Graduate Research Fellow in Privacy and Freedom of Speech – Apply!

The University of Arizona James E. Rogers College of Law welcomes applications for a graduate research fellowship beginning in October / November 2016 and ending in summer / fall 2017. The Fellow will work with Professors Derek Bambauer and Jane Bambauer on a series of projects related to privacy, transparency, and free speech, including a major research workshop for scholars in the field scheduled for spring 2017. The Fellow may have the opportunity to teach one or more classes at the law school to JD students or undergraduates. In collaboration with the University’s Center for Digital Society and Data Studies, School of Information, and School of Government and Public Policy, the Fellow will write scholarly research papers, produce opinion pieces for popular media outlets, communicate with stakeholders such as government officials and think tanks, and help the university develop its systems for data privacy and security. The goals of this project are to generate research findings that will inform policy, create new avenues for advocacy, and educate the public about privacy and free speech. The Fellow will also have the option of receiving affiliation as a Center for Democracy and Technology Research Fellow (https://cdt.org/about/fellows/). The position may involve occasional funded travel to the Center for Democracy and Technology in Washington DC.

About the Application Process

The University of Arizona is committed to meeting the needs of its multi-varied communities by recruiting diverse faculty, staff, and students. The University of Arizona is an EEO/AA-M/W/D/V Employer. As an equal opportunity and affirmative action employer, the University of Arizona recognizes the power of a diverse community and encourages applications from individuals with varied experiences, perspectives, and backgrounds. Applicants should have demonstrated interest and achievement in legal scholarship. A J.D. or equivalent degree from an ABA-accredited law school is required unless waived. The strongest applicants will have a mixture of legal practice experience, scholarly writing, and teaching experience. If you are interested in joining the College of Law’s community of teachers and scholars, please contact Professor Derek Bambauer with the following materials:

  • C.V.
  • Cover letter describing your research goals, scholarly interests, and relevant experience
  • Names and contact information of two references

Finalists for the Fellowship will be required to submit an application through the University of Arizona’s human resources Web site.

We anticipate interviewing candidates beginning in September, and offering the position to commence in October / November 2016. Both starting and ending dates are flexible depending upon the candidate’s needs.

The Fellowship pays a salary of $40,000 – 50,000 for its term and includes full benefits, including health care insurance. (And money goes a lot further in Tucson.)

If you have questions, please contact:

Derek Bambauer

Professor of Law

1201 E. Speedway

Tucson AZ 85718

derekbambauer@email.arizona.edu

Internet Troll’s “Political Shenanigans” Are Protected Speech–State v. Hirschman

(Cross-posted at the Technology & Marketing Law Blog.)

Aaron Hirschman, a self-proclaimed “Internet troll,” posted the following message on Craigslist:

Wanna make an easy $20 for voting? (Downtown Bend)

Are you interested in making a quick and easy $20? Meet us in the parking lot downtown near the drop off voting booth this weekend. All you need to do is bring your UNFILLED clean voting ballot and let us fill it out then you sign, and we hand it to the volunteer in the voting booth. Its that simple! Then you get $20. We’ll be there all weekend through tuesday.

Everybody, including state prosecutors, agreed that Hirschman had no intention of actually buying votes or carrying out this plan. His post was what the state called a “political shenanigan,” designed to provoke reactions by taking an absurd or offensive position.

troll

Unfortunately for Hirschman, his trolling was not obvious enough for the government’s liking. Even though nobody replied to Hirschman’s post, the Oregon Secretary of State’s office thought the post would be reasonably interpreted as a genuine proposal to create a contract. He was charged with and convicted of violating ORS 260.715(9), which states that “a person may not [] offer to purchase, for money or other valuable consideration, any official ballot [].”

On appeal, Hirschman made two key arguments: First, the trial court misinterpreted the meaning of the word “offer” in the statute by failing to incorporate an intent element that would require the state to prove he had a subjective intent to form a contract. Second, if the statute did apply to Hirschman’s post, then it violated his constitutional right to free expression under the Oregon Constitution (though the analysis would share many similarities to a First Amendment challenge under the U.S. Constitution.)

The Court of Appeals reversed Hirschman’s conviction. But the analytical path it took to reach its result is a bit surprising.

The court could have avoided a free speech analysis by interpreting the Oregon statute as the defendant suggested—requiring subjective intent by the offeror to actually enter into an illegal contract. This would have allowed the court to dispose the case on statutory rather than constitutional grounds. But the court declined. After consulting Webster’s dictionary and contract-based uses of the term “offer,” the court explained that the Oregon statute must sweep broader than the defendant suggests. The defendant’s version of the statute would be indistinguishable from an attempt to purchase a ballot (which could be charged under a different part of the criminal code).

This seems to me to be a needlessly rote approach to statutory interpretation. Defining the scope of criminal liability is a good time for courts to create legal terms of art that do not match in all respects the way the words are used elsewhere. Crime-facilitating speech is a well-known hazardous area for regulation since it lies at the boundary between protected speech and unprotected conduct. The best way to manage it is to ensure that criminal laws hew closely to transactions, using speech only as evidence of the transaction or preparatory steps. That way, if I make the joke “please, I’ll pay, just somebody please take out the Kardashian family,” the criminal consequences do not teeter on how well or poorly I communicate that I am not serious.

