January 2010 | Volume 119, Issue 4

On Tuesday, March 23, 2010, The Yale Law Journal Online will join with the Yale Law School Supreme Court Advocacy Clinic to host the concluding segment of “Important Questions of Federal Law: Assessing the Supreme Court’s Case Selection Process.”  The panel will bring together federal judges, members of the legal academia, [...]]]>

January 2010 | Volume 119, Issue 4

On Tuesday, March 23, 2010, The Yale Law Journal Online will join with the Yale Law School Supreme Court Advocacy Clinic to host the concluding segment of “Important Questions of Federal Law: Assessing the Supreme Court’s Case Selection Process.”  The panel will bring together federal judges, members of the legal academia, and practitioners to discuss potential reforms to the Supreme Court’s certiorari process. All events will be held at Yale Law School’s Sterling Law Building in New Haven, CT. Please click here for more information.

IMPORTANT QUESTIONS OF FEDERAL LAW
Yale Law School | New Haven, CT | March 23, 2010

Panel I: The Judge’s Perspective: Is the Court Taking the “Right” Cases?
4:10pm‐5:30pm, Room 129

Moderator: Linda Greenhouse (Yale Law School)
Panelists:
The Honorable José Cabranes (2d Cir.)
Drew Days (Yale Law School)
The Honorable Brett Kavanaugh (D.C. Cir.)
The Honorable Sandra Lynch (1st Cir.)

Panel II: The Practitioners’ Perspective: What Makes An Issue “Important” to the Court?
5:40pm‐6:55pm, Room 127

Moderator: Charles Rothfeld (Mayer Brown LLP and Yale Law School)
Panelists:
John Elwood (Vinson & Elkins LLP)
Orin Kerr (George Washington University Law School)
Patricia Millett (Akin Gump LLP)
Judith Resnik (Yale Law School)

Crucial to our access to the Internet is our continued adherence to the end-to-end principle.  As legal scholar and computer scientist Barbara van Schewick explained in her Opening Statement at the FCC’s Workshop on Innovation, Investment, and the Open Internet, the “network was designed to be as [...]]]> According to a poll sponsored by the BBC World Service, four in five adults in more than 26 countries believe that Internet access is a fundamental right.  The poll asked more than 27,000 adults about their attitudes towards the Internet and found that 87 percent of regular Internet users agree that access should be a “fundamental right of all people.”  More than 71 percent of non-Internet users felt that they should have the right to access the global network.

Crucial to our access to the Internet is our continued adherence to the end-to-end principle.  As legal scholar and computer scientist Barbara van Schewick explained in her Opening Statement at the FCC’s Workshop on Innovation, Investment, and the Open Internet, the “network was designed to be as general as possible in order to support a wide variety of applications with different needs.  So when a new application comes along, the network doesn’t have to be changed to allow the application to run.  All the innovator has to do is write the program that runs on a computer attached to the Internet.”  As van Schewick notes, the low cost of developing new applications has enabled the creation of eBay and Skype, even though many questioned those applications’ ability to succeed in the marketplace (who would buy goods through online auctions?) or their plausibility (network engineers didn’t initially think internet telephony was possible).

Now, however, sophisticated technology is available that “enables network providers to identify the applications and content on their network and control their execution.”    According to van Schewick, the “original Internet was application-blind,” but “today’s Internet is not.”  This matters to access and innovation.  Although a programmer may have a great idea for a video platform that will revolutionize the way people watch television, cable providers could squash it.  They could block the inventor’s application or slow it down.  Why would they do that?  As van Schewick explains, maybe the application competes with theirs, maybe they want a share of the inventor’s profits, maybe they don’t like the content, or maybe the application is slowed down to manage bandwidth.  Whatever the reason, the network provider can ensure the failure of the inventor’s project, chasing away potential investors and other inventors.  In the end, this risks the diversity of innovation and its concomitant societal benefits.  If network providers “pick winners and losers on the Internet, if they decide how users can use the network, users may end up with applications that they would not have chosen, and may be forced to use the Internet in a way that does not create the value it could.”

In short, our failure to commit to network neutrality, to permit discrimination among applications, has a deep impact on what people now believe is their fundamental right.  van Schewick closed her Open Statement with a telling story.  She asked if the audience had tried to explained to their partners’ grandparents why they should get the Internet.  She explained that she had and noted that she didn’t say: “Grandma, you have to get the Internet?  It’s cool!  It lets you send data packets back and forth.”  “No, I said: ‘If you get the Internet, you can call us and see your grandchildren on the screen.  And if we have new pictures, you’ll be able to see them immediately after we send them.  And you can read about everything you can possibly imagine’ . . . “  Thus, by “protecting the factors that have fostered application innovation in the past, we can make sure that the Internet will be even more useful and valuable in the future.”

