#1 and #2 run together. If spam is the problem, you don’t need to block access to the Web site. However, if you are concerned that students are going to read the petition, [...]]]> In the spirit of the excellent colloquy here about Marvin’s thinking on First Amendment architectures, I bring up this news item: Arizona State University blocked both Web access to, and e-mail from, the change.org Web site. ASU students had begun a petition demanding that the university reduce tuition. The university essentially made three claims as to why it did so (below, in order of increasing stupidity):

1. It was a technical mistake;
2. Change.org was spamming ASU; and
3. ASU needs to “protect the use of our limited and valuable network resources for legitimate academic, research and administrative uses.”

#1 and #2 run together. If spam is the problem, you don’t need to block access to the Web site. However, if you are concerned that students are going to read the petition, and sign it, you do need to block access to the Web site.

For #2, sorry, ASU, this isn’t spam. Spam is unsolicited bulk commercial e-mail. Change.org is, allegedly, sending unsolicited political e-mail. And that’s protected by the First Amendment – see, for example, the Virginia Supreme Court’s analysis of that state’s anti-spam law that covered political messages. Potential political spammers have a sharp disincentive to fill recipient’s inboxes – it’s a sure-fire way to annoy them into opposing your position.

For #3, ASU doesn’t get to determine what academic and research uses are “legitimate.” If they throttle P2P apps, that’s fine. If they limit file sizes for attachments, no problem. But deciding that the message from Change.org is not “legitimate” is classic, and unconstitutional, viewpoint discrimination.

This looks like censorship. I think it’s more likely to be stupidity: someone in ASU’s IT department decided to block these messages as spam, and to filter outbound Web requests to the site contained within those messages. But: with great power over the network comes great responsibility. Well-intentioned constitutional violations are still unlawful. It would also help if ASU’s spokesperson simply admitted the mistake rather than engaging in idiotic justification.

As I mention in Orwell’s Armchair, public actors are increasingly important sources of Internet access. But when ASU and other public universities take on the role of ISP, they need to remember that they are not AOL: their technical decisions are constrained not merely by tech resources, but by our commitment to free speech. Let’s hope the Sun Devils cool off on the filtering…

Cross-posted at Info/Law.

Cybersecurity is a conundrum. Despite a decade of sustained attention from scholars, legislators, military officials, popular media, and successive presidential administrations, little if any progress has been made in augmenting Internet security. Current scholarship on cybersecurity is bound to ill-fitting doctrinal models. [...]]]> Cybersecurity is in the news: a network intrusion allegedly interfered with railroad signals in the Northwest in December; the Obama administration refused to support the Stop Online Piracy Act due to worries about interfering with DNSSEC; and the GAO concluded that the Department of Homeland Security is making things worse by oversharing. So, I’m fortunate that the Minnesota Law Review has just published the final version of Conundrum (available on SSRN), in which I argue that we should take an information-based approach to cybersecurity:

Cybersecurity is a conundrum. Despite a decade of sustained attention from scholars, legislators, military officials, popular media, and successive presidential administrations, little if any progress has been made in augmenting Internet security. Current scholarship on cybersecurity is bound to ill-fitting doctrinal models. It addresses cybersecurity based upon identification of actors and intent, arguing that inherent defects in the Internet’s architecture must be remedied to enable attribution. These proposals, if adopted, would badly damage the Internet’s generative capacity for innovation. Drawing upon scholarship in economics, animal behavior, and mathematics, this Article takes a radical new path, offering a theoretical model oriented around information, in distinction to the near-obsession with technical infrastructure demonstrated by other models. It posits a regulatory focus on access and alteration of data, and on guaranteeing its integrity. Counterintuitively, it suggests that creating inefficient storage and connectivity best protects user capabilities to access and alter information, but this necessitates difficult tradeoffs with preventing unauthorized interaction with data. The Article outlines how to implement inefficient information storage and connectivity through legislation. Lastly, it describes the stakes in cybersecurity debates: adopting current scholarly approaches jeopardizes not only the Internet’s generative architecture, but also key normative commitments to free expression on-line.

Conundrum, 96 Minn. L. Rev. 584 (2011).

Cross-posted at Info/Law.

