Depending on your country, the Internet has been available for ten years or more, and for individuals—at least in the developed world—it has since become ingrained in psyches as an essential commodity, akin to access to fixed-line telephony, electricity and potable water. For a growing number, the Internet is essential for work, for a greater number it is the first port of call for problem solving and information (Wiki and online Yellow pages come to mind) or getting things done (banking, finding out timetables for travel, etc). Most governments, too, now take the Internet as a key component of infrastructure, crucial to a nation's future socio-economic potential.

What governments may do with the Internet is another matter. A decade's experience and use of the service has enabled a growing number of governments to manhandle the potential dangers of hacking, fraud and privacy as a means to tighten the screws on their own control of access, and of their nationals' use of it. This is rightly opposed by the users themselves, over half of whom surveyed for the BBC believing that no government should be empowered to regulate the Internet.

In Europe, the 'three strikes rule' threatens to become more fashionable, following measures first proposed in France: there, the Création et Internet Bill failed in 2009 when France's Conseil Constitutionnel ruled that it leaned too much to 'guilty until proven innocent' and that it threatened major sanctions (Internet disconnection and a national blacklist on access) without judicial oversight. Nevertheless, the government shoehorned the Bill a second time, which this month came before the National Assembly for debate.

The Bill proposes that the scheme be administered by a newly formed group called HADOPI. ISPs notified about alleged file-sharing would be required to send an e-mail to the customer involved, a registered letter at the second alleged offence and, for a third offence, terminate access for up to a year. A database managed by HADOPI could presumably prevent blocked users from switching ISPs.

Italy looks like adopting a similar approach. Having in 2009 sued the Swedish The Pirate Bay site and attempted to force ISPs to block access to its content, the more recent charging of Google executives with criminal charges resulting from YouTube content denotes a government leaning towards authoritarianism regarding the Internet. The Italian three-strikes proposal would be complemented by a requirement that all blogs register with the government.

In the UK, meanwhile, the government is pushing through its controversial Digital Economy Bill, which proposes empowering regulators to disconnect or slow down Internet connections of persistent illegal file-sharers. Amendments to the Bill passed this month at the report stage at the House of Lords before its third and final reading in the House of Commons, could in theory force sites such as YouTube which host copyright-infringing material to be blocked or forced offline. The UK's three-strikes rule is similar in its essentials to those of France and the UK, with disconnection following two warnings.

At the European Union level, the European Parliament was initially critical of the three-strikes schemes, largely due to the absence of judicial review. However, this month the Anti-Counterfeiting Trade Agreement (ACTA) was put forward for debate between the US, the EC, Japan, Switzerland, Australia, New Zealand, South Korea, Canada and Mexico. Aimed at preventing online counterfeiting, it threatens to punish ISPs for content delivered.

Polls show the sincerity of popular regard for a free Internet, and suggest that to tackle piracy other solutions than blocking ISPs and throwing citizens offline should be considered. Until they are considered, citizens should, as always, be vigilant about what their governments are legislating, lest they find themselves with a thoroughly policed Internet far removed from what they now know it to be.

Written by Paul Budde, Managing Director of Paul Budde Communication

Marketers have responded by setting up processes to "get" permission from recipients before adding them to mailing lists. They point to their privacy polices and signup forms and say "Look! the recipient gave us permission."

In many cases, though, the permission isn't given to the sender, permission is taken from the recipient.

Yes, permission is being TAKEN by the sender. At the point of address collection many senders set the default to be the recipient gets mail. These processes take any notion of giving permission out of the equation. The recipient doesn't have to give permission, permission is assumed.

This isn't real permission. No process that requires the user to take action to stop themselves from being opted in is real permission. A default state of yes takes the actual opt-in step away from the recipient.

Permission just isn't about saying "well, we told the user if they gave us an email address we'd send them mail and they gave us an email address anyway." Permission is about giving the recipients a choice in what they want to receive. All too often senders take permission from recipients instead of asking for permission to be given.

Written by Laura Atkins, Founding partner of anti-spam consultancy & software firm Word to the Wise

According to the BBC, the Buzz development team bypassed Google's standard trial and testing procedures in order to launch the product quickly. Apparently, the company only tested it internally with Google employees and failed to test the product with a more diverse range of users who are more likely to have brought up the issues which were so glaringly obvious after launch. Google has apologized and moved to correct the most eggregious privacy flaws, though problems—including security issues—continue to be raised. PC World has a good overview of Buzz's evolution since launch.

Meanwhile, damage has been done not only to Google's reputation but also to an unknown number of users who found themselves and their contacts exposed in ways they did not choose or want. Exposing vulnerable users without their knowledge or choice even for a few hours can potentially have irreversible consequences. While Google is scoring some points around the tech policy world for reacting quickly and earnestly to the strident user outcry, the Electronic Information Privacy Center (EPIC) has filed an official complaint with the FTC, and that Canada's Privacy Commissioner has expressed disappointment and asked Google to explain itself. (UPDATE: A class complaint has been filed in San Jose, claiming that Google broke the law by sharing personal data without users' consent.)

Earlier this week I asked people in my Twitter network how they're feeling about Buzz after the fixes they've made. Some are now reassured but others aren't. For example, Joseph Lorenzo Hall wrote:

@rmack totally lost me for good.. I just can't believe that they won't do it again. It will have to be very useful/different to get me back

Some are leaving GMail altogether. Judson Dunn reported:

@rmack my boyfriend deleted his long time gmail account for good :(

I was so concerned about exposing people in my GMail network during the first week after launch that I stayed off Buzz entirely until Monday afternoon. By then I felt that the worst privacy problems had been fixed, and I understood well enough how to tweak the settings that I could at least go in without doing harm to others. After playing with it a bit and poking around I posted some initial observations and invited the people in my network to respond. There are still plenty of issues—some people who claimed in Twitter that they had turned off Buzz are still there, and I think Buzz should make it easier for people to use pseudonyms or nicknames not tied to their email address if they prefer. From Beijing, Jeremy Goldkorn of the influential media blog Danwei responded: "I like the way Buzz works now, and it seems to me that the privacy concerns have been addressed."

