Marvin Ammori

[x-posted at Stanford Cyberlaw blog]

Earlier today the FTC released the proposed settlement agreement it reached with Facebook.

When it comes to online-privacy investigations, 2011 has been a busy year for the FTC. The FTC has settled landmark cases with other tech giants, including Google and Twitter. These efforts weren’t exactly unexpected. Ever since David Vladeck was named head of the Consumer Protection Bureau, the agency has insisted that tech companies do more to protect consumer privacy than post lengthy, unreadable privacy policies. With various data privacy bills making their way through Congress, several agency white papers and reports expected, and increased public awareness of online privacy, it is not surprising that the FTC would investigate Facebook. After all, Facebook has been in the center of several high-profile privacy controversies in the past two years.

The FTC’s action arose from several high profile issues. First, the FTC accused Facebook of having “deceptive privacy settings” regarding Apps in 2009. These settings were alleged to misrepresent users’ ability to block third parties from accessing their data. Facebook App companies could access information not only from the user who downloaded the App, but also from that user’s friends, often without the friends’ knowledge or permission.

Second, the FTC also disapproved of Facebook’s November 2009 privacy policy revision that made some features of users’ profiles—including name, picture, city, and friends list—public by default. According to the FTC, Facebook didn’t properly notify users of the change, nor properly get their permission for it.

Third, the FTC charged Facebook with sharing user information with advertisers after promising not to do so. This prompted several privacy groups to file a complaint with the FTC in late 2009.

In the settlement, Facebook made no admission of guilt but agreed to a comprehensive privacy program to focus on privacy risks that develop as a result of future Facebook developments and to ensure the protection of user data. This program will be subject to third-party evaluations every two years for up to 20 years. The evaluations will examine Facebook’s measures to safeguard user privacy and the measures’ effectiveness.

Further, Facebook is required to inform users and obtain their consent for any sharing of information that “materially exceeds” the user’s existing privacy settings. Also, Facebook must develop of procedures to ensure deleted data or data from deactivated accounts cannot be accessed by third parties.

Readers will note similarities with previous settlements. Both Twitter and Google also have comprehensive programs for 20 years, with evaluations every two years. Together, these three companies will likely have no choice but to become privacy leaders. Others in the market already look to the largest companies to determine the “best-practices” in privacy. Start-ups appear to cut and paste privacy policies from these companies, in determining their own.

Now that these companies’ practices are also subject to FTC consent orders, their practices may increasingly take on the stature of “government blessed” best practices, perhaps even safe harbors. It’s too early to tell. But we’ll find out over the next 20 years.

There’s an amazing story out of Kansas Missouri.*

A high school student criticized the Governor in a Tweet.

She was doing what any American has the constitutional right to do: criticize her government without punishment. The right is embodied in the First Amendment. It has been clarified by dozens of Supreme Court decision that say, if the First Amendment means anything, it means that Americans are free to criticize their elected officials. That right ensures free and fair debate before elections and respects the freedom of people to speak their mind in a free nation.

The Governor’s office notified her school. Her school gave her an assignment: write an apology by Monday.

Under one line of free speech jurisprudence, this assignment is ridiculously unconstitutional. You can’t force people to apologize for criticizing elected officials. It is a content-based restriction of the worst kind–a viewpoint-based restriction, targeting core political speech of a dissenter. If governments could go around making everyone write apologies for criticizing the President, every journalist at Fox News would have homework from now till the end of the Obama administration. (“I am sorry I called the President a socialist. I am sorry I said so many mean things about Obamacare … I mean Health Care Reform. I am sorry I was mean about Rahm Emanuel …”)

But there’s another line of cases, and this line has to do with the power of schools to control the speech of students. This power is fairly broad; schools can punish students (with detentions, for example) for speaking out of turn in class and (with bad grades, for example) for writing poorly. They can punish speech that causes disruptions. Schools need to educate and maintain order, but students are citizens with free speech rights.

The most famous cases about punishing student speech include the Bong Hits for Jesus case and Tinker v. Des Moines Independent School District. The Supreme Court found that political speech, like wearing an armband to protest the Vietnam War in Tinker, received greater protection that speech promoting drug use in the Bong Hits case.

This matter looks a lot more like Tinker for that reason alone.

