscious attempts to preserve anonymity offline are tolerated only so long as no laws are broken; and even then there are limits on social toleration of anonymity (compare wearing masks at a political rally with wearing masks at a bank).

In the offline world, the result is a reasonably well-balanced system: it is possible to speak anonymously for political or personal reasons, but the worst abuses are deterred.

The Online World Provides Near-Perfect Anonymity, Less Accountability

Online, things aren’t so simple.

Unlike in the offline world, anonymity is the default online, and near-perfect anonymity is easily achieved.  Unless you choose to identify yourself, there are very few clues to who you are when posting online.  And some of these clues (such as IP address logs) are intentionally swept away by websites; there is no requirement that websites store IP logs or any other pseudo-identifying information, and some sites advertise that they provide perfectly anonymous services.

Practically, if you are defamed online, you are at least several steps away from finding your attacker–at a minimum, it requires getting a lawyer, filing a lawsuit, and issuing a subpoena to the web host and another to an ISP (more on this tomorrow).  Neither is required to keep any records, and many choose not to.  The same is true if your privacy is violated by a peeping tom and the photos posted online, if your child is threatened, and so forth.  In all too many cases, the trail has gone cold before redress can be sought.  These aren’t cases of political protest or uprising; they are shocking cases where defamation liability is certain if the defendant can be found.

What’s even more peculiar is that online, the U.S. legal system allows site owners to continue profit from hosting content they know to be illegal, even after they have been notified of its illegality—and, in fact, even after a (rare) underlying libel lawsuit has been completed.

This surprising result occurs because of Section 230 of the Communications Decency Act.  Congress set out to regulate online indecency, but the majority of the Act was struck down on First Amendment grounds in 1997.  Section 230 survived.  It limits the liability of “interactive computer service providers” for “information provided by another information content provider,” with a statutory exception for intellectual property and child pornography.   This vague language has been widely interpreted as giving almost-complete immunity to blogs and forums for the actions of their users, no matter how vile that content may be.

This immunity for hosts is a sharp distinction from the offline world.   In the offline world, “hosts” are often held liable for content provided by others: book publishers are liable for illegal content provided by authors, newspapers can be liable for content provided by advertisers, and even swap meets can be liable for infringing content sold by vendors.

Against this default of host liability, CDA 230 was expressly designed as a subsidy to encourage growth of the fledgling Internet of 1996.  It was thought necessary to allow some level of frontier anarchy, some level of protection from the lawyers.  By subsidizing online speech, it was hoped that the Internet would blossom into the communications medium it has become.  In that light, CDA 230 was probably a good law for 1996.

But after nearly 15 years of CDA 230, many think that it has run its course.  The Internet has matured and no longer needs a special exemption from offline law.  Any law consistent with the First Amendment will preserve vibrant online discussion.  And, through nearly 15 years of experience, we’ve seen the good and the bad sides of CDA 230: sites like Volokh.com seek to inform and support positive discussions, but also CDA 230 has also empowered cesspools that profit from encouraging commenters to libel and defame outsiders.  These sites often advertise their consequence-free policies, and profit from the resulting tabloid attention they receive.

Why Does the Frontier Metaphor Matter?

I talked about the frontier yesterday because CDA Section 230 is fundamentally a law made for the open frontier.  It is a law that subsidizes the growth of the frontier and the experimentation with new models of communication, at the direct expense of enforcement of existing laws.  The problem for CDA 230 is that the frontier days are coming to an end: sex, drugs, and gambling have all been shut down, will CDA 230 be next?

Just like at the end of the Old West, online today there is a culture clash between the early and late arrivers.  Those who have been using the Internet for years like the current system (call it “it might be anarchy, but it’s our anarchy”).  The newcomers want the Internet to be more like the rest of society; safe, stable, and predictable.  The concept of self-defense online is foreign to them, and they wonder why law enforcement hasn’t done more to protect them.

People who didn’t grow up with the Internet will inevitably want to curb the abuses (which do undoubtedly exist, more on that tomorrow). Proposals by Internet outsiders to regulate online abuses have ranged from an “internet ID card” requirement (China and UAE), to calls to ban some forms of online  speech based on their “hate speech” content (United States), to a plan to license journalists and bloggers (Michigan), to rejiggering the Internet Protocol to end anonymity (United Nations), to an online aggregator tax (United States — call it a Stamp Tax for the Reddit Generation).

There’s plenty to dislike about all of the above proposals; it’s hard to come up with a less libertarian set of policy ideas.  But the increasing frequency of these proposals suggests there is a strong push for reform.