I've noticed that some Chinese Buzz users have been using it to post and discuss material that has been censored by Chinese blog-hosting platforms and social networking sites. If Buzz becomes useful as a way to preserve and spread censored information around quickly, it seems to me that's a plus as long as people aren't being exposed in ways they don't want. My friend Isaac Mao wrote:

It's more important to Chinese to make information flowing rather than privacy concern this moment. With more hibernating animals in cave, we can't tell too much on the risks about identity, but more on how to wake up them.

Buzz has unleashed some potentials on sharing which just follows my Sharism theory, people actually have much more stuff to share before they realize them.

But I agree with any conerns on privacy, including the risks that authority may trace publishers in China. It's very much possible to be targeted once they were notified how profound the new tool is.

The "Great Firewall" is already at work on Buzz, at least in Beijing. While most people seem to be able to access Buzz through GMail on Chinese Internet connections, numerous people report from Beijing that at least some Google profiles—including mine and Isaac's—are blocked, though people in Shanghai and Guangzhou say they're not blocked. Others in China report having trouble posting comments to Buzz, though it's unclear whether this is a technical issue with Buzz or a Chinese network blocking issue, or some strange combination of the two.

It will be interesting to see how things evolve, and whether activists in various countries find Buzz to be a useful alternative to Facebook and other platforms—or not. Whatever happens, I do think that Google fully deserves the negative press it has gotten and continues to get for the thoughtless way in which Buzz was rolled out. There are senior people at Google whose job it is to focus on free expression issues, and others who work full time on privacy issues. Either the Buzz development team completely failed to consult with these people or were allowed to ignore them. I am inclined to believe the former instead of the latter, based on my interactions with the company through the Global Network Initiative and Google's support for Global Voices. Call me biased or sympathetic if you want, but I don't think that the company made a conscious decision to ignore the risks it was creating for human rights activists or people with abusive spouses—or anybody else with privacy concerns. However, if we do give Google the benefit of the doubt, then the only logical conclusion is that in this case, something about the company's management and internal communications was so broken that the company was unable to prevent a new product from unintentionally doing evil. Nick Summers at Newsweek thinks the problem is broader:

Google is so convinced of the righteousness of its mission statement that it launches products heedlessly. Take Google Books—the company was so in thrall with its plan to make all hardbound knowledge searchable that it did not anticipate a $125 million legal challenge from publishers. With Google Wave, engineers got high on their own talk that they had invented a means of communication superior to e-mail—until Wave launched and users laughed at its baffling un-usability. Last week, with Buzz, Google seemed so bewitched by the possibilities of a Google-y take on social networking that it went live without thinking through the privacy implications.

Whatever the case may be in terms of Google's internal thinking or intentions, we have a right to be concerned. Too many of us depend on Google for too many things. They have a responsibility to netizens around the world to develop more effective mechanisms to ensure that the concerns, interests, and rights of the world's netizens are adequately incorporated into the development process.

I'd very much like to hear your ideas for how netizens' concerns around the world—particularly from at-risk and marginalized communities who have the most to lose when Google gets things wrong—might be channeled to Google's development teams and product managers. Rather than wait for Google to figure this out, are there mechanisms that we as netizens might be able to build? Are there things we can proactively do to help companies like Google avoid doing evil? Can we help them to avoid hurting us—and also help them to maximize the amount of good they can do?

Written by Rebecca MacKinnon, Open Society Fellow; Co-founder, GlobalVoicesOnline.org

Start first with plans for future talks. Round 8 of the ACTA negotiations, which will be held in Wellington, New Zealand, are apparently now scheduled for April 12 to 16th. Countries plan a five-day round—the longest yet—with detailed discussions on the Internet provisions, civil enforcement, border measures, and penal provisions. Moreover, Round 9 will take place in Geneva, possibly during the week of June 7th. This aggressive negotiation schedule—three rounds of talks in six months—points to the pressure to conclude ACTA in 2010.

Secondly, transparency. The leaked document reveals that the summary document on ACTA is currently being updated by Canada and Switzerland, with release likely in March. The new document will deny rumours about iPod searching border guards and mandatory three strikes policies. There is no agreement about releasing the ACTA text, however (though more European Union members states favour its release). New Zealand is considering a stakeholder meeting during the next round in April as part of the transparency effort.

Third, the substance of the talks. The three main areas of substantive discussion were civil enforcement, border measures (called customs by the EC), and the Internet provisions. The Commission document states:

1. The civil enforcement chapter was discussed very thoroughly. It was possible to agree additional language, but when entering into the detail of the different mechanisms (provisional measures, injunctions, calculation of damages) progress became slow due to the different technical concepts of each legal system.

2. The customs chapter was discussed in detail for the first time in more than one year. Good progress on items like exemptions for personal luggage (a sensitive issue in the public opinion). EU proposing a more organised and logical structure of the chapter, not always well understood by others.

3. The internet chapter was discussed for the first time on the basis of comments provided by most parties to US proposal. The second half of the text (technological protection measures) was not discussed due to lack of time. Discussions still focus on clarification of different technical concepts, therefore, there was not much progress in terms of common text. US and EU agreed to make presentations of their own systems at the next round, to clarify issues.

Leaving aside the more personal comments (ie. others do not understand the border measures chapter structure), the leaked document is precisely what the negotiating countries should be providing to the public in the absence of an actual text. Rather than the mundane meeting statement that says nothing, this brief report includes far more detail on the substance of the talks and the plans for the future.

