Category: Cyber Civil Rights


Stanford Law Review Online: Software Speech

Stanford Law Review

The Stanford Law Review Online has just published a Note by Andrew Tutt entitled Software Speech. Tutt argues that current approaches to determining when software or speech generated by software can be protected by the First Amendment are incorrect:

When is software speech for purposes of the First Amendment? This issue has taken on new life amid recent accusations that Google used its search rankings to harm its competitors. This spring, Eugene Volokh coauthored a white paper explaining why Google’s search results are fully protected speech that lies beyond the reach of the antitrust laws. The paper sparked a firestorm of controversy, and in a matter of weeks, dozens of scholars, lawyers, and technologists had joined the debate. The most interesting aspect of the positions on both sides—whether contending that Google search results are or are not speech—is how both get First Amendment doctrine only half right.

He concludes:

By stopping short of calling software “speech,” entirely and unequivocally, the Court would acknowledge the many ways in which software is still an evolving cultural phenomenon unlike others that have come before it. In discarding tests for whether software is speech on the basis of its literal resemblance either to storytelling (Brown) or information dissemination (Sorrell), the Court would strike a careful balance between the legitimate need to regulate software, on the one hand, and the need to protect ideas and viewpoints from manipulation and suppression, on the other.

Read the full article, Software Speech at the Stanford Law Review Online.


Video Voyeurism

Recall that during the spring, a jury convicted Dahrun Ravi of criminal invasion of privacy along with a bias intimidation charge for surreptitiously using his webcam to live stream his roommate’s sexual encounter and for attempting to do so a second time.  Here comes word of another criminal invasion of privacy case, this time in Maryland.  Apparently, a Howard County man broke into the apartments of two young women, installing a video camera in their bathrooms and bedrooms.  The man has been charged with burglary and video surveillance “with a prurient interest.”  The man apparently knew the women, allowing him to steal and copy their apartment keys.  According to news reports, the suspect filmed himself installing the cameras.  Apparently, Maryland law aims to punish and deter sexualized privacy invasions by requiring proof of prurient interest.  Besides the Ravi case, another criminal matter that comes to mind is the Erin Andrews stalking case.  Much like the criminal case against Ms. Andrews’s stalker, prosecutors might also have charged the defendant with criminal harassment, that is, repeated conduct designed to cause victim substantial emotional distress with intent to cause substantial emotional distress.  On the civil side of things, the women can surely sue their harasser for tort privacy’s intrusion on seclusion, which protects against invasions of someone’s solitude or her “private affairs or concerns” that would be “highly offensive to the reasonable person.”  As I head off to speak at the Harvard Law Review’s symposium on Privacy and Technology where I will be commenting on Neil Richards’s excellent essay “The Dangers of Surveillance” (and as I write my book Hate 3.0: The Rise of Cyber Harassment and How to Stop It, forthcoming in Harvard University Press), this case could not be more timely.  You can check out David Gray’s and my response to Neil’s paper, a draft of which is posted on the HLR website.


The Normative Jurisprudence of Creepshots

My reaction to Robin West’s extraordinary scholarship always includes some mixture of distress and excitement: distress over the failures of law and humanity she describes with such devastating clarity, and excitement about the potential applications of her insights. In this post, I want to discuss how Robin’s critique of both liberal legalism and what she calls “neo-critical” legal theory in Normative Jurisprudence – particularly the former’s fetishization of individual rights and the latter’s decidedly uncritical celebration of consent – usefully illuminates the recent controversy over the outing of Michael Brutsch, aka “Violentacrez,” the man behind some of the most controversial forums on the popular social news website, One of these, the “/r/creepshot” forum (or “subreddit”), which encouraged users to submit surreptitious photographs of women and girls for sexual commentary, garnered national attention when it was discovered that a Georgia schoolteacher was posting pictures of his underage students. Brutsch’s outing (or “doxxing“) sparked outrage from many in the reddit community, and has led to an intriguing online and offline debate over Internet norms and practices. The defense of Brutsch and the forums he helped create – mostly sexual forums targeting women and girls – has been dominated by a highly selective conception of the right to privacy, the insistence on an unintelligibly broad conception of “consent,” and a frankly bewildering conception of the right to free speech. Attempts to criticize or curtail these forms of online abuse have also been primarily framed in terms of “rights,” to uncertain effect. Robin’s critiques of rights fetishism and the ideology of consent offer valuable insights into this developing debate.

