Call for Papers: Artificial Intelligence, the Internet of Things, and Social Values

Artificial Intelligence, the Internet of Things, and Social Values

Call for Papers – AALS Section on Internet and Computer Law


The Internet of Things will create a vast surge in the amount of data that we – and our devices – generate. To make sense of this trove of information will require the use of algorithms and artificial intelligence by researchers, firms, and government. Digital sifting creates both promise and peril, and is certain to clash with important social norms. For example, it may force us to revisit norms around privacy, ownership, prediction, and the public-private boundary. The Section on Internet and Computer Law welcomes submissions for papers about this clash.


Authors are encouraged to submit papers for this session. Submissions should summarize the paper in roughly 1000 words. To submit, please send the summary by e-mail to Derek Bambauer, <>, by September 15, 2016. The members of the section’s executive committee will review the submissions and select presenters by September 28, 2016. Presenters must submit the final version by December 1, 2016.

The committee will give preference to works in progress and projects; recently accepted or published pieces are also welcomed.

Presenters will share their work at the Section’s meeting at the AALS Annual Meeting on Thursday, 5 January 2017, 1:30 – 3:15PM.


Please contact Derek Bambauer, <>.

Free Speech Challenges to Credit Card Surcharge Laws

I recently helped write and organize an amicus brief urging the Supreme Court to grant cert in Expressions Hair Design v. Schneiderman. The case involves a circuit split on the constitutionality of “no surcharge” laws in New York, Florida, and a few other states. These states allow retailers to give “discounts” to cash and check payers but forbid retailers from adding “surcharges” when customers pay by credit card. Some retailers have challenged these laws under the First Amendment because the laws treat identical conduct differently based on how the sellers represent their prices.

Everybody thinks this is an easy case. The trouble is, everybody is divided about whether the First Amendment applies at all, some saying “obviously yes,” and others saying “obviously no.”

The Second and Fifth Circuits are in the “obviously no” camp. They dismissed the free speech arguments and found that these laws regulate only economic conduct.

A California district court and the Eleventh Circuit are in the “obviously yes” camp. So am I. This camp thinks the laws inarguably regulate speech. Despite appearances, the laws do not constrain pricing. Instead, they constrain how goods are labeled, and how prices are broken down and explained.

In the course of recruiting co-signers, it became clear that law professors are generally reluctant to recognize when commercial speech is being regulated, and also tend to assume that even when it’s clear communications are being suppressed, the suppression operates in consumers’ best interests. These instincts are wrong in the specific case of anti-surcharge laws, and they are likely to be misguided in the larger case of commercial speech as well. I’ll explain here why I think so.

Anti-surcharge laws regulate speech, not conduct.

These anti-surcharge cases are at bottom debating the scope of the First Amendment. The Second Circuit concluded that laws that prohibit a surcharge but allow a discount regulate economic conduct, not speech:

the central flaw in [the merchants’] argument [] is their bewildering persistence in equating the actual imposition of a credit-card surcharge (i.e., a seller’s choice to charge an additional amount above the sticker price to its credit-card customers) with the words that speakers of English have chosen to describe that pricing scheme. . . . But Plaintiffs are simply wrong. What [the law] regulates—all that it regulates—is the difference between a seller’s sticker price and the ultimate price that it charges to credit-card customers.

What’s bewildering to me is that the Second Circuit relies twice on a reference to a “sticker price” without acknowledging the expression involved. Stores are free to charge separately for an item and for the credit card transaction to purchase the item, but a sticker that says “$102, but $2 less for cash,” is legal while a sticker that says “$100, plus $2 for credit cards” can lead to jail time. The difference between criminally liable “surcharges” and perfectly legal “discounts” is, therefore, the way that retailers explain their pricing schemes.