In connection with the DU Law Review’s Cyber Civil Rights symposium, participants published short, engrossing pieces, which are now posted at DU Process.  Here is an overview of the papers and layout:

Part I: Contextualizing Online Harassment

Danielle Keats Citron, Cyber Civil Rights: Looking Forward; Mary Anne Franks, The Banality of Cyber Discrimination, or, the Eternal Recurrence of September; Helen [...]]]> Denver University Law Review recently rolled out its online companion, DU Process, which focuses on three areas. First, the forum extends the Law Review’s annual 10th Circuit Survey issue by posting detailed summaries of recent 10th Circuit decisions. Second, it periodically hosts online symposia discussing pressing legal issues. And finally, it previews the forthcoming print issues by posting summaries of our upcoming articles

In connection with the DU Law Review’s Cyber Civil Rights symposium, participants published short, engrossing pieces, which are now posted at DU Process.  Here is an overview of the papers and layout:

Part I: Contextualizing Online Harassment

Danielle Keats Citron, Cyber Civil Rights: Looking Forward; Mary Anne Franks, The Banality of Cyber Discrimination, or, the Eternal Recurrence of September; Helen Norton, Regulating Cyberharassment: Some Thoughts on Sexual Harassment 2.0;  Nancy Ehrenreich, Cyber Sexual Harassment: Thoughts on Citron and Franks.

Part II: The Privacy Problem

James Grimmelmann, The Unmasking Option; Christopher Wolff, Accountability for Online Hate Speech: What Are the Lessons from “Unmasking Laws?”; Jacqueline D. Lipton, Online Social Networks and Global Online Privacy; John Soma, Perspectives on Online Privacy: Comments on Lipton, Grimmelmann, and Wolff

Part III: How to Regulate?

Paul Ohm, Breaking Felten’s Third Law: How Not to Fix the Internet; Viva Moffat, Who to Sue?:  A Brief Comment on the Cyber Civil Rights Agenda; Eric Goldman, Unregulating Online Harassment

Thanks, Danielle, for inviting me to expand on my comment yesterday on your post on the Google Buzz story. Google Buzz has been obviously been all over the news lately, in part for various complaints about Google’s privacy practices. Those complaints have focused on the way in which Buzz, enrollment in which was automatic for Gmail users, initially defaulted to effectively sharing users’ email contacts with the public. EPIC has filed a complaint with the FTC arguing that this combination of automatic enrollment and “opt-out” [...]]]> Guest blogger Professor Bruce Boyden has terrific insights on all things technology and law and so I invited him to comment on the Children’s Online Privacy Protection Act and its impact on the Google Buzz phenomenon.  So here is Professor Boyden:

Thanks, Danielle, for inviting me to expand on my comment yesterday on your post on the Google Buzz story. Google Buzz has been obviously been all over the news lately, in part for various complaints about Google’s privacy practices. Those complaints have focused on the way in which Buzz, enrollment in which was automatic for Gmail users, initially defaulted to effectively sharing users’ email contacts with the public. EPIC has filed a complaint with the FTC arguing that this combination of automatic enrollment and “opt-out” of information-sharing was an unfair or deceptive trade practice in violation of Section 5 of the FTC Act.

But that’s not what caught my attention in Danielle’s post. What really set off alarm bells in my head was Danielle’s recounting how her children and their friends, all under the age of 13, suddenly had their Gmail accounts turned into Google Buzz accounts,  and then proceeded to upload all sorts of information about themselves using the service. That raises the prospect that Google Buzz, by collecting such information without getting the appropriate parental consent, violated the Children’s Online Privacy Protection Act, or COPPA. I haven’t seen any discussion of this issue anywhere else.

COPPA is one of the few privacy statutes with real bite: it has strict rules that require substantial effort to follow, and the FTC has shown itself to be a vigorous enforcer. Indeed, the FTC has gone after two social networking sites for COPPA violations recently, and in one case imposed a fine of $1 million. So is Google violating COPPA? The answer is unclear but there’s definitely risk for Google here.

COPPA regulates the online collection of information from children under the age of 13. It applies to two classes of websites: those that have “actual knowledge” that they are collecting information from children, and those that are “directed to children.” If a website in either category is going to collect personally identifiable information (PII) from children, it first has to get “verifiable consent” from a parent. The FTC uses a “sliding scale” to determine what sort of verifiable parental consent is required; for information that is going to be publicly disclosed, as here, the FTC’s COPPA regulations require something like a mail-in form or a credit card.

It’s clear that Google has been collecting PII from children and that it hasn’t been getting prior verifiable consent. But it doesn’t need to comply with COPPA if it doesn’t either have actual knowledge or if the site is not directed to children. “Actual knowledge” typically comes about because the site asks for an age or birth date in the registration process–whether or not a human actually looks at it, the site will have “actual knowledge” if a user provides a birth date that is less than 13 years ago. This is in fact the most common vector for COPPA violations: a site asks for the user’s age, but doesn’t bar the user or get verifiable consent if the user responds that they are less than 13. But Buzz didn’t ask for an age when its users joined, so Google doesn’t appear to have “actual knowledge” of Buzz’s users’ ages.

Even if Google lacks “actual knowledge,” it might still need to comply with COPPA if Buzz is “directed to children.” Buzz users are Gmail users, and Gmail’s terms appear to bar users under 18:

2.3 You may not use the Services and may not accept the Terms if (a) you are not of legal age to form a binding contract with Google . . . .

But the FTC has taken the sensible position that merely stating a rule barring users under 13 is not enough to avoid COPPA compliance if the rule is not enforced. So we need to look at the definition of “directed to children,” According to the FTC regulations, a website is “directed to children” if it is “a commercial website . . . that is targeted to children,” which is not terribly helpful. The FTC looks at the following factors to determine whether a website is “targeted” at children: “its subject matter, visual or audio content, age of models, language or other characteristics of the website or online service, as well as whether advertising promoting or appearing on the website or online service is directed to children.” The Commission will also consider empirical evidence concerning who’s using the service, and who the intended audience is.

