Cybersecurity Panel

Cybersecurity Panel

I spoke a few weeks ago in NYC at the Louise Blouin Foundation’s Creative Leadership Summit on a panel about cybersecurity. I emphasized the importance of privacy safeguards and trust.

 

cyber_security_24E_62

Filtering the Internet is Still a Bad Idea: DCA, ABC, and Steroid Searches

A few days ago, ABC News ran an “investigative” piece called “Group Probes Ease and Danger of Buying Steroids Online.” ABC describes the “group” at issue as “an online watchdog,” the Digital Citizens Alliance. That group determined that some of the millions of available YouTube videos encourage steroid use and that YouTube (which is owned by Google) places ads next to steroid-related videos and search results. They argue that Google and YouTube should be held legally responsible for any illegal content linked or posted.

ABC News could have told the story differently: A Microsoft-backed group led by a public relations firm (but named for an “alliance” of “citizens”) is holding Google & YouTube to a standard that Microsoft fails, while effectively arguing for filtering of the Internet, through appeals to the emotional issue of teenage steroid use.

Let’s begin with the big picture and move to the details of this group. 

Filtering the Internet is a terrible idea, even to stop illegal drug sales.

It is awful that teenagers turn to any illegal drugs. But perspective is needed. We know some teenagers buy drugs at school; we don’t shut down schools, we don’t search every student, we don’t monitor everything they say, we don’t require them to get permission from an adult before speaking with one another. We engage in education efforts and responsive actions. We also know that people will use the Internet to communicate about everything from coordinating a democratic revolution and reporting government corruption to idle chit chat to illegal activity.

The Digital Citizens Alliance is actually arguing for a filtered Internet. DCA claims that companies should be liable for any illegal content shared on a site. If Twitter, Google, Facebook, Yahoo, and others were guilty of the acts of all the slanderers, copyright infringers, fraudsters, conspirators, and drug pushers on their sites, then they would have to filter all the content on their sites. With a billion users, if even 0.1% of them are wrong-doers, then a platform would be liable for one million wrong-doers. They wouldn’t be able to take on the risk of legal action for all those potential wrong-doers. That means these companies would have to filter content in advance. The Digital Citizens Alliance cannot mean that companies simply have to act quickly and take down illegal content once notified; these companies all take down content when it is reported or flagged for violating their terms of service forbidding illegal activity.

The existing rules strike the right balance. For the past 2 decades we have had a set of rules to ensure freedom of expression online while limiting illegal activity. Those rules generally enable companies like Twitter, Facebook, Google, and the New York Times online to carry the speech of millions or billions of people empowering all of us to publish and comment–through tweets, posts, pages and videos, or comments on stories. They are able to carry the speech of so many people because they are not guilty for all illegal content posted by every single person. (The laws include the celebrated 230 of the Communications Decency Act and also 512 of the Digital Millennium Copyright Act.)  Instead of these companies being liable, the actual wrong-doers are responsible: the slanderers, the sites that traffic in drugs, etc. Recently, the authorities busted an online drug bazaar and a child prostitution ring without having to change the Internet’s magna carta and make tech platforms liable for all the content on their sites. If they were liable, these companies simply would not be able to act as platforms and networks for billions of people. They would have to filter all content in advance and become editors of their platforms, closing opportunities for average speakers.

Companies like Google make huge efforts to remove illegal content. Most platforms for the speech of billions of users have to rely in part on users flagging or reporting content. It’s far more effective and respectful of free expression than attempts to filter through computer algorithms. Go to Twitter: you can “report” every tweet. Check YouTube: every single video has a flag icon. Every piece of content on Facebook can be reported. Considering the number of users and content shared, this flagging is essential. I wrote about this in some detail here. More briefly: one-hundred hours of video are uploaded to YouTube every single minute and that much content can’t be filtered in advance without requiring YouTube to to limit who can post. Googles search engine includes trillions of sites and reflects the web; Google can’t filter them all and shouldn’t have to. In one month alone, however, Google processed over 18 million requests to remove URLs from its search results based on copyright concerns and removed removed 97% of the requested URLs from July 2011 to December 2011. Google also makes efforts to ensure ads are not placed alongside illegal content. (I provide the sources in the other post.)

The Digital Citizens Alliance is a Microsoft-backed group, which is the only reason Microsoft is not their target.

This is an old story. The story is Microsoft’s ongoing strategy of attacking Google in slanted advertisements and through political PR efforts. It’s also the story, it seems, of the copyright industry, which has long argued, in various ways, for pre-filtering all content, including when it attempted to push an infamous censorship bill called SOPA.   

DCA is backed by Microsoft and not a citizens alliance. 