Anti-surcharge laws do not target false and misleading speech

When I first heard about the free speech challenges to anti-surcharge laws, I immediately understood that the laws were regulating communication, but I suspected they might just target fraud. I though that the laws might be enforced out of concern for consumers who reasonably assume that they will be able to purchase an item by credit card for its sticker price and are surprised when their total is rung up. I assumed the laws would operate either as a form of compelled speech (to force retailers to give consumers information they need to know about the fully-loaded price they will pay at the cash register) or as a ban on misleading commercial speech (to make sure merchants don’t give consumers the impression that they will pay less than they actually will). Misleading commercial speech is not constitutionally protected. This potential for consumer deception is what the dissenting 11th Circuit judge had on his mind, and what Rebecca Tushnet is thinking about, I suspect, when she explains that “even if there’s a small-print disclosure—what a reasonable consumer would take away is the measure” of a misleading price.”

By the way, the theory that anti-surcharge laws target deception implicitly concedes that the laws regulate communication. Once we’re going down this road, we’re operating in a space where price communications are presumptively protected unless the regulation bans unprotected false or misleading speech. The First Amendment coverage question will therefore float or sink on the question of deception.

The fact is, anti-surcharge laws are not especially concerned about consumer deception. The anti-surcharge laws sweep broader than deception by banning clear statements, provided in advance of purchase, about additional credit card fees. Any explanation of prices that identifies credit cards as the source of additional costs rather than rolling them into the price of the item is illegal.

The surcharge bans are similar to a law the Kentucky legislature passed in 2005 restricting how telecommunications providers could label their customer’s bills. The state imposed a new tax and allowed telecom providers to pass the costs onto their customers, but the providers were forbidden from labeling the extra cost as a tax on customers’ bills. That ham-fisted attempt to avoid accountability for raising taxes was seen for what it was: an unconstitutional restriction on truthful commercial speech.

If New York is concerned about deception, it could cure the flaws in its anti-surcharge laws by replacing it with a compelled speech rule like this one used in Minnesota. It could mandate a disclaimer when sticker prices report cash prices to make sure customers understand that a credit card fee will apply. As co-signer Jonathan Adler has explained:

Where commercial speech is potentially misleading or even unclear, a requirement of curative counterspeech will typically be preferable to a limitation on speech. As the Court has noted, where possible, the remedy for potentially misleading speech should be more speech. Thus, requirements that producers or vendors qualify claims about products in advertisements and labels are more permissible than limitations or prohibitions on label or ad claims.

But a law requiring a clear disclaimer would be redundant. As long as consumers expect to be able to pay the same price for cash and credit cards, I suspect existing false advertising and unfair business practices laws will already push retailers to make clear disclaimers.

Anti-surcharge laws manipulate speech to nudge consumers into credit card transactions

The next way one might try to rationalize the anti-surcharge laws is to suppose that consumers are well-served by seeing one sticker price that reflects the most they will have to pay at the cash register. Perhaps New York and the other states with surcharge bans are regulating the way costs are framed for consumers.

This explanation, whatever its merit, would have to undergo constitutional scrutiny under the commercial speech doctrine. Under this theory, the state is regulating commercial speech, but it is doing so for an important consumer-protective purpose.

This theory cracks with just a little probing. The anti-surcharge laws wind up censoring not just truthful information, but valuable information: specifically, information that disaggregates the costs of the good or service from the costs of the credit card transaction. This information tends to benefit consumers by making them more likely to avoid transaction costs than they would be if the higher price were normalized and the consumer were offered a discount. The behavioral economics literature shows that the anti-surcharge laws have it backwards: they make consumers more likely to use a card, and thus to pay the higher price, in a dual pricing system. As an amicus brief filed by behavioral economists explains, lab experiments confirm that consumers are more likely to avoid a surcharge than to seek a discount. (This is entirely consistent with Kahneman and Tversky’s loss aversion work.)

The law also discourages retailers from engaging in dual pricing, meaning that cash buyers will continue to subsidize the credit card industry and its customers who pay their bills every month—a regressive transfer of wealth if I ever saw one. The California district court that struck down the anti-surcharge law cited Elizabeth Warren, who points out the detrimental effects of discouraging dual prices.