Assessing the defendant’s subjective intent can do some of the work (perhaps not all) to ensure that direct prohibitions of speech are actually targeting a realistic threat. This is why intent is a constitutional requirement in incitement prosecutions. See Dennis v. United States (“The structure and purpose of the statute demand the inclusion of intent as an element of the crime.”) It is worth noting, though, that the Supreme Court still has not clarified whether subjective intent is a constitutional requirement in other similar areas of criminal law like true threats (see Elonis).

But even apart from the wisdom of constitutional avoidance, there is another sensible reason to interpret an “offer” in this criminal context differently from in the contracts context: the goals of the two legal constructions are very different. In contract law, the state has an interest in enforcing accepted offers even if they are made without subjective intent to form a contract–so long as the statement of an offer was objectively believable–in order to encourage transactions. When the putative offeror’s and acceptor’s interests are at odds, the contract system is better off using the objective meaning of the language and context involved so that this and future acceptors are protected from fraud, and so that future offerors can make credible offers that are not discounted as cheap talk. The goal of contract law’s definition of an offer, then, is to enable transactions. When transactions are criminally prohibited, these goals are moot. The only reason to prohibit “offers” is to discourage the transaction from occurring at all, not to enhance their reliability.

Hirschman gave the court an opportunity to define “offer” in the context of a criminal statute as a species of attempt—as a solicitation with the purpose of entering into an agreement that would itself be illegal. But because the court rejected it and accepted the state’s version of the statute, the law wound up in the buzz saw of free speech scrutiny.

Given that the court gave the criminal statute the wide scope that it did, its free speech analysis is strong and, in my view, correct. The Oregon Constitution’s protection of free speech seems to be as protective as the U.S. Constitution when the government creates content-based prohibitions of speech, applying very strong scrutiny to all but the historically excepted categories of speech.  (In fact, the Oregon constitution may offer even stronger protections than the federal right to free speech since the court seems to limit the government to only the historically recognized exceptions).

First, the court found that the law targets expression rather than effects since a person violates the law only through communication, and since that communication can violate the law even if there are no bad effects.

Next, the court rejected the state’s claim that the anti-offer statute in this case was covered by the well-established historical exception for “solicitation or verbal assistance in crime” since solicitation crimes include the very element that the state insisted was not necessary for this particular law: the element of intent that the solicited crime be accomplished.

The court also saw right through the state’s argument that the statute was necessary to promote public trust in the state’s election system. Even if the effects are what the state fear they will be, the diminution of trust alone cannot justify the suppression of political speech. As the court put it, the state “selected a phenomenon and labeled it as a harm.” Derek Bambauer and I call these “tautological harms” in our forthcoming article Information Libertarianism. It’s nice to see a judicial opinion that so clearly identifies the problem; Courts are rarely this attuned to it.

The outcome of this case is doubtlessly correct. Hirschman’s odd mockery is surely part of our constitutional experiment in open political discourse. But given the path taken to reach the result, Oregon legislators may have to revisit and redraft laws criminalizing “offers” to engage in illegal activity lest prosecutors get trolled again.

Case citation: State v. Hirschman, 2016 WL 3675617 (Ore. Ct. App. July 7, 2016)

Call for Papers: Artificial Intelligence, the Internet of Things, and Social Values

Artificial Intelligence, the Internet of Things, and Social Values

Call for Papers – AALS Section on Internet and Computer Law

Topic

The Internet of Things will create a vast surge in the amount of data that we – and our devices – generate. To make sense of this trove of information will require the use of algorithms and artificial intelligence by researchers, firms, and government. Digital sifting creates both promise and peril, and is certain to clash with important social norms. For example, it may force us to revisit norms around privacy, ownership, prediction, and the public-private boundary. The Section on Internet and Computer Law welcomes submissions for papers about this clash.

Logistics

Authors are encouraged to submit papers for this session. Submissions should summarize the paper in roughly 1000 words. To submit, please send the summary by e-mail to Derek Bambauer, <derekbambauer@email.arizona.edu>, by September 15, 2016. The members of the section’s executive committee will review the submissions and select presenters by September 28, 2016. Presenters must submit the final version by December 1, 2016.

The committee will give preference to works in progress and projects; recently accepted or published pieces are also welcomed.

Presenters will share their work at the Section’s meeting at the AALS Annual Meeting on Thursday, 5 January 2017, 1:30 – 3:15PM.

Questions

Please contact Derek Bambauer, <derekbambauer@email.arizona.edu>.

Free Speech Challenges to Credit Card Surcharge Laws

I recently helped write and organize an amicus brief urging the Supreme Court to grant cert in Expressions Hair Design v. Schneiderman. The case involves a circuit split on the constitutionality of “no surcharge” laws in New York, Florida, and a few other states. These states allow retailers to give “discounts” to cash and check payers but forbid retailers from adding “surcharges” when customers pay by credit card. Some retailers have challenged these laws under the First Amendment because the laws treat identical conduct differently based on how the sellers represent their prices.

Everybody thinks this is an easy case. The trouble is, everybody is divided about whether the First Amendment applies at all, some saying “obviously yes,” and others saying “obviously no.”

The Second and Fifth Circuits are in the “obviously no” camp. They dismissed the free speech arguments and found that these laws regulate only economic conduct.

A California district court and the Eleventh Circuit are in the “obviously yes” camp. So am I. This camp thinks the laws inarguably regulate speech. Despite appearances, the laws do not constrain pricing. Instead, they constrain how goods are labeled, and how prices are broken down and explained.