Buzz doesn’t seem to satisfy many of those factors. There’s not much about the site design that screams out “young children.” The short video promoting Buzz I watched had only adult cartoon figures in it. But focusing on the list of factors ignores the fact that we are talking about a social networking site here, which may be inherently “targeted at children.” Children are drawn to such sites like catnip. It’s worth noting that Facebook has made a different choice than Google: it asks for your age on registering, and bars those under 13. Google would be wise to adopt a similar policy.

I’m not certain the FTC has yet brought a COPPA enforcement action against a company that didn’t have any actual knowledge of users’ ages. As a result, there’s not much to go on in terms of deciding when a site might be found to be “directed to children.” And perhaps an enforcement action is unlikely here. But I’m sure Google doesn’t want to be the test case.

As many parents know, Facebook and other social network sites welcome anyone 13 and older to make friends and become fans at their site.  That leaves kids under 13 (at least ones with watchful parents) with a less dynamic [...]]]> Google Buzz thrust itself on the social scene at a particularly auspicious time.  Snow had trapped East Coasters in their homes so kids talked to their friends digitally and watched television (usually at the same time).  Those over 13 likely spent their time on Facebook, which now seems like a privacy haven compared to its newest pesky social network comrade, Google Buzz.  Kids under 13 discovered that Google Buzz hit their Gmail account.  It was, for many, their first social network experience: intoxicating, terrifying, and all theirs.

As many parents know, Facebook and other social network sites welcome anyone 13 and older to make friends and become fans at their site.  That leaves kids under 13 (at least ones with watchful parents) with a less dynamic online life.  Before last week, my kids and their pals communicated via email and Gmail chats, happy to wait until their 13th birthday when they might get a chance to create profiles and network on Facebook (parent approval pending).  Then came the Buzz.  As parents busied themselves shoveling or trying to work, kids found their Gmail inboxes transformed into garden of online delights.  They could post pictures and videos for their contacts (their contacts’ contacts and their contacts’ contacts) to see, and they gained access to everyone’s email list.  Status updates from contacts appeared in an endless stream along with wall-like postings.

Aside from the obvious privacy problems that advocates such as Marc Rotenberg make stunningly clear, see here, another arose, one that has received less press.  Those under 13 had, and may continue to have, a powerful taste of social networking that they may be ill-equipped to handle.  Online communications have a powerful disinhibiting effect.  As a result, people do and say things online that they would never do or say offline.  This is particularly tricky for young children who have much emotional intelligence to learn.  Although I had only a small sample to watch, my friends tell a resoundingly similar story: kids under 13 got swept into a nasty free for all, a melange of bullying, shaming, and privacy-busting disclosures that would make a more emotionally mature crowd cringe.  As the recent story of 15-year old Phoebe Prince’s suicide illustrate and that of Megan Meier, online bullying can escalate into serious harassment, inflicting mental distress so serious as to drive the emotionally vulnerable to suicide.

Google Buzz did parents a favor with its shocking jump into social networking, foisted on Gmail users.  Since the snow storm has abated for the moment, parents are now probably paying attention to what is going on with their kids.  Hopefully, this turns into a crucial teaching moment for families who need to talk about acting responsibly online, to treat others as ends in themselves, worthy of respect, not as objects that we can shame and demean.  I know that our house took that opportunity.  So should yours.

Hat Tip: Citron gang, Tea Carnell, and Ray Cha

Would Amazon really refuse to carry all books from one of the largest publishers in the Untied States? As my friend John Scalzi pointed out (He was one of the first to notice the move, because his publisher is part of Macmillan, and his fans asked him why his books were not available almost immediately after Amazon’s move.), Amazon waited until late Friday to remove the [...]]]> Many may know about the fight between Amazon and Macmillan publishing. Yes it is about e-books and pricing, and the death of an industry, the death of print, and heck throw in Death in Venice if you like. But the real move may have been to highlight something else Amazon is quite worried about: Google and the Book Settlement.

Would Amazon really refuse to carry all books from one of the largest publishers in the Untied States? As my friend John Scalzi pointed out (He was one of the first to notice the move, because his publisher is part of Macmillan, and his fans asked him why his books were not available almost immediately after Amazon’s move.), Amazon waited until late Friday to remove the Macmillan books. John thought that the timing was probably designed to mitigate any negative responses that might go Amazon’s way. I think John was correct, but I think this statement reveals a perhaps bigger reason for the bluff:

“We have expressed our strong disagreement and the seriousness of our disagreement by temporarily ceasing the sale of all Macmillan titles,” Amazon said. “We want you to know that ultimately, however, we will have to capitulate and accept Macmillan’s terms because Macmillan has a monopoly over their own titles, and we will want to offer them to you even at prices we believe are needlessly high for e-books.”

Just to repeat it: “Macmillan has a monopoly over their own titles, and we will want to offer them to you even at prices we believe are needlessly high for e-books.” Where else does monopoly and books arise? Ah yes, when Amazon (and others) opposes the Google Book Settlement.

I think this move provides an interesting, concrete example that will be offered to argue that the GBS will provide Google with power equal to or greater than Macmillan’s. The question is, if it is a monopoly as Amazon claims, why aren’t folks attacking all major publishers? Amazon may argue that Google will have a unique position in the e-book market, but those claims require more details if one is to sort them properly.

