Sep 012018

This post originally appeared on Techdirt 3/16/18.

It’s become quite fashionable these days to gripe about the Internet. Even some of its staunchest allies in Congress have been getting cranky. Naturally there are going to be growing pains as humanity adapts to the unprecedented ability for billions of people to communicate with each other easily, cheaply, and immediately for the first time in world history. But this communications revolution has also brought some extraordinary benefits that we glibly risk when we forget about them and instead only focus the challenges. This glass is way more than half full but, if we’re not careful to protect it, soon it will be empty.

As we’ve been talking about a lot recently, working its way through Congress is a bill, SESTA/FOSTA, so fixated on perceived problems with the Internet (even though there’s no evidence that these are problems the Internet itself caused) that it threatens the ability of the Internet to deliver its benefits, including those that would better provide tools to deal with some of those perceived problems, if not outright make those same problems worse by taking away the Internet’s ability to help. But it won’t be the last such bill, as long as the regulatory pile-on intending to disable the Internet is allowed to proceed unchecked.

As the saying too often goes, you don’t know what you’ve got till it’s gone. But this time let’s not wait to lose it; let’s take the opportunity to appreciate all the good the Internet has given us, so we can hold on tight to it and resist efforts to take it away.

Towards that end, we want to encourage the sharing and collection of examples of how the Internet has made the world better: how it made it better for everyone, and how it even just made it better for you, and whether it made things better for good, or for even just one moment in one day when the Internet enabled some connection, discovery, or opportunity that could not have happened without it. It is unlikely that this list could be exhaustive: the Internet delivers its benefits too frequently and often too seamlessly to easily recognize them all. But that’s why it’s all the more important to go through the exercise of reflecting on as many as we can, because once they become less frequent and less seamless they will be much easier to miss and much harder to get back.

Sep 012018

This post originally appeared on Techdirt on 1/29/18.

Never mind all the other reasons Deputy Attorney General Rod Rosenstein’s name has been in the news lately… this post is about his comments at the State of the Net conference in DC on Monday. In particular: his comments on encryption backdoors.

As he and so many other government officials have before, he continued to press for encryption backdoors, as if it were possible to have a backdoor and a functioning encryption system. He allowed that the government would not itself need to have the backdoor key; it could simply be a company holding onto it, he said, as if this qualification would lay all concerns to rest.

But it does not, and so near the end of his talk I asked the question, “What is a company to do if it suffers a data breach and the only thing compromised is the encryption key it was holding onto?”

There were several concerns reflected in this question. One relates to what the poor company is to do. It’s bad enough when they experience a data breach and user information is compromised. Not only does a data breach undermine a company’s relationship with its users, but, recognizing how serious this problem is, authorities are increasingly developing policy instructing companies on how they are to respond to such a situation, and it can expose the company to significant legal liability if it does not comport with these requirements.

But if an encryption key is taken it is so much more than basic user information, financial details, or even the pool of potentially rich and varied data related to the user’s interactions with the company that is at risk. Rather, it is every single bit of information the user has ever depended on the encryption system to secure that stands to be compromised. What is the appropriate response of a company whose data breach has now stripped its users of all the protection they depended on for all this data? How can it even begin to try to mitigate the resulting harm? Just what would government officials, who required the company to keep this backdoor key, now propose it do? Particularly if the government is going to force companies to be in this position of holding onto these keys, these answers are something they are going to need to know if they are going to be able to afford to be in the encryption business at all.

Which leads to the other idea I was hoping the question would capture: that encryption policy and cybersecurity policy are not two distinct subjects. They interrelate. So when government officials worry about what bad actors do, as Rosenstein’s comments reflected, it can’t lead to the reflexive demand that encryption be weakened simply because, as they reason, bad actors use encryption. Not when the same officials are also worried about bad actors breaching systems, because this sort of weakened encryption so significantly raises the cost of these breaches (as well as potentially makes them easier).

Unfortunately Rosenstein had no good answer. There was lots of equivocation punctuated with the assertion that experts had assured him that it was feasible to create backdoors and keep them safe. Time ran out before anyone could ask the follow-up question of exactly who were these mysterious experts giving him this assurance, especially in light of so many other experts agreeing that such a solution is not possible, but perhaps this answer is something Senator Wyden can find out

Sep 012018

This post originally appeared on Techdirt on 1/22/18.

Shortly after Trump was elected I wrote a post predicting how things might unfold on the tech policy front with the incoming administration. It seems worth taking stock, now almost a year into it, to see how those predictions may have played out. Continue reading »

Sep 012018

This post originally appeared on Techdirt 12/12/17.

Last week, Mike and I were at a conference celebrating the 20th anniversary of the Supreme Court decision in Reno v. ACLU, a seminal case that declared that the First Amendment applied online. What makes the case so worth a conference celebrating it is not just what it meant as a legal matter – it’s a significant step forward in First Amendment jurisprudence – but also what it meant as a practical matter. This decision was hugely important in allowing the internet to develop into what it is today, and that evolution may not be something we adequately appreciate. It’s easy to forget and pretend the internet we know today was always a ubiquitous presence, but that wasn’t always so, and it wasn’t so back then. Indeed, it’s quite striking just how much has changed in just two decades.

So this seemed like a good occasion to look back at how things were then. The attached paper is a re-publication of the honors thesis I wrote in 1996 as a senior at the University of California at Berkeley. As the title indicates, it was designed to study internet adoption among my fellow students, who had not yet all started using it. Even those who had were largely dependent on the University to provide them their access, and that access had only recently started to be offered on any significant a campus-wide basis. And not all of the people who had started using the internet found it to be something their lives necessarily needed. (For instance, when asked if they would continue to use the internet after the University no longer provided their access, a notable number of people said no.) This study tried to look at what influences or reasons the decision to use, or not use, the internet pivoted upon.

I do of course have some pause, now a few decades further into my career, calling attention to work I did as a stressed-out undergraduate. However, I still decided to dig it up and publish it, because there aren’t many snapshots documenting internet usage from that time. And that’s a problem, because it’s important to understand how the internet transitioned from being an esoteric technology used only by some into a much more pervasive one seemingly used by nearly everyone, and why that change happened, especially if we want to understand how it will continue to change, and how we might want to shape that change. All too often it seems tech policy is made with too little serious consideration of the sociology behind how people use the internet – the human decisions internet usage represents – and it really needs to be part of the conversation more. Hopefully studies like this one can help with that.