In the course of recruiting co-signers, it became clear that law professors are generally reluctant to recognize when commercial speech is being regulated, and also tend to assume that even when it’s clear communications are being suppressed, the suppression operates in consumers’ best interests. These instincts are wrong in the specific case of anti-surcharge laws, and they are likely to be misguided in the larger case of commercial speech as well. I’ll explain here why I think so.

Anti-surcharge laws regulate speech, not conduct.

These anti-surcharge cases are at bottom debating the scope of the First Amendment. The Second Circuit concluded that laws that prohibit a surcharge but allow a discount regulate economic conduct, not speech:

the central flaw in [the merchants’] argument [] is their bewildering persistence in equating the actual imposition of a credit-card surcharge (i.e., a seller’s choice to charge an additional amount above the sticker price to its credit-card customers) with the words that speakers of English have chosen to describe that pricing scheme. . . . But Plaintiffs are simply wrong. What [the law] regulates—all that it regulates—is the difference between a seller’s sticker price and the ultimate price that it charges to credit-card customers.

What’s bewildering to me is that the Second Circuit relies twice on a reference to a “sticker price” without acknowledging the expression involved. Stores are free to charge separately for an item and for the credit card transaction to purchase the item, but a sticker that says “$102, but $2 less for cash,” is legal while a sticker that says “$100, plus $2 for credit cards” can lead to jail time. The difference between criminally liable “surcharges” and perfectly legal “discounts” is, therefore, the way that retailers explain their pricing schemes.

Anti-surcharge laws do not target false and misleading speech

When I first heard about the free speech challenges to anti-surcharge laws, I immediately understood that the laws were regulating communication, but I suspected they might just target fraud. I though that the laws might be enforced out of concern for consumers who reasonably assume that they will be able to purchase an item by credit card for its sticker price and are surprised when their total is rung up. I assumed the laws would operate either as a form of compelled speech (to force retailers to give consumers information they need to know about the fully-loaded price they will pay at the cash register) or as a ban on misleading commercial speech (to make sure merchants don’t give consumers the impression that they will pay less than they actually will). Misleading commercial speech is not constitutionally protected. This potential for consumer deception is what the dissenting 11th Circuit judge had on his mind, and what Rebecca Tushnet is thinking about, I suspect, when she explains that “even if there’s a small-print disclosure—what a reasonable consumer would take away is the measure” of a misleading price.”

By the way, the theory that anti-surcharge laws target deception implicitly concedes that the laws regulate communication. Once we’re going down this road, we’re operating in a space where price communications are presumptively protected unless the regulation bans unprotected false or misleading speech. The First Amendment coverage question will therefore float or sink on the question of deception.

The fact is, anti-surcharge laws are not especially concerned about consumer deception. The anti-surcharge laws sweep broader than deception by banning clear statements, provided in advance of purchase, about additional credit card fees. Any explanation of prices that identifies credit cards as the source of additional costs rather than rolling them into the price of the item is illegal.

The surcharge bans are similar to a law the Kentucky legislature passed in 2005 restricting how telecommunications providers could label their customer’s bills. The state imposed a new tax and allowed telecom providers to pass the costs onto their customers, but the providers were forbidden from labeling the extra cost as a tax on customers’ bills. That ham-fisted attempt to avoid accountability for raising taxes was seen for what it was: an unconstitutional restriction on truthful commercial speech.

If New York is concerned about deception, it could cure the flaws in its anti-surcharge laws by replacing it with a compelled speech rule like this one used in Minnesota. It could mandate a disclaimer when sticker prices report cash prices to make sure customers understand that a credit card fee will apply. As co-signer Jonathan Adler has explained:

Where commercial speech is potentially misleading or even unclear, a requirement of curative counterspeech will typically be preferable to a limitation on speech. As the Court has noted, where possible, the remedy for potentially misleading speech should be more speech. Thus, requirements that producers or vendors qualify claims about products in advertisements and labels are more permissible than limitations or prohibitions on label or ad claims.

But a law requiring a clear disclaimer would be redundant. As long as consumers expect to be able to pay the same price for cash and credit cards, I suspect existing false advertising and unfair business practices laws will already push retailers to make clear disclaimers.

Anti-surcharge laws manipulate speech to nudge consumers into credit card transactions

The next way one might try to rationalize the anti-surcharge laws is to suppose that consumers are well-served by seeing one sticker price that reflects the most they will have to pay at the cash register. Perhaps New York and the other states with surcharge bans are regulating the way costs are framed for consumers.

This explanation, whatever its merit, would have to undergo constitutional scrutiny under the commercial speech doctrine. Under this theory, the state is regulating commercial speech, but it is doing so for an important consumer-protective purpose.

This theory cracks with just a little probing. The anti-surcharge laws wind up censoring not just truthful information, but valuable information: specifically, information that disaggregates the costs of the good or service from the costs of the credit card transaction. This information tends to benefit consumers by making them more likely to avoid transaction costs than they would be if the higher price were normalized and the consumer were offered a discount. The behavioral economics literature shows that the anti-surcharge laws have it backwards: they make consumers more likely to use a card, and thus to pay the higher price, in a dual pricing system. As an amicus brief filed by behavioral economists explains, lab experiments confirm that consumers are more likely to avoid a surcharge than to seek a discount. (This is entirely consistent with Kahneman and Tversky’s loss aversion work.)