Plus, schools should be teaching the importance of courage, critical thinking, independence, and willingness to challenge authority. By assigning the apology, probably unconstitutionally, and challenging the student to disobey the assignment, the schools is in fact teaching this lesson … only inadvertently.

*The NY Daily News initially made the mistake of situating the story in Kansas. This doesn’t surprise me. While I lived in Nebraska, half of my friends would ask, mistakenly, “How’s Kansas? … or is it Missouri?” This episode is in Missouri.

Last night, President Obama nominated Jessica Rosenworcel and Ajit Pai to seats on the five-member Federal Communications Commission. Their nomination was expected to an FCC that will have a full complement of three Democrats and two Republicans if both are confirmed.

Jessica is an exceptional choice. She is a Democrat nominated to replace Michael Copps, who is a hero to many of us who have worked on Internet and media issues. Jessica once worked for the same Commissioner Copps and has spent the past several years as the top telecom staffer in Congress. That means everyone who works on telecom and Internet issues has probably worked with her at some point in the past decade. From all reports, everyone has had the same experience with her that I have had. Everyone says the same sort of thing and they’re right: she is in fact absolutely brilliant, imaginative yet practical, and has deep and broad knowledge of policy and politics.

Ajit, a Republican replacing Meredith Attwell Baker, also strikes me as an exceptional choice. He too has both senior Hill experience and senior FCC experience, and has held senior positions in the DOJ and at a leading DC law firm. I worked with him when he served as deputy general counsel at the FCC under Chairman Kevin Martin. From that experience alone, it was evident to me that Ajit is super smart, a master of complexity, and thoughtful. At the very least, among other things, he is a great lawyer.

Kudos to the President on these nominations. And best of luck to both Jessica and Ajit in the confirmation process.

I want to highlight a bill recently introduced in Congress designed to promote entrepreneurship among military veterans.

The bill would enable veterans to use the educational benefits earned under the existing GI Bills to start a new business.

I like the bill for several reasons.

First, the original GI Bills meant to help veterans transition back to civilian life and to succeed as civilians, but college education is no longer the clear path to success for everyone in today’s economy. The numbers are almost depressing.  Nearly 14% of college graduates from 2006-2010 can’t find full-time work. According to the comments posted on We Are the 99 Percent, many of the graduates who do have jobs can’t make ends meet and have little job security. Those writing at Balkinization, generally law professors, have discussed not college but legal education. The writers have noted the same problems–it’s expensive, many students land loans not legal jobs, and employment numbers are low (and lower than law schools suggest, as Brian Tamanaha has often noted).

Peter Thiel, former CEO of Paypal and Facebook’s first outside investor, has called our education system a “bubble” and he pays (some exceptional) young people essentially to drop out of college and do something else meaningful.

Second, at the same time, entrepreneurship and new businesses tend to account for much of the nation’s job growth and real economic growth. Successful new businesses benefit the tax base, the local community, and the nation generally. Other countries, notably Israel, have benefited from veterans applying the skills they learned in the military to new ventures. (See Start-Up Nation.) We can learn from them. And this bill will not just fund new businesses, it could importantly foster a culture of entrepreneurship nationally.

Third, I think veterans should be able to choose how to use their benefits. It’s not an additional benefit, costing the government extra. Constraining the use of a benefit sometimes makes sense (think food stamps rather than cash, perhaps for cigarettes). But a veteran should be allowed to determine whether to risk an earned benefit on starting a new business or to risk it on a college education. It’s a complex decision, involving the value of being in the job market now, and the risk aversion of the veteran. If we trust veterans with defending our country, we might trust them to make decisions about their civilian futures with benefits they have earned.

Finally, starting a business provides another kind of education, and one that people need. Americans aren’t taught much about managing our money, investing, creating businesses, or marketing. We have classes on history and physics from an early age, but little on managing money or creating a business. (After having received no education in high school about managing money, we’re then given credit cards and college loans.)  I think a veteran can “fall back” on the skills and contacts they’ve learned in a failed business (which are substantial) as much as they can fall back on many college educations.

The bill imposes some risks, of course. But there are always risks; the question is whether the risk is worth the reward. Everyone agrees we can’t just hand out money to every veteran business idea. And training and non-monetary support should complement the funds. And many businesses fail, and veterans should understand the risks. But the rewards seem to outweigh these risks.