I will attempt to briefly summarize (and no doubt oversimplify, though I hope not misrepresent) the points Robin makes that I think are most useful to this conversation. Liberal legalism’s focus on rights rests on a seductive fantasy of individual autonomy: it “prioritizes the liberty and autonomy of the independent individual, shrouds such a person in rights, grants him extraordinary powers within a wide ranging sphere of action, and in essence valorizes his freedom from the ties and bonds of community. It relegates, in turn, the interests, concerns, and cares of those of us who are not quite so autonomous or independent … those of us for whom our humanity is a function of our ties to others rather than our independence from them … to the realm of policy and political whim rather than the heightened airy domain of right, reason, and constitutional protection” (41). The critical legal studies movement attempted to correct some of this rights fetishism by pointing out that “rights” are not only radically indeterminate (i.e. rights can be interpreted and granted in conflicting ways), but that they are also legitimating (that is, bestowing the status of “right” on narrowly drawn freedoms can obscure the injustice and inequality that fall outside of them, thus insulating them from critique).

Robin persuasively demonstrates that neo-critical legal theorists held on to the indeterminacy thesis while jettisoning the critique of legitimation. Concerns about legitimation are concerns about suffering, and neo-crits are largely uninterested in, if not contemptuous of, suffering. Their primary concern is power and pleasure, which is accordingly supported by what Robin calls “the ideology of consent.” To the neo-crits, consent has the power to fully shield any act from either legal or moral critique. Robin addresses the way the ideology of consent plays out in the context of sex by looking to the work of Janet Halley. According to Robin, Halley espouses a view of sex that takes “[c]onsent to sex … as full justification for a collective blindness to both societal and individual pressures to engage in unwanted sex, so long as the sex is short of rape”(142). Sex is presumptively pleasurable, and as such presumptively immune from critique. As Robin describes Halley’s position, “sex is almost always innocent, and when consensual, there can be no ‘legitimate’ basis for criticism. Consensual sex is just too good to be circumscribed, or bound, by claims of its unwelcomeness or unwantedness. The claims that consensual sex is in fact unwelcome or unwanted are likely false in any event. The harms sustained, even if the claims are true, are trivial” (146). (I came to similar conclusions regarding Halley’s work in my review of her book, Split Decisions: How and Why to Take a Break from Feminism).

Now to apply these insights to the Michael Brutsch/creepshot controversy. The moderators of the creepshot subreddit provide this helpful definition of “creepshot” on the “subreddit details” page:

Read More


Is IP for People or Corporations?

Another day brings another cornucopia of exciting and important comments on my book, From Goods to a Good Life: Intellectual Property and Global Justice. I thank Professors Molly Van Houweling, Jessica Silbey, Michael Madison, and Mark McKenna, and earlier Concurring Opinions commentators —Professors Deven Desai, Lea Shaver, Laura DeNardis, Zahr Said, and Brett Frischmann—for reading my book so carefully, and engaging it so helpfully. I focus here on Professor Van Houweling’s framing of an important issue arising in the discussion.

Professor Van Houweling has provoked stimulating discussion with her astute observation of two competing visions of intellectual property within the emergent “capabilities approach” school of intellectual property we identified earlier this week. Professor Van Houweling contrasts Professor Julie Cohen’s alternative justification of copyright as a tool for promoting corporate welfare (sustaining creative industries), with my attention to intellectual property laws as tools for promoting livelihood and human welfare (sustaining human beings in their quest for a good life).

