Quick Follow Up: Prof. Tim Wu's Take On Google

I wish I'd seen Tim Wu's article in Slate before I wrote about the Google subpoena and the associated privacy implications.

In it, he writes about how the disturbing trend of information storage by search engines in the name of a better product. A long excerpt:

The better, more enduring question is: Why is all this information being kept in the first place?

Google and other search engines argue, —with some justification, —that preserving search records is important to making their product the best it can be. By looking at trillions of search-result pages, Google, for example, can do things like offer a good guess when you've spelled something wrong: "Did you mean: Condoleezza Rice?" And Google's "Zeitgeist" feature is able to tell you what the top searches are every week and year, —a neat way of tracking other people's passing obsessions. But even though keeping such logs may make their product better, or more fun on the margin, the justifications for keeping so many secrets in such a vulnerable place are just too weak.

Imagine we were to find out one day that Starbucks had been recording everyone's conversations for the purpose of figuring out whether cappuccino is more popular than macchiato. Sure, the result, on the margin, might be a better coffee product. And, yes, we all know, or should, that our conversations at Starbucks aren't truly private. But we'd prefer a coffee shop that wasn't listening, and especially one that won't later be able to identify the macchiato lovers by name. We need to start to think about search engines the same way and demand the same freedoms.

It all goes back to this basic point: How free you are corresponds exactly to how free you think you are. And Americans today feel great freedom to tell their deepest secrets; secrets they won't share with their spouses or priests, to their computers. The Luddites were right—our closest confidants today are robots. People have a place to find basic anonymous information on things like sexually transmitted diseases, depression, or drug addiction. The ability to look in secret for another job is not merely liberating, it's economically efficient. But all this depends on our feeling free to search without being watched.

Wu's most interesting point, however, is that he calls on private companies to protect our privacy, not the government. He argues that Google should immediately delete the IP address data it has collected over the past 5 years, and cease its current practice of collecting... the position echoes that of network neutrality advocates... that all of the intelligence in a network should be kept in the ends, everything else should be kept stupid. I tend to agree, but I am deeply skeptical of Google's willingness to chance its business model.

Article: Private interests Intervene in Tax Loophole for Cigarettes

It's been long known that websites like yessmoke.ch have offered extremely low cost cigarettes worldwide. They can do so by undermining tax law- the way it works is that you purchase two packs of cigarettes off yessmoke for, say, 40 cents a pack. Added to that is 2.00 or so in shipping and handling charges. They send the product 2 packs at a time to avoid postal office scrutiny, and although they follow the law in printing the fact that cigarettes are in the package and should be taxed, they make this statement in what appears to be Swiss-German (evidently not many postal service people speak Swiss-German).

So the package comes through, and the product is never taxed. What to do about it? Well, such business has aroused the ire of the government, but the postal service is too understaffed and overworked already to take on the responsibility of scanning every cigarette pack sized package that comes through. This week, however, Phillip Morris has stepped in, agreeing not to supply illegal internet vendors with their product. It is the latest in moves to curb illegal cigarette distribution, including limitations by credit card companies in March that crippled many online vendors, and actions by private companies (for example Phillip Morris' successful attacks on yessmoke.ch which have essentially destroyed the company's main avenue of business).

The importance of this goes beyond cigarettes... its at the heart of one of the largest issues on the internet: who will be the force behind regulating commerce. On one hand, you have those that want to raise taxes on the internet to close the loophole that many online enterprises employ. On the other, some argue that such taxation would create further problems. Gary Becker argued in May on the Becker-Posner blog,

I oppose taxation of the internet not because it is an “infant industry” that needs artificial stimulation to grow, nor because sales taxes of a few per cent alone would destroy this industry. Rather, my reluctance to interfere with the dynamics of the growth of the internet largely explains my opposition to taxation of transactions and other activities on the internet. I fear that the additional regulation of the internet that would inevitably accompany efforts to enforce taxation of transactions by either American states or the federal government would have a negative effect on internet growth in the United States.