Written by Michael Geist, Chair of Internet and E-commerce Law

At the time he raised obvious concerns over the impact on privacy, the security of the data, the enormous cost involved and the feasibility of the project. His concerns were echoed by LINX, a major UK peering organisation who stated "We view the description of the government's proposals as 'maintaining' the capability as disingenuous: the volume of data the government now proposes CSPs should collect and retain will be unprecedented, as is the overall level of intrusion into the privacy of the citizenry."

Then in December 2009 it emerged all of the UK's mobile operators had also announced their concerns over the project. Vodafone, Orange, 3 and T-Mobile all voiced their concerns in the form of submissions to the government's consultation.

The mobile operators also questioned the IMP's feasibility, accuracy of estimated costs, morality, legality and even its usefulness, questioning whether or not access to all communications records is even necessary for law enforcement and intelligence.

T-Mobile stated "We have not yet seen persuasive evidence of credible research into the extent to which these new communications technologies will actually be used for the purposes of serious and organised crime."

After such widespread industry and public criticism it was expected that development of the IMP would slow down and that the project may even be placed on hold until after the election. However last month news emerged that the IMP was far from on hold. The government instead announced the establishment of the Communications Capabilities Directorate (CCD) which will provide a structure for the implementation of the IMP which is apparently continuing as planned.

As a communications provider Entanet has a number of obvious concerns regarding the IMP which are reportedly shared by many of our colleagues within the industry. The government expects providers such as Entanet to maintain massive databases of our customers' online communications including social networking, emails, VoIP calls and browsing, basically anything our customers do online. Currently CPs are required to keep basic communication records for use by the authorities but this is a huge increase in the level of 'snooping'. This raises a number of obvious privacy concerns and raises the question: Where do we draw the line between protecting our privacy and ensuring security?

A home office spokesperson states "The Directorate will continue to consider the challenges posed by new technologies, working closely with communications service providers and others to bring forward proposals that command public confidence and demonstrate an appropriate balance between privacy and security."

However many critics would argue that we are a long way off a 'balance' between privacy and security with the proposed IMP. If anything the scales are swaying vigorously in favour of security at the expense of the public's privacy.

Ignoring for a minute the huge privacy and ethical argument that this ignites, we also have concerns over the usefulness of the data in terms of fighting crime and even the feasibility of collection and storage. This will be the largest IT project ever undertaken by the UK and previous attempts leave us far from confident in its success, take the NPfIT in the healthcare sector for example.

We will be watching the progress of the IMP and the CCD very closely over the next few months.

Written by Jon Farmer, Voice Technical Lead, Entanet International Ltd

Buzz takes all of your Gmail contacts (and presumably other connections from elsewhere within the Googleplex), and makes them all your "friends" by default; it then shares your activity from Google Reader, YouTube, and other tools with all of them, and vice versa. They can see who your friends are, and you can see who theirs are. It's a quick & impressive way to make a whole new social network out of the original social networking tool: email.

Only one problem: all of those connections, and all of that public information, happens by default. You do get to choose whether or not to activate Buzz, but apparently it's activated either way—and if you say no, you won't have access to the nearly-hidden privacy controls.

These may seem like small issues: Facebook already tells the world who you're friends with, and Twitter updates are public by default. But with both of those, you choose to sign up and you know what you're getting (until it changes.) Buzz is different: you signed up for Gmail, and suddenly this other thing happened too. Suddenly, things you thought were private are public. It's tantamount to spyware.

This is all of particular concern to someone like the author of the Fugitivus blog, who writes anonymously about her life—including some truly disturbing experiences, being raised in an abusive family and then married to an abusive husband. Everyone should have the right to make their own privacy choices; for her, privacy is absolutely required. Her well-being, perhaps even her life depends on it.

When Google Buzz showed up, it revealed her activity to all of her most common correspondents—which includes her ex-husband. Things she had thought she was only sharing with her boyfriend and her mother, that she thought she had control over, were now automatically shown to someone she has very good reason to trust no further than her inbox. See the problem here?

We've talked for years about the "opt-in" paradigm for email: companies and organizations should not send you advertisements unless you've asked for them—even if they believe you'll be interested. Similarly, companies and organizations should not be sharing your information with others—even if they believe you know the person—without asking first.

Shame on Google for not considering the choice aspect of privacy before launching Buzz. You know better.

This article was originally published by the Coalition Against Unsolicited Commercial Email.

Written by J.D. Falk, Director of Product Strategy at Return Path

Most of the reaction has been from privacy advocates fearing that this is simply another way to kill anonymity on the Internet. Oh well… that's the usual set of reactions.

Now… the fun part is, a driver's license also shows that you have the competence to drive. So, Mundie seems to have been expressing the idea that it'd be great to train people in using the internet productively and safely, before actually letting them on the internet.

As Mundie put it —

"If you want to drive a car you have to have a license to say that you are capable of driving a car, the car has to pass a test to say it is fit to drive and you have to have insurance."

Susan Brenner on CircleID did say something about K12 students having to display their licenses online having been trained in using the Internet safely and responsibly, and that licenses could be revoked for inappropriate use of the Internet.

She then went on about how a license wouldn't be very useful or effective in an open, unstructured internet.

If she'd googled back for some older history she'd have found that Mundie was simply channeling a trope that's over a decade old. It isn't something that he came up with all by himself.

The concept of an "internet driver's license" is an old usenet trope—dating back to the time when people spoke of an "eternal september" (referring to when, earlier, newbies would only come into usenet every september as the term opened in colleges, but after 1993 and aol, compuserve, juno etc, more and more people entirely new to the Internet kept coming in, in droves, exasperating the regulars on mailing lists and usenet groups). The concept of needing a driving license to use the internet was a running joke that dated back to the same period.

My good friend and maawg senior tech advisor Joe St.Sauver (of UOregon, EDUCAUSE, etc etc etc) put the need for a driver's license in a much more security aware context back in 2007 —

There's nothing inherently wrong with offering people a quick training course in using the internet safely and responsibly when selling them an internet connection. Several ISPs already distribute videos on install CDs and maintain support FAQs, online help forums etc.

