Archives For internet

It’s fitting that FCC Chairman Ajit Pai recently compared his predecessor’s jettisoning of the FCC’s light touch framework for Internet access regulation without hard evidence to the Oklahoma City Thunder’s James Harden trade. That infamous deal broke up a young nucleus of three of the best players in the NBA in 2012 because keeping all three might someday create salary cap concerns. What few saw coming was a new TV deal in 2015 that sent the salary cap soaring.

If it’s hard to predict how the market will evolve in the closed world of professional basketball, predictions about the path of Internet innovation are an order of magnitude harder — especially for those making crucial decisions with a lot of money at stake.

The FCC’s answer for what it considered to be the dangerous unpredictability of Internet innovation was to write itself a blank check of authority to regulate ISPs in the 2015 Open Internet Order (OIO), embodied in what is referred to as the “Internet conduct standard.” This standard expanded the scope of Internet access regulation well beyond the core principle of preserving openness (i.e., ensuring that any legal content can be accessed by all users) by granting the FCC the unbounded, discretionary authority to define and address “new and novel threats to the Internet.”

When asked about what the standard meant (not long after writing it), former Chairman Tom Wheeler replied,

We don’t really know. We don’t know where things will go next. We have created a playing field where there are known rules, and the FCC will sit there as a referee and will throw the flag.

Somehow, former Chairman Wheeler would have us believe that an amorphous standard that means whatever the agency (or its Enforcement Bureau) says it means created a playing field with “known rules.” But claiming such broad authority is hardly the light-touch approach marketed to the public. Instead, this ill-conceived standard allows the FCC to wade as deeply as it chooses into how an ISP organizes its business and how it manages its network traffic.

Such an approach is destined to undermine, rather than further, the objectives of Internet openness, as embodied in Chairman Powell’s 2005 Internet Policy Statement:

To foster creation, adoption and use of Internet broadband content, applications, services and attachments, and to ensure consumers benefit from the innovation that comes from competition.

Instead, the Internet conduct standard is emblematic of how an off-the-rails quest to heavily regulate one specific component of the complex Internet ecosystem results in arbitrary regulatory imbalances — e.g., between ISPs and over-the-top (OTT) or edge providers that offer similar services such as video streaming or voice calling.

As Boston College Law Professor, Dan Lyons, puts it:

While many might assume that, in theory, what’s good for Netflix is good for consumers, the reality is more complex. To protect innovation at the edge of the Internet ecosystem, the Commission’s sweeping rules reduce the opportunity for consumer-friendly innovation elsewhere, namely by facilities-based broadband providers.

This is no recipe for innovation, nor does it coherently distinguish between practices that might impede competition and innovation on the Internet and those that are merely politically disfavored, for any reason or no reason at all.

Free data madness

The Internet conduct standard’s unholy combination of unfettered discretion and the impulse to micromanage can (and will) be deployed without credible justification to the detriment of consumers and innovation. Nowhere has this been more evident than in the confusion surrounding the regulation of “free data.”

Free data, like T-Mobile’s Binge On program, is data consumed by a user that has been subsidized by a mobile operator or a content provider. The vertical arrangements between operators and content providers creating the free data offerings provide many benefits to consumers, including enabling subscribers to consume more data (or, for low-income users, to consume data in the first place), facilitating product differentiation by mobile operators that offer a variety of free data plans (including allowing smaller operators the chance to get a leg up on competitors by assembling a market-share-winning plan), increasing the overall consumption of content, and reducing users’ cost of obtaining information. It’s also fundamentally about experimentation. As the International Center for Law & Economics (ICLE) recently explained:

Offering some services at subsidized or zero prices frees up resources (and, where applicable, data under a user’s data cap) enabling users to experiment with new, less-familiar alternatives. Where a user might not find it worthwhile to spend his marginal dollar on an unfamiliar or less-preferred service, differentiated pricing loosens the user’s budget constraint, and may make him more, not less, likely to use alternative services.

In December 2015 then-Chairman Tom Wheeler used his newfound discretion to launch a 13-month “inquiry” into free data practices before preliminarily finding some to be in violation of the standard. Without identifying any actual harm, Wheeler concluded that free data plans “may raise” economic and public policy issues that “may harm consumers and competition.”

After assuming the reins at the FCC, Chairman Pai swiftly put an end to that nonsense, saying that the Commission had better things to do (like removing barriers to broadband deployment) than denying free data plans that expand Internet access and are immensely popular, especially among low-income Americans.

The global morass of free data regulation

But as long as the Internet conduct standard remains on the books, it implicitly grants the US’s imprimatur to harmful policies and regulatory capriciousness in other countries that look to the US for persuasive authority. While Chairman Pai’s decisive intervention resolved the free data debate in the US (at least for now), other countries are still grappling with whether to prohibit the practice, allow it, or allow it with various restrictions.

In Europe, the 2016 EC guidelines left the decision of whether to allow the practice in the hands of national regulators. Consequently, some regulators — in Hungary, Sweden, and the Netherlands (although there the ban was recently overturned in court) — have banned free data practices  while others — in Denmark, Germany, Spain, Poland, the United Kingdom, and Ukraine — have not. And whether or not they allow the practice, regulators (e.g., Norway’s Nkom and the UK’s Ofcom) have lamented the lack of regulatory certainty surrounding free data programs, a state of affairs that is compounded by a lack of data on the consequences of various approaches to their regulation.