The bill is called the Veterans Entrepreneurial Transition (VET) Act of 2011 and is available here. Sponsors are Jeff Fortenberry (R) and Bob Filner (D). The vision comes from a tiny group called the Patriot Enterprise Project.

Several veterans groups (and other groups) support the bill, several don’t. I’m open to being convinced that the bill is a bad idea, and am curious what others think. But my initial reaction is that our government should pursue this bill.

At the least, I commend the sponsors for starting a dialogue and introducing a creative and practical bill–one designed to address many issues, to directly affect the lives of veterans, and to promote entrepreneurship across the nation.

Paul Graham, the now-legendary founder of Y Combinator, has posted on start-up hubs. He observes that cities don’t kill start-ups. Start-ups are likely to die. It just so happens that some cities are fertile ground for start-ups. Start-ups are more like Carmenere grapes than weeds: they tend to grow best only in areas with particular, specific conditions. For start-ups, the presence of others involved in (or showing respect for) start-ups matters.

Environment

I think there are two components … being in a place where startups are the cool thing to do, and chance meetings with people who can help you. And what drives them both is the number of startup people around you.

In other places, as Paul says, “if you start a startup, people treat you as if you’re unemployed.”  The whole post is worth reading.

Paul has addressed similar questions earlier, such as how to be another Silicon Valleys, whether a Silicon Valley can be “bought” or planned, the differences between NYC and Silicon Valley, and why you should move to a start-up hub.

Interesting development in Europe, as told by our friends at La Quadrature du Net.

No Privacy Without Net Neutrality

*** Brussels, October 12th, 2011 – In a ground-breaking opinion on Net neutrality, the European Data Protection Supervisor stresses that restrictions to Internet access inevitably harm privacy. As the European Parliament enters in the final stage of the negotiations on its resolution on Net neutrality, this opinion underlines that the EU Commission’s “wait and see” approach is bound to fail and is unjustifiable. Members of the EU Parliament must preserve citizens’ privacy by requiring strong regulatory measures to ban discrimination of online communications. ***

In this opinion on Net neutrality [1], the European Data Protection Supervisor (EDPS) makes clear that the protection of Net neutrality is necessary to ensure the confidentiality of communications.

According to the EU privacy watchdog, traffic management practices that are not strictly necessary to ensure the network’s security or integrity amount to a global monitoring and inspection of users’ communications, thereby undermining privacy.

To respect current data protection laws, the EDPS stresses that users must give explicit consent to their Internet communications being monitored and restricted. It further stresses that users should always have the choice between a restricted offer and neutral Internet access, without being imposed higher costs by telecom operators.

These conclusions blow in pieces Commissioner Neelie Kroes’ “wait-and-see” approach based on “transparency” [2] in contracts is enough to protect users against restrictions of their Internet access.

“The EDPS demonstrates that any discrimination between Internet services, protocols, sources or contents imposed by telecom operators inevitably hurts the confidentiality of communications. It is therefore the duty of the Members of the EU Parliament to protect privacy by departing from Commissioner Kroes’ failed “wait-and-see” approach. The Parliament must require concrete legislative measures to ensure Net neutrality, therefore protecting EU citizens privacy, freedom of expression, as well as innovation and competition online”, concludes Jérémie Zimmermann, spokesperson of the citizen adovacy group La Quadrature du Net.

** Key quotes from the EDPS opinion **

Net neutrality violations harm privacy: “Inspection techniques based on traffic data and inspection of IP payloads, i.e. the content of communications, may reveal users’ Internet activity: websites visited and activities on those sites, use of P2P applications, files downloaded, emails sent and received, from whom, on what subject and in which terms, etc. ISPs may want to use this information to prioritise some communications, such as video on demand, over others. They may want to use it to identify viruses, or to build profiles in order to serve behavioural advertising. These actions interfere with the right to the confidentiality of communications”. (§78)

Failure of mere transparency: ” Individuals’ consent would not be freely given if they had to consent to the monitoring of their communication data in order to get access to a communication service. This would be even more true if all providers in a given market were to engage in traffic management for purposes that went beyond security of the network. The only option left would be not to subscribe to an Internet service at all. Given that the Internet has become an essential tool both for work and for leisure purposes, not subscribing to an Internet service does not constitute a valid alternative. The result would be that the individuals would have no real choice, i.e. they would not be able to freely give consent”. (§55)