I argue in a forthcoming paper, Conundrum, that cybersecurity can only be understood as an information problem. Conundrum posits that, if we’re worried about ensuring access to critical information on-line, we should make the Net less efficient – building in redundancy. But for cybersecurity, information is like the porridge in Goldilocks: you can’t have too much or too little. For example, [...]]]> It may seem strange in a week where Megaupload’s owners were arrested and SOPA / PROTECT IP went under, but cybersecurity is the most important Internet issue out there. Examples? Chinese corporate espionage. Cyberweapons like Stuxnet. Anonymous DDOSing everyone from the Department of Justice to the RIAA. The Net is full of holes, and there are a lot of folks expert in slipping through them.

I argue in a forthcoming paper, Conundrum, that cybersecurity can only be understood as an information problem. Conundrum posits that, if we’re worried about ensuring access to critical information on-line, we should make the Net less efficient – building in redundancy. But for cybersecurity, information is like the porridge in Goldilocks: you can’t have too much or too little. For example, there was recent panic that a water pump burnout in Illinois was the work of cyberterrorists. It turned out that it was actually the work of a contractor for the utility who happened to be vacationing in Russia. (This is what you get for actually answering your pager.)

The “too little” problem can be described via two examples. First, prior to the attacks of September 11, 2001, the government had information about some of the hijackers, but was impeded by lack of information-sharing and by IT systems that made such sharing difficult. Second, denial of service attacks prevent Internet users from reaching sites they seek – a tactic perfected by Anonymous. The problem is the same: needed information is unavailable. I think the solution, as described in Conundrum, is:

increasing the inefficiency with which information is stored. The positive aspects of both access to and alteration of data emphasize the need to ensure that authorized users can reach, and modify, information. This is more likely to occur when users can reach data at multiple locations, both because it increases attackers’ difficulty in blocking their attempts, and because it provides fallback options if a given copy is not available. In short, data should reside in many places.

But there is also the “too much” problem. This is exemplified by the water pump fiasco: after 9/11, the federal government, including the Department of Homeland Security, began a massive information-sharing effort, such as through Fusion Centers. The difficulty is that the Fusion Centers, and other DHS projects, are simply firehosing information onto companies who constitute “critical infrastructure.” Much of this information is repetitive or simply wrong – as with the water pump report. Bad information can be worse than none at all: it distracts critical infrastructure operators, breeds mistrust, and consumes scarce security resources. The pendulum has swung too far the other way: from undersharing to oversharing. Finding the “just right” solution is impossible; this is a dynamic environment with constantly changing threats. But the government hasn’t yet made the effort to synthesize and analyze information before sounding the alarm. It must, or we will pay the price of either false alarms, or missed ones.

(A side note: I don’t put much stock in which federal agency takes the lead on cybersecurity – there are proposals for the Department of Defense, or the Department of Energy, among others – but why has the Obama administration delegated responsibility to DHS? Having the TSA set Internet policy hardly seems sensible. Beware of Web-based snow globes!)

Cross-posted at Info/Law.

Speaking of exciting developments, it appears that the Stop Online Piracy Act (SOPA) is dead, at least for now. House Majority Leader Eric Cantor has said that the bill will not move forward until there is a consensus position on it, which is to say, never. Media sources credit the Obama administration’s opposition to some of the more noxious parts of SOPA, such as its DNSSEC-killing filtering provisions, and also the tech community’s efforts to raise awareness. (Techdirt’s Mike Masnick has been working overtime in reporting on SOPA; Wikipedia and Reddit are adopting a blackout to draw attention; even the New York City techies are holding a demonstration in front of the offices of Senators [...]]]> Thanks to Danielle and the CoOp crew for having me! I’m excited.