In Canada this year, the CRTC issued a decision adopting restrictive criteria under which to evaluate free data plans. The criteria include assessing the degree to which the treatment of data is agnostic, whether the free data offer is exclusive to certain customers or certain content providers, the impact on Internet openness and innovation, and whether there is financial compensation involved. The standard is open-ended, and free data plans as they are offered in the US would “likely raise concerns.”

Other regulators are contributing to the confusion through ambiguously framed rules, such as that of the Chilean regulator, Subtel. In a 2014 decision, it found that a free data offer of specific social network apps was in breach of Chile’s Internet rules. In contrast to what is commonly reported, however, Subtel did not ban free data. Instead, it required mobile operators to change how they promote such services, requiring them to state that access to Facebook, Twitter and WhatsApp were offered “without discounting the user’s balance” instead of “at no cost.” It also required them to disclose the amount of time the offer would be available, but imposed no mandatory limit.

In addition to this confusing regulatory make-work governing how operators market free data plans, the Chilean measures also require that mobile operators offer free data to subscribers who pay for a data plan, in order to ensure free data isn’t the only option users have to access the Internet.

The result is that in Chile today free data plans are widely offered by Movistar, Claro, and Entel and include access to apps such as Facebook, WhatsApp, Twitter, Instagram, Pokemon Go, Waze, Snapchat, Apple Music, Spotify, Netflix or YouTube — even though Subtel has nominally declared such plans to be in violation of Chile’s net neutrality rules.

Other regulators are searching for palatable alternatives to both flex their regulatory muscle to govern Internet access, while simultaneously making free data work. The Indian regulator, TRAI, famously banned free data in February 2016. But the story doesn’t end there. After seeing the potential value of free data in unserved and underserved, low-income areas, TRAI proposed implementing government-sanctioned free data. The proposed scheme would provide rural subscribers with 100 MB of free data per month, funded through the country’s universal service fund. To ensure that there would be no vertical agreements between content providers and mobile operators, TRAI recommended introducing third parties, referred to as “aggregators,” that would facilitate mobile-operator-agnostic arrangements.

The result is a nonsensical, if vaguely well-intentioned, threading of the needle between the perceived need to (over-)regulate access providers and the determination to expand access. Notwithstanding the Indian government’s awareness that free data will help to close the digital divide and enhance Internet access, in other words, it nonetheless banned private markets from employing private capital to achieve that very result, preferring instead non-market processes which are unlikely to be nearly as nimble or as effective — and yet still ultimately offer “non-neutral” options for consumers.

Thinking globally, acting locally (by ditching the Internet conduct standard)

Where it is permitted, free data is undergoing explosive adoption among mobile operators. Currently in the US, for example, all major mobile operators offer some form of free data or unlimited plan to subscribers. And, as a result, free data is proving itself as a business model for users’ early stage experimentation and adoption of augmented reality, virtual reality and other cutting-edge technologies that represent the Internet’s next wave — but that also use vast amounts of data. Were the US to cut off free data at the legs under the OIO absent hard evidence of harm, it would substantially undermine this innovation.

The application of the nebulous Internet conduct standard to free data is a microcosm of the current incoherence: It is a rule rife with a parade of uncertainties and only theoretical problems, needlessly saddling companies with enforcement risk, all in the name of preserving and promoting innovation and openness. As even some of the staunchest proponents of net neutrality have recognized, only companies that can afford years of litigation can be expected to thrive in such an environment.

In the face of confusion and uncertainty globally, the US is now poised to provide leadership grounded in sound policy that promotes innovation. As ICLE noted last month, Chairman Pai took a crucial step toward re-imposing economic rigor and the rule of law at the FCC by questioning the unprecedented and ill-supported expansion of FCC authority that undergirds the OIO in general and the Internet conduct standard in particular. Today the agency will take the next step by voting on Chairman Pai’s proposed rulemaking. Wherever the new proceeding leads, it’s a welcome opportunity to analyze the issues with a degree of rigor that has thus far been appallingly absent.

And we should not forget that there’s a direct solution to these ambiguities that would avoid the undulations of subsequent FCC policy fights: Congress could (and should) pass legislation implementing a regulatory framework grounded in sound economics and empirical evidence that allows for consumers to benefit from the vast number of procompetitive vertical agreements (such as free data plans), while still facilitating a means for policing conduct that may actually harm consumers.

The Golden State Warriors are the heavy odds-on favorite to win another NBA Championship this summer, led by former OKC player Kevin Durant. And James Harden is a contender for league MVP. We can’t always turn back the clock on a terrible decision, hastily made before enough evidence has been gathered, but Chairman Pai’s efforts present a rare opportunity to do so.

The Senate should not reconfirm Jessica Rosenworcel to the Federal Communications Commission (FCC), in order to allow the Trump Administration to usher in needed reforms in the critical area of communications policy.

As documented by the Free State Foundation (FSF) and other supporters of free markets, the Obama Administration’s FCC has done a dismal job in overseeing communications regulation, both as a matter of law and economics (see, for example, the abuses documented in FSF publications).  The FCC’s proposal to impose common carrier-like regulations on the Internet is just one example of what constitutes not merely flawed policy, but a failure to adhere to the rule of law, as I explain in an October 2016 Heritage Foundation Legal Memorandum (citations omitted):

[T]he rule of law involves “a system of binding rules” that have been adopted and applied by a valid government authority and that embody “clarity, predictability, and equal applicability.”

 Practices employed by government agencies that undermine the rule of law ignore a fundamental duty that the government owes its citizens and thereby undermine America’s constitutional system. Federal courts, however, will not review a federal administrative action unless an actual litigated “case or controversy” is presented to them, and they generally are reluctant to invoke constitutional “first principles” to strike down federal agency initiatives. Judicial intervention is thus a poor check on an agency’s tendency to flout the rule of law—or merely give it lip service—by acting in an unpredictable and inequitable manner.