Access to neutral Internet is crucial: “The EDPS considers that there is a clear need for the Commission and national authorities to monitor the market, particularly to ascertain whether this scenario – i.e. providers linking telecommunication services to communication monitoring – becomes mainstream. Providers should offer alternative services, including an Internet subscription not subject to traffic management, without imposing higher costs to individuals”. (§56)

Recommended policy steps: “(…). From a data protection and privacy perspective, the scenario where ISPs engage on a routine basis in traffic management policies offering subscriptions based on filtering access to content and applications, would be highly problematic. If this were ever to happen, legislation would need to be put in place to address this situation”. (§84). Note: Actually, evidence suggests that telecom opertors already engage in such harmful practices. See the reporting platform RespectMyNet.eu

* References *

1. http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2011/11-10-07_Net_neutrality_EN.pdf

2. The recently revised Telecoms Package states that operators should inform users about access restrictions. This “transparency” has been taken as a pretext for inaction by pseudo liberals. According to them, citizens can “vote with their feet” and choose between different restricted offers. The EDPS just proved that this approach fails to respect EU privacy law.

The sixth Singularity Summit is this weekend. The Summit is a TED style conference of 700 scientists, engineers, businesspeople, and technologists discussing issues pertaining to the Singularity. The Singularity is that point in time when computer intelligence exceeds human intelligence. The concept was set out in a 1993 article by Vernor Vinge, and popularized by Ray Kurzweil and others. In the words of Time Magazine, the Singularity isn’t science fiction: “no more than a weather forecast is science fiction. … it’s a serious hypothesis about the future of life on Earth.”

The Summit this weekend promises to be amazing. The list of speakers range from Peter Thiel and Ken Jennings to Stephen Wolfram. Several speakers will discuss “Watson,” the computer that took on Jeopardy! champ Ken Jennings and defeated him.

Watson also defeated every member of Congress it faced other than New Jersey Democrat Rush Holt.

And the good Congressman brings me to the point of this post: what happens to government after the singularity, when computers can beat even Rush Holt?

By definition, the singularity means that machines would be smarter than us, and, in their wisdom, they can innovate new technologies. The innovations would come so quickly, and increasingly quickly, that the innovation would make Moore’s Law seem as antiquated as Hammurabi’s Code.

In the face of all this innovation, we can ask: should government have innovation policies after the singularity?

Today, the US does a lot today to promote innovation. In theory, antitrust law takes innovation into account, as do telecom and Internet policy, energy policy, and so on. The government has small business benefits and has programs to promote entrepreneurship. The tax code also provides deductions for research and the government funds basic science research in health and technology, through universities, direct grants, and federal entities from DARPA to In-Q-Tel.

But today innovators, subject to such regulations and subsidies, are mere mortals. Even with private-sector mortals, there is a question whether government officials, and the institutions in which they must operate, are competent to judge and encourage private-sector innovation, rather than stifle it.

That question becomes more acute when mere mortals try to regulate and encourage innovation engineered not by other mortals but by superior computer intellects. What laws could a John Kerry Jr., future head of the Internet subcommittee, propose in the post-Singularity world? He would need one of two things to legislate: a supercomputer lobbyist helping his staff draft sound legislation or a supercomputer staffer working for him.

Both are problematic; both could outsmart the good Senator and advance their own interests over those of the Senator or his constituents. The supercomputer lobbyist would do so for obvious reasons–to advance its own client’s interests. The supercomputer staffer has other reasons, but similar ones. Many staffers today are looking out for their next job while staffing Congress, and that next job is as a lobbyist, so staffers may curry favor with existing lobbyists. There’s no reason to think supercomputer staffers would be any different in their motivations (they’d just be smarter about hiding it). All the public choice literature and theory on regulatory capture points in this direction–and will point even more strongly once supercomputers devise even stronger economic models supporting them.

At this point, we could simply abandon innovation policy or try another plan. Abandoning innovation policy is dangerous: what if one supercomputer group obtains a monopoly and engages in anticompetitive behavior to keep that monopoly? That would slow down innovation. What if some supercomputers start using the patent system to stifle the innovations of other supercomputers, refusing to license broad patents granted by simpleton humans and suing everyone with similar technology. Clearly that would stifle innovation, and then some patent reform would be necessary as a matter of innovation policy.