Speaking of exciting developments, it appears that the Stop Online Piracy Act (SOPA) is dead, at least for now. House Majority Leader Eric Cantor has said that the bill will not move forward until there is a consensus position on it, which is to say, never. Media sources credit the Obama administration’s opposition to some of the more noxious parts of SOPA, such as its DNSSEC-killing filtering provisions, and also the tech community’s efforts to raise awareness. (Techdirt’s Mike Masnick has been working overtime in reporting on SOPA; Wikipedia and Reddit are adopting a blackout to draw attention; even the New York City techies are holding a demonstration in front of the offices of Senators Kirstin Gillibrand and Charles Schumer. Schumer has been bailing water on the SOPA front after one of his staffers told a local entrepreneur that the senator supports Internet censorship. Props for candor.) I think the Obama administration’s lack of enthusiasm for the bill is important, but I suspect that a crowded legislative calendar is also playing a significant role.

Of course, the PROTECT IP Act is still floating around the Senate. It’s less worse than SOPA, in the same way that Transformers 2 is less worse than Transformers 3. (You still might want to see what else Netflix has available.) And sponsor Senator Patrick Leahy has suggested that the DNS filtering provisions of the bill be studied – after the legislation is passed. It’s much more efficient, legislatively, to regulate first and then see if it will be effective. A more cynical view is that Senator Leahy’s move is a public relations tactic designed to undercut the opposition, but no one wants to say so to his face.

I am not opposed to Internet censorship in all situations, which means I am often lonely at tech-related events. But these bills have significant flaws. They threaten to badly weaken cybersecurity, an area that is purportedly a national priority (and has been for 15 years). They claim to address a major threat to IP rightsholders despite the complete lack of data that the threat is anything other than chimerical. They provide scant procedural protections for accused infringers, and confer extraordinary power on private rightsholders – power that will, inevitably, be abused. And they reflect a significant public choice imbalance in how IP and Internet policy is made in the United States.

Surprisingly, the Obama administration has it about right: we shouldn’t reject Internet censorship as a regulatory mechanism out of hand, but we should be wary of it. This isn’t the last stage of this debate – like Wesley in The Princess Bride, SOPA-like legislation is only mostly dead. (And, if you don’t like the Obama administration’s position today, just wait a day or two.)

Cross-posted at Info/Law.

One of the toughest parts about working with the type of technologists I focus on— intelligent, opinionated, online a lot of the time—is that many will unabashedly dissect my every word, statement, and media appearance. This attribute of my research, unsurprisingly, has been the source of considerable anxiety, only made worse in recent times with Anonymous as I have to make [...]]]> Inspired by Orin Kerr’s question (“is your work focused on the internal narratives and ideologies that people use to describe/justify what they do, or is it focused externally on the actual conduct of what people do?”) below I will give a sense of how I walk the line between what we might call idealism and practice among the geeks and hackers I study.

One of the toughest parts about working with the type of technologists I focus on— intelligent, opinionated, online a lot of the time—is that many will unabashedly dissect my every word, statement, and media appearance. This attribute of my research, unsurprisingly, has been the source of considerable anxiety, only made worse in recent times with Anonymous as I have to make “authoritative” statements about them in the midst studying them, in other words, in the midst of having incomplete information.

All of this is to say I am deliberate and diplomatic when it comes to word choice, framing, and arguments. But most of the time examining practice in light of or up against idealism does not take the somewhat noxious form of “exposing” secrets, the implication being that people are so mystified and deluded that you, the outsider, are there to inform the world of what is really going on (there is a a long standing tradition in the humanities and social sciences, loosely inspired by Karl Marx and especially Pierre Bourdieu, taking this stance, not my favorite strain of analysis unless done really when needed and very well).

Much of what I do is to unearth those dynamics which may not be natively theorized but are certainly in operation. Take for instance the following example at the nexus of law and politics: during fieldwork it was patently clear that many free software hackers were wholly uninterested in politics outside of software freedom and those aligned with open source explicitly disavowed even this narrowly defined political agenda. Many were also repelled by the law (as one developer put it, “writing an algorithm in legalese should be punished with death…. a horrible one, by preference”) and yet weeks into research it was obvious that many developers are nimble legal thinkers, which helps explain how they have built, in a relatively short time period, a robust alternative body of legal theory and laws. One reason for this facility is that the skills, mental dispositions, and forms of reasoning necessary to read and analyze a formal, rule-based system like the law parallel the operations necessary to code software. Both are logic-oriented, internally consistent textual practices that require great attention to detail. Small mistakes in both law and software—a missing comma in a contract or a missing semicolon in code—can jeopardize the integrity of the system and compromise the intention of the author of the text. Both lawyers and programmers develop mental habits for making, reading, and parsing what are primarily utilitarian texts and this makes a lot of free software hackers, who already must pay attention to the law in light of free software licenses, adept legal thinkers, although of course this does not necessarily mean they would make good lawyers.