The law also discourages retailers from engaging in dual pricing, meaning that cash buyers will continue to subsidize the credit card industry and its customers who pay their bills every month—a regressive transfer of wealth if I ever saw one. The California district court that struck down the anti-surcharge law cited Elizabeth Warren, who points out the detrimental effects of discouraging dual prices.

The negative effects from framing and cross-subsidies surely outweigh any benefits to consumers for seeing a single, higher sticker price (if there are any.) So if New York is attempting to use anti-surcharge laws to protect consumers, it seems to be doing it exactly wrong.

Courts can handle the judicial review of commercial speech regulations

One last form of resistance that I encountered while recruiting signatories was that the topic of prices, surcharges, and discounts is too complicated for the judiciary to understand and is best left to democratically accountable legislatures and agencies.

This is an argument that can be (and has been) trotted out every time the courts engage in constitutional scrutiny of any statutory or regulatory rule. The balancing of interests related to abortion, gay marriage, guns, and discrimination is also complicated, yet few legal scholars would accept judicial disengagement in these areas.

In any case, the premise is wrong. The consequences of anti-surcharge laws are not difficult to predict. State anti-surcharge laws are not the product of reasoned debate or the calculated tinkering by policy wonks. The laws were born from pure pork. They were pushed through by concerted lobbying efforts of credit card companies seeking refuge when a federal law of the same sort was allowed to expire. It requires no special training in economics or public policy to see that in this case, the credit card companies got a law that served their private interests.

If it seems strange that many law professors are prepared to defend the anti-surcharge law as presumptively protecting the public interest, (warning: shameless plug is imminent) I suggest looking at Derek’s and my new draft titled “Information Libertarianism.” We show that laws like the anti-surcharge bans that work against the public interest while appearing to work for it are much more common when the government regulates speech rather than directly regulating whatever it is they mean to achieve. In this case, a statute that bluntly bans retailers from engaging in dual pricing based on method of payment would clearly be an economic regulation rather than a speech regulation. But it would also be an unpopular regulation—one that reveals the state’s blatant pandering to the credit card industry. That type of law would not be confused for a consumer protection law.

By the way, I love credit cards.

This post has, up to this point, demonized the credit card industry. But my criticism of credit card companies applies only to their role in this particular episode of commercial speech bans. In fact, I suspect merchants are exaggerating the true costs of credit card swipe fees since handling cash, protecting it, and depositing it is costly to merchants. Keeping cash on hand is costly to consumers, too. Credit card users who are annoyed by swipe fees probably do not fully appreciate what they get in return. I for one will gladly pay a small swipe fee if the alternative means having to rely more heavily on ATMs and the inherent risks of carrying cash. For the most creditworthy consumers, swipe fees are more than balanced out by plum credit card rewards like miles and cash reimbursements. But this preference of mine does not change the essential point that disaggregating various sources of costs gives consumers more control to decide which services to take on and which to avoid.

I hope the Supreme Court takes up the case. States have a history of regulating speech under the guise of something that sounds like conduct, be it incitement or harassment. It would be a shame if “sticker prices” became an open avenue for banning truthful commercial speech.

Still Not a Dump Truck: Net Neutrality and the First Amendment

The D.C. Circuit’s decision in U.S. Telecom Assn. v. FCC came down yesterday. To the delight of net neutrality fans and dismay of many big ISPs, the court held 2-1 that the FCC’s reclassification of broadband under Title II was permissible as a matter of statutory, administrative, and constitutional law. I’m still digesting the first two aspects – the decision and dissent weigh in just under 200 pages – but want to comment on the third (which takes up only seven pages, starting at p.108). The court rejects a First Amendment challenge to net neutrality regulation. I think the outcome is right and the reasoning is both rather shallow and wrong.

The J.D. McGregor problem

First, the majority writes rather breezily that since ISPs are now common carriers, there’s no First Amendment problem, since common carriers transmit the speech of others rather than engaging in speech themselves. That plainly begs the question. The ISPs’ claim is that their constitutional free speech rights override the FCC’s statutory ability to force them to carry others’ speech, particularly since the FCC long insisted that broadband providers were not, in fact, common carriers. The court notes that end users expect to be able to access all content from their ISPs, without owning up to the fact that it’s the FCC’s decade-long efforts to enforce open access rules that drive those expectations. It reminds me of a great exchange from the classic “The Simpsons” episode, “Duffless“:

[Lisa is in a pet store, looking to purchase a hamster to run through a maze for a school project.]

Lisa Simpson: I want the most intelligent hamster you’ve got.

Clerk: Okay.

[retrieves a hamster at random]

Clerk: Uh, this little guy writes mysteries under the name of J. D. McGregor.

Lisa Simpson: How can a hamster write mysteries?

Clerk: Well, he gets the ending first, then he writes backward.

Lisa Simpson: Aw, c’mon.

Clerk: Look, kid, just take him before his mother eats him, all right?

The D.C. Circuit and J.D. McGregor have something in common here: it’s a lot easier to start with the result and then figure out why it should happen.