It follows, therefore, that close scrutiny of federal administrative agencies’ activities is particularly important in helping to achieve public accountability for an agency’s failure to honor the rule of law standard. Applying such scrutiny to the FCC reveals that it does a poor job of adhering to rule of law principles. Accordingly, specific legislative reforms to rectify that shortcoming warrant serious consideration by Congress. . . .

The FCC has fallen short in meeting rule of law standards, both in its procedural practices and in various substantive actions that it has taken. . . .

[FCC Procedural failures include] delays, lack of transparency, and inefficiencies in agency proceedings (including “voting on secret texts and delaying the publication of orders”; excessive cost burdens on regulated parties; outdated rules; and problems in agency interactions with the public. . . .

Substantive agency actions also undermine the rule of law if they fall outside the scope of the agency’s constitutional, statutory, or regulatory authority.  By their nature, such actions indicate that an agency does not view itself as bound by the law and is unwilling to clarify how the government’s coercive powers will be applied.  Significant FCC initiatives in recent years have involved such derogations from rule of law principles and have proved to be far more serious than mere procedural imperfections. 

Specific FCC abuses of the rule of law, documented in my Heritage Legal Memorandum, include the imposition of arbitrary conditions on merging parties having nothing to do with the actual effects of a merger.  They also involve regulatory initiatives that exceed the FCC’s statutory authority, such as (1) an attempt to repeal state municipal broadband regulation (struck down in court), (2) the “Open Internet Order” which seeks to regulate the Internet under the guise of “net neutrality,” (3) the unauthorized extension of FCC rules covering joint sales agreements by broadcast stations (struck down in court), and (4) the unauthorized regulation of video “set top box” equipment.

The FCC has also brought a variety of public enforcement actions against private parties that could not reasonably have known that they were violating a legal norm as defined by the FCC, thereby violating principles of clarity, predictability, and equal treatment in law enforcement.

Key FCC actions that flout the rule of law have been enacted by partisan three-to-two FCC votes, with the three Democratic Commissioners (Chairman Tom Wheeler, Mignon Clyburn, and Jessica Rosenworcel) voting in favor of such measures and the two Republican Commissioners (Ajit Pai and Michael O’Rielly) voting in opposition.  Without Commissioner Rosenworcel’s votes, the FCC’s ability to undermine the rule of law in those instances would have been thwarted.

Commissioner Rosenworcel’s term expired in June 2015, but she remained on the Commission.  In 2015 President Obama nominated her for a new five-year term as FCC Commissioner, and, as explained by the Senate Commerce Committee, “[s]he may remain in her current role as commissioner until December 31, 2016 while awaiting Senate confirmation for a second term.”

Rosenworcel’s remomination has not yet been taken up by the Senate, giving President-Elect Trump the opportunity to select a new Commissioner (and Chairman) who can steer the FCC in a market-oriented direction that respects the rule of law.  On December 2nd, however, it was reported that “[Senate Minority Leader] Harry Reid and President Obama are circulating a petition to remove the hold on FCC Commissioner Jessica Rosenworcel so that she can be reconfirmed before Congress recesses next week.”

This is troublesome news.  Confirmation of Rosenworcel would deny the new President the ability to reshape communications policy, with serious negative effects on Internet freedom and innovation in the economically vital communications sector.  Senate Republicans should stand firm and deny confirmation to Ms. Rosenworcel, in order to ensure that the new President has the opportunity to reform the FCC.

Next week the FCC is slated to vote on the second iteration of Chairman Wheeler’s proposed broadband privacy rules. Of course, as has become all too common, none of us outside the Commission has actually seen the proposal. But earlier this month Chairman Wheeler released a Fact Sheet that suggests some of the ways it would update the rules he initially proposed.

According to the Fact Sheet, the new proposed rules are

designed to evolve with changing technologies and encourage innovation, and are in harmony with other key privacy frameworks and principles — including those outlined by the Federal Trade Commission and the Administration’s Consumer Privacy Bill of Rights.

Unfortunately, the Chairman’s proposal appears to fall short of the mark on both counts.

As I discuss in detail in a letter filed with the Commission yesterday, despite the Chairman’s rhetoric, the rules described in the Fact Sheet fail to align with the FTC’s approach to privacy regulation embodied in its 2012 Privacy Report in at least two key ways:

  • First, the Fact Sheet significantly expands the scope of information that would be considered “sensitive” beyond that contemplated by the FTC. That, in turn, would impose onerous and unnecessary consumer consent obligations on commonplace uses of data, undermining consumer welfare, depriving consumers of information and access to new products and services, and restricting competition.
  • Second, unlike the FTC’s framework, the proposal described by the Fact Sheet ignores the crucial role of “context” in determining the appropriate level of consumer choice before affected companies may use consumer data. Instead, the Fact Sheet takes a rigid, acontextual approach that would stifle innovation and harm consumers.

The Chairman’s proposal moves far beyond the FTC’s definition of “sensitive” information requiring “opt-in” consent

The FTC’s privacy guidance is, in its design at least, appropriately flexible, aimed at balancing the immense benefits of information flows with sensible consumer protections. Thus it eschews an “inflexible list of specific practices” that would automatically trigger onerous consent obligations and “risk[] undermining companies’ incentives to innovate and develop new products and services….”

Under the FTC’s regime, depending on the context in which it is used (on which see the next section, below), the sensitivity of data delineates the difference between data uses that require “express affirmative” (opt-in) consent and those that do not (requiring only “other protections” short of opt-in consent — e.g., opt-out).

