From the Pew FactTank:

“Roughly three-in-ten adults with household incomes below $30,000 a year (29%) don’t own a smartphone. More than four-in-ten don’t have home broadband services (44%) or a traditional computer (46%). And a majority of lower-income Americans are not tablet owners. By comparison, each of these technologies are nearly ubiquitous among adults in households earning $100,000 or more a year.”

H/T to InfoDocket.

Facebook co-founder Chris Hughes argues that Facebook should indeed be broken up in his NYT opinion piece, It’s Time to Break Up Facebook, May 9, 2019. One snip:

“Facebook has earned the prize of domination. It is worth half a trillion dollars and commands, by my estimate, more than 80 percent of the world’s social networking revenue. It is a powerful monopoly, eclipsing all of its rivals and erasing competition from the social networking category.”


From the blurb for John P. Wihbey, The Social Fact: News and Knowledge in a Networked World (MIT Press, Apr. 2019):

While the public believes that journalism remains crucial for democracy, there is a general sense that the news media are performing this role poorly. In The Social Fact, John Wihbey makes the case that journalism can better serve democracy by focusing on ways of fostering social connection. Wihbey explores how the structure of news, information, and knowledge and their flow through society are changing, and he considers ways in which news media can demonstrate the highest possible societal value in the context of these changes.

Wihbey examines network science as well as the interplay between information and communications technologies (ICTs) and the structure of knowledge in society. He discusses the underlying patterns that characterize our increasingly networked world of information—with its viral phenomena and whiplash-inducing trends, its extremes and surprises. How can the traditional media world be reconciled with the world of social, peer-to-peer platforms, crowdsourcing, and user-generated content? Wihbey outlines a synthesis for news producers and advocates innovation in approach, form, and purpose. The Social Fact provides a valuable framework for doing audience-engaged media work of many kinds in our networked, hybrid media environment. It will be of interest to all those concerned about the future of news and public affairs.

From the introduction to Frequently Asked Questions about the Julian Assange Charges (LSB10291, Apr. 22, 2019):

After spending nearly seven years in the Ecuadorian embassy in London, Julian Assange was arrested by British police, was convicted for violating the terms of his bail in the U.K., and had an indictment against him unsealed in the United States — all in a single day. Despite the swiftness of the recent action, the charges against Assange raise a host of complex questions that are unlikely to be resolved in the near future. This Sidebar examines the international and domestic legal issues implicated in the criminal cases against Assange.

From the summary of Free Speech and the Regulation of Social Media Content (R45650, Mar. 27,2019):

Some have argued that Congress should step in to regulate social media sites. Government action regulating internet content would constitute state action that may implicate the First Amendment. In particular, social media providers may argue that government regulations impermissibly infringe on the providers’ own constitutional free speech rights. Legal commentators have argued that when social media platforms decide whether and how to post users’ content, these publication decisions are themselves protected under the First Amendment. There are few court decisions evaluating whether a social media site, by virtue of publishing, organizing, or even editing protected speech, is itself exercising free speech rights. Consequently, commentators have largely analyzed the question of whether the First Amendment protects a social media site’s publication decisions by analogy to other types of First Amendment cases.

From the summary of Data Protection Law: An Overview (R45631, Mar. 25, 2019):

Should the 116th Congress consider a comprehensive federal data protection law, its legislative proposals may involve numerous decision points and legal considerations. Points of consideration may include the conceptual framework of the law (i.e., whether it is prescriptive or outcome-based), the scope of the law and its definition of protected information, and the role of the FTC or other federal enforcement agency. Further, if Congress wants to allow individuals to enforce data protection laws and seek remedies for the violations of such laws in court, it must account for standing requirements in Article III, Section 2 of the Constitution.  Federal preemption also raises complex legal questions — not only of whether to preempt state law, but what form of preemption Congress should employ. Finally, from a First Amendment perspective, Supreme Court jurisprudence suggests that while some privacy, cybersecurity, or data security regulations are permissible, any federal law that restricts protected speech, particularly if it targets specific speakers or content, may be subject to more stringent review by a reviewing court.