The smaller ISPs (such as the community internet / freenet networks that are sadly dying out these days) used to reach out much more actively to their local userbase with face to face training courses. People new to the network in a university or a corporation routinely do receive a quick security briefing on safe and acceptable use of the Internet.

Yes - the concept of revoking an internet driver's license does seem unworkable, doesn't it?

There's something called a Walled Garden, that's quickly becoming established network security practice.

If there's a computer on a network (whether an office network, or a large ISP's DSL pool) that's infected and emitting malicious traffic, it can be detected, and once detected, moved into what is called a "walled garden"—a safe area or sandbox from where the user can only access the ISP helpdesk pages, windows update and antivirus update servers, till such time as he clears up the infection on his PC and either automatically releases himself from the walled garden by clicking a button (which can happen the first two or three times) or calling the ISP's helpdesk to let him out.

Several large DSL networks have already implemented this, and MAAWG has a best practice document that recommends it, along with other measures to mitigate botnet infections on a ISP network.

Two documents from the OECD and the ITU put this into context, discussing the threat posed by malware, and the political/administrative, technical and social measures needed to mitigate it. They both cite the MAAWG best practice documents, by the way.

I'll conclude by saying that a lot of this is simply to protect the ISP's users from the personal consequences (ID theft, phishing etc) of an infection on their PCs, as well as to protect the ISP's other users as well as the internet at large from the malicious traffic emitted by malware.

Note to some people reading this: Thank you. Yes, I've heard the Ben Franklin quote about sacrificing liberty for safety. I've also heard the Pastor Neimoller quote about "first they came for ..." (though I always think people who use that quote have automatically lost their argument, having violated Godwin's Law by comparing the other side to the Nazis). I'll still stand by what I said. Thank you.

Written by Suresh Ramasubramanian, Head, Antispam Operations

We learned from The Wall Street Journal yesterday that "Federal Communications Commission Chairman Julius Genachowski gets a little peeved when people suggests that he wants to regulate the Internet." He told a group of Journal reporters and editors today that: "I don't see any circumstances where we'd take steps to regulate the Internet itself," and "I've been clear repeatedly that we're not going to regulate the Internet."

We're thankful to hear Chairman Julius Genachowski to make that promise. We'll certainly hold him to it. But you will pardon us if we remain skeptical (and, in advance, if you hear a constant stream of "I told you so" from us in the months and years to come). If the Chairman is "peeved" at the suggestion that the FCC might be angling to extend its reach to include the Internet and new media platforms and content, perhaps he should start taking a closer look at what his own agency is doing—and think about the precedents he's setting for future Chairmen who might not share his professed commitment not to regulate the 'net. Allow us to cite just a few examples:

Net Neutrality Notice of Proposed Rulemaking

We're certainly aware of the argument that the FCC's proposed net neutrality regime is not tantamount to Internet regulation—but we just don't buy it. Not for one minute.

First, Chairman Genachowski seems to believe that "the Internet" is entirely distinct from the physical infrastructure that brings "cyberspace" to our homes, offices and mobile devices. The WSJ notes, "when pressed, [Genachowski] admitted he was referring to regulating Internet content rather than regulating Internet lines." OK, so let's just make sure we have this straight: The FCC is going to enshrine in law the principle that "gatekeepers" that control the "bottleneck" of broadband service can only be checked by having the government enforce "neutrality" principles in the same basic model of "common carrier" regulation that once applied to canals, railroads, the telegraph and telephone. But when it comes to accusations of "gatekeeper" power at the content/services/applications "layers" of the Internet, the FCC is just going to step back and let markets sort things out? Sorry, we're just not buying it.

Chairman Genachowski may sincerely believe that a clear, bright line can be drawn between the "infrastructure layer" (which he's certainly going to regulate) and what he likes to think of as "the Internet" (which he promises not to regulate). But as we warned last October, the day after the FCC launched this NPRM:

The promise made yesterday by the FCC—to only apply neutrality principles to the infrastructure layer of the Net—is hollow and will ultimately prove unenforceable. The reality is that regulation always spreads. The march of regulation can sometimes be glacial, but it is, sadly, almost inevitable: Regulatory regimes grow but almost never contract… The basic premise of neutrality regulation is already being proposed for other layers of the Internet.... whatever the FCC might say today, any large online intermediary with a popular platform potentially faces the threat of "network neutrality" mandates—because every platform is essentially a "network," too. We're not just talking about "search neutrality" (Google as well as Microsoft) but also about "device neutrality" (mobile handsets), "app neutrality" (Apple's iTunes store, Facebook's developers and Google's Android mobile OS) and so on for social networking, email, instant messaging, online advertising, etc.

We explained how the intellectual foundations for this regulatory creep have already been laid by groups like Free Press and Public Knowledge and law professors like Columbia's Tim Wu (father of "Net Neutrality"), Harvard's Jonathan Zittrain (father of "API/device Neutrality"), and Seton Hall's Frank Pasquale (father of "Search Neutrality"). Joining this intellectual vanguard of Internet regulation is George Washington law school professor Dawn Nunziato, whose new book, Virtual Freedom: Net Neutrality and Free Speech in the Internet Age, is a veritable manifesto for expansive neutrality regulation (especially of Google)—and how the First Amendment ("Congress shall make no law...") should be twisted not just to allow such regulation of speech platforms, but to require it! Even Wu, whose work blazed a trail for these others, is pretty clear about the breadth of his original vision for "neutrality" regulation, as his popular Net Neutrality FAQ makes clear:

The promotion of network neutrality is no different than the challenge of promoting fair evolutionary competition in any privately owned environment, whether a telephone network, operating system, or even a retail store. Government regulation in such contexts invariably tries to help ensure that the short-term interests of the owner do not prevent the best products or applications becoming available to end-users.