Naturally

Next, the court tries the scarcity route, famous from the days of Red Lion and Tornillo. Newspapers and television stations face inevitable scarcity, the D.C. Circuit says, and must engage in editorial decisionmaking, while ISPs have an abundance of bandwidth, and thus cannot. That’s a framing problem: at certain capacities, ISPs very much have scarcity problems, which is why they’re co-locating Netflix equipment in their data centers. Ah, the court writes, but there’s no need under scarcity for an ISP to determine which e-mails or Web pages go first; first-in, first-out is just fine. This also elides the question, in part by ignoring the “reasonable network management” loophole in net neutrality. When the network is congested, should e-mail or video traffic receive priority? If the answer is “neither,” why? E-mail has much more tolerance for delays (latency) than video does. FIFO is arbitrary, not a law of nature.

Ah, but that’s where the court goes next with its reasoning: papers and cable TV “naturally occasion the exercise of editorial discretion.” When a lawyer tells you that an outcome is “natural,” you are being spun.

Catering

Finally, the court writes, there’s a statutory save: if an ISP decides to “offer[] access only to a
limited segment of websites specifically catered to certain content” – to become a modern walled garden like AOL – then it falls outside the FCC’s Order, since it will no longer be a “mass-market retail service.” But this leaves at least two questions. What if I start Bambauer’s Broadband Provider and decide that I will only allow access to one streaming video Web site, to be decided based upon which site cuts me the largest check? More seriously, what if an ISP that is vertically integrated with a movie studio decides that it will only stream movies from that studio’s service / Web site, but all other categories and sources of content are completely available? In other words, what do you have to do as a broadband provider to fall outside the FCC’s definition? It sounds like that ISP has to exercise the Goldilocks level of editorial discretion:

Internet content available Net neutrality violation? Why?
100% No Common carrier
85% (no YouTube) Yes Blocking lawful sites
40% (no porn) Probably not Curating – offers subset of Web
5%  kids.us sites only) Probably not, but irrelevant Curating, but not commercially viable

Too little editing, and no First Amendment protection; too much, and you go out of business.

We like money

So, given the snark above, why don’t I think that the ISPs have a viable First Amendment claim? After all, they’re carrying speech (like a bookstore or TV station), and they’d like to make their own decisions about what speech to transmit. I’d be much more sympathetic if the plaintiff was a family-friendly ISP that blocked porn or gambling or heresy or the like. That shows an expressive choice in its editorial decisions, like a kid-friendly bookstore in picking only G-rated inventory. By contrast, the only message conveyed by the actual plaintiffs’ desired blocking / prioritization is “Give us money.” When a bookstore refuses to carry “Lolita” because of its content, it’s engaged in speech; when it just charges more for it because you’ll pay, it’s not.

Put differently, in the table above, the 85% carrier would likely transmit YouTube videos if Google backed a dump truck full of cash up to their headquarters. The 40% carrier probably wouldn’t transmit porn at any price, because the decision is a normative one. To me, this invokes the Spence v. Washington / Texas v. Johnson line of cases that try to draw the line between conduct and speech: it depends on whether there’s an intent to communicate a particular message, and whether it’s likely that the audience understands it. This requires some tough decisions by agencies and courts – what if Bambauer’s Broadband Provider refuses to stream only Denver Broncos games, on the theory that Peyton Manning is a cheater? – but that’s much preferable to drawing artificial distinctions between media or pretending the conclusion is obvious. Sometimes the Net is a dump truck, with everything riding jumbled together, and sometimes it’s an Uber, where the driver picks the rider. For First Amendment purposes, the difference matters.

Signs, Sex, and Strict Scrutiny

In the latest installment of the Porn Wars, the Third Circuit Court of Appeals has, upon rehearing, remanded a challenge to the age verification provisions of 18 U.S.C. 2257 / 2257A, with instructions that the district court should apply strict scrutiny in its First Amendment analysis. Perhaps strict scrutiny is not fatal in fact, but the Third Circuit’s own prior opinion suggests that 2257(A) will be deader than disco. (p.16: “we noted that the Statutes may not have been able to survive strict scrutiny…”) The appellate court felt compelled to revisit its prior ruling based on last term’s Supreme Court opinion in Reed v. Town of Gilbert, which held that facially content-based laws must face strict scrutiny. Its opinion is a fun test case for the breadth of Reed‘s effects and, concomitantly, the proper level of scholarly panic over First Amendment expansion. (Enrique Armijo has a great essay titled, “Town of Gilbert: Relax, Everybody,” which is a thoughtful response to the conventional wisdom among legal academics, which could be titled, “Town of Gilbert: The End is Near.”)

Briefly, 2257 and 2257A require that producers of depictions of actual or simulated sexually explicit conduct keep records of the names, ages, and aliases of performers in the explicit content. Those records can be inspected (without warrants, though that’s a different aspect of this case) by the Attorney General (which is to say federal law enforcement), with the purpose of preventing underage performers from being so depicted. Producers also have to keep copies of performers’ identification documents, and to index records based on names and aliases. In a ruling prior to Town of Gilbert, the Third Circuit decided that intermediate scrutiny applied to the statutes, and that the government was able to satisfy that level of scrutiny. After the Supreme Court’s ruling, though, the plaintiffs asked for a rehearing, and the court agreed.