Perhaps the best way to preserve the core value of free speech is to limit the special subsidy given by CDA 230?  Thursday, I’ll present some ideas on how to protect the right to anonymous speech while addressing the abuses that CDA 230 has encouraged.

Tomorrow: Why Google changed everything, and why Section 230 matters so much

David Thompson is co-author of the leading Internet policy book of 2010, Wild West 2.0 (Amazon) and general counsel of ReputationDefender, Inc.. The standard disclaimer applies: the views represented here are his alone and not those of any current or former employer.

A gold rush.  A wide-open anything-goes frontier.  Prostitution.  Gambling.  Drugs.  Lax law enforcement. Vigilantism and mob justice.  Petty scammers at every turn.

The subject?  Not the dusty Wild West of American history, but instead the Internet of just 10 years ago.

In the last decade, the Internet has gone from open frontier populated by a select few, to a regular part of life for a majority of Americans and Europeans.   Predictably, the change from sparse frontier to societal integration has caused rather significant cultural clashes between early adopters and latecomers.  Disputes rage about whether we should view and regulate the Internet like an open frontier or like the rest of “offline” society.

This week, I will try to answer that question by exploring the similarities between the Internet and the original Wild West frontier.  I’ll examine what the close of the Wild West frontier teaches us about the next 10 years of the Internet.  As an example, I’ll focus on what the frontier experience tells us about online privacy and laws like Section 230 of the Communications Decency Act.  On Friday, I also hope to take a quick look at the broad impact of the Internet on the future of privac.

I look forward to discussing these issues with readers; this site has managed to consistently attract some of the brightest and most civilized commenters online.  I’m happy to take questions, comments, and suggestions.  And thank you, Eugene, for the kind introduction; I’m proud to be able to contribute to such an important community.

The Internet as Frontier Experience

The history of the Internet echoes the history of the American West.  We go into much greater detail in the book (Amazon), but even at a glance the parallels between Wild West 1.0 (1800s America) and Wild West 2.0 (the Internet of the 1990s and early 2000s) are clear:

• In the case of the original Wild West, a few early pioneers cleared the way for the (literal) gold rush of the 1840s.  Online, the pioneers of ARPANET cleared the way for the NASDAQ gold rush of the late 1990s.  Millions of dollars were made (and lost) in just a few years.
• The early Internet and Wild West were both populated only by a small, self-selected group of pioneers who sought out adventure and fortune.
• Both started with dramatically gender-skewed populations, with more than five men for every woman at times–and as the frontier closed the gender ratio drifted back toward 50/50.
• Both the Internet and the original Wild West developed their own culture and manners.  A sense of self-reliance and libertarian beliefs dominated in both places—a sense that any group could make their own fortune if they simply pulled hard enough on their bootstraps.  In both places, the freedom to experiment was considered important enough to justify discarding many old laws and morals.
• Even the forms of vice on both frontiers are similar: sex, drugs, and gambling.  In the Old West, prostitution was readily available, despite some nominal prohibitions.  Online it was possible to find prostitution openly advertised on relatively mainstream sites like Craigslist.  Gambling halls are rightfully a western movie cliché, and the early 2000s boom in Texas Hold ‘Em poker was largely attributed to online gambling.  Even the drug of choice has not changed in 150 years—the old west was notorious for the availability of opium, and in the early days of eBay it was easy to buy opium for recreational use.

The Moment of Transition from Open Frontier to Integrated Part of Society

In the Old West, the lawless days of the “Wild” West frontier eventually came to an end.  As eastern society caught up to the original Old West pioneers, a culture clash ensued.  The gambling halls were shut down, prostitution was gradually regulated away in all but one state, and vigilantism was slowly replaced by formal law enforcement.  Old-timers bemoaned the loss of the wild frontier; newcomers welcomed the stability of formal laws and familiar law enforcement.

Online, we are in the midst of the same transition from lawless frontier to integration with society.  It has become routine to talk about government regulation of the Internet—ranging from “net neutrality” to Facebook privacy.

Looking again at vice, the government has started to shut down the most serious sex, drugs, and gambling.  To take just a handful of examples, online gambling in the United States was curtailed in 2006 when the CEO of online gambling site BetOnSports was arrested as he changed planes in Texas, and the SAFE Port Act effectively banned online gambling by U.S. residents.   The online sale of narcotics was deterred in 2003 when the DOJ cracked down on eBay opium sales.  And online prostitution went at least somewhat underground in 2008 when 40 state attorneys general demanded that Craigslist remove its “erotic services” section (the practical effect of this move has been limited, but there are already renewed calls for further regulation).