The sports network Versus, owned by Comcast, has been off of DirecTV’s satellite service for three months in a fee battle. More prominently, the Food Network and HGTV disappeared from Cablevision’s lineups in New York and New Jersey on Friday after talks broke down with the owner of the channels, Scripps Networks.

The Food Network costs distributors 8 cents a viewer on average now; Scripps wants a roughly 300 percent raise, according to people briefed on the negotiations. That might seem drastic, but 30 other channels, [...]]]> I’ve been following the debate over ala carte cable TV pricing, and the recent Fox/Time Warner showdown has put it back in the news. Brian Stelter’s NYT article on the topic reveals some interesting revenue figures in the cable industry:

The sports network Versus, owned by Comcast, has been off of DirecTV’s satellite service for three months in a fee battle. More prominently, the Food Network and HGTV disappeared from Cablevision’s lineups in New York and New Jersey on Friday after talks broke down with the owner of the channels, Scripps Networks.

The Food Network costs distributors 8 cents a viewer on average now; Scripps wants a roughly 300 percent raise, according to people briefed on the negotiations. That might seem drastic, but 30 other channels, some with lower ratings, already earn that much. “We were really, really undervalued,” said Brooke Johnson, the president of the Food Network. . . .

[T]he owners of Oprah Winfrey’s cable channel, set to begin one year from now, are hoping that her star power will be worth 50 cents for each subscriber a month. The channel it is replacing, Discovery Health, gets only 12 cents now. Consumers already pay dimes or quarters for most cable channels each month, whether they watch them or not. ESPN earns the most by far, $4.10 on average, and is forecast to receive more than $5 a month by 2012, according to the research firm SNL Kagan. Fox Sports Network gets $2.37 on average.

Many consumer advocates (and the Parents Television Council) have demanded that subscribers get the right to pay only for the channels they want. But Joe Nocera has convincingly worried that ala carte pricing will unravel the whole cable model:

[U]nmoored from the cable bundle, individual networks would have to charge vastly more money per subscriber. Under the current system, in which cable companies like Comcast pay the networks for carriage — and then pass on the cost to their customers — networks get to charge on the basis of everyone who subscribes to cable television, whether they watch the network or not. The system has the effect of generating more money than a network “deserves” based purely on viewership. Networks also get to charge more for advertising than they would if they were not part of the bundle. . . .

According to [one] analysis, if every African-American family in the country subscribed to the Black Entertainment Network, it would still have to raise its fees by 588 percent. He adds, “If just half opted in — still a wildly optimistic scenario — the price would rise by 1,200 percent.”

Ala carte pricing might seriously undermine the diversity of cable offerings. But I do think that the cable companies’ ever-rising rates require some regulatory response. One idea would be to follow the health insurance reform model and limit the amount of profits that the cable companies, as intermediaries, could make. The amount of money health insurance companies actually pay for medical care is called the “medical loss ratio.” It now appears that “both the House . . . and the newly recast Senate [health reform bills] would force insurers to spend the vast majority of premium revenue on medical care for their customers, reducing the amount available for profits, executive salaries, sales and administration.”* Would a content loss ratio make sense for cable companies–that is, requiring them to pay some fixed percentage of revenue for content?

I’m afraid that such a concept probably wouldn’t do much to reduce prices, because content providers are a pretty concentrated industry as well (and, where they’re not, copyright tends to give some level of monopoly power—Lords of the Mafia isn’t much of a substitute for The Sopranos). Likewise, in health care, the power of providers seems to have overmatched efforts by insurers in the 1990s to screw down costs:

One might wonder why consolidation among insurers did not allow them to resist the [medical] providers’ demand for increased payments. The simple answer is that there were two concentrated parts of the market and one fragmented part. The insurers had to choose between fighting a full-pitched battle with the providers or exploiting their own market power vis-à-vis the employers. Raising premiums to employers was a lot easier. In theory, employers could have demanded restrictive networks (at lower prices). But since everyone had agreed that employees did not like restrictive networks, and providers (especially hospitals) were not willing to discount much to get into such networks, there were not many available for purchase. Individual employers could not invent such a product; they could only shop around and find the relatively best deal by customizing other contract terms, such as cost sharing.

I suppose that cable companies, like health insurers, find it much easier to jack up rates for customers than to refuse content providers’ demands for more compensation. (The denoument of the TWC/Murdoch fight is one interesting data point here.) And there’s always the option of merging content and conduit, as Comcast’s proposed purchase of NBC will do. Recombinant conglomerates will no doubt concoct many business models, aided by the M&A kingpins on Wall Street. As Bruce Judson has commented, these “ultimate intermediaries” are now far more richly compensated than the average entrepreneur.

Perhaps the only constraint on these intermediaries’ ability to raise prices will be the decline of the real economy that employs most of their customers. While the ruse of the creative class lures community after community to turn to entertainment, “meds & eds,” and other staples of the weightless economy for growth, Michigan is learning the hard way that soft industries need some hard foundations:

The sputtering Michigan economy is dragging down the state’s once-strong health-care system, offering a preview of how a lingering recession could corrode Americans’ hospitals, savings and health. . . . Years of auto-industry layoffs and benefit cuts to white-collar retirees have left hundreds of thousands of Michigan workers . . . without employer-provided health coverage. . . .