Because the distinction is so important — because opt-in consent is much more likely to staunch data flows — the FTC endeavors to provide guidance as to what data should be considered sensitive, and to cabin the scope of activities requiring opt-in consent. Thus, the FTC explains that “information about children, financial and health information, Social Security numbers, and precise geolocation data [should be treated as] sensitive.” But beyond those instances, the FTC doesn’t consider any other type of data as inherently sensitive.

By contrast, and without explanation, Chairman Wheeler’s Fact Sheet significantly expands what constitutes “sensitive” information requiring “opt-in” consent by adding “web browsing history,” “app usage history,” and “the content of communications” to the list of categories of data deemed sensitive in all cases.

By treating some of the most common and important categories of data as always “sensitive,” and by making the sensitivity of data the sole determinant for opt-in consent, the Chairman’s proposal would make it almost impossible for ISPs to make routine (to say nothing of innovative), appropriate, and productive uses of data comparable to those undertaken by virtually every major Internet company.  This goes well beyond anything contemplated by the FTC — with no evidence of any corresponding benefit to consumers and with obvious harm to competition, innovation, and the overall economy online.

And because the Chairman’s proposal would impose these inappropriate and costly restrictions only on ISPs, it would create a barrier to competition by ISPs in other platform markets, without offering a defensible consumer protection rationale to justify either the disparate treatment or the restriction on competition.

As Fred Cate and Michael Staten have explained,

“Opt-in” offers no greater privacy protection than allowing consumers to “opt-out”…, yet it imposes significantly higher costs on consumers, businesses, and the economy.

Not surprisingly, these costs fall disproportionately on the relatively poor and the less technology-literate. In the former case, opt-in requirements may deter companies from offering services at all, even to people who would make a very different trade-off between privacy and monetary price. In the latter case, because an initial decision to opt-in must be taken in relative ignorance, users without much experience to guide their decisions will face effectively higher decision-making costs than more knowledgeable users.

The Chairman’s proposal ignores the central role of context in the FTC’s privacy framework

In part for these reasons, central to the FTC’s more flexible framework is the establishment of a sort of “safe harbor” for data uses where the benefits clearly exceed the costs and consumer consent may be inferred:

Companies do not need to provide choice before collecting and using consumer data for practices that are consistent with the context of the transaction or the company’s relationship with the consumer….

Thus for many straightforward uses of data, the “context of the transaction,” not the asserted “sensitivity” of the underlying data, is the threshold question in evaluating the need for consumer choice in the FTC’s framework.

Chairman Wheeler’s Fact Sheet, by contrast, ignores this central role of context in its analysis. Instead, it focuses solely on data sensitivity, claiming that doing so is “in line with customer expectations.”

But this is inconsistent with the FTC’s approach.

In fact, the FTC’s framework explicitly rejects a pure “consumer expectations” standard:

Rather than relying solely upon the inherently subjective test of consumer expectations, the… standard focuses on more objective factors related to the consumer’s relationship with a business.

And while everyone agrees that sensitivity is a key part of pegging privacy regulation to actual consumer and corporate relationships, the FTC also recognizes that the importance of the sensitivity of the underlying data varies with the context in which it is used. Or, in the words of the White House’s 2012 Consumer Data Privacy in a Networked World Report (introducing its Consumer Privacy Bill of Rights), “[c]ontext should shape the balance and relative emphasis of particular principles” guiding the regulation of privacy.

By contrast, Chairman Wheeler’s “sensitivity-determines-consumer-expectations” framing is a transparent attempt to claim fealty to the FTC’s (and the Administration’s) privacy standards while actually implementing a privacy regime that is flatly inconsistent with them.

The FTC’s approach isn’t perfect, but that’s no excuse to double down on its failings

The FTC’s privacy guidance, and even more so its privacy enforcement practices under Section 5, are far from perfect. The FTC should be commended for its acknowledgement that consumers’ privacy preferences and companies’ uses of data will change over time, and that there are trade-offs inherent in imposing any constraints on the flow of information. But even the FTC fails to actually assess the magnitude of the costs and benefits of, and the deep complexities involved in, the trade-off, and puts an unjustified thumb on the scale in favor of limiting data use.  

But that’s no excuse for Chairman Wheeler to ignore what the FTC gets right, and to double down on its failings. Based on the Fact Sheet (and the initial NPRM), it’s a virtual certainty that the Chairman’s proposal doesn’t heed the FTC’s refreshing call for humility and flexibility regarding the application of privacy rules to ISPs (and other Internet platforms):

These are complex and rapidly evolving areas, and more work should be done to learn about the practices of all large platform providers, their technical capabilities with respect to consumer data, and their current and expected uses of such data.

The rhetoric of the Chairman’s Fact Sheet is correct: the FCC should in fact conform its approach to privacy to the framework established by the FTC. Unfortunately, the reality of the Fact Sheet simply doesn’t comport with its rhetoric.

As the FCC’s vote on the Chairman’s proposal rapidly nears, and in light of its significant defects, we can only hope that the rest of the Commission refrains from reflexively adopting the proposed regime, and works to ensure that these problematic deviations from the FTC’s framework are addressed before moving forward.

In recent years much ink has been spilled on the problem of online privacy breaches, involving the unauthorized use of personal information transmitted over the Internet.  Internet privacy concerns are warranted.  According to a 2016 National Telecommunications and Information Administration survey of Internet-using households, 19 percent of such households (representing nearly 19 million households) reported that they had been affected by an online security breach, identity theft, or similar malicious activity during the 12 months prior to the July 2015 survey.  Security breaches appear to be more common among the most intensive Internet-using households – 31 percent of those using at least five different types of online devices suffered such breaches.  Security breach statistics, of course, do not directly measure the consumer welfare losses attributable to the unauthorized use of personal data that consumers supply to Internet service providers and to the websites which they visit.