Zittrain, Pasquale, and Nunziato don't pull any punches either: They don't shy away from flirting with nebulous neutrality definitions and wide-ranging government powers to regulate. So we don't have to imagine what the "slippery slope" might look like: There are plenty of very smart and highly influential legal academics out there hard at work sketching out precisely where the path Chairman Genachowski has started us down will ultimately lead.

It's no less clear why we'll wind up marching down that path, no matter what the current FCC leadership intends.

1. The current net neutrality rulemaking sets a profoundly dangerous legal precedent of essentially unlimited claims of "ancillary jurisdiction": As our friends at the Electronic Frontier Foundation (who have a soft spot for net neutrality in theory) put it, "If 'ancillary jurisdiction' is enough for net neutrality regulations (something we might like) today, it could just as easily be invoked tomorrow for any other Internet regulation that the FCC dreams up (including things we won't like)." Our PFF colleague Barbara Esbin carefully dissected this issue for the Commission in her recent filing in this proceeding.
2. As explained above, the general regulatory principle of controlling "gatekeepers" doesn't end with infrastructure.
3. As EFF notes, "Experience shows that the FCC is particularly vulnerable to regulatory capture."
4. Now that FCC has opened the door to micro-managing online business practices in the name of "neutrality," the companies that have made America the leader in the Digital Revolution are already turning on each other in a dangerous game of brinksmanship, escalating demands for regulation and playing right into the hands of those who want to bring the entire high-tech sector under the thumb of government—under an Orwellian conception of "Internet Freedom" that makes corporations the real "Big Brother," and government, our savior.

This strategy of political escalation will thus quickly steamroll over whatever promises made today to narrowly cabin the principle of neutrality regulation—and end in "Mutually Assured Destruction." That's why we referred to the day the FCC started down this path back in September as "The Day Internet Freedom Died."

If that title sounds melodramatic, take a step back and consider that, back in 1996, Congress decided to enshrine in law the principle that the Internet is different from traditional media: Apart from an ill-considered effort to censor online indecency and obscenity (which was quickly struck down by the Supreme Court as unconstitutional) and the enforcement of intellectual property and criminal laws, Congress decided to take a purely laissez-faire approach to the Internet. As Barbara reminded the Commission in her net neutrality filing, "Section 230(b)(2) flatly declares that it is the policy of the United States ― to preserve the vibrant competitive free market that presently exits for the Internet and other interactive computer services, unfettered by Federal or State regulation."

So Chairman Genachowski's decision to revert to the common carrier model of the railroad era marks a fundamental break with the approach Congress decided we would take to the Internet. The DC Circuit will likely soon rule that the FCC has vastly overstepped its authority in trying to set Internet policy without any clear grant of authority from Congress to do so.

Wireless Innovation & Investment Notice of Inquiry

In fact, the same kind of thinking is already being extended by this FCC in a number of other arenas using a flurry of innocuous-seeming "Notices of Inquiry." While these notices purport only to ask questions, they either:

1. Foreshadow where the Commission intends to go in proposing new regulations based on its nearly limitless conception of its own regulatory authority;
2. Are intended to pressure Congress to give the agency more statutory authority; or
3. Are intended to intimidate industry into "playing ball" so the FCC won't actually have to stick its neck out by trying to write rules to regulate Internet activities that are clearly beyond its existing authority and might well be unconstitutional even if Congress ever did expand that authority.

Exhibit A is the language in the Commission's August 2009 Wireless Innovation and Investment Notice of Inquiry, (paragraph 60, pg. 21) that suggests the FCC is angling to become the Federal Cloud Commission:

As other approaches, such as cloud computing, evolve, will established standards or de facto standards become more important to the applications development process? For example, can a dominant cloud computing position raise the same competitive issues that are now being discussed in the context of network neutrality? Will it be necessary to modify the existing balance between regulatory and market forces to promote further innovation in the development and deployment of new applications and services?

Good morning, Google! Hello, Facebook! Is anyone out there in the cloud listening to the rumbling thunder of federal regulation? What began as academic theory in a law school ivory tower is coming soon to a regulatory agency near you! But wait… there's more!

National Broadband Plan Public Notice #21 (Cloud Computing)

Last November, as part of the Commission's ongoing effort to develop a National Broadband Plan, the FCC released a request for information "on data portability and its relationship to broadband." (NBP Public Notice #21) "The Commission seeks tailored comment on broadband and portability of data and their relation to cloud computing, transparency, identity, and privacy," the notice says. Here was the second item on the list of things the Commission said it was investigating (p. 2):

When considering the portability of data, we also consider the processes through which data are moved. In this context, we seek comment on how to identify and understand cloud computing as a model for technology provisioning.... What types of cloud computing exist (e.g., public, hybrid, and internal) and what are the legal and regulatory implications of their use? ... To what extent are consumers protected by industry self-regulation (e.g., the Cloud Computing Manifesto), and to what extent might additional protections be needed? ... What specific privacy concerns are there with user data and cloud computing? What precautions should government agencies take to prevent disclosure of personal information when providing data? Is the use of cloud computing a net positive to the environment? Are there specific studies that quantify the environmental impact of cloud computing?

We suppose some might claim there's nothing wrong with the FCC looking into these issues, and that the agency's interest in cloud computing is entirely benign. (Never mind the fact that the Federal Trade Commission already enforces the privacy policies of cloud computing providers and is looking hard at online privacy.) Seeing all these open-ended questions about something so obviously beyond the scope of the FCC's authority just makes the potential for—and perhaps even inevitability of—regulatory creep hard to miss. Eventually, when a regulatory agency asks enough questions, especially the sort of questions highlighted above… well, to paraphrase Master Yoda:

Open-ended inquiries about new regulations are the path to the Dark side.