The seven-hospital St. Joseph system lowered its operating margin and projects it will cut $60 million from next year’s budget, about 7% of its revenue. The William Beaumont Hospital system, which traditionally attracted well-insured patients at its hospitals in the affluent suburbs of Grosse Pointe and Royal Oak, reported its first net loss last year.

Admittedly, given the US’s penchant for panem et circenses, it would not be surprising if individuals prioritize the cable bill over health insurance premiums. There are so many compelling stories to watch.

*According to Julie Appleby, “The Senate bill would require insurers to spend at least 80 percent on medical care and quality improvements (85 percent minimum for plans sold to large groups), while the House bill specifies 85 percent.”

X-Posted: Madisonian.

Privacy Clearinghouse helps us identify easy privacy breach cases, i.e.,  those involving easily identifiable, static sources such [...]]]> Privacy Clearinghouse reports that over 341 million records of sensitive personal information have been leaked, hacked, or otherwise compromised since 2005.  It lists data leaks by the responsible entity and total number of released records.  Most recently, on December 17, 2009, the North Carolina Library System’s central server in Raleigh suffered a security breach, resulting in the release of 51,000 drivers license numbers and Social Security numbers.  On December 18, 2009, the Dickinson School of Law discovered that a computer containing 261 Social Security numbers from an archived class list had been “infected with malware that enabled it to communicate with an unauthorized computer outside the network.”

Privacy Clearinghouse helps us identify easy privacy breach cases, i.e.,  those involving easily identifiable, static sources such as infected computers, hacked servers or centralized databases, stolen flash drives, and the like.  Yet as privacy scholar Paul Schwartz highlights in an important new study entitled Managing Global Data Privacy: Cross-Border Information Flows in a Networked Environment, privacy problems increasingly involve a much more complex set of circumstances.

As Schwartz’s study explains, in the recent past, companies largely maintained localized data sets and processes.  A data transfer usually occurred at a predictable moment and into databases controlled by a single entity.  In the present, however, international data flows occur continuously in a “multi-directional fashion” through the globe and involve a multitude of entities.  As Schwartz thoughtfully explores, networked technologies, such as cloud computing, change a firm’s Coasean “make or buy” decisions in innovative ways.  Functions and operations can now be “packaged as modular units that can be pulled apart and re-assembled.”  Data flows can be “de-aggregated and de-coupled to allow companies to develop novel business approaches to operations and activities.”

Exciting as these developments may be, they complicate privacy and security protections afforded dynamic data flows.  Schwartz’s case studies reflect that firms take data privacy and security seriously.  We have seen a professionalization of corporate data protection.  Companies now have Chief Privacy Officers and Chief Information Officers.  Although the study offers a number of important insights, it emphasizes the adoption of accountability principles to protect privacy and data security of global data flows.  This seems a wise move and one worth tracking.

Strengthening the nation’s commitment to privacy is crucial.  But, as Paul Schwartz’s engrossing Preemption and Privacy essay (Yale [...]]]> Privacy has seemingly come center stage.  Companies like Google, Microsoft, and eBay have joined forces to support a federal law that would impose uniform standards for the collection, use, and transfer of information across the private sector.  Activists and officials hope to update the Privacy Act of 1974 for the twenty-first century.  Senator Leahy has a renewed interest in data breach legislation, proposing the Personal Data Privacy and Security Act in July.  The American Recovery and Reinvestment Act of 2009, the stimulus bill, includes a data breach notification requirement for health providers.  The Federal Trade Commission recently published its final rule on data breach notification for e-health records.

Strengthening the nation’s commitment to privacy is crucial.  But, as Paul Schwartz’s engrossing Preemption and Privacy essay (Yale Law Journal) illuminates, a unitary federal information privacy statute should give us pause.  Today’s information privacy law landscape is mainly comprised of federal sector-specific statutes and stronger state regulation.  Schwartz makes a compelling case for remaining on that course, rather than adopting a uniform federal privacy statute.  As Schwartz underscores, a uniform federal approach would likely preempt stronger state law rules, eliminating successful experimentation at the state level.  California exemplifies this trend:  its privacy innovations include allowing consumers to freeze their credit in the face of identity theft among others.  New York and Connecticut are now considering bills that would set limits on companies that track consumers across websites to deliver targeted advertisements based on their online behavior.  A uniform federal law would likely extinguish state-driven innovations whereas most federal sectoral privacy laws, such as the Gramm-Leach-Bliley Act, only provide a federal floor for information privacy and security, not a ceiling.  Schwartz highlights the possibility that a comprehensive information privacy law may ossify, thus making the loss of state experimentation all the more grave.  The piece also spearheads an important discussion about whether the centralizing forces at work today undermines the contributions of competitive federalism.

Schwartz’s piece is a must read.  Here is the abstract for Preemption and Privacy:

A broad coalition, including companies formerly opposed to the enactment of
privacy statutes, has now formed behind the idea of a national information privacy law. Among the benefits that proponents attribute to such a law is that it would harmonize the U.S. regulatory approach with that of the European Union and possibly minimize international regulatory conflicts about privacy. This Essay argues, however, that it would be a mistake for the United States to enact a comprehensive or omnibus federal privacy law for the private sector that
preempts sectoral privacy law. In a sectoral approach, a privacy statute regulates only a specific context of information use. An omnibus federal privacy law would be a dubious proposition because of its impact on experimentation in federal and state sectoral laws, and the consequences of ossification in the statute itself. In contrast to its skepticism about a federal omnibus statute, this Essay views federal sectoral laws as a promising regulatory instrument. The critical question is the optimal nature of a dual federal-state system for information privacy law, and this Essay analyzes three aspects of this topic. First, there are general circumstances under which federal
sectoral consolidation of state law can bring benefits. Second, the choice between federal ceilings and floors is far from the only preemptive decision that regulators face. Finally, there are second-best solutions that become important should Congress choose to engage in broad sectoral preemption.