One of the the important and often overlooked disjunctures between an ideal and practice concerns the hacker idealization of decentralization/individualism/horizontalism and the fact that many have built stable and intricate organizations. When free software developers (and many other hackers) collectively labor they often do as they idealize: they keep things open-ended, flexible, and decentralized. The love of individualism is also undeniable. But they have also been astoundingly adept builders of stable institutions with forms of vertical authority and in the case of free software were doing so back when the 20^th became the 21^st century, back when the web was in its so-called less mature, web 1.0 “pre-teen” years. But the reality of institution building and social collectivism was rarely addressed by those writing on the topic—although this has thankfully started to change in the last few years. Instead the most common story told about online collaboration is that knowledge, software, etc is being created by forces of mild disorganization whereby individuals, acting in very loose coordination with each other, led to novel forms of collaboration; this vision reaching prominence, I think, for the way it so perfectly meshes with with and thus supports dominant, widespread, (and idealized) understandings of freedom, agency, and individualism. There is no better example of this sentiment than the title of Clay Shirky’s widely read 2006 book Here Comes Everybody: The Power of Organizing Without Organizations. Although many of his observations about digital dynamics are illuminating, and many of the examples he draws on, such as Meetup groups, remain informal, many others he also discusses, such as Wikipedia and Linux, were by 2006, organized, and thus, some type of organization.

The new institutions built by free software developers and other groups (Indymedia was remarkably well organized by 2001) are not the large slumbering bureaucracies most often associated with governments, the post office, or large corporations. Nor do they follow the wisdom of the crowd. In building what are new institutional forms, open source developers often seek to strike a balance between stability and open-ended flexibility and individualism and collectivism. In the process of doing so, many engender particular forms of social value that include mutual aid, transparency, and complex codes for collaboration and other ethical precepts that help guide technical production. In the case of Debian—the largest and perhaps most stunningly of organized of free and open source software projects—its policies, direction, and imperatives are decided by a collective who not only create software but also have innovated, quite successfully, in institution building and much of my work has focused on this side of their practical activity, which is not always part of their ideological repertoire (but sometimes it is).

Anonymous, which so far has steadfastly avoided institution building (not a surprise as it so flies in the face of their ideological commitments and there is not always much coherence there either), presents different sorts of issues and problems when a researcher like myself gauges how and when to reconcile between their idealizations and practice; I have never been accused of suffering Stockholm Syndrome with my work on free software, but this is routinely launched at me due to my work on Anonymous. And probably meaty enough of an accusation to warrant its own post.

The House of Representatives recently passed an amendment to a fairly obscure a law known as the Video Privacy Protection Act.  This law protects the privacy of our video rental records.  It ensures that companies who have information about what videos we watch keep them confidential, and it requires them to get meaningful consent from us before they publish them.  The House, at the urging of Netflix and Facebook, has passed an amendment that would allow these companies to share our movie watching [...]]]> Our guest blogger Neil Richards, a Professor of Law at Washington University School of Law, turns his sights on video privacy in this guest blog post.  It whets our appetite for his forthcoming book on Intellectual Privacy.  So here is Professor Richards’s post:

The House of Representatives recently passed an amendment to a fairly obscure a law known as the Video Privacy Protection Act.  This law protects the privacy of our video rental records.  It ensures that companies who have information about what videos we watch keep them confidential, and it requires them to get meaningful consent from us before they publish them.  The House, at the urging of Netflix and Facebook, has passed an amendment that would allow these companies to share our movie watching habits much more easily.  The Video Privacy Act was passed after the Washington City Paper obtained the video rental records of Supreme Court nominee Robert Bork and published them in order to politically discredit him.  It worked.  The Video Privacy Act rests on the enduring wisdom that what we watch is our own business, regardless of our politics.  It allows us to share films we’ve watched on our own terms and not those of video stores or online video providers.