The negative effects from framing and cross-subsidies surely outweigh any benefits to consumers for seeing a single, higher sticker price (if there are any.) So if New York is attempting to use anti-surcharge laws to protect consumers, it seems to be doing it exactly wrong.

Courts can handle the judicial review of commercial speech regulations

One last form of resistance that I encountered while recruiting signatories was that the topic of prices, surcharges, and discounts is too complicated for the judiciary to understand and is best left to democratically accountable legislatures and agencies.

This is an argument that can be (and has been) trotted out every time the courts engage in constitutional scrutiny of any statutory or regulatory rule. The balancing of interests related to abortion, gay marriage, guns, and discrimination is also complicated, yet few legal scholars would accept judicial disengagement in these areas.

In any case, the premise is wrong. The consequences of anti-surcharge laws are not difficult to predict. State anti-surcharge laws are not the product of reasoned debate or the calculated tinkering by policy wonks. The laws were born from pure pork. They were pushed through by concerted lobbying efforts of credit card companies seeking refuge when a federal law of the same sort was allowed to expire. It requires no special training in economics or public policy to see that in this case, the credit card companies got a law that served their private interests.

If it seems strange that many law professors are prepared to defend the anti-surcharge law as presumptively protecting the public interest, (warning: shameless plug is imminent) I suggest looking at Derek’s and my new draft titled “Information Libertarianism.” We show that laws like the anti-surcharge bans that work against the public interest while appearing to work for it are much more common when the government regulates speech rather than directly regulating whatever it is they mean to achieve. In this case, a statute that bluntly bans retailers from engaging in dual pricing based on method of payment would clearly be an economic regulation rather than a speech regulation. But it would also be an unpopular regulation—one that reveals the state’s blatant pandering to the credit card industry. That type of law would not be confused for a consumer protection law.

By the way, I love credit cards.

This post has, up to this point, demonized the credit card industry. But my criticism of credit card companies applies only to their role in this particular episode of commercial speech bans. In fact, I suspect merchants are exaggerating the true costs of credit card swipe fees since handling cash, protecting it, and depositing it is costly to merchants. Keeping cash on hand is costly to consumers, too. Credit card users who are annoyed by swipe fees probably do not fully appreciate what they get in return. I for one will gladly pay a small swipe fee if the alternative means having to rely more heavily on ATMs and the inherent risks of carrying cash. For the most creditworthy consumers, swipe fees are more than balanced out by plum credit card rewards like miles and cash reimbursements. But this preference of mine does not change the essential point that disaggregating various sources of costs gives consumers more control to decide which services to take on and which to avoid.

I hope the Supreme Court takes up the case. States have a history of regulating speech under the guise of something that sounds like conduct, be it incitement or harassment. It would be a shame if “sticker prices” became an open avenue for banning truthful commercial speech.

Still Not a Dump Truck: Net Neutrality and the First Amendment

The D.C. Circuit’s decision in U.S. Telecom Assn. v. FCC came down yesterday. To the delight of net neutrality fans and dismay of many big ISPs, the court held 2-1 that the FCC’s reclassification of broadband under Title II was permissible as a matter of statutory, administrative, and constitutional law. I’m still digesting the first two aspects – the decision and dissent weigh in just under 200 pages – but want to comment on the third (which takes up only seven pages, starting at p.108). The court rejects a First Amendment challenge to net neutrality regulation. I think the outcome is right and the reasoning is both rather shallow and wrong.

The J.D. McGregor problem

First, the majority writes rather breezily that since ISPs are now common carriers, there’s no First Amendment problem, since common carriers transmit the speech of others rather than engaging in speech themselves. That plainly begs the question. The ISPs’ claim is that their constitutional free speech rights override the FCC’s statutory ability to force them to carry others’ speech, particularly since the FCC long insisted that broadband providers were not, in fact, common carriers. The court notes that end users expect to be able to access all content from their ISPs, without owning up to the fact that it’s the FCC’s decade-long efforts to enforce open access rules that drive those expectations. It reminds me of a great exchange from the classic “The Simpsons” episode, “Duffless“:

[Lisa is in a pet store, looking to purchase a hamster to run through a maze for a school project.]