This transition in the way the Internet is viewed and regulated–from a place frequented only by self-selected pioneers to part of everyday life for almost all of the West–creates a natural time to reexamine existing laws and consider whether they still fit the new reality of the Internet.  Different countries have had the chance to experiment with different legal regimes online, and we’ve been able to watch how law shaped the growth of the Internet.

In particular, it’s a time to consider the difference between the legal regimes of open and closed frontiers.   Open frontiers are often characterized by self-reliance, self-defense, exploration of new norms, and informal law enforcement.  But the lax regulation of the Internet often comes at a great price: spam, scams, fraudsters, online lynch mobs, and more.  Closed frontiers are often characterized by increasing similarity to the “old” society (often formed by combining elements of old and new), increasing formality, and active law enforcement.

We’re at a tipping point for the Internet.  It started as a classic open frontier, with no almost no law and complete freedom to experiment. But society has caught up, and is demanding changes to make the Internet more like the rest of the world.  For scholars and activists, the question is simple: how to keep the best parts of the Internet while while successfully integrating with offline society?

Ultimately, the lesson from the original Wild West is clear: in the end, the Internet will not stay wild forever.  Instead, “offline” society and the Internet will meet somewhere in the middle, each taking something from the other.  Now is the time to consider how we can best shape the future of the Internet using what we’ve learned by watching the close of other frontiers.

Tomorrow: Why Section 230 of the Communications Decency Act of 1996 doesn’t work in 2010.

David Thompson is co-author of the leading Internet policy book of 2010, Wild West 2.0 (Amazon) and general counsel of ReputationDefender, Inc.. The standard disclaimer applies: the views represented here are his alone and not those of any current or former employer.

Ari David, who’s running for Congress against long-time incumbent Henry Waxman, raises an interesting and troubling free speech issue on his blog here. Apparently (taking everything he says to be factually correct) he hired some folks to create an iPhone app with text (not surprisingly) highly critical of Waxman — e.g.,

“HENRY WAXMAN… SUPPORTED Cap & Trade legislation that would have brought us $7 a gallon gas and as President Obama has stated would make electricity rates “necessarily sky rocket.”
VOTED TO CUT Medicare spending by a half a trillion dollars which would severely hurt seniors. . . .
TRIED to make over-the-counter vitamins and supplements prescription only . . .
TRIED TO STRANGLE family farms with insane Soviet-Style regulation . . .”

Apple, however, has turned them down, on grounds that the app is “defamatory.”

Does David have any legal recourse here? Probably not. The First Amendment, of course, does not grant him any free speech rights against private actors like Apple, and even if Apple is using the defamation rationale as a pretext for denying his application on purely political grounds (e.g., they like Henry Waxman), there’s nothing (that I know of, anyway) that would stop them from doing that. [David does make an interesting suggestion -- that Apple's actions constitute an "in-kind contribution" to Waxman's campaign, which if true would, I suppose, trigger various election law reporting/disclosure obligations).

It makes for a nice test case for one's views about the inapplicability of the First Amendment to private actors -- should Apple have some non-discrimination obligation when it comes to allowing people space on their app platform?
[And incidentally, I have a question that I bet some of you can answer for me. What does it mean, exactly, that Apple has rejected their app? I understand that it means that they won't offer it at their App Store -- but will it not function on anyone's iPhone unless and until Apple approves? Or if David were to distribute it himself -- off of his own website, say -- would it work as intended?]

If you’re interested, Jerry Brito over at SurprisinglyFree.com, has been doing a series of interviews with legal thinkers and entrepreneurs focusing on a variety of tech issues, and he’s posted a podcast of an interview he did with me a couple of weeks ago on Net governance issues - it turned out pretty well, I think, and those of you who find those issues of interest might find it useful and/or thought-provoking.

Bernard Kouchner, the Foreign Minister of France and a founder of Doctors Without Borders, has an interesting but somewhat unsettling op-ed in today’s New York Times. Entitled “The Battle for the Internet,” it’s a call to arms in

the battle of ideas . . . between the advocates of a universal and open Internet — based on freedom of expression, tolerance and respect for privacy — against those who want to transform the Internet into a multitude of closed-off spaces that serve the purposes of repressive regimes, propaganda and fanaticism.

It’s a subject dear to my heart, as you probably know; I, too, believe that preserving what the Center for Democracy and Technology aptly calls the “free, open, and innovative Internet” is of the deepest importance for the future — literally — of human society on the planet. I like where Kouchner’s coming from:

The Internet is above all the most fantastic means of breaking down the walls that close us off from one another. For the oppressed peoples of the world, the Internet provides power beyond their wildest hopes. It is increasingly difficult to hide a public protest, an act of repression or a violation of human rights. In authoritarian and repressive countries, mobile telephones and the Internet have given citizens a critical means of expression, despite all the restrictions.