Read More


Internet Governance and the Good Life

Madhavi Sunder’s thought-provoking new book, From Goods to a Good Life, creates an opportunity to rethink many areas of global knowledge policy, including how the Internet’s technical architecture is governed. Global Internet governance is often viewed through the lens of technical expediency and innovation policy, especially concentrating attention on the international institutions that coordinate critical Internet resources and infrastructure.  Sunder’s book provides a refreshing theoretical basis for shifting this frame to place culture and human rights at the center of Internet governance debates.  Technologies of Internet governance, although concealed in technical complexity and generally outside of public view, are the new spaces determining some of the most important cultural freedom issues of our time.

Sunder’s book suggests the technological features necessary for participatory culture to thrive. Some of these include many-to-many interactivity, amenability to manipulation and revision, and an architecture that shifts cultural production from the top-down hierarchical control of popular media to a distributed system in which cultural creation can reside at endpoints.  As Sunder explains, “This open architecture facilitates democratic resistance to dominant cultural discourses.”

Some trends in Internet governance are discordant with these crucial features. Internet governance control points are neither legal control points nor are they confined within nation-state boundaries. They are often manifested through the design of technical architecture, the decisions of global institutions of Internet governance, and through private business models.

I’ll offer a few Internet governance questions with implications for the future of participatory culture. The first is the evolving, behind-the-scenes architecture of online advertising practices. Relinquishing information about ourselves, consciously or not, is the quid pro quo bargain for free culture. The companies that operate platforms supporting distributed cultural production obviously require massive annual operating budgets. They provide free distributed products (e.g. YouTube, social media, blogging platforms) but are supported by online advertising models predicated upon the centralized collection and retention of data (contextual, locational, behavioral) about individuals that use these products. The removal of material barriers to cultural production is predicated upon these information goods, which are in turn predicated upon the hidden and mechanized monetization networks that support them. Information collected about individuals routinely includes unique hardware identifiers, mobile phone numbers, IP addresses, and location as well as content and site-specific information. In what ways will these evolving practices eventually constrain participatory culture and human freedom? There is a cultural disconnect between the perception of online anonymity and the actuality of a multi-layered identity infrastructure beneath the layer of content.

A second Internet governance trend potentially agonistic to the future of participatory culture is the turn to the Domain Name System (DNS) for intellectual property rights enforcement. The DNS has always served a clear technical function of translating between the alphanumeric names that humans use and the binary Internet addresses that routers use. Right now, the authoritative Internet registries that resolve these names into binary numbers are already being asked to enforce trademark and copyright laws, essentially blocking queries from websites associated with piracy. If this practice expands to ISPs and other DNS operators (as SOPA/PIPA seemed to propose), what will be the collateral damage to free expression and participatory culture?

Finally, an emerging Internet governance challenge to participatory culture is the trend away from interoperability. The ability to exchange information regardless of location or device is a necessary ingredient for participatory culture. Some social media approaches actually erode interoperability in several ways: lack of inherent compatibility among platforms; lack of Uniform Resource Locator (URL) universality; lack of data portability; and lack of universal searchability. In all of these cases, standard approaches are available but companies have explicitly designed interoperability out of their systems. Cloud computing approaches seem to be lurching away from interoperability in a similar manner. These trends concentrate control and intelligence in medias res rather than at end points. These centralized and proprietary approaches mediated by gatekeepers are what the market has selected but this selection has consequences for cultural as well as technical interoperability.

Madhavi Sunder’s book is a reminder to think about these architectural and economic shifts with attention to their effects on participatory culture and to engage public input into these debates.

It might not be immediately obvious how issues as varied as essential medicines, viral Internet videos, and technical architecture are connected to each other and to human liberty. Drawing from theorists as diverse as Durkheim, Foucault, and Habermas, From Goods to a Good Life convincingly makes this connection.  Congratulations to Professor Sunder for so insightfully helping us to connect issues of intellectual property and human freedom across diverse areas of global knowledge policy.

Dr. Laura DeNardis, Associate Professor, American University in Washington, D.C.