Any significant sales tax on internet transactions would induce sellers and buyers to find ways to evade paying the tax. That includes setting up offices outside the United States, perhaps while shipping from places within the country, false invoicing, and still other methods from creative minds intent on evasion. All taxes induce avoidance and evasive actions, but internet transactions are particularly difficult to police, as seen, for example, from the proliferation of internet pornography. Hence attempts to collect taxes is likely to lead to substantial regulations that would slow down the so-far remarkable rate of innovation on the internet.

However, I can't agree that the slippery slope argument justifies a policy of non-taxation. As Becker points out, "ALL taxes induce avoidance and evasive action"- and the idea that transactions are particularly difficult to police isn't a political objection, its a pragmatic one. In other words..if internet taxation were easier to regulate, would that then make it justified? Perhaps what's needed then is a model of enforcement that is not likely to lead to the "substantial regulations" that Becker worries about.

I'd like to take a second and look at the other side of this equation: what happens if there is no model of enforcement. Then you have what amounts to private enforcement, on the part of big companies like Phillip Morris, and individuals bringing lawsuits against internet vendors. Is this sort of hodge-podge of enforcement preferable to attempting to create a workable model?

Off the top of my head, here's one possible model of net tax regulation which combines the flexibility of private companies with the structural power of government. Pass some sort of legislation that requires credit card companies to obey with state a fed tax laws. In other words, if a company doesn't sign some sort of documentation that notes they follow tax guidelines, then they can't work with the companies that provide secure credit card transactions, such as Verisign. This creates a burden on those that don't tax. If a consumer wants to purchase gray market products, they do so with the risks of unsecure transactions. It wouldn't destroy the gray/black market online, but it would curb it.

Thoughts: On the outrage over the Google subpoena

Ok- if you've read (you haven't, trust me, I track this stuff) the past few articles I've written you might have gotten a sense that my main ambition is to balance necessary constraints on the liberties granted by the internet with the characteristics necessary for innovation and relatively free communication. This includes everything from encryption law to network neutrality to those pesky cookies I have on my browser from visiting sites like fbi.gov.

In the wake of the Google subpoena, I have decided that one of the HUGE overarching problems that face the evolution of the internet is a decisive trend towards retroactive, as opposed to proactive measures. "Of course!" You might very well exclaim. "The government is pretty bad at fixing problems AFTER they happen, what makes anyone think that they can accomplish anything BEFORE it happens?"

The rub is, I'm talking about private companies, not the government. Quickly though, a synopsis on what's going on from the San Francisco Gate:

In an effort to revive a 1998 pornography law struck down by the U.S. Supreme Court two years ago, the Bush administration filed papers with a San Jose judge Thursday asking the popular search engine to hand over millions of records. The data, it contends, will help the government "understand the behavior of Web users" and prove that the law is more effective in protecting minors from pornography than filtering software.

I'm a fairly stringent advocate of structuring the internet in a manner where explicit material is kept separate from the rest of the data on the internet- thus my support for measures like ICANN's .xxx domain. However, trying to gauge the exposure of children to internet pornography by tracking the seemingly infinite list of search terms used by internet users is like trying to track violence among young children by searching what people rent at the video store: the causal link is so blurry it's insignificant. Just because x or y search term might generate a few links to pornography does not show 1) that children are using the search term 2) that children are not supervised by adults when using the search term and 3) that children, upon using the search term, are either affected directly (i.e. by suffering some tort-like damage from even viewing the porn link) or indirectly (i.e. by clicking on said porn-link).

In short, the administration's reasoning for tracking the information sucks.

But, and here's where the pro/retro-active stuff comes in, the government's action does not necessarily violate the ever-ambiguous right of privacy. The Detroit Free Press claims that "Such a blanket release by Google would clearly violate the privacy rights of its users." Not necessarily, and part of the reason is tied up with what actions Google itself has done.