So, rather than abandoning an innovation policy, we could adopt another plan. We could simply put the supercomputers in charge of the government too.

The Singularity Government may (not) be a brilliant idea. The Singularity Summit definitely is. It couldn’t come soon enough.

Last week, Harvard’s Lawrence Lessig released a long-awaited book Republic, Lost: How Money Corrupts Congress—and a Plan to Stop It.

Lessig is the Steve Jobs of law professors. Not only do both have devoted fans for their legendary public keynotes, both also present revolutionary, original ideas in simple packages accessible to all. While Steve Jobs used novel and simplifying insights to introduce the personal computer to the masses in 1984, Lessig has taken some of the most arcane and complex legal concepts and turned them into mainstream ideas. He did this with Internet law, privacy, and copyright in his first book in 1999, Code—a book that remains the bible of Internet lawyers. His third book, Free Culture, inspired a movement on college campuses for more balanced copyright policy. And, on a personal note, his second book, The Future of Ideas, helped shape the network neutrality debate and spectrum policy debates, and (on a personal note) was what first inspired me to pursue technology policy over a decade ago. Lessig himself has been involved in activism, starting an organization to change Congress, serving on the board of many activist groups (including one for whom I was the head lawyer).

In 2008, Lessig began work on an important new project affecting something that–like restrictions on Internet speech–affects our ability to solve all of our nation’s other problems. That project focuses on corruption, specifically the political corruption that has produced perverse legislative results and has shaken many Americans’ faith in our democracy. The timing of Lessig’s book seems perfect: just a few weeks into the continuing #OccupyWallstreet protests and a short year after the first election in the shadow of Citizens United, this book set out both what’s causing the anger and what to do about it. And he clearly, almost heavy-handedly, frames theses issues for audiences on both the right and the left.

Republic, Lost is divided in three major parts. In the first, Lessig gives examples of what he calls “silly” legislative outcomes (meaning those that result in wealth transfers, poverty, and sickness) that seem to have no other logic than the will of campaign contributors and big-corporate lobbyists. Consider one we all know: our economy collapses because of skewed incentives for the financial industry and Congress does next to nothing, as Wall Street sends an army of lobbyists and makes huge contributions. He asks, over and over, not whether money led to the silly outcome, but whether most Americans (the reader included) would believe that money did so. That is, do the vast sums of money sloshing around DC undermine our trust in our democracy?

The second major part sets out to prove that, yes, the money does influence outcomes. Lessig calls that corruption. He defines a corruption that is not “quid pro quo” but is instead a “dependence corruption.” According to Lessig, the Founders framed our constitutional system so that Congress would be dependent on the people alone. Our current system makes Congress dependent on campaign contributors and lobbyists, who act as conduits for cash in a “gift economy.” Lessig details how that dependency on cash interferes with the Congress’s dependence on the people alone. And, though Lessig emphasizes that he cannot prove money’s influence on legislative votes, there is some evidence of money’s influence up and down the legislative process, from agenda-setting to oversight hearings. He then sets out arguments for why dependence corruption undermines the left’s agenda as well as the right’s–essentially, with our current campaign financing system, government will continue to get bigger and laws more complex, no matter who wins elections.

This picture, which I saw elsewhere but helps capture the heart of Lessig’s argument to the right, explains where the left and right should agree. The left distrusts big corporations, the right distrusts big government, but big-corps and big-govs work hand-in-hand to increase one another’s power.

The third major part sets out potential solutions, setting out (1) laws that Lessig believes will fail to cure our problems, (2) those that would address our problems but can’t be enacted under the current system (because politicians who benefit from the current system will not reform it), and (3) those that would both address our problems and have a shot (if a long shot) of being enacted. Most famously, Lessig calls for a constitutional convention to strike at the root of our public corruption problem.

I have a few quibbles with the book. For example, I wish that there was more discussion of other countries and how they manage to address dependence corruption, whether successfully or not. Such comparative analysis could inform the scope of our problem and the potential of our solutions.

That said, the bottom line is this:  Republic, Lost is awesome. It’s worth reading. Read it. Talk about it. Recommend it to others. Order it immediately as though it was the iPhone5 you’ve been waiting so long for.

But then use it as a guide for action.