He’s right about that – at least, I agree wholeheartedly. (Libertarian blogger Adam Thierer called my book about the Net “an extended love letter to both cyberspace and Jefferson,” and though I’m not entirely sure he meant it as one, I took it as a compliment. Though we academics are supposed to take the posture of ironic detachment from pretty much everything we encounter, I happen to think, and I’m happy to say to whomever is listening, that the Net is an astonishing achievement with the potential, only partly but tantalizingly realized to date, to become a true milestone in the history of human communication and a possibly unstoppable force for the spread of liberty and freedom around the globe. I realize (see Evgeny Morozov’s rather peevish piece in Foreign Policy, denying that the Net has been (or can be) a force for good in the world) that it has not instantly transformed everything it touches into the Earthly Paradise – but that’s a pretty high standard to hold it to.

And I’m certainly with him when he writes:

However, the number of countries that censor the Internet and monitor Web users is increasing at an alarming rate. The Internet can be a formidable intelligence-gathering tool for spotting potential dissidents. Some regimes are already acquiring increasingly sophisticated surveillance technology. If all of those who are attached to human rights and democracy refused to compromise their principles and used the Internet to defend freedom of expression, this kind of repression would be much more difficult.

The Net is under siege, and will require some serious work to keep it free and open. But somehow, I can’t work up much enthusiasm for Kouchner’s call to action:

Multilateral institutions like the Council of Europe, and nongovernmental organizations like Reporters Without Borders, along with thousands of individuals around the world, have made a strong commitment to these issues. No fewer than 180 countries meeting for the World Summit on the Information Society have acknowledged that the Universal Declaration of Human Rights applies fully to the Internet, especially Article 19, which establishes freedom of expression and opinion. And yet, some 50 countries fail to live up to their commitments.

We should create an international instrument for monitoring such commitments and for calling governments to task when they fail to live up to them. We should provide support to cyber-dissidents — the same support as other victims of political repression. We should also discuss the wisdom of adopting a code of conduct regarding the export of technologies for censoring the Internet and tracking Web users.

These issues, along with others, like the protection of personal data, should be addressed within a framework that brings together government, civil society and international experts.

It sounds a bit, to my ears, too much like asking the UN to run the Net (which, as readers of my work know, we tried once before, with notable lack of success).

Kouchner also makes me nervous when he begins his list of what the “enemies of the Internet” are up to this way:

Extremist, racist and defamatory Web sites and blogs disseminate odious opinions in real time. They have made the Internet a weapon of war and hate. . . . Violent movements spread propaganda and false information.

There are many threats out there to the free and open Internet, but I don’t regard “extremist, racist, and defamatory Web sites,” or “blogs disseminating odious opinions,” as among them. Although Kouchner has ringing words for freedom of expression — “Freedom of expression, said Voltaire, ‘is the foundation of all other freedoms.’ Without it, there are no ‘free nations.’” — somehow I think that his agenda is to the contrary. Freedom of expression without “extremist, racist, and defamatory web sites” and “odious opinions” is not freedom of expression — not in my book, anyway. Something tells me that when the “World Summit on the Information Society” gets its hands on the Net, true freedom of expression on the Net will not be high on their list of preferred outcomes.

So, on the one hand, I’m glad Kouchner has sounded the alarm; he ends his piece by declaring that “the defense of fundamental freedoms and human rights must be the priority for governance of the Internet. It is everyone’s business” and I think he’s right — importantly right — about that. But I think we need — rather desperately — alternate governance models to deal with this problem, alternate models that move in a direction away from the UN and towards something that better reflects the wishes and desires of the world’s people, not the world’s governments. It’s not going to be easy, though I’m working on it . . .

I just noticed this decision, from a few weeks ago — Burfoot v. May4thCounts.com (Va. Cir. Ct. Apr. 22) (Poston, J.):

Today the Court sua sponte vacates the Order of April 21, 2010. In that Order the Court granted plaintiffs Motion for Entry of a Temporary Injunction prohibiting the defendants from using a website entitled “May4thCounts.com” and ordered the removal of the website from the internet. The Court also directed the plaintiff to effect service of process on the defendants and continued the action for July 7, 2010, for further proceedings. Under the Injunction Order’s terms, the action will be advanced on the docket upon the motion of any defendant.

Continue reading ‘Virginia Circuit Court Opinion Issues Preliminary Injunction Shutting Down a Web Site, Reverses Itself the Next Day’ »