First neither party represents the public. One cannot expect them to represent the public, and one ought not trust they will do the right thing for the public. To be clear, I am not making a moral judgment here. I expect, as we all should, that each party will seek to maximize its position. Understanding why I refuse to call this situation a settlement helps understand this point. As many know, this action encompasses far more than [...]]]> The Google Book Deal is suspended. Time to cheer, correct? No. As Pam Samuelson noted in the New York Times, that probably is too little time to resolve the issues at hand. In fact I think right now is when the GBD is at quite a dangerous stage.

First neither party represents the public. One cannot expect them to represent the public, and one ought not trust they will do the right thing for the public. To be clear, I am not making a moral judgment here. I expect, as we all should, that each party will seek to maximize its position. Understanding why I refuse to call this situation a settlement helps understand this point. As many know, this action encompasses far more than the claims at issue in the suit. Many think that Google was on strong grounds for its fair use clam and its original use. The Publishers (aka the Registry seeming to be working for authors) saw the chance to get ahead of the digital curve. Unlike music and film, they realized they could look good and capture publishing’s future. They offered Google a deal that Google did not need. Or did it? Although Google is a data vacuum and does well with the ad-based business model, the search giant has been searching for a new revenue stream. Online ads can’t be the only source of revenue from any viewpoint. That is a precarious position. Indeed, the online ad market just took a big dip. The Deal presents Google with the chance to make money from something other than ads.

With this perspective one sees that expecting or trusting either party to look out for the public’s interest is foolish. My guess is that the public choice literature could yield some useful ways to think about the problem too, but I have not thought that through as yet.

Second, Google and the Publishers now have a wave of information from all quarters that they can use to their benefit. Here is the strategy that I expect to see. Assess the most severe and some of the less severe criticisms. Incorporate some of them in changes. Keep the deal as is for the most part (Note that is precisely what the Registry said will be the case “the core agreement is going to stay the same.”). Then when the time to approve, deny, or move the Deal to another form comes, one claims “We acted in good faith. We can’t keep everyone happy. Without this deal no one wins. Can’t we get along, move forward, and sort the details later? That is a more reasonable way to proceed.”

More importantly, those who have kept paying attention to the problem may start to lose focus or fade out. People may become tired or say is this thing still going on?

And that is why I say Danger Will Robinson. The Google Book Deal is at Defcon 2.

This state of affairs may be due to the difficult nature of the task at hand.  Former NSA head General Michael Hayden recently said: [...]]]> Securing our networked environment is both crucial and difficult.  Six months ago, President Obama declared his Administration’s commitment to protect cyberspace from sabotage of all stripes.  For the President, the rise of online theft, electronic espionage, and military-related cyber assaults necessitated the appointment of a cyber czar to protect our cyber “national assets.”  The President has tried to fill that spot: Shane Harris of National Journal explains that “more candidates had declined the job than were still in the running for it.”  And despite our failed efforts at CoOp to recruit Orin Kerr for the job, the cyber czar position remains empty.

This state of affairs may be due to the difficult nature of the task at hand.  Former NSA head General Michael Hayden recently said: “There is no regime for us to work within to respond to cyberattack.  We are in a place where technology has long outstripped policy–let alone law–in term of what’s available.  We are going to have to rely on heroism instead of a plan.”  If Hayden has it right, it is no wonder that no one wants the job.

Nonetheless, the Administration may have already charted its path, one that entrusts the National Security Agency with protecting cyberspace.  According to the National Journal, Lt. General Keith B. Alexander, the NSA’s director, has been “setting up the central nervous system in the government’s campaign to defend cyberspace.”  The NSA will now, unlike the past, help oversee the networks of civilian government and privately-owned, criticial infrastructure (dams, railroads, hospitals, banks, food industry, hotels, telecommunications, postal, shipping, retail, transportation, and well everything else).  This is true even though DHS is charged with defending civilian networks and coordinating private sector protection.  Homeland Security Security Secretary Janet Napolitano said that NSA will provide DHS “technical assistance” on this issue.  In short, DHS will rely on the NSA for the tools, expertise, and resources to protect cyberspace.

So the NSA apparently will be overseeing and securing private networks, the same NSA that engaged in wholesale warrantless surveillance of Americans after 9/11 (and the agency that monitored telegrams coming in and out of the United States to detect individuals with communist ties in the 1950s and 1960s)?  Congress has, of course, limited the NSA’s warrantless wiretapping and the President has promised us greater transparency in government decision-making.  Nonetheless, NSA’s oversight over privately-owned systems and wholesale access to their contents raises serious concerns.  And because the NSA will direct these efforts in the name of national security and intelligence, little transparency will be forthcoming.  On another note, the question remains whether it was agency turf-war antics that led to Melissa Hathaway’s decision to leave government–she was the DHS official and most senior cyber expert in the White House who had been a leading candidate for the cyber czar post.  At the time of her resignation, Hathaway told the Washington Post that she “wasn’t willing to continue to wait any longer,” and she wasn’t “empowered” to make any changes.