What’s at stake is something privacy scholars call “intellectual privacy” – the idea that records of our reading habits, movie watching habits, and private conversations deserve special protection from other kinds of personal information.  The films we watch, the books we read, and the web sites we visit are essential to the ways we make sense of the world and make up our minds about political and non-political issues.  Intellectual privacy protects our ability to think for ourselves, without worrying that other people might judge us based on what we read.  It allows us to explore ideas that other people might not approve of, and to figure out our politics, sexuality, and personal values, among other things.  It lets us watch or read whatever we want without fear of embarrassment or being outed.  This is the case whether we’re reading communist or anti-globalization books; or visiting web sites about abortion, gun control, cancer, or coming out as gay; or watching videos of pornography, or documentaries by Michael Moore, or even “The Hangover 2.”

For generations, librarians have understood this.  Libraries were the Internet before computers – they presented the world of reading to us, and let us as patrons read (and watch) freely for ourselves. But librarians understood that intellectual privacy matters.  A good library lets us read freely, but keeps our records confidential in order to safeguard our intellectual privacy.   But we are told by Netflix, Facebook, and other companies that the world has changed.  “Sharing” as they call it is the way of the future.  I disagree.  Sharing can be good, and sharing of what we watch and read is very important.  But the way we share is essential.  Telling our friends “hey – read this – it’s important” or “watch this movie – it’s really moving” is one of the great things that the Internet has made easier.  But sharing has to be done on our terms, not on those that are most profitable for business.  Sharing doesn’t mean a norm of publishing everything we read on the Internet.  It means giving us a conscious choice about when we are sharing our intellectual habits, and when we are not.

Industry groups are fond of saying that good privacy practices require consumer notice and consumer choice.  The current Video Privacy Act is one of the few laws that does give consumers meaningful choice about protecting their sensitive personal information.  Now is not the time to cut back on the VPPA’s protections.  Now is the time to extend its protections to the whole range of intellectual records – the books we buy, our internet search histories, and ISP logs of what we read on the Internet.  As a first step, we should reject this attempt to eviscerate our intellectual privacy.

Flash mobs have been eliciting wide-eyed excitement for the better part of the past decade now. They were playful and glaringly pointless in their earliest manifestations. Mobbers back then were content with the playful performance art of the thing. Early proponents, at the same time, breathlessly lauded the flash mob “movement.”

MGK leads a movement (Youtube)

Today, the flash mob has matured into something much more complex than these early proponents prophesied. For one, they involve unsupported and disaffected young people of color in cities on [...]]]>

Like Professor Zick, I am grateful for the invitation to share my view of the world with Concurring Opinions. I’d like to pick up where his post on strange expressive acts left off and, along the way, perhaps answer his question.

Flash mobs have been eliciting wide-eyed excitement for the better part of the past decade now. They were playful and glaringly pointless in their earliest manifestations. Mobbers back then were content with the playful performance art of the thing. Early proponents, at the same time, breathlessly lauded the flash mob “movement.”

MGK leads a movement (Youtube)

Today, the flash mob has matured into something much more complex than these early proponents prophesied. For one, they involve unsupported and disaffected young people of color in cities on the one hand and, on the other, anxious and unprepared law enforcement officials. A fateful mix.

In North London in early August, mobile online social networking and messaging probably helped outrage over the police shooting of a young black man morph into misanthropic madness.  Race-inflected flash mob mischief hit the U.S. this summer, too. Most major metropolitan newspapers and cable news channels this summer have run stories about young black people across the country using their idle time and fleet thumbs to organize shoplifting, beatings, and general indiscipline. This is not the first time the U.S. has seen the flash mob or something like it. (Remember the 2000 recount in Florida?) But the demographic and commercial politics of these events in particular ought to raise eyebrows.

I have found that Comic-Con is a prime beneficiary of the decline of anonymity in online social networks.

