Topic: Telecom, Internet & Information Policy

More on Google/Doubleclick

Related to my last post, the New York Times’ technology blog has an excellent write-up about the case that illustrates just how arbitrary the standards in antitrust merger reviews can be:

Google’s $3.1 billion deal in April to buy DoubleClick set off a wave of advertising acquisitions by Microsoft, Yahoo, AOL and others. All of those deals have been completed, but Google is still waiting while regulators in Washington and Europe consider the antitrust and privacy implications of its proposed combination…

Several consumer groups are opposing the merger because they fear that Google and DoubleClick will have too much information about Internet users. Most observers suggest that although the commission regulates privacy, its opinion of the merger must reflect antitrust issues only. The groups opposing the deal have argued that there are in fact precedents for the commission to take privacy concerns into account. (The Electronic Privacy Information Center, which is against the merger, lists many documents supporting its view here. Google’s take is here.)

In the end, Mr. Lindsay writes that Google may well be forced to accept some limitations on its use of data about Internet users. It may be required in the United States to anonymize data about users after 18 months, something it already agreed to do with European regulators. And there may be some limits imposed on how data from DoubleClick’s ad serving system can be used by Google.

Now, as our own Jim Harper will be the first to tell you, there are reasons for consumers to be concerned about the data-retention policies of large Internet companies, Google included. But if new regulations about online privacy are needed, those regulations should be proposed and debated in Congress. It’s totally inappropriate for government regulators who are supposed to only be reviewing a merger on antitrust grounds to use the review as a pretext to single the company out for special, extra-legal privacy regulations. Whatever problems Google’s privacy policies might have, they’re certainly not attributable to monopoly power on Google’s part: even after the merger Google would have less than a third of the online advertising market.

Unfortunately, the lesson Google is likely to learn from this ordeal is the same one Microsoft learned a decade ago: you can never hire too many lobbyists. Regardless of what the law might say, Washington insiders will find ways to punish successful companies that don’t spend resources cultivating influence in Washington. Is it any wonder that Google has been pouring millions of dollars into a beefed-up Washington presence?

Dueling Antitrust Complaints

A decade ago, Cato scholars argued that the Justice Department’s antitrust case against Microsoft was a witch hunt instigated at the behest of Microsoft’s competitors. They also warned about the inevitably harmful consequences of the politicization of the technology industry. Once technology firms succeed in hobbling a competitor using antitrust law, other companies are likely to respond in kind, leading to a never-ending stream of antitrust litigation.

That prediction has been borne out in spades, as Microsoft, once a principled critic of antitrust law, has discovered the joys of using antitrust as a competitive weapon. This week we learn that Microsoft has enlisted the assistance of a public relations firm to build support for blocking Google’s acquisition of DoubleClick on antitrust grounds. Never mind that there are dozens of firms in the highly competitive online advertising industry, including aQuantive, a company Microsoft snapped up for $6 billion back in May.

Of course, Google’s hands aren’t clean either. In June, we learned that Google has asked the Justice Department to investigate Microsoft for “bundling” a search functionality with its operating system, despite the fact that desktop search has been a standard feature of operating systems for decades.

Unfortunately, we seem to have opened a Pandora’s Box that will be difficult to close. It’s a shame that Microsoft has backed down from its former, principled stance on antitrust, but it’s hardly surprising. Filing frivolous antitrust complaints is now just a part of doing business in the software industry. That’s great for antitrust lawyers, but it’s hard to see how anyone else benefits.

What Price (Restricted) Freedom?

About six months ago, I did an elegant back-of-envelope calculation about the Western Hemisphere Travel Restriction Initiative’s cost in terms of lost freedom and commerce. I came up with an estimate of about half a billion dollars (net present value).

If that estimate was a little too airy, here’s a clearer cost of WHTI: $944 million over three years. That’s the direct cost we’re paying through the State Department for the WHTI rules.

So now we’re at around $1.5 billion. Will $1.5 billion+ in damage to the United States’ people, possessions, infrastructure, and interests be averted thanks to WHTI? No. As a security measure, it’s Swiss cheese.

WHTI does more harm than good. It is a self-injurious misstep - precisely what the strategy of terrorism seeks to cause.

More on the Spying Bill

I’ve got a write-up of this weekend’s spying bill up at Ars Technica. It’s pretty bad:

Before undertaking surveillance activities, intelligence officials would need to obtain a certification from the Attorney General and the Director of National Intelligence—both subordinates of the president—that there were “reasonable procedures” in place for ensuring that the eavesdropping “concerns” persons located outside the United States, and that the foreign intelligence is a “significant purpose” of the surveillance activities. That certification would only be reviewed after the fact, and only to determine if the procedures were, in fact, “reasonable.” A single certification could approve a broad surveillance program covering numerous individuals, and no judge would review the list of individual targets.

Moreover, the requirement that surveillance “concern” non-U.S. persons could plausibly permit spying on the relatives, friends, and business associates of a foreign target. Indeed, the administration might argue that the only way to obtain all information regarding foreign targets is to conduct dragnet surveillance of American communications and sift through them to find relevant information.

The legislation empowers the administration to “direct” individuals to “provide the government with all information, facilities, and assistance necessary” to carry out foreign surveillance. These quasi-subpoenas would not be subject to judicial review before they were issued. The targets of such orders—who will typically be telecom company executives, not terrorism suspects—have the option of appealing the order to the FISA court, but given the broad scope of surveillance activities authorized by the legislation, it seems unlikely that such challenges would succeed. Moreover, the legislation offers legal immunity to those who comply with such orders, so telecom providers will have little incentive to resist them.