Inquiries lead to agency oversight.

Agency oversight leads to regulation.

Regulation leads to suffering for innovators and consumers alike.

Again, we're not just inventing bogeymen here. It's quite clear that regulatory advocates want to take neutrality regulation into "the Cloud." As Jason Lanier, author of the popular book You Are Not a Gadget summarizes one of his key themes:

While there is a lot of talk about networks and emergence from the top American technologists, in truth, most of them are hoping to thrive by controlling the network that everyone else is forced to pass through. Everyone wants to be a "Lord of a Computing Cloud."

In Lanier's dystopia of techno-feudalism, the Lords oppressing the poor digital "peasants" certainly aren't just those running broadband service providers. It's the Google, Facebooks, and Twitters of the world. It's similar to the "sharecropper" concern raised by Nick Carr in his book The Big Switch. Complaints like those will only grow in the years to come, and few will buy—or even pause to remember—the distinction Chairman Genachowski seems to stand on now between infrastructure and "the Internet."

National Broadband Plan Public Notice #29 (Privacy)

The "Recovery Act" passed in January 2009 tasked the FCC with formulating "a detailed strategy for achieving affordability of such service and maximum utilization of broadband infrastructure and service by the public." The FCC seized this as an opportunity to solicit suggestions as to how regulate the use and collection of data by the private sector on the grounds that concerns about privacy might somehow be slowing broadband adoption.

Chairman Genachowski's flurry of open-ended inquiries about new regulation are clearly intended to give a bully pulpit to regulatory advocates to demand that the FCC issue the very sort of Internet regulations the Chairman purports to abhor (or that Congress give the agency authority to do so). But most of these notices at least appear to be objective requests for comments written independently of the groups the Commission seems so eager to hear beg for Internet regulation. But in this case, the Commission dispensed with that tedious formality and just outsourced the writing of the inquiry itself to one of the outside groups clamoring the loudest for data regulation in the name of "privacy": our friends at the Center for Democracy & Technology, with whom PFF has worked closely on many free speech issues in the past.

CDT is on to something when they write that "Consumers will not embrace broadband if they have a sense that everything they do online will be watched by government officials." We'll join with them in the fight to protect consumers' privacy from the Real Big Brother—government!—but once again, as with net neutrality, advocates of regulation see government as the protector of our digital liberties (if only we can forever make sure noble civil-libertarians are in charge of the regulatory apparatus of the state!). So CDT has it exactly backwards when they say: "Consumer privacy concerns encompass not only what companies do with their data, but also the extent to which the government accesses it." And instead of just suggesting that the FCC's National Broadband Plan include a recommendation that Congress clean up the antiquated laws intended to limit government surveillance, CDT pushes for sweeping regulations that would affect the ability of most online services and sites to collect and use the data they need to improve their services, innovate, and maybe even try to make some money on advertising to support all the free content and services they give away.

Thus, instead of focusing on the clear harm from government, the FCC's outsourced inquiry goes after online operators as "privacy proxies" for concerns about government action. At least Congress actually asked for the FCC's recommendations in this case, unlike all the other inquiries the agency has launched sua sponte. But as Berin noted in his comments on this inquiry, the Recovery Act allowed the FCC to "recommend only those policies that it concludes will, on net, help achieve "affordability" and 'maximum utilization' of broadband." That means the Commission would actually have to consider the many trade-offs inherent in the private sector use of data before recommending regulation: If the Internet ecosystem is impoverished by government intervention, however well-intentioned it may be, users will have that much less reason to adopt and "utilize broadband." So the FCC would have a lot of cost-benefit analysis to do before it could actually make the kinds of regulatory recommendations CDT wants. And we suspect that, on the whole, that analysis wouldn't turn out the way CDT thinks it would.

Child Safe Viewing Act Notice of Inquiry

In a somewhat similar vein, Congress last year asked the agency to examine how well parental control technologies work to allow parents to filter objectionable content online. So while the FCC may have had, for once, the authority to ask broad questions, it's startling just how broad those questions were. The Commission obviously has no authority over video games or virtual worlds, online video distribution networks or video hosting sites, mobile web content, MP3 players or iPods, P2P networks, VCRs or DVD players, PVRs or TiVo, Internet filters, safe search tools, laptops, and so on. And yet, all these things (and much more) were mentioned in the Commission's Child Safe Viewing Act Notice of Inquiry.

The proceeding raises the prospect of what Adam has called "convergence era content regulation” since it opens the doors to FCC meddling on a number of new fronts in the name of "protecting children." Although the Commission's final report to Congress stopped short of calling for an substantive expansion of the agency's content regulatory regime, it teed up another proceeding, discussed next. (And if Congress hasn't moved more quickly to grant the FCC new power in this area, it's probably because they're busy trying to figure out how to get around a line of First Amendment cases that consistently require government regulation to yield to "less restrictive" alternatives like parental control tools and education.)

Empowering Parents & Protecting Children Notice of Inquiry

This wide-ranging inquiry reads like the ultimate "fishing expedition" by a regulatory agency—fishing for new jurisdictional authority to regulate, that is! The questions asked are too broad, far-flung and various to catalog here (we'll have a big filing coming in the matter soon), but the Commission asks about extending to Internet media the model of the 1990 Children's Television Act, which imposes "public interest" obligations on broadcasters and cable operators to offer "education" content while also strictly limiting how much advertising may be shown during children's TV. The Commission also alludes, ominously, to the V-chip model for requiring universal ratings for television and hints that it would really like for "current laws [to] be updated to reflect this convergence and to keep pace with changes in technology" (¶ 41).