The Digital Citizens Alliance is not an actual alliance of citizens, but instead is known to be backed by Microsoft. Techdirt called DCA an obvious “astroturf” group not a real “grassroots” group. Two of DCA’s three staff members are employees of the DC public relations firm, 463 Communications (Tom Galvin and Dan Palumbo), and the other is also in PR. That is not the makeup of, say, the ACLU, EFF, or Consumers Union, or a legitimate consumer group. The alliance’s advisory board includes someone from the Alliance for Competitive Technology, an organization that receives over a million dollars from Microsoft every year. I live in DC and know folks at 463, ACT, and Microsoft–in fact I even like all of them I know. It’s just that it’s obvious to me and anyone in DC: an organization with this backing and structure is not an online watchdog or an advocacy group but a corporate PR vehicle. 

This close connection with Microsoft explains why DCA has not attacked Microsoft for the same exact things. In fact, if you do a Microsoft Bing search for “buy steroids,” you will see that ads accompany the results, but you will not for the same search on Google.

It’s understandable why something might fall through the cracks on Bing: the Internet is a big place with trillions of sites and billions of real human users who do things that are sometimes unsavory. It is impossible to police them all in advance and requiring them to do so would undermine free expression and change the nature of the Internet. The Digital Citzens Alliance should let Bing know about this issue. But that’s clearly not the intent of the alliance. It’s not around to actually make the Internet a safer place, just to be part of a PR attack on a specific company.

Disclosure: I advise several companies, including Google, on free expression law and public policy.

Tagged , ,

The Internet as Metaphor

I am old enough to remember when we had trouble explaining the Internet. It was 1994 or 1995, and everyone was talking about America Online. When telling someone a web address, people would say, “Go to h, t, t, p, colon, slash, slash, w, w, w, dot.” People didn’t even know how to pronounce @ or explain the Internet.

To explain the Internet, we’d use metaphors and analogies. It’s like TV, kind of. It’s like a printing press for everyone. A computer billboard. Electronic mail. It’s one to one and one to many and many to many, unlike TV which is one to many and phone which is one to one.

For the past few years, the Internet is so embedded that we now use even websites as metaphors for other websites: “it’s like Uber, for food,” “it’s like Airbnb, for dogs.” Even our understanding of the brain’s neuron networks seems to borrow heavily from a metaphor to computer networks.  Essentially, it’s so familiar that we intuitively understand it, and have to make sense of new things by reference to the old and familiar–the Internet.

Recurring Myths about the Legal Obligations of Online Platforms

In recent months, some copyright holders, pharmaceutical companies, and  state attorneys general have made allegations against Internet companies that help users find and share information. In short, they claim that because some users engage in copyright infringement, sell counterfeit products, or otherwise encourage potentially criminal activity on the Internet, the users’ Internet platforms should be held responsible for these misdeeds. That is, Google should be punished for any user’s copyright infringement on YouTube, Facebook for any user’s harassing post, and Twitter for any user’s slanderous tweet. According to the critics, that is, these companies should screen all users’ speech and take on the role of editors or publishers, rather than being open platforms for the speech of millions.

Many of these allegations focus exclusively on the biggest company in the space, Google, even though Google already invests considerable resources in reducing infringement, counterfeiting, and unlawful activity on its platforms. One state attorney general accused Google of “a failure to stop illegal sites from selling stolen intellectual property,” as though Google has the obligation or even the ability to stamp out copyright infringement on every “site” on the Internet.

For those who follow Internet policy, these types of arguments should sound familiar, stale, and still misguided. These arguments have failed repeatedly in federal courts, Congress, and the court of public opinion. One wonders why, like zombies in a classic horror movie, these arguments just keep coming back from the dead.

As recently as 2011, some in Congress supported a now-infamous bill called SOPA designed to target Internet intermediaries for their users’ copyright misdeeds. SOPA’s co-sponsors also targeted Google and similarly served on committees focused on intellectual property—committees that often show an unbalanced attentiveness to the copyright industry’s concerns over those of average users and over important principles of free speech more generally.

To ensure digital platforms for user expression, Congress has wisely held that speech platforms should generally not be guilty of their users’ misdeed. Congress has done so through established and widely praised laws such as section 230 of the Communications Decency Act and Section 512 of the Digital Millennium Copyright Act. Courts have construed 230 of the CDA “broadly in all cases arising from the publication of user-generated content.”

Nonetheless, every few years, we see attempts to undermine intermediary immunity. While many such attempts might be well-intentioned  they are deeply flawed and would threaten the Internet’s role as an engine of free expression for hundreds of millions of Americans.

In this post, I respond to the recent allegations by rights-holders and state attorneys general. These critics mistakenly accuse companies of turning a blind eye to users’ potentially illegal behavior on search engines and video platforms. They also advance legal claims that technology platforms should be liable for any abuse on any of its services, despite a lack of support for such claims in the case law (and considerable support for the opposite position). As many of these arguments are specific to Google, I reply to those arguments and explain how my responses apply more broadly to other Internet companies.