First, Google has been collecting this information for as long as they've been in existence, as have the other large search engines companies: AOL, MSN, Jeeves, ect. And privacy advocates have been pretty quiet until the big scary government steps in because hey, THEY want this information too! I don't understand the double standard that a private company can essentially track the search terms I use for their own uses but the government can't. I'm not a supporter of the Bush Admin, and I think that frankly much of their conservative-inspired-free-speech-jeopardizing policies on the internet are loathsome. But that doesn't make this particular policy illegal (even if misguided) as many assert. It is necessary to note that in Google's response to the subpoena (scroll down a bit for the long letter by Ashok Ramani, Exhibit B) its main reasons for not giving up the search results are 1) the feds can receive this information from other sources like archive.com (the feds, of course, claim they can't) and 2) to disclose this information would expose trade secrets of the company. Words like "privacy" and "civil liberties" don't appear.

Second, if Google responded using a privacy argument there might be a slight philosophical contradiction between the companies defense and their approach to Google Library. As I wrote earlier, one of the main objections to Google library is that it allows a search of books without the authors consent- implying that such a search does not constitute a breach of privacy. Same thing with Google maps- Google can make satellite pictures of my house available, and I can't do anything about it. So with all this information gathering, to claim that concerns with "privacy" are the basis for objecting to the gov's request might backfire. I'm not saying search terms, books, and maps constitute the same level of intimacy or data, but the underlying philosophy that an information search does not violate privacy remains the same.

...so as far as I see it, there's no real protection for such information. Either its a problem for the company to be collecting data without my consent, or its not a problem for the gov to access that data. In a well articulated take on the legal aspects of the case, law professor Daniel J. Solove writes:

One enormous problem is that the Supreme Court has established an immensely troubling doctrine in Fourth Amendment law known as the "third party doctrine." In United States v. Miller, 425 U.S. 435 (1976), the Supreme Court held that people lack a reasonable expectation in their bank records because "[a]ll of the documents obtained, including financial statements and deposit slips, contain only information voluntarily conveyed to the banks and exposed to their employees in the ordinary course of business."” Employing analogous reasoning, in Smith v. Maryland, 442 U.S. 735 (1979), the Supreme Court held that people lack a reasonable expectation of privacy in pen register information (the phone numbers they dial) because people "know that they must convey numerical information to the phone company,"” and therefore they cannot "“harbor any general expectation that the numbers they dial will remain secret."” When there's no reasonable expectation of privacy, the Fourth Amendment provides no protection.

The problem with the third party doctrine is that in the Information Age, countless companies maintain detailed records of people'’s personal information: Internet Service Providers, merchants, bookstores, phone companies, cable companies, and many more. The third party doctrine thus severely limits Fourth Amendment protection as more of our personal information winds up in the hands of businesses.

He seems to conclude that Google's opposing the request is a good thing, albeit Fourth Amendment protection is fairly weak. In a , he makes the argument:

there's another reason why revealing to the government even de-identified search queries might pose a privacy problem -- the act of complying might chill people in the future from conducting searches on Google. Why? Because it may be possible later on for the identities to be reattached. Thus, if the goverment obtains the search records, isolates certain searches as "troubling" and then issues another subpoena to Google for the IP addresses connected to those searches, there's a chance that the searches can be identified. In other words, the government's subpoena now need not be the final step in the dancesubpoenasbpeonas may follow. And knowing this, people may be chilled in their searches.

Does the slippery slope argument hold up? I'm not sure, because it doesn't follow that just because LATER events that take place might violate privacy make current actions unjustified. Yes, I don't want searches to result in the government pushing for further disclosure on searches that it deems troubling, but that's not what's at issue here. In the end, a lot of outrage does not = a legally sound argument... and privacy, sadly, is not going to be the argument that wins this case. To be plausible, Google would have had to set out to protect privacy in the first place, which it hasn't. If Google succeeds, I imagine it will be due to a very well thought out position on private property and protection of trade secrets, with little to do with the 4th amendment.