The resulting case is a clear loss for the government. Interesting, the government conceded that Reed requires the court to apply strict scrutiny. (See page 22: “The United States concedes that, in light of Reed, our analysis in FSC I, which relied on Ward [v. Rock Against Racism], cannot stand.”) That’s tantamount to surrender, and I think it’s an unnecessary retreat. There are as many ways to understand the Town of Gilbert case as there are lawyers (or, at least, legal academics). I read the decision to narrow the scope of cases in which intermediate scrutiny applies – or, put another way, many fewer regulations get treated as content-neutral after Reed. But, I see two important doctrines as surviving Reed‘s impact. The first is the commercial speech doctrine, under which regulation of commercial speech (whatever it is, which still is not totally clear) draws lesser scrutiny than regulation of “core” First Amendment speech. Reed is about core speech – the Court focuses on local regulations that draw distinctions among political, ideological, and temporary event (such as religious worship) signs. It might be the Stuxnet of free speech decisions, sneaking in to wreak havoc, but if so, the Court is being unusually stealthy.

Second, Reed is about censorship rules, not compelled speech – it’s about the state telling us what we cannot say, rather than what we must say. (Unfortunately, Justice Breyer missed this point, and his concurrence in the result has generated unnecessary heartburn among commentators by lumping compelled speech rules in with censorship ones.) Compelled speech has gotten lighter treatment by reviewing courts, presumably because it’s enriching the marketplace of ideas with more information rather than beggaring it with gag orders. (This is especially true for commercial speech; compelled core speech has a more mixed record.) Thus, I think the government could readily have resisted Reed’s application to this case; even if it lost, the loss might generate an opinion that would tempt the Supreme Court to undertake a (welcome) exegesis of Reed‘s reach.

The government, and the dissent, try to save 2257(A) by resorting to the secondary effects doctrine. This theory allows regulators to have content-specific rules if they target incidental but important effects of speech, rather than the speech itself. The canonical example is zoning of adult businesses: your town can set up rules that prohibit your next-door neighbor from opening a porno theater, not because there’s anything wrong with that, but because it’s bad to have a bunch of dudes in raincoats / Pee Wee Herman / etc. traipsing through the neighborhood. (Property values and all that.) The problem is that the secondary effects doctrine seems to be limited to sexually explicit content in realspace – X-rated theaters, adult bookstores, nude dancing, and so forth. True, the Court makes reference to secondary effects cases in its abortion buffer zone decision, but it’s in the context of content neutrality, not negative externalities. The problem with this approach is that whatever the harms of Internet porn, NC-17 DVDs, live-streaming, and the like, they don’t cause the type of overflow effects that accrue from living next to a XXX cinema. Despite Larry Lessig’s endorsement of cyberzoning as an analogue to secondary effects, the Supreme Court rejected that option in Reno v. ACLU, and so invoking the doctrine here seems like a last-gasp attempt.

I think that part of the motivation to apply Reed – and, similarly, of the Third Circuit’s ongoing skepticism about 2257(A) – is that the statutes aren’t primarily about preventing child pornography. Rather, they use concerns about children as the thin edge of the wedge to attack pornography overall, by driving up the transaction costs to produce it. This is the history of porn regulation in the age of the Internet, from the Communications Decency Act forward. Anyone who produces actual or simulated sexually explicit conduct has to undertake the expense of recordkeeping for every such depiction they put forth. And, 2257(A) seems unnecessary: federal and state statutes that criminalize the production of child pornography have pretty scary penalties, and mistake of age or negligence is not a defense. Put differently, I think it’s unlikely that the government would be thwarted in a prosecution of the producer of content involving an underage performer and need to fall back, as a sort of last resort, on an age verification statute violation.

Furthermore, some provisions of 2257(A) look like efforts to drive up the costs for performers as well. Why do performers need to divulge their aliases / stage names, and why do producers have to index depictions based on aliases? One can put forward a theory that this helps link together content containing underage performers, but I think the real reason is to out porn actors and actresses: it puts porn on their permanent records. You can retire from the trade, but your 2257(A) paperwork lives on. And you can’t hide under an assumed name (a strange worry, since they’re not hiding much else) – your porn identity and real world identity are inextricably linked. Thus, even if pornography is constitutionally protected speech (and most scholars agree that it is), the government can still use indirect regulation to deter that speech.

The dissent goes for the secondary effects argument, though doing so requires some artful characterization of the Supreme Court’s precedent in the area. (The cite to NFIB v. Sebelius is inadvertently fun – it tweaks Justice Roberts by converting the case’s analysis into an “any port in a storm” outcome.) Judge Rendell candidly classifies sexually explicit speech as less valuable than core speech, and hence more amenable to regulation. Her secondary effects reasoning has an important flaw, though: it converts the original Supreme Court case on child pornography, New York v. Ferber, into a secondary effects case, even though Ferber makes no mention of the doctrine. Ferber is, rightly, a case about the direct harms visited upon children when they are abused via involvement in sexually explicit material. Distinguishing the statute banning child porn in Ferber from 2257(A) here, when they have the same express goal, is sleight of hand. Under Rendell’s reasoning, Ferber can’t be about the harms to children created by the speech at issue (child porn), because that’s a direct effect and not a secondary one. But that approach flies in the teeth of what the Court actually wrote. Secondary effects cases don’t block speech altogether – they channel it. The point of 2257(A) is (again, rightly) to prevent certain content altogether. Thus, the secondary effects rationale is implausible as both a doctrinal and theoretical matter.

So: this case looks like an extension of Reed, in ways that critics have feared might come to pass. I think it is hard, with sexually explicit content, to draw a clear line between core speech (Romeo and Juliet in the nude? The musical Hair?) and commercial speech, but I would have preferred that the Third Circuit acknowledge the importance of the distinction. And while 2257 / 2257A look to be dead on arrival, the case itself signals that the porn wars are not yet over. At least it’s a nice change from yard signs.