As CNET reports, “Independent bloggers who fail to disclose paid reviews or freebies can face up to $11,000 in fines from the Federal Trade Commission, according to revisions to [...]]]> As I argue in my essay Individual Branding the web presents important and amazing new possibilities for individuals to earn money and much of that potential will flow from one’s online reputation. In short, as one blogs or shares information in another form, one becomes a trusted source and can start extract money from those activities. I argue that those acts have the seeds of the possible destruction of Benkler’s world of sharing. Today the FTC has targeted a practice that arguably could increase the reliability of social network endorsements but will also upset many people.

As CNET reports, “Independent bloggers who fail to disclose paid reviews or freebies can face up to $11,000 in fines from the Federal Trade Commission, according to revisions to the agency’s “Guides Concerning the Use of Endorsements and Testimonials in Advertising” published Monday.” The FTC has not updated the Guidelines since 1980. The press release is here. The full text of the Guides are here (pdf). It is 81 pages, and I have not read it as yet but one thing people should know is that the effective date is December 1, 2009.

From the release it appears that the guides take am expansive view of what presents a moment to disclose “The revised Guides specify that while decisions will be reached on a case-by-case basis, the post of a blogger who receives cash or in-kind payment to review a product is considered an endorsement. Thus, bloggers who make an endorsement must disclose the material connections they share with the seller of the product or service.” CNET suggests that celebrities and “mommy bloggers” could be in trouble under the new rules. (Here is my prediction on the riposte to come but that I don’t think is accurate: “The FTC hates moms. In a down economy and with more and more people needing new ways to earn, the FTC actions are a direct attack on the importance of moms.” Now back to our regularly scheduled blogging.)

There are a ton of oddly connected things here. First, I just blogged about CITP and its FedThread project. That project would allow one to track this sort of moment rather quickly. Second, I was just at the Works In Progress Intellectual Property Conference at Seton Hall (which was yet again an excellent conference and for which everyone at Seton Hall deserves many thanks) where Zahr Stauffer presented a fascinating paper called Novels for Hire: Branded Entertainment, Copyright and the Law that I think will have something to say about these changes. As one blog notes, the practice of giving journalists freebies is common. Zahr’s paper shows how advertising and novels have had a rather curious interaction over the years. I think the paper will help understand the way writing and advertising have co-existed in either good or bad ways at different times with the shift to blogging fitting in as part of that history. The paper should be available soon so keep an eye out for it.

Electronics and other big ticket items seem to be where the concerns are. I look forward to finding out whether book, film, and music reviewers have to tell readers whether they received a review copy of the book. In general if one only says nice things about a review subject, one might receive more books etc. I think that non-professional blogs and other online information sources such as rating systems and FaceBook will allow people to find out whether they should buy a product (i.e., one might use a personal network to ask whether a product is good). That practice could undercut the quiet payment model.

Here is a possible way to understand this turn of events. 1) Secret endorsements die out and full disclosure of what has been given is the norm. 2) Small bloggers and big agencies are no longer able to seem credible as reviewers. 3) If people want independent reviews, they must pay magazines or other pay sources who can afford to buy the review items and avoid the taint of being given free stuff. 4) The public does not want to pay and instead reads the blog reviews with the disclosures and augments the research with social networks and user ratings which are more difficult to fake and possibly more reliable. 5) Yet again paid, professional independent news and reviews seems to be squeezed out.

Although the President has proven his mettle on Facebook and MySpace (where he has over 1.8 million friends), Republicans rule the day on the micro-blogging front.  The Congressional Research Service reports that congressional Republicans out-tweeted their Democratic counterparts during two one-week periods this summer.  Nancy Scola attributes Congressional Republicans’ Twitter dominance to their desire to regain the public’s attention and favor [...]]]> During the 2008 election, Democrats effectively used Web 2.0 platforms to garner interest in the campaign and win supporters.  President Obama has been widely hailed as the first “Tech President,” and he seems to have trounced the Facebook landscape.  To date, President Barack Obama has over 6.6 million Facebook friends, while Sarah Palin only has 848, 614 Facebook pals and Mitt Romney has 70, 130.

Although the President has proven his mettle on Facebook and MySpace (where he has over 1.8 million friends), Republicans rule the day on the micro-blogging front.  The Congressional Research Service reports that congressional Republicans out-tweeted their Democratic counterparts during two one-week periods this summer.  Nancy Scola attributes Congressional Republicans’ Twitter dominance to their desire to regain the public’s attention and favor now that they are in the minority.  AMERICAblogs’ John Aravosis worries that Democrats have ceded their online advantage.

No matter the current political victor in this social media landscape, Government 2.0 is here to stay.  It surely has great potential to shine light on government policymaking and to marshal public participation, especially from people who otherwise wouldn’t bother getting involved with government policymaking.  Adding the President as a friend on MySpace and joining live chats may seem to be a relatively costless endeavor as compared to writing letters or commenting on agency rulemakings.  But Government 2.0 also poses privacy risks: social media sites not only give government access to people’s policy insights but also access to all of individuals’ social media data, such as their videos, photos, walls musings, “Top 25 things you don’t know about me” lists, and the like.  Soon, I will be posting on SSRN a draft of my essay “The One-Way Mirror: Enhancing Participation and Securing Privacy for Government 2.0″ (forthcoming George Washington Law Review) and hope to get your feedback.