From the abstract for Lina Khan & David Pozen, A Skeptical View of Information Fiduciaries (Harvard Law Review, Vol. 133, 2019, Forthcoming):

The concept of “information fiduciaries” has surged to the forefront of debates on online platform regulation. Developed by Professor Jack Balkin, the concept is meant to rebalance the relationship between ordinary individuals and the digital companies that accumulate, analyze, and sell their personal data for profit. Just as the law imposes special duties of care, confidentiality, and loyalty on doctors, lawyers, and accountants vis-à-vis their patients and clients, Balkin argues, so too should it impose special duties on corporations such as Facebook, Google, and Twitter vis-à-vis their end users. Over the past several years, this argument has garnered remarkably broad support and essentially zero critical pushback.

This Essay seeks to disrupt the emerging consensus by identifying a number of lurking tensions and ambiguities in the theory of information fiduciaries, as well as a number of reasons to doubt the theory’s capacity to resolve them satisfactorily. Although we agree with Balkin that the harms stemming from dominant online platforms call for legal intervention, we question whether the concept of information fiduciaries is an adequate or apt response to the problems of information insecurity that he stresses, much less to more fundamental problems associated with outsized market share and business models built on pervasive surveillance. We also call attention to the potential costs of adopting an information-fiduciary framework—a framework that, we fear, invites an enervating complacency toward online platforms’ structural power and a premature abandonment of more robust visions of public regulation.

From the abstract for Paul M. Schwartz, Global Data Privacy: The EU Way (New York University Law Review, Vol. 94, 2019):

EU data protection law is playing an increasingly prominent role in today’s global technological environment. The cornerstone of EU law in this area, the General Data Protection Regulation (GDPR), is now widely regarded as a privacy law not just for the EU, but for the world. In the conventional wisdom, the EU has become the world’s privacy cop, acting in a unilateral fashion and exercising de facto influence over other nations through its market power. Yet, understanding the forces for convergence and divergence in data privacy law demands a more nuanced account of today’s regulatory environment.

In contrast to the established narrative about EU power, this Article develops a new account of the diffusion of EU data protection law. It does so through case studies of Japan and the United States that focus on how these countries have negotiated the terms for international data transfers from the EU. The resulting account reveals the EU to be both collaborative and innovative.

Three important lessons follow from the case studies. First, rather than exercising unilateral power, the EU has engaged in bilateral negotiations and accommodated varied paths for non-EU nations to meet the GDPR’s “adequacy” requirement for international data transfers. Second, while the adequacy requirement did provide significant leverage in these negotiations, it has been flexibly applied throughout its history. Third, the EU’s impressive regulatory capacity rests on a complex interplay of institutions beyond the European Commission. Not only are there a multiplicity of policy and lawmaking institutions within the EU, but the EU has also drawn on non-EU privacy innovations and involved institutions from non-EU countries in its privacy policymaking.

Finally, this Article identifies two overarching factors that have promoted the global diffusion of EU data protection law. The first such factor regards legal substance. Public discourse on consumer privacy has evolved dramatically, and important institutions and prominent individuals in many non-EU jurisdictions now acknowledge the appeal of EU-style data protection. Beyond substance, the EU has benefited from the accessibility of its omnibus legislative approach; other jurisdictions have been drawn to the EU’s highly transplantable legal model. In short, the world has weighed in, and the EU is being rewarded for its success in the marketplace of regulatory ideas.

H/T to beSpacific for calling attention to Gov404: The Sunlight Foundation Web Integrity Project’s Censorship Tracker. Gov404 aggregates and verifies examples of the most significant cases of online information censorship on the federal Web since November 2016. The cases come from reporting by the Web Integrity Project team, the news media, and other accountability organizations.

Democratic lawmakers in the House and Senate March 6 introduced legislation aimed at overturning the FCC’s 2017 repeal of the 2015 Open Internet Order. The bill seeks to re-classify the Internet as a utility under Title II of the Telecommunications Act of 1934 prohibiting Internet service providers from blocking, throttling or creating fast lanes and slow lanes by charging extra fees to prioritize content. Here’s the text of the bill.

On Wednesday, Mark Zuckerberg, the CEO of Facebook, described a sweeping new vision for his platform. “The future of communication,” he wrote, “will increasingly shift to private, encrypted services where people can be confident what they say to each other stays secure.” From the 3,200 word blog post:

“This privacy-focused platform will be built around several principles:

Private interactions. People should have simple, intimate places where they have clear control over who can communicate with them and confidence that no one else can access what they share.

Encryption. People’s private communications should be secure. End-to-end encryption prevents anyone — including us — from seeing what people share on our services.

Reducing Permanence. People should be comfortable being themselves, and should not have to worry about what they share coming back to hurt them later. So we won’t keep messages or stories around for longer than necessary to deliver the service or longer than people want them.

