Information Fiduciaries: Good Framework, Bad Solution.

By and large, human beings reason by analogy. We learn a basic rule, usually from a specific experience, and then generalize it to any new experience we encounter that seems similar. Even in the relatively abstract area of policy, human beings depend on reasoning by analogy. As a result, when looking at various social problems, the first thing many people do is ask “what is this like?” The answer we collectively come up with then tends to drive the way we approach the problem and what solutions we think address it. Consider the differences in policy, for example, between thinking of spectrum as a “public resource” v. “private property” v. “public commons” — although none of these actually describes what happens when we send a message via radio transmission.

 

As with all human things, this is neither good nor bad in itself. But it does mean that bad analogies drive really bad policy outcomes. By contrast, good analogies and good intellectual frameworks often lead to much better policy results. Nevertheless, most people in policy tend to ignore the impact of our policy frameworks. Indeed, those who mistake cynicism for wisdom had a tendency to dismiss these intellectual frameworks as mere post hoc rationalizations for forgone conclusions. And, in fact, sometimes they are. But even in these cases, the analogies till end up subtly influencing how the policies get developed and implemented. Because law and policy gets implemented by human beings, and human beings think in terms of frameworks and analogies.

 

I like to think of these frameworks and analogies as “deep structures” of the law. Like the way the features of geography impact the formation and course of rivers over time, the way we think about law and policy shapes how it flows in the real world. You can bulldoze through it, forcibly change it, or otherwise ignore these deep structures, but they continue to exert influence over time.

 

Case in point, the idea that personal information is “property.” I will confess to using this as a shorthand myself since 2016 when I started on the ISP privacy proceeding. My 2017 white paper on privacy legislative principles, I traced the evolution of this analogy from Brandies to the modern day, similar to other intangibles such as the ‘right of publicity.’ But as I also tried to explain, this was not meant as actual, real property but shorthand for the idea of a general, continuing interest. Unfortunately, as my Public Knowledge colleague Dylan Gilbert explains here, too many people have now taken this framework as meaning ‘treat property like physical property that can be bought and sold and have exclusive ownership.’ This leads to lots of problems and bad policies, since (as Dylan explains) data is not actually like physical property or even other forms of intangible property.

 

Which brings me to Professor Jack Balkin of Yale Law School and his “information fiduciaries” theory. (Professor Balkin has co-written pieces about this with several different co-authors, but it’s generally regarded as his theory.) Briefly (since I get into a bit more detail with links below), Balkin proposes that judges can (and should) recognize that the nature of the relationship between companies that collect personal information in exchange for services is similar to professional relationships such as doctor-patient or lawyer-client where the law imposes limitations on your ability to use the information you collect over the course of the relationship.

 

This theory has become popular in recent years as a possible way to move forward on privacy. As with all theories that become popular, Balkin’s information fiduciary theory has started to get some skeptical feedback. The Law and Political Economy blog held a symposium for information fiduciary skeptics and invited me to submit an article. As usual, my first draft ended up being twice as long as what they wanted. So I am now running the full length version below.

 

You can find the version they published here, You can find the rest of the articles from the symposium here. Briefly, I think relying on information fiduciaries for privacy doesn’t do nearly enough, and has no advantage over passing strong privacy legislation at the state and federal levels. OTOH, I do think the idea of a fiduciary relationship between the companies that collect and use personal information and the individuals whose information gets collected provides a good framework for how to think about the relationships between the parties, and therefore what sort of legal rights should govern the relationship.

 

More below . . .

Continue reading

I Accidentally Write A Book On How To Regulate Digital Platforms.

Some of you may have noticed I haven’t posted that much lately. For the last few months, I’ve been finishing up a project that I hope will contribute to the ongoing debate on “What to do about ‘Big Tech'” aka, what has now become our collective freak out at discovering that these companies we thought of as really cool turn out to control big chunks of our lives. I have now, literally, written the book on how to regulate digital platforms. Well, how to think about regulating them. As I have repeatedly observed, this stuff is really hard and involves lots of tradeoffs.

 

The Case for the Digital Platform Act: Market Structure and Regulation of Digital Platforms, with a Foreword by former FCC Chair (and author of From Gutenberg to Google) Tom Wheeler, covers all the hot topics (some of which I have previewed in other blog posts). How do we define digital platforms? How do we determine if a platform is ‘dominant’? What can we do to promote competition in the platform space? How do we handle the very thorny problem of content moderation and filter bubbles? How do we protect consumers on digital platforms, and how do we use this technology to further traditional important goals such as public safety? Should we preempt the states to create one, uniform national policy? (Spoiler alert, no.) Alternatively, why do need any sort of government regulation at all?