What is the correct overall approach government should take in dealing with Internet privacy problems?  In addressing this question, it is important to focus substantial attention on the effects of online privacy regulation on economic welfare.  In particular, policies should aim at addressing Internet privacy problems in a manner that does not unduly harm the private sector or deny opportunities to consumers who are not being harmed.  The U.S. Federal Trade Commission (FTC), the federal government’s primary consumer protection agency, has been the principal federal regulator of online privacy practices.  Very recently, however, the U.S. Federal Communications Commission (FCC) has asserted the authority to regulate the privacy practices of broadband Internet service providers, and is proposing an extremely burdensome approach to such regulation that would, if implemented, have harmful economic consequences.

In March 2016, FTC Commissioner Maureen Ohlhausen succinctly summarized the FTC’s general approach to online privacy-related enforcement under Section 5 of the FTC Act, which proscribes unfair or deceptive acts or practices:

[U]nfairness establishes a baseline prohibition on practices that the overwhelming majority of consumers would never knowingly approve. Above that baseline, consumers remain free to find providers that match their preferences, and our deception authority governs those arrangements. . . .  The FTC’s case-by-case enforcement of our unfairness authority shapes our baseline privacy practices.  Like the common law, this incremental approach has proven both relatively predictable and adaptable as new technologies and business models emerge.

In November 2015, Professor (and former FTC Commissioner) Joshua Wright argued the FTC’s approach is insufficiently attuned to economic analysis, in particular, the “tradeoffs between the value to consumers and society of the free flow and exchange of data and the creation of new products and services on the one hand, against the value lost by consumers from any associated reduction in privacy.”  Nevertheless, on balance, FTC enforcement in this area generally is restrained and somewhat attentive to cost-benefit considerations.  (This undoubtedly reflects the fact (see my Heritage Legal Memorandum, here) that the statutory definition of “unfairness” in Section 5(n) of the FTC Act embodies cost-benefit analysis, and that the FTC’s Policy Statement on Deception requires detriment to consumers acting reasonably in the circumstances.)  In other words, federal enforcement policy with respect to online privacy, although it could be improved, is in generally good shape.

Or it was in good shape.  Unfortunately, on April 1, 2016, the Federal Communications Commission (FCC) decided to inject itself into “privacy space” by issuing a Notice of Proposed Rulemaking entitled “Protecting the Privacy of Customers of Broadband and Other Telecommunications Services.”  This “Privacy NPRM” sets forth detailed rules that, if adopted, would impose onerous privacy obligations on “Broadband Internet Access Service” (BIAS) Providers, the firms that provide the cables, wires, and telecommunications equipment through which Internet traffic flows – primarily cable (Comcast, for example) and telephone (Verizon, for example) companies.   The Privacy NPRM reclassifies BIAS provision as a “common carrier” service, thereby totally precluding the FTC from regulating BIAS Providers’ privacy practices (since the FTC is barred by law from regulating common carriers, under 15 U.S. Code § 45(a)(2)).  Put simply, the NPRM required BIAS Providers “to obtain express consent in advance of practically every use of a customer[s] data”, without regard to the effects of such a requirement on economic welfare.  All other purveyors of Internet services, however – in particular, the large numbers of “edge providers” that generate Internet content and services (Google, Amazon, and Facebook, for example) – are exempt from the new FCC regulatory requirements.  In short, the Privacy NPRM establishes a two-tier privacy regulatory system, with BIAS Providers subject to tight FCC privacy rules, while all other Internet service firms are subject to more nuanced, case-by-case, effects-based evaluation of their privacy practices by the FTC.  This disparate regulatory approach is peculiar (if not wholly illogical), since edge providers in general have greater access than BIAS Providers to consumers’ non-public information, and thus may appear to pose a greater threat to consumers’ interest in privacy.

The FCC’s proposal to regulate BIAS Providers’ privacy practices represents bad law and horrible economic policy.  First, it undermines the rule of law by extending the FCC’s authority beyond its congressional mandate.  It does this by basing its regulation of a huge universe of information exchanges on Section 222 of the Telecommunications Act of 1996, a narrow provision aimed at a very limited type of customer-related data obtained in connection with old-style voice telephony transmissions.  This is egregious regulatory overreach.  Second, if implemented, it will harm consumers, producers, and the overall economic by imposing a set of sweeping opt-in consent requirements on BIAS Providers, without regard to private sector burdens or actual consumer welfare (see here); by reducing BIAS Provider revenues and thereby dampening investment that is vital to the continued growth of and innovation in Internet-related industries (see here); by reducing the ability of BIAS Providers to provide welfare-enhancing competitive pressure on providers on Internet edge providers (see here); and by raising consumer prices for Internet services and deny discount programs desired by consumers (see here).

What’s worse, the FCC’s proposed involvement in online privacy oversight comes at a time of increased Internet privacy regulation by foreign countries, much of it highly intrusive and lacking in economic sophistication.  A particularly noteworthy effort to clarify cross-national legal standards is the Privacy Shield, a 2016 United States – European Union agreement that establishes regulatory online privacy protection norms, backed by FTC enforcement, that U.S. companies transmitting data into Europe may choose to accept on a voluntary basis.  (If they do not accede to the Shield, they may be subject to uncertain and heavy-handed European sanctions.)  The Privacy NPRM, if implemented, will create an additional concern for BIAS Providers, since they will have to evaluate the implications of new FCC regulation (rather than simply rely on FTC oversight) in deciding whether to opt in to the Shield’s standards and obligations.