Continue reading

American Cloud Firms Suffer From Customers’ PRISM Fears

Fallout from the NSA PRISM revelations continues, and American cloud providers may be one of the groups paying the price. Jaikumar Vijayan writing for ComputerWorld reports on how European customers are reacting:

A Cloud Security Alliance (CSA) survey found that 10% of 207 officials at non-U.S. companies have canceled contracts with U.S. service providers following the revelation of the NSA spy program last month. The alliance, a non-profit organization with over 48,000 individual members, said the survey also found that 56% of non-U.S. respondents are now hesitant to work with any U.S.-based cloud service providers.

In the full survey, more than half of 456 representatives of companies in the U.S., Europe and Asia said they are less likely to use American cloud service providers because of concerns over U.S government access to their data.

Yesterday’s cnet story from Declan McCullagh about the federal government seeking user passwords from tech companies will further exacerbate the situation:

“I’ve certainly seen them ask for passwords,” said one Internet industry source who spoke on condition of anonymity. “We push back.”

A second person who has worked at a large Silicon Valley company confirmed that it received legal requests from the federal government for stored passwords. Companies “really heavily scrutinize” these requests, the person said. “There’s a lot of ‘over my dead body.’”

The companies’ zeal for protecting user privacy aside, customers are undoubtedly more concerned than ever about the security of the information they entrust to American firms.

In a Politico oped in March, Marvin and I warned of how American surveillance laws could lead to a situation in which American businesses suffer economic harm due to privacy concerns of their users:

Many foreign companies are converging toward a common argument for why they’re better than their American competitors. It’s not that the foreign-made technology is better, more resilient, or more ubiquitous, nor that the foreign companies are more innovative or better managed. They compare not their businessmen but their politicians. They argue simply that American laws undermine any American product — that these laws fail to protect privacy of personal or business information of all users. This argument works partly because consumers claim to “avoid doing business” with companies they don’t trust to protect their privacy.

While this business argument exaggerates the problems with American privacy law, it should still concern policymakers, who unwittingly help less innovative foreign companies compete by providing a germ of truth to foreign privacy concerns.

Sadly new developments continue to confirm these warnings. Our concerns aren’t meant to malign the motives of our intelligence agencies or  diminish their efforts to protect the security of the United States. On the contrary, the need for intelligence collection to safeguard the country from foreign threats is clear and justified. But the revelations of late are having a detrimental effect on American businesses, the full implications of which remain to be seen.  As members of Congress debate whether to impose limitations on the intelligence gathering capabilities of our national security agencies, they should carefully consider the harm befalling American businesses, and weigh that harm in their decision-making process.

WordPress Blogging With Google Glass–in Iceland

I am going on vacation in July this year and will be traveling around Iceland.

On this trip, I will be taking photos with Google Glass and automatically posting them from Glass to this WordPress site. I am sure you are wondering how that’s possible.

For my trip, my partners at Silica Labs decided to build the first WordPress integration for Google Glass. This will make it possible for me to directly blog from Glass to WordPress, sharing photos and text directly from the device to a blog. (Already, a Google Glass user can directly share to Facebook, Tumblr, and Twitter, thanks to apps developed by those companies.)

I think the Glass-Wordpress integration can help people tell the stories of their travels and journeys.

I am a huge fan of WordPress and of Google Glass, so I’m glad we have integrated the two. Silica Labs has been working with media companies like National Geographic, and Glass integration with WordPress should provide a useful tool.

I think the photos from Glass will be cool. I’ve been to Iceland before and took some of the best photos of my life there. It has volcanic ash beaches, interlocking bays, mountain ranges, and geothermal pools evoking an almost alien beauty. You feel like you’re in a movie about another planet or an ancient realm. Here, look:

iceland lunar

Fred Wilson: The Economic Case For Privacy

In June, venture capitalist Fred Wilson of Union Square Ventures spoke with WSJ reporter Spencer Ante about mobile technology and other topics at SourceDigital2013.

At around the 3:30  mark, the conversation turns to privacy in the wake of the NSA surveillance scandal. Wilson says:

I would hope that the people who worry about business interests in our government are fighting with the people who are worried about national security interests and having a debate about this specific issue, because if Western Europeans stop using Dropbox because they’re afraid the US government is able to see everything they put in their Dropbox, they may start using a service that’s based in Iceland or Sweden or Germany or France or something like that. That’s going to be really bad for Dropbox. It wouldn’t surprise me that some of that will happen. How much of it is a bigger question, right? So many people are upset about this at some level, but the question is whether people will change their behavior.

Back in March, Marvin and I made a similar case in Politico, arguing that privacy is not only a civil liberties issue but also an economic issue. We also warned that policymakers are helping foreign competitors win customers from American companies:

Other nations exaggerate the flaws in our privacy laws to edge out American tech companies for both enterprise and personal users. Our lawmakers are doing them a favor by casting a black cloud of legal uncertainty over our own industry and refusing to fix the most obvious problems. Now is the time to act.

An article on Politico this morning suggests that the NSA scandal may be waking up Congress to this issue, possibly to a strong enough degree for action. If policymakers want to ensure American tech companies remain competitive, they’ll need to swiftly pass legislation to protect privacy.

Follow

Get every new post delivered to your Inbox.

Join 49 other followers