 

My employer, Public Knowledge, is releasing The Case for the Digital Platform Act free, under the Creative Commons Attribution-NonCommercial-ShareAlike license (v. 4.0) in partnership with the Roosevelt Institute. You can download the Foreword by Tom Wheeler here, the Executive Summary here, and the entire book here. Not since Jean Tirole’s Economics for the Common Good has there been such an amazing work of wonkdom to take to the beach for summer reading! Even better, it’s free — and we won’t collect your personal information unless you actively sign up for our mailing list!

 

Download the entire book here. You can also scroll down the page to links for just the executive summary (if you don’t want to print out all 216 pages) or just the Tom Wheeler foreword.

 

More, including spoilers!, below . . .

Continue reading

How Not To Train Your Agency, Or Why The FTC Is Toothless.

You know your agency is pathetic at its job when Tea Party Republicans tell you to go harder on industry — especially in a Republican Administration that makes deregulation an end in itself and where despising government interference in “the market” is religious orthodoxy. So it was quite noteworthy to see Freshman Senator Josh Hawley (R-MO) tear the Federal Trade Commission (FTC) a new one for its failure to do anything about how tech companies generally (and Google and Facebook specifically) vacuum up everyone’s personal information, crush competition, swear general allegiance to Gellert Grindelwald and sell us out to the Kree. “The approach the FTC has taken to these issues has been toothless,” Hawley accused in his letter (apparently not meaning this adorable night fury over here).

 

I’m not going to argue with Senator Hawley’s characterization of the FTC. But since he is new in town I think it is important for him to understand why the FTC (and other federal agencies charged with consumer protection) have generally gone from fearsome growling watchdog to timorous toothless purse dog with laryngitis. Short answer, Congress has spent the last 40 years training agencies to not do their job and leave big industry players with political pull alone by abusing them at hearings, cutting their budgets, and — when necessary — passing laws to eliminate or massively restrict whatever authority the agency just exercised.   Put another way, Congress has basically spent the last 40 years conditioning consumer protection agencies to think about enforcement in much the same way Alex DeLarge was conditioned to think about violence in A Clockwork Orange, keep applying negative stimulus until the very thought of trying to enforce the law against any powerful company in any meaningful way makes them positively ill.

 

I explain all this, and the problem with “public choice theory” as applied here in Policyland, below . . .

 

Continue reading

Will The FCC Ignore the Privacy Implications of Enhanced Geolocation In New E911 Rulemaking?

NB: This originally appeared as a blog post on the site of my employer, Public Knowledge.

Over the last three months, Motherboard’s Joseph Cox has produced an excellent series of articles on how the major mobile carriers have sold sensitive geolocation data to bounty hunters and others, including highly precise information designed for use with “Enhance 911” (E911). As we pointed out last month when this news came to light, turning over this E911 data (called assisted GPS or A-GPS), exposing E911 data to third parties — whether by accident or intentionally, or using it in any way except for 911 or other purposes required by law violates the rules the Federal Communications Commission adopted in 2015 to protect E911 data.

Just last week, Motherboard ran a new story on how stalkers, bill collectors, and anyone else who wants highly precise real-time geolocation consumer data from carriers can usually scam it out of them by pretending to be police officers. Carriers have been required to take precautions against this kind of “pretexting” since 2007. Nevertheless, according to people interviewed in the article, this tactic of pretending to be a police officer is extremely common and ridiculously easy because, according to one source, “Telcos have been very stupid about it. They have not done due diligence.”

So you would think, with the FCC scheduled to vote this Friday on a mandate to make E911 geolocation even more precise, the FCC would (a) remind carriers that this information is super sensitive and subject to protections above and beyond the FCC’s usual privacy rules for phone information (called “customer proprietary network information,” or “CPNI”); (b) make it clear that the new information required will be covered by the rules adopted in the 2015 E911 Order; and (c) maybe even, in light of these ongoing revelations that carriers do not seem to be taking their privacy obligations seriously, solicit comment on how to improve privacy protections to prevent these kinds of problems from occurring in the future. But of course, as the phrase “you would think” indicates, the FCC’s draft Further Notice of Proposed Rulemaking (FNPRM) does none of these things. The draft doesn’t even mention privacy once.

