Future of the Internet Blog

• Global Online Freedom Act: Governments Can’t Protect Freedom by Themselves

New legislation being considered in Congress would prevent US companies from aiding the censorship and surveillance operations of repressive foreign governments. The Global Online Freedom Act (GOFA), sponsored by Chris Smith (R-NJ), would track foreign Internet monitoring and blocking efforts under a new Office of Global Internet Freedom and would prevent US tech firms from handing over sensitive user information to so-called Internet-Restricting Countries. (Internet Restricting Countries, or IRCs, would be those that were “directly or indirectly responsible for a systematic pattern of substantial restrictions on Internet freedom.” China would be included, of course, but what about Australia or Finland?) On balance, GOFA would help the cause of Internet freedom, or at least provide a better understanding of surveillance worldwide. Yet some of the provisions are misguided, and could actually hurt the cause GOFA aims to further.

Let’s focus on Section 201, which would prevent US companies from “locating” sensitive user information within Internet-Restricting Countries. Just what “locating” means here is not entirely clear: is a Chinese GMail subscriber’s email located on her own computer, in Mountain View, California, or on one of the many routers in between? Regardless, the goal here would be to make it more difficult for Internet-restricting governments to claim jurisdiction over, and gain access to, user data.

Unfortunately, as the Center for Democracy and Technology makes clear (pdf), Sec. 201 would almost certainly fail to achieve its objective, and might actually cause more harm than good. If US companies couldn’t place important servers within IRCs they would be forced to degrade some low-latency services (e.g. IM) and discontinue others (e.g. VoIP). This would discourage US investments in these countries and encourage less scrupulous foreign companies to take their place.

More importantly, Section 201 would be unlikely to impact IRCs jurisdictional claims. As Internet law rapidly evolves, countries have repeatedly and successfully demanded that information be controlled or monitored, even when that information is hosted outside their borders. Forcing US companies to locate their servers outside IRCs would only make their services less reliable; it would not make them less regulable.

If the goal of GOFA is to discourage US companies from violating human rights, then it will probably be successful. But if the goal of the Act is to make the Internet more free and more safe, and not just push rights violations on foreign companies, then more must be done. Here are three suggestions that together might accomplish what Sec. 201 aims to do:

1. Publicize privacy restrictions: If companies are clear with their users that they intend to follow the laws of IRCs, users will be less likely to put dangerous content online. Many of the largest ICT firms are already working in coordination with the Berkman Center to create an industry standard for disclosing their privacy policies.
2. Push privacy protection to the edges: By giving users in IRCs access to privacy protection technologies like Tor or Anonymizer, users will be able to protect their own privacy without government mandates.
3. Make that push to the edges possible: Protections against surveillance are pointless if content is automatically filtered. Congress can mandate export controls against IRCs, preventing US companies from selling filtering technologies to these countries. In fact, GOFA begins the process of mandating just such export controls.

GOFA is, on balance, a step in the right direction. But the problems with Sec. 201 show that the government cannot protect the Internet openness by itself. These suggestions would shift some of that responsibility for protecting freedom and innovation towards interested individuals and responsible companies.

-Brendan Ballou

• DVD Rippers and Tolerated Use

A new study by Future Source Consulting reports that 1/3 of US residents have copied a DVD in the past six months. This number, high as it is, might not be surprising. What is surprising is how little action the television and film industries (at least in comparison to the recording industry) have taken in response to such commonplace copyright infringement.

Why might this be? Why would content producers fail to enforce their legal right to prevent most of this ripping and sharing? It’s unlikely that film and television producers are unaware of or unconcerned by DVD ripping. Rather, they probably think that this sort of infringement is too hard to prosecute, and that the individual infringers are too “low value” to worthy any sort of extensive legal action. Content producers also probably recognize that at least some of these infringing uses actually add value to their products: ripping a DVD to post clips on an Internet fan page, or sharing a DVD with a friend who becomes an addict of the show might actually increase legal viewership.

What we’re seeing here is the emergence of what Professor Tim Wu calls “tolerated use.” This is use that is not legal, but that content creators take only occasional action to prevent. In this way the specific case of DVD ripping is like Internet users posting copyrighted content onto YouTube, or fans of Lost posting the transcripts of the show on Lostpedia. These sorts of infringing uses are generally hard to prosecute, involve low value targets, and occasionally create marketable opportunities for the original content creator or distributor. Theoretically the content creators could swoop down at any time and stop the unlawful infringement, but for the most part it just isn’t in their interest to do so.

Is tolerated use a good thing? Maybe. In general consumers get to continue to use their technologies in the ways that they want, and content creators get to maintain ultimate control over their products. However, the situation with tolerated use is analogous to the situation with the Facebook API. While coders on Facebook can in theory create most any kind of product they want, Facebook reserves the right to block or impose charges for the product at any point. The coders are free as a matter of fact, but not as a matter of law.

The same situation is going on with DVD rippers and tolerated use. People can rip DVDs, share those DVDs with a few friends, and post clips on YouTube. But they can’t do so “resiliently.” That is, their use could be blocked or controlled at any moment.

This sort of fragility in action almost certainly deters innovation and deprives individual users of a sense of autonomy. In a choice between total technological lock-down and tolerated use, tolerated use is certainly superior. But to the extent that innovation and autonomy are things we value, tolerated use is only a partial solution to over-broad copyright laws; it is not an ideal.

-Brendan Ballou