Lisa Simpson: I want the most intelligent hamster you’ve got.

Clerk: Okay.

[retrieves a hamster at random]

Clerk: Uh, this little guy writes mysteries under the name of J. D. McGregor.

Lisa Simpson: How can a hamster write mysteries?

Clerk: Well, he gets the ending first, then he writes backward.

Lisa Simpson: Aw, c’mon.

Clerk: Look, kid, just take him before his mother eats him, all right?

The D.C. Circuit and J.D. McGregor have something in common here: it’s a lot easier to start with the result and then figure out why it should happen.


Next, the court tries the scarcity route, famous from the days of Red Lion and Tornillo. Newspapers and television stations face inevitable scarcity, the D.C. Circuit says, and must engage in editorial decisionmaking, while ISPs have an abundance of bandwidth, and thus cannot. That’s a framing problem: at certain capacities, ISPs very much have scarcity problems, which is why they’re co-locating Netflix equipment in their data centers. Ah, the court writes, but there’s no need under scarcity for an ISP to determine which e-mails or Web pages go first; first-in, first-out is just fine. This also elides the question, in part by ignoring the “reasonable network management” loophole in net neutrality. When the network is congested, should e-mail or video traffic receive priority? If the answer is “neither,” why? E-mail has much more tolerance for delays (latency) than video does. FIFO is arbitrary, not a law of nature.

Ah, but that’s where the court goes next with its reasoning: papers and cable TV “naturally occasion the exercise of editorial discretion.” When a lawyer tells you that an outcome is “natural,” you are being spun.


Finally, the court writes, there’s a statutory save: if an ISP decides to “offer[] access only to a
limited segment of websites specifically catered to certain content” – to become a modern walled garden like AOL – then it falls outside the FCC’s Order, since it will no longer be a “mass-market retail service.” But this leaves at least two questions. What if I start Bambauer’s Broadband Provider and decide that I will only allow access to one streaming video Web site, to be decided based upon which site cuts me the largest check? More seriously, what if an ISP that is vertically integrated with a movie studio decides that it will only stream movies from that studio’s service / Web site, but all other categories and sources of content are completely available? In other words, what do you have to do as a broadband provider to fall outside the FCC’s definition? It sounds like that ISP has to exercise the Goldilocks level of editorial discretion:

Internet content available Net neutrality violation? Why?
100% No Common carrier
85% (no YouTube) Yes Blocking lawful sites
40% (no porn) Probably not Curating – offers subset of Web
5% sites only) Probably not, but irrelevant Curating, but not commercially viable

Too little editing, and no First Amendment protection; too much, and you go out of business.

We like money

So, given the snark above, why don’t I think that the ISPs have a viable First Amendment claim? After all, they’re carrying speech (like a bookstore or TV station), and they’d like to make their own decisions about what speech to transmit. I’d be much more sympathetic if the plaintiff was a family-friendly ISP that blocked porn or gambling or heresy or the like. That shows an expressive choice in its editorial decisions, like a kid-friendly bookstore in picking only G-rated inventory. By contrast, the only message conveyed by the actual plaintiffs’ desired blocking / prioritization is “Give us money.” When a bookstore refuses to carry “Lolita” because of its content, it’s engaged in speech; when it just charges more for it because you’ll pay, it’s not.

Put differently, in the table above, the 85% carrier would likely transmit YouTube videos if Google backed a dump truck full of cash up to their headquarters. The 40% carrier probably wouldn’t transmit porn at any price, because the decision is a normative one. To me, this invokes the Spence v. Washington / Texas v. Johnson line of cases that try to draw the line between conduct and speech: it depends on whether there’s an intent to communicate a particular message, and whether it’s likely that the audience understands it. This requires some tough decisions by agencies and courts – what if Bambauer’s Broadband Provider refuses to stream only Denver Broncos games, on the theory that Peyton Manning is a cheater? – but that’s much preferable to drawing artificial distinctions between media or pretending the conclusion is obvious. Sometimes the Net is a dump truck, with everything riding jumbled together, and sometimes it’s an Uber, where the driver picks the rider. For First Amendment purposes, the difference matters.