Facebook may be leading the way in the fight against anonymity, but digital communities built around shared interest in science fiction are [...]]]> Comic-Con is many things: awesome, hilarious, tragic, fun, hilarious, expensive and hilarious. Every July, San Diego becomes the homeof more than just balmy temperatures and the alt-rock tones of Jason Mraz; it hosts Comic-Con, an extraordinary pop culture event that brings together Trekkies and Chris Evans (the 2011 Captain America), Jedis and Ryan Kwanten (of True Blood) and more than a few people who have never picked up a comic book. I’ve joined the crowds the past two years because, well, it’s what you do in San Diego this weekend.

I have found that Comic-Con is a prime beneficiary of the decline of anonymity in online social networks.

Facebook may be leading the way in the fight against anonymity, but digital communities built around shared interest in science fiction are giving Mark Zuckerberg a run for his anti-anonymity money. To be sure, online games like World of Warcraft (WoW) allow you to create fantastic identities and personae for yourself, but I had a feeling they have become so much more than that. I did not know from experience: I enjoy Sci Fi and have my share of SyFy shows waiting on my DVR, but I’ve never played WoW. I was never a big gamer, even when “Where in the World is Carmen Sandiego” actually came on those large black floppy discs. So, I did what any nerd would do: I went to Comic-Con to test a theory.

I looked for groups where members were of similar ages (thus excluding families), but did not restrict myself to any particular age, race, gender or costume. I spoke to about 100 people. I wanted to know where they met their friends: online or in person? If online, on what platform? If not on a traditional social networking site like Facebook, where? Did they ever have pseudonyms or online identities that hid their real identities? If so, how and when did they come out of the closet to meet each other? In other words, I was trying to understand the role of online anonymity in social interaction among people at Comic-Con, many of whom are highly wired.

Of 107 people, 67 met the friends they were with at the time online. Notably, that is not the same as saying that nearly 2/3 of respondents came to Comic-Con with people they met online, but still, that is a staggering number! In any event, all of them eventually ”met” or “found” each other on Facebook, but some initially linked up through sci-fi themed groups. But, since it all happened through Facebook, no one was anonymous. 

Not all relationships started on Facebook’s science fiction corner. A few knew each other as frequent commenters on Gateworld.net, an all-things-Stargate fan website; some were WoW buddies who “never kept [themselves]hidden. He sounded cool, so whatever. It’s all on Facebook or MySpace anyway.” Another young man met his Jedi-clad friend “playing a few different online games. In the chat rooms, he mentioned he was from China and I thought that was so cool, especially since I live in Georgia.” He meant the country, not the state. The two struck up a friendship, became MySpace “friends,” then Facebook “friends” and then decided that they both should meet each others’ friends at Comic-Con. I also met a few young women who lamented that I wasn’t in costume and said that they too bonded online as three of the precious few females to comment about the show Warehouse 13 with any frequency. “As soon as I saw another girl, I immediately asked who she was and where she was. She then friended me on Facebook and I had a friend in a place called Riverside, California. I live in Oklahoma.”

Comic-Con attendees bear the brunt of a lot of stereotypes, none more common than of the adolescent, nonathletic boy who projects the kind of person he wants to be into his WoW elf. But, my initial research suggests that these men and women are not hiding behind the perceived anonymity that their online games could provide. Instead, they see their digital selves as extensions of their physical selves and their online identities as ways to help them meet people in real life. It is difficult for all of us to meet new people, so while an elf-self may be a foot in the door, the man behind the elf wants nothing more than to drop his mask and allow his digital community to supplement his physical community.

Admittedly, my tiny sample set answered informal questions in an unscientific survey. But, this concept — who we really are online and what are we really doing — has implications for the kind of policies websites, intermediaries and users would want to adopt to make the Internet a safe community for all. If we don’t want to be anonymous and have less and less need for it, why should we put safety and certain rights at risk in the name of protecting absolute anonymity? If even elf-selves are eschewing anonymity because of the community-building possibilities of Facebook and Gateworld.net, perhaps anonymity is not part of the liberating potential of the Internet. Perhaps community-building is.

The face-to-face and online harassment of young people, of any sexual orientation, of any gender, of any race, of any socio-economic status, is a bad thing. For [...]]]> Being laid up for a week with a nasty tonsil infection gave me the opportunity to catch up on some Sunday NY Times crosswords (Side Note: I refuse to accept that we’re now spelling the word “epilogue” as “epilog,” Mr. Will Shortz), some nerdy SciFi television and some law review articles on cyberharassment. Many esteemed colleagues, not to mention countless law students, are writing about this or related topics in some way. There is indeed much to talk about. But, what does not get as much play are the assumptions upon which much of the results-oriented scholarship is based.