(image from PC World)

Case: Defamation on internet NOT vulnerable to different state law

Quick case news:

Bo knows baseball, Bo knows football. Bo does not, however, know law so well. This week in the case of "Bo" Jackson v. California Newspapers Partnership, Bo's complaint over an online publications allegation of anabolic steroid use fell short of the requirements to bring legal recourse against the newspaper. As Frost, Brown, and Todd, LLC summarize:

California-based media defendants publish the Inland Valley Daily Bulletin newspaper in California and publish articles on the website, www.dailybulletin.com. Jackson sued the defendants based on an article that alleged he lost his hip because of anabolic steroid use. Defendants moved to dismiss the lawsuit based on a lack of personal jurisdiction. Jackson claimed that because the article was published on the internet that the defendants had established sufficient minimum contacts with Illinois such that they could reasonably expect to be sued in Illinois. The court disagreed.

The case comes in a long line of cases, stemming from the dual tests that the Courts use to determine this type of cyber jurisdiction: the Zippo test and the effects test. Essentially, the effects test looks at what the intended effects of an action are, and the Zippo test focuses on a sliding scale of how "interactive" the website is, as well the commercial nature of the site. A good summary of the two tests can be found here, in an article written by Law Professor Julia Alpert Gladestone.

In Bo's case, as the Stanford Center for Internet and Society points out,

the Court noted that the focal point remained the question of where defendants “direct” their torts. Thus, the question was distilled down to “whether defendants directed their website at Illinois residents.”

At the state level, this sort of analysis works just fine... sort of. Consider what would happen if such a standard was applied to international jurisdiction. There would be no recourse to stop one country from infringing on another countries laws... namely, freedom of speech laws. The big example here is the Yahoo! case of auctioning Nazi memorabilia through its english cite, and getting sued by the French Law Students Union because such an auction is not allowed under French law. Closer to home, think of the Russian MP3 sites I've mentioned in the past, that, while they may be legal in their own country, violate U.S. law by distributing copyrighted music without adhering to the pricing restrictions of the U.S.

...and this, at least for me, creates imperialist tendancies. Because while I'm an adament supporter of freedom of speech... may that mean Lance Armstrong bad-mouthing his Italian opponent in a France newspaper or white supremacists vying for a lock of Hitler's hair on Yahoo! auctions... I feel like there are legitimate reasons for a nation to protect and uphold its laws.

Back to the state level, consider this scenario: In some states, lets say Utah and Kentucky, the taxes on cigarettes are much cheaper than in, say, California. And since the postal service pretty much ignores packages under a set size and weight, its possible to ship cigarette packs across state lines without paying the state taxes on those cigarettes. So, as a resident in California, I can buy cigarettes from Kentucky at 2 dollars less a pack.

Is the website at fault? (the website I'm thinking about, by the way, is www.yessmoke.ch, a swiss website that does just this... before yessmoke, individual state sites served this purpose) Well... that depends... on one hand, the website might include a disclaimer that it is the purchasers responsibility to conform to local laws... and on the other, it might appear OBVIOUS that the Utah or Nevada website earns most of its commercial business from the illegal sale of cigarettes to areas with high cigarette taxes, like California.

That might be an ambiguity that is inherent with a sliding scale like Zippo, but its an issue that will need to be resolved if the Courts are to avoid a whole mess of frivolous lawsuits. As Frost, Brown, and Todd conclude,

In sum, Jackson v. California Newspapers Partnership shows that the Zippo sliding scale has become a cornerstone of personal jurisdiction analysis involving internet activity; and “although technological advances may alter the analysis of personal jurisdiction, those advances may not eviscerate the constitutional limits on a state’s power to exercise jurisdiction over nonresident defendants.”

...we'll see about that...

Article: Excellent Contribution to the debate over Network Neutrality

Living in Tahoe City, without direct access to internet and/or television, my ability to blog has been somewhat comprimised. Regardless, I plan on being able to make it out fairly regularly to one of the few wireless cafes that Tahoe has to offer, fueling my technological analysis, commentary, and ranting with Alpen Organics Coffee.

So basically, I'll post something every week, although it might be a bit scatterbrained and caffeine influenced.