Signs, Sex, and Strict Scrutiny

In the latest installment of the Porn Wars, the Third Circuit Court of Appeals has, upon rehearing, remanded a challenge to the age verification provisions of 18 U.S.C. 2257 / 2257A, with instructions that the district court should apply strict scrutiny in its First Amendment analysis. Perhaps strict scrutiny is not fatal in fact, but the Third Circuit’s own prior opinion suggests that 2257(A) will be deader than disco. (p.16: “we noted that the Statutes may not have been able to survive strict scrutiny…”) The appellate court felt compelled to revisit its prior ruling based on last term’s Supreme Court opinion in Reed v. Town of Gilbert, which held that facially content-based laws must face strict scrutiny. Its opinion is a fun test case for the breadth of Reed‘s effects and, concomitantly, the proper level of scholarly panic over First Amendment expansion. (Enrique Armijo has a great essay titled, “Town of Gilbert: Relax, Everybody,” which is a thoughtful response to the conventional wisdom among legal academics, which could be titled, “Town of Gilbert: The End is Near.”)

Briefly, 2257 and 2257A require that producers of depictions of actual or simulated sexually explicit conduct keep records of the names, ages, and aliases of performers in the explicit content. Those records can be inspected (without warrants, though that’s a different aspect of this case) by the Attorney General (which is to say federal law enforcement), with the purpose of preventing underage performers from being so depicted. Producers also have to keep copies of performers’ identification documents, and to index records based on names and aliases. In a ruling prior to Town of Gilbert, the Third Circuit decided that intermediate scrutiny applied to the statutes, and that the government was able to satisfy that level of scrutiny. After the Supreme Court’s ruling, though, the plaintiffs asked for a rehearing, and the court agreed.

The resulting case is a clear loss for the government. Interesting, the government conceded that Reed requires the court to apply strict scrutiny. (See page 22: “The United States concedes that, in light of Reed, our analysis in FSC I, which relied on Ward [v. Rock Against Racism], cannot stand.”) That’s tantamount to surrender, and I think it’s an unnecessary retreat. There are as many ways to understand the Town of Gilbert case as there are lawyers (or, at least, legal academics). I read the decision to narrow the scope of cases in which intermediate scrutiny applies – or, put another way, many fewer regulations get treated as content-neutral after Reed. But, I see two important doctrines as surviving Reed‘s impact. The first is the commercial speech doctrine, under which regulation of commercial speech (whatever it is, which still is not totally clear) draws lesser scrutiny than regulation of “core” First Amendment speech. Reed is about core speech – the Court focuses on local regulations that draw distinctions among political, ideological, and temporary event (such as religious worship) signs. It might be the Stuxnet of free speech decisions, sneaking in to wreak havoc, but if so, the Court is being unusually stealthy.

Second, Reed is about censorship rules, not compelled speech – it’s about the state telling us what we cannot say, rather than what we must say. (Unfortunately, Justice Breyer missed this point, and his concurrence in the result has generated unnecessary heartburn among commentators by lumping compelled speech rules in with censorship ones.) Compelled speech has gotten lighter treatment by reviewing courts, presumably because it’s enriching the marketplace of ideas with more information rather than beggaring it with gag orders. (This is especially true for commercial speech; compelled core speech has a more mixed record.) Thus, I think the government could readily have resisted Reed’s application to this case; even if it lost, the loss might generate an opinion that would tempt the Supreme Court to undertake a (welcome) exegesis of Reed‘s reach.