 

I explain why this has actual and potentially really bad implications for privacy below.

Continue reading

What Makes Elizabeth Warren’s Platform Proposal So Potentially Important.

As always when I talk politics, I remind folks that this blog is my personal blog, which I had well before I joined my current employer Public Knowledge. I’ve been commenting on Presidential campaigns since well before I joined PK, and I don’t run any of this stuff in front of my employer before I publish it.

 

 

Friday March 8, the Presidential campaign of Elizabeth Warren, not to be confused with the actual office of Senator Elizabeth Warren (D-MA), announced Warren’s plan for addressing the tech giants. Warren has been drawing attention to massive concentration in industry generally and tech specifically since well before it was cool, so the fat that she is out of the gate with a major proposal on this early in the 2020 campaign is no surprise. Nor is it a surprise that her proposed plan would end up breaking up, in some significant ways, the largest tech platforms.

 

What makes Warren’s contribution a potential game changer is that she goes well beyond the standard “break ’em up” rhetoric that has dominated most of the conversation to date. Warrens proposal addresses numerous key weaknesses I have previously pointed out in relying exclusively on antitrust and is the first significant effort to propose a plan for permanent, sustainable sector specific regulation. As my boss at public knowledge Gene Kimmelman has observed here, (and I’ve spent many 10s of thousands of words explaining) antitrust alone won’t handle the problem of digital platforms and how they impact our lives. For that we need sector specific regulation.

 

Warren is the first major Presidential candidate to advance a real proposal that goes beyond antitrust. As Warren herself observes, this proposal is just a first step to tackle on of the most serious problems that has emerged in the digital platform space, the control that a handful of giant platforms exercises over digital commerce. But Warren’s proposal is already smart in a number of important ways that have the potential to trigger the debate we need to have if we hope to develop smart regulation that will actually work to promote competition and curb consumer abuses.

 

I break these out below . . . .

Continue reading

The Market for Privacy Lemons. Why “The Market” Can’t Solve The Privacy Problem Without Regulation.

Practically every week, it seems, we get some new revelation about the mishandling of user information that makes people very upset. Indeed, people have become so upset that people are actually talking about, dare we say it, “legislating” some new privacy protections. And no, I don’t mean “codifying existing crap while preempting the states.” For those interested, I have a whitepaper outlining principles for moving forward on effective privacy legislation (which you can read here). My colleagues at my employer Public Knowledge have a few blog posts on how Congress ought to respond to the whole Facebook/Cambridge Analytica thing and analyzing some of the privacy bills introduced this Congress.

 

Unsurprisingly, we still have folks who insist that we don’t need any regulation and that if we don’t have a market that provides people with privacy protection, it must be because people don’t value privacy protection. After all, the argument goes, if people valued privacy, people would offer services that protect privacy. So if we don’t see such services in the market, people must not want them. Q.E.D. Indeed, these folks will argue, we find that — at least for some services — there are privacy friendly alternatives. Often these cost money, since you aren’t paying with your personal information. This leads some to argue that it’s simply that people like “free stuff.” As a result, the current Administration continues to focus on finding “market based solutions” rather than figuring out what regulations would actually give people greater control over their personal information, and prevent the worst abuses.

 

But an increasing number of people are wising up to the reality that this isn’t the case. What folks lack is a vocabulary to explain why these “market approaches” don’t work. Fortunately, a Nobel Prize winning economist named George Akerlof figured this out back in the 1970s in a paper called the Market for Lemons. Akerlof’s later work on cognitive dissonance in economics is also relevant and valuable. (You can read what amounts to a high level book report on Akerlof & Dickens “The Economics of Cognitive Dissonance” here.) To summarize: everyone knows that they can’t do anything real to protect their privacy, so they either admit defeat and resent it, or lie to themselves that they don’t care. A few believe they can protect themselves via some combination of services and avoidance I will call the “magic privacy dance,” and therefore blame everyone else for not caring enough to do their own magic privacy dance. This ignores that (a) the magic privacy dance requires specialized knowledge; (b) the magic privacy dance imposes lots of costs, ranging from monthly subscription to a virtual private network (VPN) to opportunity cost from forgoing the use of services like Facebook to the fact that Amazon and Google are so embedded in the structure of the internet at this point that blocking them literally causes large parts of the internet to become inaccessible or slow down to the point of uselessness; and (c) Nothing helps anyway!  No matter how careful you are, a data breach by a company like Equifax or a decision by a company you invested in to change their policy means all you magic privacy dancing amounted to a total expensive waste of time.