Safety. People should expect that we will do everything we can to keep them safe on our services within the limits of what’s possible in an encrypted service.

Interoperability. People should be able to use any of our apps to reach their friends, and they should be able to communicate across networks easily and securely.

Secure data storage. People should expect that we won’t store sensitive data in countries with weak records on human rights like privacy and freedom of expression in order to protect data from being improperly accessed.

Over the next few years, we plan to rebuild more of our services around these ideas.”

The post raised all kinds of questions about Facebook’s business model and strategies, as well as the trade-offs the company could face. And so after the post went live, Zuckerberg spoke with WIRED about his vision. Here’s the interview.

The Government Accountability Office released Additional Federal Authority Could Enhance Consumer Protection and Provide Flexibility GAO-19-52, a report recommending that Congress consider enacting a federal internet privacy law in the United States. The 56-page independent report was requested by the House Energy and Commerce Committee, which has scheduled a hearing on data privacy on February 26, during which it plans to discuss the GAO’s findings. The Senate Commerce Committee is scheduled to hold a similar hearing on February 27th.

What GAO Found: “The United States does not have a comprehensive Internet privacy law governing the collection, use, and sale or other disclosure of consumers’ personal information. At the federal level, the Federal Trade Commission currently has the lead in overseeing Internet privacy, using its statutory authority under the FTC Act to protect consumers from unfair and deceptive trade practices. However, to date FTC has not issued regulations for Internet privacy other than those protecting financial privacy and the Internet privacy of children, which were required by law. For FTC Act violations, FTC may promulgate regulations but is required to use procedures that differ from traditional notice-and-comment processes and that FTC staff said add time and complexity.” Here’s the report: Additional Federal Authority Could Enhance Consumer Protection and Provide Flexibility, GAO-19-52 (2019).

More and more security holes are appearing in cryptocurrency and smart contract platforms, and some are fundamental to the way they were built. This MIT Technology Review provides an overview of this development. “Blockchains are particularly attractive to thieves because fraudulent transactions can’t be reversed as they often can be in the traditional financial system. Besides that, we’ve long known that just as blockchains have unique security features, they have unique vulnerabilities. Marketing slogans and headlines that called the technology “unhackable” were dead wrong.”

From the abstract for Hans Morten Haugen, Is Internet Access a Human Right? For Everyone or Just Persons with Disabilities?:

Allegations that Internet access is a human right is a popular perception, reflected in media reports. The most explicit basis is found in the Convention on the Rights of Persons with Disabilities (CRPD). Acknowledging that private actors are essential in providing Internet services, the CRPD Article 21(c) explicitly urges them to provide information and services in accessible and usable formats. It is not common that human rights treaties specify the role of private actors with such explicit wording. A review of relevant international law sources, including the International Covenant on Civil and Political Rights (ICCPR) and the International Covenant on Economic, Social and Cultural Rights (ICESCR), finds that there is no basis in international law for stating that Internet access is a human rights. On the other hand, rights and obligations on Internet access and accessibility is clearly outlined in the CRPD, finding that there is a human right to the Internet – with corresponding State obligation – for persons with disabilities. The article then identifies States’ compliance with its CRPD obligations in the realm of Internet, and finds severe weaknesses in public policies, but the adoption of a treaty on copyright exceptions applying to use by persons with disabilities is a positive recent development.

States are addressing cybersecurity through various initiatives, such as providing more funding for improved security measures, requiring government agencies or businesses to implement specific types of security practices, increasing penalties for computer crimes, addressing threats to critical infrastructure and more. NCSL compiles a 50-state survey of legislation each year. Here is the 2018 survey.

According to the 2018 survey’s introduction at least 35 states, D.C. and Puerto Rico introduced/considered more than 265 bills or resolutions related to cybersecurity. Some of the key areas of legislative activity include:

  • Improving government security practices.
  • Providing funding for cybersecurity programs and initiatives.
  • Restricting public disclosure of sensitive government cybersecurity information.
  • Promoting workforce, training, economic development.

At least 22 states have enacted 52 bills so far in 2018

American Libraries has published a state legislative survey of bills, statutes and executive orders intended to protect net neutrality at the state level. More than 35 states have introduced legislation to protect net neutrality. Four (California, Oregon, Vermont, and Washington) have passed laws and six governors have issued executive orders. View the survey here.