Adam Thierer on Classical Liberalism on the Net

As the political season is in full swing and folks claim to understand SOPA, PIPA, etc., I thought I should point people to Adam Theirer’s post Mueller’s Networks and States = Classical Liberalism for the Information Age. I knew Adam a little before my stint at Google. I came to know him more while there. I do not agree with everything Adam says. Rather, he reminds me of folks I knew in law school. I disagreed with many people there, but respected the way they argued. Their points made me rethink mine and perhaps improve them. The distinction between cyber-libertarianism and Internet exceptionalism that Berin Szoka and Adam try to make is important. I am not sure it succeeds but as Adam says

They are not identical. Rather, as Berin and I argued, they are close cousins. Properly defined, cyber-libertarianism is essentially the application of traditional libertarian thinking — which is more properly defined as classically “liberal” — to Internet policy issues. Berin and I define “cyber-libertarianism” as “the belief that individuals — acting in whatever capacity they choose (as citizens, consumers, companies, or collectives) — should be at liberty to pursue their own tastes and interests online.” Internet exceptionalism, by contrast, is the belief that the Internet has changed culture and history profoundly and is deserving of special care before governments intervene. But that does not necessarily tell us what sort of philosophy or core tenants ultimately animate exceptionalism going forward. (emphasis added by me)

This last point is the reason I call out the piece. So far I have not seen anything that addresses the point in a satisfactory way. Adam and Berin face this gap and try to fill it. Agree. Disagree. That is your choice. But read the whole thing and see where you end up. One final note, I think classical liberalism as Adam defines it may be more empty than it seems. For now I cannot explain why. For that I apologize to those of that camp, but I am working on that. Oh which reminds me, Julie Cohen’s book, Configuring the Networked Self: Law, Code, and the Play of Everyday Practice, takes on this issue.


There is no new thing under the sun

Photo: Like it’s namesake, the European Data Protection Directive (“DPD”), this Mercedes is old, German-designed, clunky and noisy – yet effective. [Photo: Omer Tene]


Old habits die hard. Policymakers on both sides of the Atlantic are engaged in a Herculean effort to reform their respective privacy frameworks. While progress has been and will continue to be made for the next year or so, there is cause for concern that at the end of the day, in the words of the prophet, “there is no new thing under the sun” (Ecclesiastes 1:9).

The United States: Self Regulation

The United States legal framework has traditionally been a quiltwork of legislative patches covering specific sectors, such as health, financial, and children’s data. Significantly, information about individuals’ shopping habits and, more importantly, online and mobile browsing, location and social activities, has remained largely unregulated (see overview in my article with Jules Polonetsky, To Track or “Do Not Track”: Advancing Transparency and Individual Control in Online Behavioral Advertising). While increasingly crafty and proactive in its role as a privacy enforcer, the FTC has had to rely on the slimmest of legislative mandates, Section 5 of the FTC Act, which prohibits ‘‘unfair or deceptive acts or practices”.


To be sure, the FTC has had impressive achievements; reaching consent decrees with Google and Facebook, both of which include 20-year privacy audits; launching a serious discussion of a “do-not-track” mechanism; establishing a global network of enforcement agencies; and more. However, there is a limit as to the mileage that the FTC can squeeze out of its opaque legislative mandate. Protecting consumers against “deceptive acts or practices” does not amount to protecting privacy: companies remain at liberty to explicitly state they will do anything and everything with individuals’ data (and thus do not “deceive” anyone when they act on their promise). And prohibiting ‘‘unfair acts or practices” is as vague a legal standard as can be; in fact, in some legal systems it might be considered anathema to fundamental principles of jurisprudence (nullum crimen sine lege). While some have heralded an emerging “common law of FTC consent decrees”, such “common law” leaves much to be desired as it is based on non-transparent negotiations behind closed doors, resulting in short, terse orders.


This is why legislating the fundamental privacy principles, better known as the FIPPs (fair information practice principles), remains crucial. Without them, the FTC cannot do much more than enforce promises made in corporate privacy policies, which are largely acknowledged to be vacuous. Indeed, in its March 2012 “blueprint” for privacy protection, the White House called for legislation codifying the FIPPs (referred to by the White House as a “consumer privacy bill of rights”). Yet Washington insiders warn that the prospects of the FIPPs becoming law are slim, not only in an election year, but also after the elections, without major personnel changes in Congress.