 

Accordingly, the rational consumer gives up. Unless you are willing to become a hermit, “go off the grid,” pay cash for everything, and other stuff limited to retired spies in movies, you simply cannot realistically expect to protect your privacy in any meaningful way. Hence, as predicted by Akerlof, rational consumers don’t trust “market alternatives” promising to protect privacy. Heck, thanks to Congress repealing the FCC’s privacy rules in 2017, you can’t even get on to the internet without exposing your personal information to your broadband provider. Even the happy VPN dance won’t protect all your information from leaking out. So if you are screwed from moment you go online, why bother to try at all?

 

I explore this more fully below . . .

Continue reading

Net Neutrality Oral Argument Highlights Problem For Pai: You Can’t Hide The Policy Implications Of Your Actions From Judges.

Friday, February 1, we had approximately 4.5 hours of oral argument before Judge Millett, Judge Wilkins, and Senior Judge Williams. You can listen to a recording of the oral argument here. As everyone who does this for a living will tell you, you can’t judge the outcome by what happens at oral argument. Because that’s the biggest set of tea leaves we have that can tell us anything about the black box of the court making its decision, however, we all speculate shamelessly. Unsurprisingly, Williams seemed most favorable to the FCC. He dissented in USTA v. FCC, and generally prefers deregulatory policy choices. Millett, as expected, pushed both sides hard. But ultimately both she and Wilkins seemed to come down against the FCC on several issues, including a lengthy discussion of the Section 257 argument I highlighted last week.

 

My colleague John Bergmayer has this summary of the substance of the argument. I want to just highlight one theme, the refusal of the FCC to be honest about the expected policy consequences of its actions. I highlight this for several reasons. First, people need to understand that while the agency can always change its mind, it has to follow the Administrative Procedure Act (APA), which includes addressing the factual record, acknowledging the change in policy from the previous FCC, and explaining why it makes a different decision this time around. As I have noted for the last couple of years, there is a lot of confusion around this point. On the one hand, it doesn’t mean you have to show that the old agency decision was wrong. But on the other hand, it doesn’t mean you get to pretend like the old opinion and its old factual record don’t exist. Nor do you get to ignore the factual record established in this case.

 

It was on these points that Millett and Wilkins kept hammering the FCC, and where they are likely in the biggest trouble in terms of the Order. Because FCC Chair Ajit Pai has pretty much made it his signature style to ignore contrary arguments and make ridiculous claims about his orders, this problem has already chomped the FCC on the rear end pretty hard (ironically, in an opinion released on Friday), and will likely continue to do so.

 

More below . . .

Continue reading

Fun Arguments To Watch At Net Neutrality Oral Argument, or Did Marsha Blackburn Accidentally Save Net Neutrality?

At last, the contest everyone has been waiting for is finally here! Get ready tomorrow (Friday February 1) for the oral argument in Mozilla v. FCC, the challenge to the 2017 repeal of net neutrality and re-reclassification of broadband as a Title I “information service.” (aka the “Restoring Internet Freedom Order” or “RIFO”).  Obviously, as one of the counsel’s in the case, I am utterly confident that we will totally prevail, so I am not going to try to rehash why I think we win. Besides, you can get horse race coverage and results anywhere. ToTSF is where you go for the geeky and get your policy wonk on!

 

So in preparation for the Superb Owl of the the 2018 telecom season, I thought I would point out some of the more fun arguments that may come up. As always, keep in mind that oral argument is a perilous guide to the final order, and the judges on the panel have a reputation for peppering both sides with tough questions. Also, there is a lot of legal ground to cover, and many important issues raised in the briefs may not get discussed at all because of time limitations. With all that in mind, here are some things to look for if you are lucky enough to be in the courtroom tomorrow, or listen to the full audio when it’s released.

Continue reading

Why “Wi-Fi 6” Tells You Exactly What You’re Buying, But “5G” Doesn’t Tell You Anything.