The face-to-face and online harassment of young people, of any sexual orientation, of any gender, of any race, of any socio-economic status, is a bad thing. For the moment, let us put aside those who cling to the antiquated “this is all part of growing up” meme and assume that we all think harassing, attacking and emotionally abusing young people is bad. But, when we are asked to evaluate potential ameliorative responses — harsh punishments, tolerance education, increasing the role of government and a host of other possibilities — it is not enough to simply assume that a problem exists. In order to compare one response against another, we must first engage in a discussion about the values we’re trying to protect over and above solving the problem.

For example, let us assume for the moment that cyberharassment raises only two issues: the speech rights of harassers and the speech rights of victims. If we have to factor into any solution concerns about these stakeholders’ free speech, must we weigh them equally? No. But, then how do we weigh them? Does it matter whose rights? Sure. Those mean harassing kids don’t deserve their rights, only victims do. But, we all know what that kind of reasoning implies. Does it matter that in our example both the perpetrators and victims are students? Do minors even have speech rights (ask Justice Thomas for a resounding “Pfft. Surely you jest!“).

Do we have an adequate basis for finding an answer other than our own personal prejudices? I think we do, but our Internet speech law misses the mark. The legislative history of Section 230 of the Communications Decency Act (the immunity clause) and judicial opinions in cases like Reno v. ACLU, Ashcroft v. ACLU and Zeran v. AmericaOnline suggest that we determine what to value based on our vision of the Internet user as a modern day “pamphleteer” who can reach out “to a world-wide audience,” and do so “anonymous[ly].” A person like that in an environment like that would value individual autonomy and autonomy-based free speech values more than anything else, devaluing other First Amendment values. That vision of the Internet user and his online experience, however, is simply incorrect. Anonymity as a technical matter does not really exist and social networking platforms like Facebook are making anonymity a thing of the past. And, being a pamphleteer that can reach anyone is a little difficult when all content goes through and can be arranged and censored by intermediaries. This Internet user with this online experience would not only be concerned with individual autonomy above all other things. He would be concerned with his reputation, which can be irreparably damaged by online defamation and misbehavior. And, he would be concerned with getting his voice out there, especially since he is completely dependent upon third parties for access.

(NOTE: Any double entendre is purely unintentional! My mother reads these things!).

Brooklyn Congressman Anthony Weiner, a man I have had the opportunity to meet and even challenge to running race, first alleged that his Twitter account had been hacked, then maintained that he did not send the tweet but the image could have been of him and then, finally and mercifully, admitted that he sent the [...]]]> My first reaction to Congressman Anthony Weiner’s admission was, “Oh… my… god!” My second reaction was to laugh — no matter how old we men get, we are all still 12 year old boys inside — and think of a post filled with double entendre. My third reaction was to wonder what this deeply unfortunate story means for tech law.

(NOTE: Any double entendre is purely unintentional! My mother reads these things!).

Brooklyn Congressman Anthony Weiner, a man I have had the opportunity to meet and even challenge to running race, first alleged that his Twitter account had been hacked, then maintained that he did not send the tweet but the image could have been of him and then, finally and mercifully, admitted that he sent the tweet and was carrying on “inappropriate relationships” with “several” women that he met online. Minority Leader Nancy Pelosi has called for an ethics investigation, conservative pundits are calling for the Congressman’s head and the rest of us are probably unmoved. We live in a world where Eric Massa, Christopher Smith, Mark Foley and so many other politicians are sexually crazed and hooked into a virtual world they either do not understand or are simply too arrogant to care about.

Weinergate has obvious lessons on the perils of throwing no caution to the wind regarding your Internet presence. It also reminds us that some men in power tend to lose their grip on reality. But, you do not have to be in Congress to be victimized by careless, stupid digital behavior.