Read More


One Month in Jail: The Sentence in the Ravi Case

The judge handed down the sentence in the Dahrun Ravi case today.  For his conviction on witness- and evidence-tampering and lying to the police, Ravi will serve 30 days in jail.  For the hate crimes charge and sentence enhancement, Ravi was sentenced to three years’ probation, 300 hours of community service, counseling on cyber bullying and alternative lifestyles, and payment of $11,000 to a group that helps victims of bias crimes.  The judge included a recommendation to immigration authorities that the defendant, an Indian citizen who came to the United States as a child, not be deported.  The judge made fairly clear his thinking.  Before announcing the sentence, the judge said that he did not believe that the defendant hated Tyler Clementi but rather that he “acted out of colossal insensitivity.”  To the defendant, the judge said: “You lied to your roommate who placed his trust in you without any conditions, and you violated it.  I haven’t heard you apologize once.”  He emphasized the defendant’s attempt to “corrupt the justice system” by tampering with evidence and witnesses.  The judge explained that he took factors including Ravi’s youth and his lack of a criminal record into consideration.

Before the sentencing, many (including me) worried about a sentence that straddled the extremes.  An unduly harsh sentence might produce a backlash against using hate crime laws in instances of bigoted online harassment (including threats, privacy invasions, etc.) while an unduly light sentence would trivialize what happened to the victim, the public shaming of his sexuality and bias intimidation.  We have fallen into the latter zone.  The defendant received a sentence of probation and counseling on the hate crime that he thrice rejected in plea offerings by the prosecutor.  To make matters worse, the judge repudiated the jury’s conviction on the hate crime count when he characterized the defendant as insensitive, not bigoted.  Even so, all is not lost.  The sentence and conviction do say something important.  They make clear that engaging in online harassment and shaming of individuals from traditionally subordinated groups has a cost. The sentence is not something to shrug at: the defendant has a criminal record for a hate crime with three years’ probation (even though he might have been sentenced to far more than that, ten years).  To young people interested in bright futures, this is worth avoiding.  Viewed at a distance, the case teaches us that juries will take similar cases seriously.  It does not and should not say that such cases are easy and uncomplicated.  They are hard and deservedly belong in the public eye.  That this case made it into court with a conviction makes a difference.




The Turn to Infrastructure for Internet Governance

Drawing from economic theory, Brett Frischmann’s excellent new book Infrastructure: The Social Value of Shared Resources (Oxford University Press 2012) has crafted an elaborate theory of infrastructure that creates an intellectual foundation for addressing some of the most critical policy issues of our time: transportation, communication, environmental protection and beyond. I wish to take the discussion about Frischmann’s book into a slightly different direction, moving away from the question of how infrastructure shapes our social and economic lives into the question of how infrastructure is increasingly co-opted as a form of governance itself.

Arrangements of technical architecture have always inherently been arrangements of power. This is certainly the case for the technologies of Internet governance designed to keep the Internet operational. This governance is not necessarily about governments but about technical design decisions, the policies of private industry and the decisions of new global institutions. By “Infrastructures of Internet governance,” I mean the technologies and processes beneath the layer of content and inherently designed to keep the Internet operational. Some of these architectures include Internet technical protocols; critical Internet resources like Internet addresses, domain names, and autonomous system numbers; the Internet’s domain name system; and network-layer systems related to access, Internet exchange points (IXPs) and Internet security intermediaries. I have published several books about the inherent politics embedded in the design of this governance infrastructure.  But here I wish to address something different. These same Internet governance infrastructures are increasingly being co-opted for political purposes completely irrelevant to their primary Internet governance function.