Welcome to 2019, where you will find aggressively marketed to you a new upgrade in Wi-Fi called “Wi-Fi 6” and just about every mobile provider will try to sell you some “new, exciting, 5G service!” But funny thing. If you buy a new “Wi-Fi 6” wireless router you know exactly what you’re getting. It supports the latest IEEE 802.11ax protocol, operating on existing Wi-Fi frequencies of 2.4 GHz and 5 GHz, and any other frequencies listed on the package. (You can see a summary of how 802.11ax differs from 802.11ac here.) By contrast, not only does the term “5G” tell you nothing about the capabilities (or frequencies, for them what care) of the device, but what “5G” means will vary tremendously from carrier to carrier. So while you can fairly easily decide whether you want a new Wi-Fi 6 router, and then just buy one from anywhere, you are going to want to very carefully and very thoroughly interrogate any mobile carrier about what their “5G” service does and what limitations (including geographic limitations) it has.

 

Why the difference? It’s not simply that we live in a world where the Federal Trade Commission (FTC) lets mobile carriers get away with whatever marketing hype they can think up, such as selling “unlimited” plans that are not, in fact unlimited. It has to do with the fact that back in the early 00s, the unlicensed spectrum/Wi-Fi community decided to solve the confusion problem by eliminating confusion, whereas the licensed/mobile carrier world decided to solve the confusion problem by embracing it. As I explain below, that wasn’t necessarily the wrong decision given the nature of licensed mobile service v. unlicensed. But it does mean that 5G will suffer from Forest Gump Syndrome for the foreseeable future. (“5G is like a box of chocolates, you never know what to expect.”) It also means that, for the foreseeable future, consumers will basically need to become experts in a bunch of different technologies to figure out what flavor of “5G” they want, or whether to just wait a few years for the market to stabilize.

More below . . . .

 

Continue reading

Apple v. Pepper: Can Illinois Brick Survive Ohio v. Amex, or Is Antitrust On Two Sided-Platforms Possible or Effectively Dead?

Last term the Supreme Court decided Ohio v. American Express, an antitrust case in which the Supreme Court held that when analyzing whether conduct harmed consumers (and is thus a cognizable injury under the antitrust laws based on the current “consumer welfare standard“), if the object of the case is a two-sided market, the Court must analyze both sides of the market, i.e., the consumer facing side and the merchant facing side, to determine if the conduct causes harm. If vertical restraints on the merchant side of the platform produce benefits to consumers on the other side, then the restraints do not violate the antitrust law — even if they prevent new competitors from successfully emerging. In Ohio v. Amex, the court reasoned that an “anti-steering provision” that prevented merchants from directing consumers to other credit cards with lower swipe fees (the amount a merchant pays the card) was offset by Amex providing benefits such as travel services (at least to platinum members) and various discount and loyalty reward programs. The court found this consumer benefit offset the cost to merchants of the higher swipe fees (as the dissent observed, the majority did not address the finding of the district court that these higher swipe fees were passed on to consumers in the form of overall higher prices).

 

While Ohio v. Amex dealt with credit cards, folks like Lena Kahn have argued that because digital platforms such as Facebook are also “two-sided markets,” this decision will make it extremely difficult to go after digital platforms. As long as the company justifies its conduct by pointing to a consumer benefit, such as giving the product away for free (or selling at a reduced cost in the case of companies like Amazon), it is hard to understand what harm to the folks on the other side of the market will satisfy the consumer welfare standard. Or, in other words, it would appear under Ohio v. Amex that even if a firm like Amazon or Facebook does things to prevent a competitor or extract monopoly rents from the non-consumer side, as long as consumers benefit in some way everything is cool.

Others have argued, however, that we should not read Ohio v. Amex as bleakly as this. Since the majority did not address the findings of the district court, the majority did not rule out that exercise of market power over the merchant side could never cause harm to consumers and thus violate the consumer welfare standard. Rather, taking the decision at face value, those more optimistic about the future of antitrust and two-sided markets maintain that the district court erred in Amex by focusing on the harm to competition, rather than how that harm directly impacted consumers (again, the dissent points out the district court did focus on the harm to consumers, but the majority makes no comment on these findings, so there is no negative case law about whether a merchant voluntarily passing on the higher swipe fees in overall higher prices is a cognizable harm).

 

Recently, the Supreme Court heard argument in Apple v. Pepper.  As I explain below, although Apple v. Pepper addresses standing rather than a finding of a violation of the antitrust law itself, it should provide further guidance on whether antitrust law remains relevant in the era of two-sided markets. More below . . . .

Continue reading