This week's article comes from Jonathan Zittrain of Oxford University and Harvard's Berkman Center. The article is from Legal Affairs (and freely available online), entitled "Without a Net." There's been a lot on network neutrality lately, and the obvious question is why anyone should be subjected to yet another academic libertarian warning of the coming war between a glorious free market virtual world where children and animals frolick happily, and a walled garden approach which essential renders any experimental or creative attempts null, hailing a new apocalyptic era of fire, brimestone, and DRM.

The reason Zittrain's article is not only relevant, but necessary, is that he takes into account the problems inherent with a pure nuetrality approach:

"the problem with end-to-end neutrality on a consumer Internet is that it places too much responsibility on the people least equipped to safeguard our informational grid: PC users. Mainstream users are not well positioned to painstakingly tweak and maintain their own machines against attack, nor are the tools available to them adequate to the task. People can load up on as much antivirus software as they want, but such software does little before a security flaw is uncovered. It offers no protection when a PC user runs a new program that turns out to be malware, or if one of the many always-running "automatic update" agents for various pieces of PC software should be compromised, allowing a hacker to signal all PCs configured for these updates that they should, say, erase their own hard drives."

One of my favorite quotes is from a video from the hacker Blueberry of condemned.org.... i forgot exactly where I saw it (some video of an anti-child pornography conference)... but she essential said that "if we [the online community] don't regulate the virtual world, someone else will." Zittrain appears to concur with such a sentiment in pointing out that the burden CANNOT be left on the consumer-and it also exposes the shortcomings of a network where all the intelligence is in the 'ends.' He continues:

"End-to-end neutrality should be but an ingredient in a new "generativity principle," a rule of thumb that asks that modifications to the PC/Internet grid be made where they will do the least harm to its generative possibilities. Under this principle, it may be more sensible to try to screen out major viruses through ISP-operated network gateways (violating end-to-end neutrality) than through constantly updated PCs, or to ask ISPs to rapidly quarantine machines that have clearly become zombies, operating outside the control of their users."

This level of control given to ISP's may seem sacriledge to the disciples of end-to-end technology, but I have seen no better solution to some of the problems that a "free" internet creates. Without any hierarchy of control, or even centralized power, the ability to swiftly ward off the spread of worms, DDoS attacks, or any number of nasties is comprimised.

Zittrain also is the first I've seen to apply the sort of zoning philosophy which is intregal to many plans to seperate content out (think ICANN's .xxx domain) at the "end" level of the network. He argues that one possible way to protect the system while maintaining neutrality would be to create a "green" zone where a computer would only have acccess to protected applications and systems (certified or licensed by private entities) and a "red" zone where everything on the net would be available. He doesn't explain how to create a network of compatible licenses/certificates that would work together, but the idea is a promising one. That would at the very least provide a firebreak between the protected and unprotected parts of the network.

Finally, Zittrain writes with an appropriate level of urgency. Collaboration needs to happen, and it needs to happen soon, as companies are creating their own controls that regulate content and access.

Furthermore, countries are working towards applying local laws to internet governance, threatening the universal aspect of the net by bogging it down in potentially devastating bids for sovereignty. In the same article of Legal Affairs, Jack Goldsmith and Timothy Wu, the latter a professor at Columbia Law school and the former from Harvard Law School, write in "Digital Borders",

"Far from flattening the world, the Internet is in many ways conforming to local conditions. The result is an Internet that is increasingly separated by walls of law, language, and filters. This bordered Internet reflects top-down pressures from governments like France that are imposing national laws on the Internet within their borders. But it also reflects bottom-up pressures from individuals in different places who demand an Internet that corresponds to their preferences, and from the web page operators and other content providers who shape their Internet experience to satisfy these demands."

These issues are already coming to a hilt- as I've mentioned before, lawsuits of this sort are already taking place (one example is the France Nazi issue that the article mentions, another is the libel lawsuit against Lance Armstrong brought in Italy against something published in France). Perhaps "zoning" can occur across international borders as well- creating a zone which is subject to national law, and another that is subject to international law. Actually, now that I think of it, that idea seems kind of stupid, given all of the rules and regulations that would have to go into such a system... but then again, with no promising alternative, something has to give, and without a system in place, that something will be the benefits derived from a neutral internet.