The most pressing policy debates in Internet governance increasingly do not involve governance of the Internet’s infrastructure but governance using the Internet’s infrastructure.  Governments and large media companies have lost control over content through laws and policies and are recognizing infrastructure as a mechanism for regaining this control.  This is certainly the case for intellectual property rights enforcement. Copyright enforcement has moved well beyond addressing specific infringing content or individuals into Internet governance-based infrastructural enforcement. The most obvious examples include the graduated response methods that terminate the Internet access of individuals that repeatedly violate copyright laws and the domain name seizures that use the Internet’s domain name system (DNS) to redirect queries away from an entire web site rather than just the infringing content. These techniques are ultimately carried out by Internet registries, Internet registrars, or even by non-authoritative DNS operators such as Internet service providers. Domain name seizures in the United States often originate with the Immigration and Customs Enforcement agency. DNS-based enforcement was also at the heart of controversies and Internet boycotts over the legislative efforts to pass the Protect IP Act (PIPA) and the Stop Online Privacy Act (SOPA).

An even more pronounced connection between infrastructure and governance occurs in so-called “kill-switch” interventions in which governments, via private industry, enact outages of basic telecommunications and Internet infrastructures, whether via protocols, application blocking, or terminating entire cell phone or Internet access services. From Egypt to the Bay Area Rapid Transit service blockages, the collateral damage of these outages to freedom of expression and public safety is of great concern. The role of private industry in enacting governance via infrastructure was also obviously visible during the WikiLeaks CableGate saga during which financial services firms like PayPal, Visa and MasterCard opted to block the financial flow of money to WikiLeaks and Amazon and EveryDNS blocked web hosting and domain name resolution services, respectively.

This turn to governance via infrastructures of Internet governance raises several themes for this online symposium. The first theme relates to the privatization of governance whereby industry is voluntarily or obligatorily playing a heightened role in regulating content and governing expression as well as responding to restrictions on expression. Concerns here involve not only the issue of legitimacy and public accountability but also the possibly undue economic burden placed on private information intermediaries to carry out this governance. The question about private ordering is not just a question of Internet freedom but of economic freedom for the companies providing basic Internet infrastructures. The second theme relates to the future of free expression. Legal lenses into freedom of expression often miss the infrastructure-based governance sinews that already permeate the Internet’s underlying technical architecture. The third important theme involves the question of what this technique of governance via infrastructure will mean for the technical infrastructure itself.  As an engineer as well as a social scientist, my concern is for the effects of these practices on Internet stability and security, particularly the co-opting of the Internet’s domain name system for content mediation functions for which the DNS was never intended. The stability of the Internet’s infrastructure is not a given but something that must be protected from the unintended consequences of these new governance approaches.

I wish to congratulate Brett Frischmann on his new book and thank him for bringing the connection between society and infrastructure to such a broad and interdisciplinary audience.

Dr. Laura DeNardis, American University, Washington, DC.


Cybersecurity Legislation and the Privacy and Civil Liberties Oversight Board

Along with a lot of other privacy folks, I have a lot of concerns about the cybersecurity legislation moving through Congress.  I had an op-ed in The Hill yesterday going through some of the concerns, notably the problems with the over broad  “information sharing” provisions.

Writing the op-ed, though, prompted me to highlight one positive step that should happen in the course of the cybersecurity debate.  The Privacy and Civil Liberties Oversight Board was designed in large part to address information sharing.  This past Wednesday, the Senate Judiciary Committee had the hearing to consider the bipartisan slate of five nominees.

Here’s the point.  The debate on CISPA and other cybersecurity legislation has highlighted all the information sharing that is going on already and that may be going on in the near future.  The PCLOB is the institution designed to oversee problems with information sharing.  So let’s confirm the nominees and get the PCLOB up and running as soon as possible.

The quality of the nominees is very high.  David Medine, nominated to be Chair, helped develop the FTC’s privacy approach in the 1990’s and has worked on privacy compliance since, so he knows what should be done and what is doable.  Jim Dempsey has been at the Center of Democracy and Technology for over 15 years, and is a world-class expert on government, privacy, and civil liberties.  Pat Wald is the former Chief Judge of the DC Circuit.  Her remarkably distinguished career includes major experience on international human rights issues.  I don’t have experience with the other two nominees, but the hearing exposed no red flags for any of them.

The debates about cybersecurity legislation show the centrality of information sharing to how government will respond to cyber-threats.  So we should have the institution in place to make sure that the information sharing is done in a lawful and sensible way, to be effective and also to protect privacy and civil liberties.