Diffensive Privacy

A Response to the Criticisms of Fool’s Gold: An Illustrated Critique of Differential Privacy

By Jane Bambauer and Krish Muralidhar

Two years ago, we coauthored an article that challenged the popular enthusiasm for Differential Privacy. Differential Privacy is a technique that permits researchers to query personal data without risking the privacy of the data subjects. It gained popularity in the computer science and public policy spheres by offering an alternative to the statistical disclosure control and anonymization techniques that had served as the primary mechanism for managing the tension between research utility and privacy.

The reputation of anonymization and “statistical disclosure control” methods is in a bedraggled state at the moment. Even though there is little evidence that reidentification attacks actually occur at any frequency in real life, demonstration attacks have captured the imagination of the press and of regulators. The founders of Differential Privacy helped erode confidence in SDC and anonymization so that Differential Privacy could shine by comparison. Differential Privacy was fundamentally different from what had come before because its standard guaranteed a certain level of privacy no matter how much special knowledge a data intruder had.

The problem is, Differential Privacy provides no assurance about the quality of the research results. As we showed in our paper, it destroys most of the research value of data. In order to salvage data utility, researchers in Differential Privacy have had to introduce relaxations to the privacy promises. But these relaxations have made Differential Privacy less “cryptographic” and more context-dependent, just like the methods of anonymization that the founders of Differential Privacy had rejected. In other words, Differential Privacy in its pure form is special but not useful, and in its modified form is useful but not special.

The Article concludes with a dilemma. On one hand, we praise some recent efforts to take what is good about differential privacy and modify what is unworkable until a more nuanced and messy—but ulitimately more useful—system of privacy practices are produced. On the other hand, after we deviate in important respects from the edicts of differential privacy, we end up with the same disclosure risk principles that the founders of differential privacy had insisted needed to be scrapped. In the end, differential privacy is a revolution that brought us more or less where we started.

Our article clearly hit a nerve. Cynthia Dwork refused to talk to me at a conference, and a few other computer scientists have written hostile critiques that aim primarily to impugn our intelligence and honesty rather than engaging with our arguments on the merits. Anand Sarwate calls our article “an exercise in careful misreading” and Frank McSherry writes

The authors could take a fucking stats class and stop intentionally misleading their readers.

The not-so-subtle subtext is “don’t listen to these idiots. They are bad people.”

Given this reaction, you would think that the critics have uncovered flaws in our applications and illustrations of Differential Privacy. They have not. Sarwate even admits that we “manage to explain the statistics fairly reasonably in the middle of the paper” and primarily takes issue with our tone and style.

I have little doubt that the condescension and character attacks are a symptom of something good: there has been a necessary adjustment in the public policy debates. Indeed, although our piece has received the occasional angry tweet or blog review, the private reaction has been positive. Emails and personal conversations have quietly confirmed that data managers understand the significant limitations of pure Differential Privacy and have had to stick with other forms of statistical disclosure controls that have fallen out of vogue.

We respond here to the criticisms, which come in four general types: (1) Differential Privacy should destroy utility—it’s working as planned; (2) We exaggerate the damage that DP does to utility; (3) We overlook the evolution in Differential Privacy that has relaxed the privacy standard to permit more data utility; and (4) There are methods other than adding Laplace noise that satisfy pure Differential Privacy. In brief, our responses are: (1) This is a disagreement about policy rather than a technical discrepancy; (2) Not correct, and when we take the suggestions offered by our critics, the noise gets worse; (3) Not correct; we spent an entire Part of our paper on deviations from pure Differential Privacy; and (4) Don’t hold your breath.

Read more…

Watch “Is Free Speech for Assholes?”

The panel discussion from the Speech Holes conference is now available online, where First Amendment scholars grapple with the age-old question, “Is Free Speech for Assholes?

Information Libertarianism

Jane and I have a new article coming out in volume 105 of California Law Review, titled Information Libertarianism. Here’s the abstract:

Recent First Amendment precedent is widely attacked as unprincipled: a deregulatory judicial agenda disguised as free speech protection. The scholarly consensus is mistaken. Descriptively, free speech protections scrutinize only information regulation, usefully pushing government to employ more direct regulations with fewer collateral consequences. Even an expansive First Amendment is compatible with the regulatory state, rather than being inherently libertarian. Normatively, courts should be skeptical when the state tries to design socially-beneficial censorship.  

This Article advances a structural theory that complements classic First Amendment rationales, arguing that information libertarianism has virtues that transcend political ideology. Regulating information is peculiarly difficult to do well. Cognitive biases cause regulators to systematically overstate risks of speech and to discount its benefits. Speech is strong in its capacity to change behavior, yet politically weak. It is a popular scapegoat for larger societal problems and an attractive tool for rent-seeking interest groups. Collective action, public choice, and government entrenchment problems arise frequently. First Amendment safeguards provide a vital counterpressure. Information libertarianism encourages government to regulate conduct directly because when the state censors communication, the results are often counterproductive. A robust First Amendment deserves support regardless of ideology.

Comments and feedback warmly welcomed!

