Author: Ryan Calo


DRM for Privacy: Part 2

In my previous post, I talked about the problem of online tracking and some of the solutions on offer.  In this post, I will propose a potential legislative model drawn from copyright law.  Several scholars (e.g., Pam Samuelson) have argued that intellectual property holds lessons for privacy.  Others have specifically explored whether copyright might.

I am not aware of any argument that the legal protection afforded efforts at digital rights management should be applied to efforts to safeguard one’s web surfing behavior.  People with long institutional memories were able to point me to some great technical papers (e.g., this one and this one) applying DRM techniques to safeguarding personal data.  It may be that I simply missed the lawerly side of the argument, although its absence would make some sense given DRM’s status as a persona non grata in the cyberlaw community.1

To be clear: I am not a fan of DRM or anti-circumvention either when it comes to copyright for many of the reasons Julie Cohen and others identify. And yet I believe the model holds promise as applied to consumers and their web-surfing habits and offer it up here for purposes of discussion. Read More


DRM for Privacy: Part 1

Online privacy has been getting quite a bit of attention of late.  But the problem seems as intractable as ever.  In a pair of posts, I will explore one aspect of the online privacy debate and, drawing from a controversial corner of copyright law, suggest a modest fix.  This first post discusses the problem of consumer tracking and the lack of any good solutions.  You may want to skip this post if you are familiar with the online privacy ecosystem (and uninterested in correcting my oversimplifications and mistakes).  The next post discusses how an often criticized provision of the Digital Millennium Copyright Act—the anti-circumvention clause—might hold lessons for consumer privacy.   This provision prohibits tampering with so-called digital rights management.  The law has its problems as a mechanism to enforce copyright.  As applied to consumers’ efforts to protect their privacy, however, a few of Section 1201’s bugs metamorphose into features.  Read More


Will Drones Save Privacy Law?

Drones are coming to a city near you. On one view, they will further compromise our dwindling privacy.  This post explores whether they might instead drag privacy law into the twenty-first century.  Thanks to Danielle Citron for the charitable introduction and to everyone at Concurring Opinions for inviting me to guest blog this month.

The military makes widespread use of drones.  The Air Force reported that by March of this year, drones had surpassed a million combat hours. Drones are also used within the United States.  They patrol both our northern and southern border and have been used by the police in at least three counties.  Kashmir Hill at and others have reported the use of smaller drones by News Corp. (which will do wonders, I’m sure, for their existing image).

There is every reason to believe that the domestic use of drones is on the rise.  They represent a cheap and efficient alternative to helicopters, planes, even the installation of city-wide camera networks.  The greatest impediment to their deployment is the Federal Aviation Administration ban on the technology absent a waiver.  Senators Schumer (D-NY) and Wyden (D-OR) and others appear to be gaining traction in their efforts to relax this policy.  The state of Oklahoma recently petitioned the FAA for a blanket waiver for the public and private use of drones in an eighty-mile corridor the state has set aside for this purpose. Read More


Future of the Internet Symposium: Will Robotics Be Generative?

I don’t know that generativity is a theory, strictly speaking. It’s more of a quality. (Specifically, five qualities.) The attendant theory, as I read it, is that technology exhibits these particular, highly desirable qualities as a function of specific incentives. These incentives are themselves susceptible to various forces—including, it turns out, consumer demand and citizen fear.

The law is in a position to influence this dynamic. Thus, for instance, Comcast might have a business incentive to slow down peer-to-peer traffic and only refrain due to FCC policy. Or, as Barbara van Schewick demonstrates inter alia in Internet Architecture and Innovation, a potential investor may lack the incentive to fund a start up if there is a risk that the product will be blocked.

Similarly, online platforms like Facebook or Yahoo! might not facilitate communication to the same degree in the absence of Section 230 immunity for fear that they will be held responsible for the thousand flowers they let bloom. I agree with Eric Goldman’s recent essay in this regard: it is no coincidence that the big Internet players generally hail from these United States.

As van Schewick notes in her post, Zittrain is concerned primarily with yet another incentive, one perhaps less amenable to legal intervention. After all, the incentive to tether and lock down is shaped by a set of activities that are already illegal.

One issue that does not come up in The Future of the Internet (correct me if I’m wrong, Professor Zittrain) or in Internet Architecture and Innovation (correct me if I’m wrong, Professor van Schewick) is that of legal liability for that volatile thing you actually run on these generative platforms: software. That’s likely because this problem looks like it’s “solved.” A number of legal trends—aggressive interpretation of warranties, steady invocation of the economic loss doctrine, treatment of data loss as “intangible”—mean you cannot recover from Microsoft (or Dell or Intel) because Word ate your term paper. Talk about a blow to generativity if you could.

Read More


Future of the Internet Symposium: (Im)Perfect Enforcement

Prohibition wasn’t working. President Hoover assembled the Wickersham Commission to investigate why. The Commission concluded that despite an historic enforcement effort—including the police abuses that made the Wickersham Commission famous—the government could not stop everyone from drinking. Many people, especially in certain city neighborhoods, simply would not comply. The Commission did not recommend repeal at this time, but by 1931 it was just around the corner.

Five years later an American doctor working in a chemical plant made a startling discovery. Several workers began complaining that alcohol was making them sick, causing most to stop drinking it entirely—“involuntary abstainers,” as the doctor, E.E. Williams, later put it. It turns out they were in contact with a chemical called disulfiram used in the production of rubber. Disulfiram is well-tolerated and water-soluble. Today, it is marketed as the popular anti-alcoholism drug Antabuse.

Were disulfiram discovered just a few years earlier, would federal law enforcement have dumped it into key parts of the Chicago or Los Angeles water supply to stamp out drinking for good? Probably not. It simply would not have occurred to them. No one was regulating by architecture then. To dramatize this point: when New York City decided twenty years later to end a string of garbage can thefts by bolting the cans to the sidewalk, the decision made the front page of the New York Times. The headline read: “City Bolts Trash Baskets To Walks To End Long Wave Of Thefts.”

In an important but less discussed chapter in The Future of the Internet, Jonathan Zittrain explores our growing taste and capacity for “perfect enforcement.” Read More