The Commission mentions only in passing at the very end of the Inquiry that it "has varying degrees of statutory authority with respect to different media. We ask commenters, in proposing any action, to discuss the source and extent of the Commission's authority to take the action, or whether new legislation would be needed to authorize such action" (¶ 58). Translation: "Uh, yeah… so… we know we don't have a statutory leg to stand on here, but we think it'd be really cool if we did, so let's just all, you know, kinda brainstorm about what kind of regulation we could be imposing here and what kind of law we'd need get Congress to pass to make it all legal. Or if you have any creative ideas on how we could get away with just making up the jurisdiction thing on our own, that'd be even better!"

YouTube, you're first on the list of targets for the kind of online video regulation the FCC is hinting at here—and none too subtly. But why stop there? The FCC's laundry list of complaints aren't limited just to video, but could apply to essentially all online media. But this is all in the name of "protecting the children," and Chairman Genachowski doesn't want to regulate the Internet, so we really don't need to worry—right?

Future of Media Notice of Inquiry

Most recently, in late January, the Commission launched the ambitiously-named "Examination of the Future of Media and Information Needs of Communities in a Digital Age." The FCC asks a number of good questions about how government could get out of the way of media struggling to reinvent themselves in the digital era by scrapping outdated regulations. The inquiry also tips its hat to the vital importance of advertising in supporting media. But it's otherwise pretty bad news as a harbinger of a "Chill Wind" for the future of a free press in this country, as Ken Ferree, PFF's former president and current board member noted.

In particular, the Commission comes right out with a "trial balloon" about imposing public interest obligations on online operators—the very thing it hinted at slightly more delicately in the "Empowering Parents" inquiry mentioned above:

Broadcasters have certain public interest obligations, including that they provide programming responsive to the needs and issues of their communities and comply with the Commission's children's programming requirements. Cable and satellite operators have their own responsibilities… Should such obligations be applied to a broader range of media or technology companies, or be limited in scope?

OK, so we're not going to "regulate" online content operators; we're just going to impose "public interest" obligations on them to provide certain kinds of content preferred by politicians. Right… and if Google News or YouTube don't do enough to "serve the public interest," what then? Will the Federal Search Commission take away Google's search license or cloud computing license?

Of course, we don't mean to suggest that even the "Federal Cloud Commission" would ever be so unsubtle as to create a formal licensing system when they can probably achieve the same ends with far less obvious regulation. But how is this all going to work, exactly? Again, this is exactly the kind of hopelessly vague regulatory morass Congress had in mind when it declared that the federal government would avoid "fettering" the "vibrant competitive free market ... for the Internet and other interactive computer services" with regulation.

The FCC goes on to revive the kinds of broad net neutrality ideas discussed above in asking:

How would policies related to "open Internet" or "universal broadband" or other FCC policies about communications infrastructure affect the likelihood that the Internet will meet the information needs of communities? Are there search engine practices that might positively or negatively affect web-based efforts to provide news or information?

In other words, "Tell us why and precisely how we should start regulating search engines in order to help 'save news.'" Google, here's looking at you, kid! You want to keep your search license, dontcha? Well, just do what the nice men from Washington want and there won't be any trouble.

Finally, the Commission opens the door to the noxious proposal for a "public option" for media, which Adam has lambasted. Here's what the Commission says:

In general, what categories of journalism are most in jeopardy in the digital era? What categories are likely to flourish? While much is still to be determined as media companies test various business models and payment approaches in the coming years, based on what is known now, are there news and information needs that commercial market mechanisms alone are unlikely to serve adequately?

Don't worry, it's not as if government will exercise control over the media companies it funds if the media-socialist fantasies of the neo-Marxist Robert McChesney and his ironically-named "Free Press" group actually come true. Nope, government's just here to help!

We'd all do well to remember that subsidies always come with strings attached—namely, regulation. That's the Golden Rule: "He who has the gold, makes the rules!"

Conclusion

Chairman Genachowski, with all due respect, if you don't like people suggesting that the FCC may be positioning itself to regulate the Internet and digital media platforms, then you might want to take a careful look at what your agency has been doing. You should think hard both about the precedents that will be set by "neutrality" regulation for online content and services, and also about the quasi-regulatory effect that your agency's flurry of open-ended inquiries will have on the operators you claim not to want to regulate.

What will future Chairmen do with these precedents? What will emerge from every "Pandora's Box" you've opened with each new sweeping inquiry? The answer, we fear, is an endless parade of new Internet regulations—and the death by a thousand cuts of real Internet freedom.

Cross-posted from the Technology Liberation Front

Written by Berin Szoka, Senior Fellow, The Progress & Freedom Foundation

Read full story: Washington Post

Read full story: Telegraph.co.uk

The speech wasn't an isolated event, of course. Thanks to the flexibility and political savvy of a gifted Secretary and the prior experience and skills of her staff, the State Department has been rolling out great talking points and technology-focused actions from the beginning of the administration.

Yes, Secy. Clinton had to say that she was worried about anonymous speech, about IP piracy, and about cybersecurity. She had to point to existing committees and efforts, like the Global Internet Freedom Task Force and the Global Network Initiative, which won't necessarily be meaningful to ordinary Americans. She didn't announce a particular enforcement initiative. This is all about persuasion and words, not definitive actions.

Words are important, though, and you could hear US leadership in what the Secretary had to say.

• "We stand for a single internet where all of humanity has equal access to knowledge and ideas."
• "These actions [electronic barriers, censorship, privacy violations] contravene the Universal Declaration on Human Rights."
• "In many cases, the internet, mobile phones, and other connection technologies can do for economic growth what the green revolution did for agriculture. You can now generate significant yields from very modest inputs."
• "Unfettered access to search engine technology is so important."
• "Countries that censor news and information must recognize that, from an economic standpoint, there is no distinction between censoring political speech and commercial speech. . . . countries that restrict free access to information or violate the basic rights of internet users risk walling themselves off from the progress of the next century."
• "The internet is a network that magnifies the power and potential of all other[ networks]."