In sum, the FCC’s Privacy NPRM would, if implemented, harm consumers and producers, slow innovation, and offend the rule of law.  This prompts four recommendations.

  • The FCC should withdraw the NPRM and leave it to the FTC to oversee all online privacy practices, under its Section 5 unfairness and deception authority. The adoption of the Privacy Shield, which designates the FTC as the responsible American privacy oversight agency, further strengthens the case against FCC regulation in this area. 
  • In overseeing online privacy practices, the FTC should employ a very light touch that stresses economic analysis and cost-benefit considerations. Moreover, it should avoid requiring that rigid privacy policy conditions be kept in place for long periods of time through consent decree conditions, in order to allow changing market conditions to shape and improve business privacy policies. 
  • Moreover, the FTC should borrow a page from former FTC Commissioner Joshua Wright by implementing an “economic approach” to privacy. Under such an approach:  

o             FTC economists would help make the Commission a privacy “thought leader” by developing a rigorous academic research agenda on the economics of privacy, featuring the economic evaluation of industry sectors and practices; 

o             the FTC would bear the burden of proof of showing that violations of a company’s privacy policy are material to consumer decision-making;

o             FTC economists would report independently to the FTC about proposed privacy-related enforcement initiatives; and

o             the FTC would publish the views of its Bureau of Economics in all privacy-related consent decrees that are placed on the public record.   

  • The FTC should encourage the European Commission and other foreign regulators to take into account the economics of privacy in developing their privacy regulatory policies. In so doing, it should emphasize that innovation is harmed, the beneficial development of the Internet is slowed, and consumer welfare and rights are undermined through highly prescriptive regulation in this area (well-intentioned though it may be).  Relatedly, the FTC and other U.S. Government negotiators should argue against adoption of a “one-size-fits-all” global privacy regulation framework.   Such a global framework could harmfully freeze into place over-regulatory policies and preclude beneficial experimentation in alternative forms of “lighter-touch” regulation and enforcement. 

While no panacea, these recommendations would help deter (or, at least, constrain) the economically harmful government micromanagement of businesses’ privacy practices, in the United States and abroad.

Remember when net neutrality wasn’t going to involve rate regulation and it was crazy to say that it would? Or that it wouldn’t lead to regulation of edge providers? Or that it was only about the last mile and not interconnection? Well, if the early petitions and complaints are a preview of more to come, the Open Internet Order may end up having the FCC regulating rates for interconnection and extending the reach of its privacy rules to edge providers.

On Monday, Consumer Watchdog petitioned the FCC to not only apply Customer Proprietary Network Information (CPNI) rules originally meant for telephone companies to ISPs, but to also start a rulemaking to require edge providers to honor Do Not Track requests in order to “promote broadband deployment” under Section 706. Of course, we warned of this possibility in our joint ICLE-TechFreedom legal comments:

For instance, it is not clear why the FCC could not, through Section 706, mandate “network level” copyright enforcement schemes or the DNS blocking that was at the heart of the Stop Online Piracy Act (SOPA). . . Thus, it would appear that Section 706, as re-interpreted by the FCC, would, under the D.C. Circuit’s Verizon decision, allow the FCC sweeping power to regulate the Internet up to and including (but not beyond) the process of “communications” on end-user devices. This could include not only copyright regulation but everything from cybersecurity to privacy to technical standards. (emphasis added).

While the merits of Do Not Track are debatable, it is worth noting that privacy regulation can go too far and actually drastically change the Internet ecosystem. In fact, it is actually a plausible scenario that overregulating data collection online could lead to the greater use of paywalls to access content.  This may actually be a greater threat to Internet Openness than anything ISPs have done.

And then yesterday, the first complaint under the new Open Internet rule was brought against Time Warner Cable by a small streaming video company called Commercial Network Services. According to several news stories, CNS “plans to file a peering complaint against Time Warner Cable under the Federal Communications Commission’s new network-neutrality rules unless the company strikes a free peering deal ASAP.” In other words, CNS is asking for rate regulation for interconnectionshakespeare. Under the Open Internet Order, the FCC can rule on such complaints, but it can only rule on a case-by-case basis. Either TWC assents to free peering, or the FCC intervenes and sets the rate for them, or the FCC dismisses the complaint altogether and pushes such decisions down the road.

This was another predictable development that many critics of the Open Internet Order warned about: there was no way to really avoid rate regulation once the FCC reclassified ISPs. While the FCC could reject this complaint, it is clear that they have the ability to impose de facto rate regulation through case-by-case adjudication. Whether it is rate regulation according to Title II (which the FCC ostensibly didn’t do through forbearance) is beside the point. This will have the same practical economic effects and will be functionally indistinguishable if/when it occurs.

In sum, while neither of these actions were contemplated by the FCC (they claim), such abstract rules are going to lead to random complaints like these, and companies are going to have to use the “ask FCC permission” process to try to figure out beforehand whether they should be investing or whether they’re going to be slammed. As Geoff Manne said in Wired:

That’s right—this new regime, which credits itself with preserving “permissionless innovation,” just put a bullet in its head. It puts innovators on notice, and ensures that the FCC has the authority (if it holds up in court) to enforce its vague rule against whatever it finds objectionable.