For a moment, let’s put aside the stark difference between the [...]]]> Every year, my small section reads a New Yorker “On the Town” squib called “Oops” to kick off a discussion on care and professional responsibility in their legal careers.  “Oops” tells the story of a summer associate who, in 2003, mistakenly sent the following email to lawyers with whom he worked on a deal: “I’m buy doing jack shit.  Went to a nice 2hr sushi lunch today at Sushi Zen.  Nice place.  Spent the rest of the day typing e-mails and bullshitting with people.”  The summer associate signed  off the email: “So yeah, Corporate Love hasn’t worn off yet. But give me time.”  The summer associate meant to send the email to his friend.  Oops.

For a moment, let’s put aside the stark difference between the world (and law firm environment) facing the summer associates of 2003 and the one facing the summers of 2009 and turn to Sunday’s New York Times story “A Legal Battle: Online Attitude Vs. Rules of Bar.”  The Times talked about recent cases where lawyers do violence to their careers through their online activities.  Lawyers blog about judges:  one wrote that he thought a named judge was an “Evil, Unfair, Witch” and questioned the judge’s competence.  Another lawyer friended a judge on Facebook and later posted about his/her drinking and motorbiking.  The problem: the lawyer asked the judge to delay a trial because of a death in the family in the same week that the lawyer shared the drinking tales with his/her social network.  The lawyers in those cases have suffered serious consequences (the first is facing a reprimand from the bar, the second faced the wrath of his/her firm–the judge told the lawyer’s bosses what happened).

Now, the 2003 summer associate made a big mistake, but perhaps not on the same order as the lawyers covered in yesterday’s Times.  The summer associate had a slip of the finger perhaps, a hasty moment that changed the way those in his firm saw him.  But the lawyers arguably dove into the pool of their fate head first: one might say that they knowingly risked their careers and should suffer the consequences (to the extent the Bar desires and the First Amendment permits).  Social scientists like Alessandro Acquisti and danah boyd and legal scholars like James Grimmelmann offer an explanation for why people are so foolish online.  People write carelessly not because they have “a reduced sense of privacy” but because they felt anonymous.  As danah boyd explains, social network participants “live by ‘security through obscurity’ where they assume that as long as no one cares about them, no one will come knocking.”  They operate under the norm that people with no social connection to them “could look at your profile, but shouldn’t.”  They assume that only close friends are paying attention to their online activities.  All of this is to say that perhaps President Obama shouldn’t just talk to young people about the perils of oversharing online.  Maybe lawyers need the lesson too.

Wikimedia Commons Image

Some have asked whether this case warrants treatment as a cyber civil rights issue since it “is just a girl cat fight.”  To be sure, women can deprive other women of their right to be free of unequal treatment on the basis of their gender.  But the larger concern is, for me, convincing skeptics to see the blog attacks on Ms. [...]]]> Dan, Kaimi, and Elizabeth have offered some terrific insights on the issues raised by the court’s unmasking of the “Skanks of NYC” blogger.  Kaimi’s post “Cyber Civil Rights vs Privacy in the ‘Skanks in NYC’ case” in particular did a superb job capturing the issue as discrimination.  I write here to follow up on issues related to the case that folks have discussed with me.

Some have asked whether this case warrants treatment as a cyber civil rights issue since it “is just a girl cat fight.”  To be sure, women can deprive other women of their right to be free of unequal treatment on the basis of their gender.  But the larger concern is, for me, convincing skeptics to see the blog attacks on Ms. Cohen as more than just an interpersonal disagreement between two women, something that tort law can handily address on its own, but rather as gender discrimination.  Tort law would not reach the harm experienced by Ms. Cohen, women, and society due to the blog’s interference with her right to equal treatment.  It would not address the stigma that Ms. Cohen experienced a a result of the blog’s message that she had worth only as a sex object.  Much like sexual harassment in the workplace, the blog suggested that Ms. Cohen constitutes an object of sexual derision, not a person worthy of respect.  Moreover, they interfered with Ms. Cohen’s right to work as an equal.  According to Ms. Cohen, potential employers asked her about the blog, which quite possibly deterred them and others from hiring her.  In a world filled with aspiring models, employers might chose to work with someone who comes with less baggage, even if they do not believe the postings a wit.  And the blog postings harm women as a group and a society as a whole by entrenching gender hierarchy in cyberspace.  Whether current law would support such a claim is certainly in dispute, but such a law could be crafted.  Such a law would play an important expressive role–it would change the social meaning of such harassment of women.

Indeed, as privacy scholar Ian Kerr suggested, maybe the media’s attention to the case can be attributed to its leering interest in a “battle” between two beautiful women?  Maybe coverage of the issue reflects a deeper misogyny: the story has attracted so much attention because it produces an image of women as female wrestlers of sorts, battling it out in their bikinis?

A commentator on Dan’s posting asked whether labeling Ms. Cohen “a liar, ho, and skank” could support a defamation claim, at least under the Doe v. Cahill summary judgment standard to warrant unmasking the defendant.  Courts have upheld defamation awards in cases where defendants’ online postings asserted that plaintiffs were “liars.”  The allegations also might have supported an intentional infliction of emotional distress claim.  As my colleague Greg Young wisely noted to me though, even a rigorous standard like the one in Doe v. Cahill (which I support much like Dan) gives leeway to judges to balance values and risks imposing costs on speech.

Hat tip to Ian Kerr and Greg Young.