The iPhone Writ Large

Apple and the Department of Justice are dueling over whether the iPhone maker must write code to help the government break into the San Bernadino shooter’s phone. The government obtained a warrant to search the phone (a nicety, perhaps, since the phone’s owner has consented to the search, and the shooter is dead). But, the killer took advantage of the iPhone 5C’s security: it’s locked with a passcode, and it is likely to wipe the contents after a certain number of incorrect attempts to enter that code. (And, iOS forces a delay in retrying the passcode once the user incorrectly enters the code 4 times.) DoJ relies on the All Writs Act, originally passed in 1789, back when the Blackberry was the smartphone of choice.

There’s been some excellent analysis of the situation; I would point you in particular to Dan Guido’s technical analysis of Apple’s ability to comply, Cyrus Farivar and David Kravets’s overview of the legal precedent and facts, and Michael Dorf’s primer on the AWA. There is also a fair amount of spin, BS, and misunderstanding on both sides of the argument. So, I thought I’d chime in, just to make matters worse, with a few points.

First, this is not a fight about Apple’s encryption – at least, not directly. The government wants the ability to attempt to crack the passcode via brute force. What it wants Apple to do is to make that easier, and to make mistakes less costly. (I’m not sure why the latter is vital. The FBI could easily clone the phone’s storage, so if it gets bricked, they can swap in a new version. Certainly, it’s convenient to have Apple deactivate the error bomb, but hardly necessary.)

Second, we don’t fully understand the depth of the government’s request. Guido notes that iOS imposes a minimum of 80ms per passcode query. That still lets an attacker run a lot of queries, but it’s not at all clear that this is anything other than a programming choice. Quoting him, the DoJ has demanded that “[Apple] will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware.” (emphasis mine) Again, I’m not expert in iOS, but it looks like the 80ms delay is a choice made by iOS, not a limit introduced by hardware capabilities. I would bet that the government wants an iOS update that runs queries as fast as the processor, memory, and storage can handle them, which will cut its time to break in.

Third, there may be nothing useful on the phone. Both attackers are dead. The FBI says it can’t rule out that there are accomplices out there, but they’re doing a thorough job of investigating the shooter’s brother, along with other possible conspirators, and at this point, we also can’t rule out a second gunman on the grassy knoll. I don’t think there is much exigency here. Yes, getting into the iPhone might help the investigation. But it’s not clear that there is any extant threat, nor even any extant defendants. This looks a bit like a fishing expedition.

Fourth, this is a political play by the government. The FBI has been pushing for some time to get law enforcement access to encryption systems. (This is often referred to as a backdoor, but it’s really just key escrow. It means either that data is encrypted such that more than one private key will decrypt it, or that the vendor keeps a copy of all private keys and can access them. Lotus Notes, which I worked on for five years, introduced key escrow reluctantly in version 5. And, to comply with export controls limiting the strength of encryption sold outside the U.S., the company turned over part of the private key that Notes uses to the U.S. government. This meant, for example, that key strength was 128 bits against the world, except for the U.S. government, against which it was 64 bits.) It hasn’t gotten much traction; even the NSA has come out against it. I think that’s why the FBI / DoJ have launched this effort to compel Apple. If they succeed, they get a means to bypass encryption more easily without having to pass any legislation or get any new regulations. If they fail, it provides a politically potent example with which to press its cause: we can’t fight terrorists without backdoors! And, the case has generated some bad publicity and badwill for Apple. Marmot impersonator Donald Trump has called for a boycott of Apple, despite using an iPhone himself.

Fifth, if the government presses its legal case (which I fully expect them to do), I think they’ll win. The All Writs Act is the sort of catchall that seems like it ought to run afoul of due process or separation of powers concerns, but the Supreme Court has upheld it. As I understand U.S. v. N.Y. Telephone Co., there are three prongs to the analysis of an AWA request to a third party: whether the measure is necessary, whether the burden imposed on the target is unreasonable, and whether the party is too distant / removed from the situation (a sort of gloss on burden and reasonableness). The iOS update is arguably necessary, since Apple’s security could brick the phone if DoJ doesn’t guess correctly, quickly. Since Apple is the vendor, they are not likely to be too removed. Burden is the harder one, but it’s much easier to remove functionality than to add it. This is Apple’s best hope, but it doesn’t seem a strong one. The case law on AWA is mixed, but it generally runs in favor of the government.

Sixth, the government’s contention that this update applies only to a single iPhone is sophistry. Sure, the code will specify this particular device’s hardware identifiers and the like. But changing that for future iPhones – at least, future iPhones 5C – is trivial: it’s literally find-and-replace in the code. So, the update isn’t a universal zero-day or anything like that. But it is a tool that will be ready the next time law enforcement wants to hack an iPhone – and, it’s one where Apple will no longer have a credible burden argument to resist creating an update. Neither side is portraying this problem very accurately: it’s not a one-off and it’s not a silver bullet that kills iOS security.

Finally, this case leaves aside the hard issue. Imagine Apple’s next iOS update locks the company out of access: once a user encrypts data, there’s no way for a third party to access it short of a brute force attack. Can the government mandate an operating system update that reverses this? Or that captures the user’s password securely somewhere accessible to Apple / law enforcement if need be? This is, in other words, the encryption / escrow debate, and it has strong flavors of the fight over whether tech firms must build in features that protect against copyright infringement (the one the Supreme Court ducked in MGM v. Grokster). That’s the real puzzle, and one for which this iPhone story is merely a play within a play.