If one divorcing spouse wanted to prove infidelity, perhaps as part of denying a 50/50 split of marital assets, text messages, emails and self-taken photographs on the other spouses cell phone, Twitter history and email inbox may be fair game. Just last year, a New York state judge in part used evidence of a man’s sexually charged conversations with various women online to deny him child custody. Notably, there had been no evidence that this man ever met any of these women in person or committed any sexual act. He messaged them online, adding jpegs of himself. Another judge in New Hampshire refused to use evidence of a divorcing spouse’s virtual interactions without evidence of an actual affair outside the digital universe. Family court judges have wide latitude in this area, but what are your thoughts about these cases?

Outside of the family law context, lewd online behavior can trigger morality clauses in contracts. Assuming for the moment that morality clauses — provisions in contracts that restrict certain elements of or behaviors in a party’s personal life — are even enforceable, sending a lewd photograph of yourself to “several” women with whom you are having “inappropriate relationship[s]” could be grounds for dismissal.

The operative question is whether evidence of digital hanky-panky, without even a hint of actual infidelity or inappropriateness in real life, is enough wrongdoing in these and other contexts. It seems incongruous to simultaneously recognize the pervasiveness and salience of digital interaction today and still diminish the importance of digital inappropriate behavior below face-to-face conduct. We are both virtual and physical beings now. Excusing a person’s bad conduct in the former simply because it happened through packets of 1′s and 0′s on the Internet seems antiquated and a recipe for a blind spot in social norms.

Next came the conversation.  We talked about how increasingly social media activity is part of one’s life’s biography.  Anything said and done in social network spaces becomes part of who you are in our [...]]]> The question that I had been dreading came at last: “Mom, can I have a Facebook page?”  My daughter provided a strong defense: she’s 13, so she meets Facebook’s Terms of Service age requirement; she’s nearly an adult in her religion’s eyes (her bat mitzvah is in a week); past practices proves she’s responsible; and well, she feels ready.  (And I just discovered, she’s done her homework: see this Yahoo Answers! “My mom won’t let me get a Facebook page, how do I convince her?” thread that I found on my computer).

Next came the conversation.  We talked about how increasingly social media activity is part of one’s life’s biography.  Anything said and done in social network spaces becomes part of who you are in our Information Age.  Colleges may ask for your Facebook password.  Over 70% of employers look at social media data for interviewing and hiring (and sad to say, the outcomes are grim for applicants who over 60% of the time don’t get the interview or job due to social network profiles).  It’s not just what you post that speaks volumes — your social network (friends and their friends) tells some of your story for you.  There goes any control that you thought you had.  FB users often wrestle with whether they should de-friend those whose online personas don’t match their sensibilities (or the way in which they want others to perceive them).  This means that users need to keep a careful eye on their friends’ profiles (as well as ever-changing privacy settings).

That’s a lot of responsibility.  Or, as Bill Keller of the New York Times put it when he allowed his 13-year old daughter to join Facebook, he felt “a little as if I had passed my child a pipe of crystal meth.“  Beyond the potential privacy and reputational concerns that accompany social media use, an online life has other potential perils, like overuse (and thus inattention to studies, face-to-face family time, etc.) that cyber-pessimists underscore (see Nicholas Carr’s The Shallows).  And bullying, serious harassment, bigotry increasingly appear in mainstream social media in ways that kids can’t necessarily avoid (my work explores those problems, see here, here, and here, as well as terrific work by guest bloggers Ari Waldman and Mary Anne Franks).  Of course, there’s also lots of positive stuff emerging from these networked spaces.  Social media outlets like Facebook allow us to enact our personalities.  They let us express ourselves in ever-changing and expanding ways.  FB and other outlets host civic engagement as Helen Norton and I have emphasized.

I wonder, too, if my kid has a meaningful choice.  Can digital natives really stay away from social media if all of their friends socialize there?  And will employers and colleges expect that applicants partake in these activities because everyone else does?  Someday, will resisting having a Facebook profile express something negative about you?  Will it signal that you’re not socially adjusted or successful?  As Scott Peppet underscores in his work, we may be forced to give up our privacy to show that we are indeed healthy, social, smart, and the like.  That’s a lot to process, right?  I’m going to chew on this a while.  Your thoughts are most welcome!