I mean, I don’t wanna brag or nothin, but it seems to me that we critics have been right so far. The reclassification of broadband Internet service as Title II has had the (supposedly) unintended consequence of sweeping in far more (both in scope of application and rules) than was supposedly bargained for. Hopefully the FCC rejects the petition and the complaint and reverses this course before it breaks the Internet.

In my article published today in The Daily Signal, I delve into the difficulties of curbing Internet-related copyright infringement.  The key points are summarized below.

U.S. industries that rely on copyright protection (such as motion pictures, music, television, visual arts, and software) are threatened by the unauthorized Internet downloading of copyrighted writings, designs, artwork, music and films. U.S. policymakers must decide how best to protect the creators of copyrighted works without harming growth and innovation in Internet services or vital protections for free speech.

The Internet allows consumers to alter and immediately transmit perfect digital copies of copyrighted works around the world and has generated services designed to provide these tools. Those tools include, for example, peer-to-peer file-sharing services and mobile apps designed to foster infringement. Many websites that provide pirated content—including, for example, online video-streaming sites—are located outside the United States. Such piracy costs the U.S. economy billions of dollars in losses per year—including reduced income for creators and other participants in copyright-intensive industries.

Curtailing online infringement will require a combination of litigation, technology, enhanced private-sector initiatives, public education, and continuing development of readily accessible and legally available content offerings. As the Internet continues to develop, the best approach to protecting copyright in the online environment is to rely on existing legal tools, enhanced cooperation among Internet stakeholders and business innovations that lessen incentives to infringe.

Yesterday my essay on this topic was published as part of a Heritage Foundation Special Report on Saving Internet Freedom.  The essay reviews threats to copyrighted works posed by the Internet and describes public and private essays to deal with Internet-related copyright infringement.  The essay concludes as follows:

“A variety of approaches—many of which are private, voluntary initiatives requiring no new laws or regulations—have been deployed to combat online copyright infringement, and new ones are being developed. While these efforts have not eliminated infringement, which remains a substantial problem, they are having some success.

There is no “silver bullet.” Curtailing online infringement will require a combination of litigation tools, technology, enhanced private-sector initiatives, public education, and continuing development of readily accessible and legally available content offerings. As the Internet continues to develop, the best approach to protecting copyright in the online environment is to rely on existing legal tools, enhanced cooperation among Internet stakeholders, and business innovations that lessen incentives to infringe.”

Yesterday the Heritage Foundation released a series of essays on “Saving Internet Freedom.”  These analytical essays are an excellent reference work for interested members of the public who seek answers to those who claim the Internet requires new and intrusive government regulation.  The introduction to the essays highlights the topics they cover and summarizes their conclusions:

“1.    Federal “network-neutrality” regulations. Rules adopted by the Federal Communications Commission (FCC) in February 2015 bar Internet access providers from prioritizing the content that is sent through their networks. This ban limits the ability of Internet service providers (ISPs) to innovate, which limits economic freedom, to the detriment of the Internet and its users. In addition to activities clearly prohibited, the new rule also gives the FCC vast discretion. As a result, critical decisions about what practices will be allowed on the Net will be left to the subjective judgment of five unelected FCC commissioners.

  1. Global Internet governance. Many nations, such as China and Russia, have made no secret of their desire to limit speech on the Internet. Even some democratic nations have supported limiting freedoms online. With the U.S. government’s decision to end its oversight of the Internet Corporation for Assigned Names and Numbers (ICANN), the private, nonprofit organization that manages name and number assignments on the Internet, these countries see a chance to fill the vacuum, and to use ICANN’s Internet governance role to limit expression on the Web.
  2. Regulatory barriers to online commerce. The Internet is a true disruptive force in commerce, challenging inefficient ways of business. Often, these challenges conflict with anti-consumer laws that protect middlemen and others with a stake in older, costlier ways of doing business. These harmful laws have eroded in many cases, but have not been erased from the statute books.
  3. Internet taxation. Sales and other taxation also create regulatory barriers to online commerce. Some politicians and state tax collectors are pushing Congress to pass legislation that would allow state governments to force retailers located in other states to collect their sales taxes. They say they want to equalize the tax burdens between so-called brick-and-mortar retailers and their online counterparts. But instead of eliminating differences, the proposal would create new disparities and impose new burdens, as sellers struggle to deal with the tax laws of some 10,000 jurisdictions and 46 state tax authorities.
  4. Intellectual property. The freedom to create without fear that one’s creation will be appropriated by others is fundamental. At the same time, overly restrictive laws limiting the use of intellectual property erodes other freedoms, not least freedom of expression. The challenge to lawmakers is to balance these two opposing values, to protect intellectual property without undue limits on its fair use or on third parties.
  5. Cybersecurity. To enjoy the freedoms made possible by the Internet, a certain amount of security is needed to protect it from cyber theft, vandalism, and other criminal threats. This security cannot simply be achieved by government mandates. Government should remove barriers that hinder private-sector efforts to protect online networks.
  6. Digital privacy. Under current law, communications by Americans via electronic networks enjoy less protection than a letter sent by mail. Government does have a legitimate interest in viewing private communications in limited circumstances in order to apprehend criminals or terrorists and to protect security. But to do so, the government should be required to obtain a search warrant for each case, holding it to the constitutional standards that protect other communications, such as mail.”

Supporters of individual freedom and economic liberty will find much to like in these essays.

reason-mag-dont-tread-on-my-internetBen Sperry and I have a long piece on net neutrality in the latest issue of Reason Magazine entitled, “How to Break the Internet.” It’s part of a special collection of articles and videos dedicated to the proposition “Don’t Tread on My Internet!”