The only real bright spot is that the legislation sunsets after six months. That will give Congress the opportunity to do what it should have done this weekend: require that no surveillance of domestic communications occur without prior judicial approval of each surveillance target. I’m not going to hold my breath.

More E-voting Security Flaws

There’s been a lot of e-voting news this week. A California research team released a report demonstrating serious security flaws in the touch-screen voting machines in use there. And a Florida study found that some of the previously-uncovered flaws in the voting machines in use there had not been fixed.

Meanwhile, on Capitol Hill, there have been intense negotiations under way on the Holt-Davis legislation, which would outlaw paperless voting machines and require random audits of voting results. Under the legislation, every voting system would be required to produce a voter-verified paper ballot that would be the official record in the case of a recount.

It’s far from a perfect bill. My preference would be to outlaw touch-screen voting entirely, with or without a paper trail. One of the biggest flaws in the legislation is that it will allow states to use touch-screen voting machines with cheap cash-register-style thermal printers in the 2008 and 2010. In my view, using cheap printers would be a serious mistake; thermal printers frequently jam, and the paper tapes they produce are brittle and hard to deal with. Using such cheap printers dramatically increases the danger that election officials won’t take the paper trail requirement seriously.

Crucially, the Holt-Davis bill doesn’t require states to use touch-screen voting machines at all. States may, and in my opinion should, return to using old-fashioned optical-scan paper ballots. States have been using optical-scan technology for decades, and it has far fewer security flaws than computerized voting machines.

But if states are going to have time to implement changes in time for the 2008 election, Congress needs to act quickly. It would be unfair to state officials to pass legislation in 2008, just months before the election. The Holt-Davis bill isn’t perfect, but as Lawrence Nordin and I argue in an op-ed in The Hill today, it’s a step in the right direction.

Is the NSA Above the Law?

As I report today in Ars Technica, a federal judge in California allowed continued investigations by five state regulators into allegations that AT&T has been collaborating with the National Security Agency in a massive warrantless wiretapping program.

However, the judge, Vaughn R. Walker, declined to rule on the government’s central argument, that the investigation could run afoul of the state secret privilege. On that issue, Judge Walker deferred to the Ninth Circuit, which is currently considering the case of Hepting v. AT&T, a class-action lawsuit alleging that AT&T has violated its customers’ rights by participating in the NSA program. The Electronic Frontier Foundation, which is representing the plaintiffs in the case, has secured a sworn statement from a former AT&T employee alleging that the company has allowed the NSA to build a secret facility inside its San Francisco office and diverted massive amounts of Internet and voice traffic through the room to allow the NSA to use the information as it wishes.

I’m not an expert on the legal minutia of the state secrets privilege, but the Bush administration is making what strikes me as an incredible claim: that the NSA program’s very existence (or non-existence) is a state secret, that it would be impossible to litigate such a case without revealing sensitive information about how such a program worked, and that therefore any case related to such a program must be dismissed immediately, before it reaches trial or even discovery.

It’s hard to see how this position can be reconciled with the rule of law. Americans have rights under the Fourth Amendment and the Foreign Intelligence Surveillance Act against indiscriminate domestic surveillance. But if the government can defeat all legal challenges to a program merely by designating it a state secret, it’s hard to see how those rights can ever be vindicated.

I suppose if the Bush administration can opt out of habeus corpus merely by declaring someone an enemy combatant, they can opt out of the Fourth Amendment by declaring their surveillance activities to be state secrets.

The New Face of Copyright Infringement?

Is this America’s youngest music pirate?

Under the 1998 Digital Millennium Copyright Act, copyright owners can issue so-called “takedown notices” to sites like YouTube seeking the removal of infringing material. (This is a different section of the act than the anti-circumvention provision I criticized in a policy analysis last year.) According to Ars Technica, Universal issued such a takedown notice in June against this clip because of the Prince song playing in the background.

Now Stephanie Lenz, the owner of the clip, with help from the Electronic Frontier Foundation, a digital civil liberties group, has filed a lawsuit against Universal demanding the recovery of attorney’s fees and a declaration that the file is fair use under copyright law.

I think that Lenz has an open-and-shut case that her use of the Prince song is fair, and therefore legal. But the question of whether Universal should be held responsible for issuing an erroneous takedown notice is more complicated. On the one hand, a takedown notice is a formal accusation of copyright infringement and it will often require seeking the advice of an attorney, which isn’t cheap. It’s not right for copyright holders to issue takedown notices too recklessly. On the other hand, it’s not hard to sympathize with Universal’s position. There are thousands of plainly infringing videos on YouTube, and so it’s not too surprising that in the process of issuing thousands of takedown notices they’d make a few mistakes.

This is an area that will continue to evolve rapidly, as policymakers struggle to balance the need to protect copyright against the desire not to squelch innovative new products. A site like YouTube probably couldn’t exist at all if the DMCA didn’t provide service providers a “safe harbor” against liability for the infringing activities of their customers. But some copyright holders complain that the “safe harbor” shifts too much of the burden of enforcing copyright law onto them, by requiring them to issue an individual takedown notice against every instance of copyright infringement. As we see in this case, companies sometimes make honest mistakes. Striking the appropriate balance will be an ongoing challenge for Congress and the courts.