This kind of rhetoric takes courage. We could be deferring to China's sovereign authority to manage its own ISPs in its very large and attractive market. We could be thinking wistfully of our own ability to wage economic war and differentiate the treatment of information online. We could be embarrassed about our own privacy failures and worry about the hypocrises that will continue to be revealed.

It's better, though, to say that we stand for "internet freedom" as a country. That's memorable, worthwhile, actionable, and human.

Written by Susan Crawford, Professor, University of Michigan Law School

Read full story: External Source

1. The Internet needs to be protected not only from the potential impacts of technical considerations but also from over-eager governments.

Governments are increasingly searching for ways to control and manipulate news and expression. What's more is that when the traditional channels fail, they try their hand at controlling Internet access. This control can take the form of shutting down sites or manipulating the Internet bandwidth available to users within the country at crucial times. What results is that the beauty of the Internet's vast "oneness" and ubiquitous accessibility ultimately transforms into inaccessible silos.

Yes, the Internet is growing. Yet it remains vulnerable to censorship. While traditional news channels with defined content hierarchies are easy targets for governments, what's proving harder to control is the self-authored content, which is de-centralized and proposes a "whack-a-mole" model to the governments. Case in point, consider the barring of foreign news coverage from traditional sources during and after the Iranian election. This control inspired the populace to use their mobile phones to capture images, to use Twitter and Facebook to report what was happening to the outside world, and to help organize themselves inside the country. The most iconic image of last year was the death of a young women, Neda, from a sniper's bullet, all captured by video on a mobile phone. For effective communication, users' content needs to be found by the right audience—whether that is through SEO or social networks. As a result, many are opting for an account with these aggregators instead of their own unique domain name. Unfortunately, these outlets of communication are becoming more centralized. Many are consolidating (being bought—such as YouTube's acquisition by Google) or struggling to find a working revenue model to exist (i.e., Twitter). As outlets disappear or become more centralized, governments will have an easier time quelling the chorus of voices.

2. We should start thinking of stability beyond particular technical considerations and have it encompass cross-border collaboration.

For example, a big threat to Internet stability and security is the rapid evolution of identity theft schemes and malware. These scams not only affect us all technically, but they also affect the end-users' level of trust while surfing the web.

Think of Confiker, which had us all scrambling to respond. The Internet is a global medium. However,the laws that govern us are very much local and often conflicting. So in trying to mitigate security threats, our hands are often tied when faced with the threat of litigation for overstepping the myriad of overlapping boundaries that we have to navigate. As a result, many simply give up—to the detriment of us all. Collaboratively taking responsibility and involving players outside the ICANN area is one answer (note: shameless plug for RISG which involves almost every actor in the chain collaborating across industry lines to mitigate identity theft). But another is our governments and regulatory systems untying the chains that bind us… or at least make it much harder to do the right thing. Why not encourage our respective governments and regulatory bodies to provide multilateral relief in security cases which cross national boundaries? For example, ICANN provided regulatory relief upon request during Confiker so the registries could take the necessary actions to mitigate the threat. We need this model on a multilateral- governmental scale. If we do not actively enable end-user trust in the use of the Internet, we risk losing it.

When the trust in the wider ecosystem of the Internet decreases, users will be more tempted to give some of the their rights to a controlling third party platform provider in return for assurances of security. Haven't we seen that happen already many times in the real world? I can almost hear the voice-over: remember those National Geographic specials? Recall when the thirsty wildebeest started walking towards the safe-looking pool of water, teeming with crocodiles. "Sadly now, there can be but one outcome." And it wasn't pretty.

3. We need to practice humility, see reality, and speak plainly.

We have had our heads in the sand too long, believing the Internet begins and ends with us. Reality is… it doesn't. The center of power is shifting from the DNS players to social media sites and the ad engines (yes, I am purposely not calling them search engines). It is these folks who determine the privacy and control provisions for a massive number of users. According to Facebook, 'privacy is so yesterday.' Last February when Facebook decided that it perhaps owned the content users posted, it was big news on CNN. When was the last time that a WHOIS proposal enjoyed a slot on the CNN nightly news?

So what should we do?

First, we need to embrace plain speak. Many of our advocacy efforts (funny enough on behalf of the bewildered Internet users) are shrouded in such legal/policy and technical languages that they are rendered incomprehensible. How can the average Internet user, nay—the one who hasn't come on yet—possibly understand what we are proposing to enable his/her access and use?

We should also support multi-stakeholder governance models like ICANN and help them to operate better. That means meaningful and constructive (i.e. not destructive) feedback when necessary. We should also recognize that we ourselves are not silos. The decisions that each and every one of us makes independently, affects our ecosystem and therefore all of us in the end. Case in point: we all turned a blind eye toward speculation and domain tasting for awhile. And while that had its profitable moments for a few players, it ultimately introduced volatility in the domain name market as rules, ad models, and the economy changed.

Lastly, we should ask if our community's resources and energy spent are aligned with reality. The world is still in an economic recession. Many businesses and consumers' first priorities are managing costs to survive. In many countries, literacy is still an issue, followed by lack and/or cost/speed of Internet access. In those cases where literacy and access are not the main issues, it is the government's insistence on controlling the user activities and free expression which threatens to fragment the Internet into silos. Identity theft and other online security problems plague governments and the average end-user, costing each and every one of us more money. Yet the problem persists and is getting worse.

With the introduction of new Top-Level Domains (TLDs), some may turn out to have a great application and use but certainly not all of them. Is it more important that we expand the IP space (IPv6) or add more TLDs? To me that question is akin to building high-rises on a small patch of land. It is okay if everyone wants to live in Manhattan.

Would we all have been better off if instead we had focused our dialog first on "What the current and new generations of Internet users need from us?" Our shared customer needs can point us all to the appropriate sequence of actions and priorities—which we might all agree to. We can still resolve to do that in 2010.

Written by Alexa Raad, Chief Executive Officer of Public Interest Registry