Reason has put together a great bunch of material, and packaged it in a special retro-designed page that will make you think it’s the 1990s all over again (complete with flaming graphics and dancing Internet babies).

Here’s a taste of our article:

“Net neutrality” sounds like a good idea. It isn’t.

As political slogans go, the phrase net neutrality has been enormously effective, riling up the chattering classes and forcing a sea change in the government’s decades-old hands-off approach to regulating the Internet. But as an organizing principle for the Internet, the concept is dangerously misguided. That is especially true of the particular form of net neutrality regulation proposed in February by Federal Communications Commission (FCC) Chairman Tom Wheeler.

Net neutrality backers traffic in fear. Pushing a suite of suggested interventions, they warn of rapacious cable operators who seek to control online media and other content by “picking winners and losers” on the Internet. They proclaim that regulation is the only way to stave off “fast lanes” that would render your favorite website “invisible” unless it’s one of the corporate-favored. They declare that it will shelter startups, guarantee free expression, and preserve the great, egalitarian “openness” of the Internet.

No decent person, in other words, could be against net neutrality.

In truth, this latest campaign to regulate the Internet is an apt illustration of F.A. Hayek’s famous observation that “the curious task of economics is to demonstrate to men how little they really know about what they imagine they can design.” Egged on by a bootleggers-and-Baptists coalition of rent-seeking industry groups and corporation-hating progressives (and bolstered by a highly unusual proclamation from the White House), Chairman Wheeler and his staff are attempting to design something they know very little about-not just the sprawling Internet of today, but also the unknowable Internet of tomorrow.

And the rest of the contents of the site are great, as well. Among other things, there’s:

  • “Why are Edward Snowden’s supporters so eager to give the government more control over the Internet?” Matt Welch’s  take on the contradictions in the thinking of net neutrality’s biggest advocates.
  • “The Feds want a back door into your computer. Again.” Declan McCullagh on the eternal return of government attempts to pre-hack your technology.
  • “Uncle Sam wants your Fitbit.” Adam Thierer on the coming clampdown on data coursing through the Internet of Things.
  • Mike Godwin on how net neutrality can hurt developing countries most of all.
  • “How states are planning to grab tax dollars for online sales,” by Veronique de Rugy
  • FCC Commissioner Ajit Pai on why net neutrality is “a solution that won’t work to a problem that simply doesn’t exist.”
  • “8 great libertarian apps that make your world a little freer and a whole lot easier to navigate.”

There’s all that, plus enough flaming images and dancing babies to make your eyes bleed. Highly recommended!

Over at the Center for the Protection of Intellectual Property (CPIP), Mark Schultz has an important blog posting on the Mercatus Center‘s recent launch of its new copyright piracy website, piracydata.org.  The launch of this website has caused a bit of a tempest in a teapot with a positive report on it in the Washington Post and with a report in the Columbia Journalism Review pointing out problems in its data and errors in its claims.  (It is a bit ironic that a libertarian organization is having trouble with the launch of a website at the same time that there is similar reporting on troubles of the launch of another website on the opposite side of the political spectrum, Obamacare.)

Professor Schultz, who is a Senior Scholar at CPIP and a law professor at Southern Illinois University, makes many important points in his blog posting (too many to recount here).  One of his more important identifications is that the piracydata.org website reflects an unfortunate tendency among libertarian IP skeptics, who seem to fall victim to an error that they often identify in leftist critiques of the free market, at least on non-IP issues.  That is, some libertarian IP skeptics seem all to quick to deduce conclusions about actual, real-world business models from solely theoretical knowledge about what they think these business models should be in some “ideal” world.

Professor Schultz also identifies that, despite protestations to the contrary, Jerry Brito has explicitly framed his website as a “blame the victim” defense of copyright piracy — stating explicitly on Twitter that “Hollywood should blame itself for its piracy problems.” Consistent with such statements, of course, conventional wisdom has quickly gelled around the piracydata.org website that it is in fact a condemnation of the creative industries’ business models.  (Professor Schultz backs up this point with many references and links, including a screen grab of Jerry’s tweet.)

Professor Schultz ultimately concludes his important essay as follows:

perhaps the authors should simply dispense with the pretext. All too often, we see arguments such as this that say ‘I think copyright is important and abhor piracy, BUT . . . ‘ And, after the “but” comes outrage at most any attempt by creators to enforce their rights and protect their investment. Or, as in this case, advice that excuses piracy and counsels surrender to piracy as the only practical way forward. Perhaps it would be less hypocritical for such commentators to admit that they are members of the Copyleft. While I think that it’s a terribly misguided and unfortunate position, it is all too respectable in libertarian circles these days. See the debate in which I participated earlier this year in Cato Unbound.

In any event, however, how about a little more modesty and a little more respect for copyright owners? In truth, the “content” industry leaders I’ve met are, as I’ve told them, way smarter than the Internet says they are. They are certainly smarter about their business than any policy analysts or other Washingtonians I’ve met.

The movie industry knows these numbers very well and knows about the challenges imposed by its release windows. They know their business better than their critics. All sorts of internal, business, and practical constraints may keep them from fixing their problems overnight, but it’s not a lack of will or insight that’s doing it. If you love the free market, then perhaps it’s time to respect the people with the best information about their property and the greatest motivation to engage in mutually beneficial voluntary exchanges.

Or you can just contribute to the mountain of lame excuses for piracy that have piled up over the last decade.

This is a compelling call to arms  for some libertarians doing policy work in the creative industries to take more seriously in practice their theoretical commitments to private ordering and free enterprise.

As the blogging king (Instapundit) is wont to say: Read the whole thing.