The government, and the dissent, try to save 2257(A) by resorting to the secondary effects doctrine. This theory allows regulators to have content-specific rules if they target incidental but important effects of speech, rather than the speech itself. The canonical example is zoning of adult businesses: your town can set up rules that prohibit your next-door neighbor from opening a porno theater, not because there’s anything wrong with that, but because it’s bad to have a bunch of dudes in raincoats / Pee Wee Herman / etc. traipsing through the neighborhood. (Property values and all that.) The problem is that the secondary effects doctrine seems to be limited to sexually explicit content in realspace – X-rated theaters, adult bookstores, nude dancing, and so forth. True, the Court makes reference to secondary effects cases in its abortion buffer zone decision, but it’s in the context of content neutrality, not negative externalities. The problem with this approach is that whatever the harms of Internet porn, NC-17 DVDs, live-streaming, and the like, they don’t cause the type of overflow effects that accrue from living next to a XXX cinema. Despite Larry Lessig’s endorsement of cyberzoning as an analogue to secondary effects, the Supreme Court rejected that option in Reno v. ACLU, and so invoking the doctrine here seems like a last-gasp attempt.

I think that part of the motivation to apply Reed – and, similarly, of the Third Circuit’s ongoing skepticism about 2257(A) – is that the statutes aren’t primarily about preventing child pornography. Rather, they use concerns about children as the thin edge of the wedge to attack pornography overall, by driving up the transaction costs to produce it. This is the history of porn regulation in the age of the Internet, from the Communications Decency Act forward. Anyone who produces actual or simulated sexually explicit conduct has to undertake the expense of recordkeeping for every such depiction they put forth. And, 2257(A) seems unnecessary: federal and state statutes that criminalize the production of child pornography have pretty scary penalties, and mistake of age or negligence is not a defense. Put differently, I think it’s unlikely that the government would be thwarted in a prosecution of the producer of content involving an underage performer and need to fall back, as a sort of last resort, on an age verification statute violation.

Furthermore, some provisions of 2257(A) look like efforts to drive up the costs for performers as well. Why do performers need to divulge their aliases / stage names, and why do producers have to index depictions based on aliases? One can put forward a theory that this helps link together content containing underage performers, but I think the real reason is to out porn actors and actresses: it puts porn on their permanent records. You can retire from the trade, but your 2257(A) paperwork lives on. And you can’t hide under an assumed name (a strange worry, since they’re not hiding much else) – your porn identity and real world identity are inextricably linked. Thus, even if pornography is constitutionally protected speech (and most scholars agree that it is), the government can still use indirect regulation to deter that speech.

The dissent goes for the secondary effects argument, though doing so requires some artful characterization of the Supreme Court’s precedent in the area. (The cite to NFIB v. Sebelius is inadvertently fun – it tweaks Justice Roberts by converting the case’s analysis into an “any port in a storm” outcome.) Judge Rendell candidly classifies sexually explicit speech as less valuable than core speech, and hence more amenable to regulation. Her secondary effects reasoning has an important flaw, though: it converts the original Supreme Court case on child pornography, New York v. Ferber, into a secondary effects case, even though Ferber makes no mention of the doctrine. Ferber is, rightly, a case about the direct harms visited upon children when they are abused via involvement in sexually explicit material. Distinguishing the statute banning child porn in Ferber from 2257(A) here, when they have the same express goal, is sleight of hand. Under Rendell’s reasoning, Ferber can’t be about the harms to children created by the speech at issue (child porn), because that’s a direct effect and not a secondary one. But that approach flies in the teeth of what the Court actually wrote. Secondary effects cases don’t block speech altogether – they channel it. The point of 2257(A) is (again, rightly) to prevent certain content altogether. Thus, the secondary effects rationale is implausible as both a doctrinal and theoretical matter.

So: this case looks like an extension of Reed, in ways that critics have feared might come to pass. I think it is hard, with sexually explicit content, to draw a clear line between core speech (Romeo and Juliet in the nude? The musical Hair?) and commercial speech, but I would have preferred that the Third Circuit acknowledge the importance of the distinction. And while 2257 / 2257A look to be dead on arrival, the case itself signals that the porn wars are not yet over. At least it’s a nice change from yard signs.

Diffensive Privacy

A Response to the Criticisms of Fool’s Gold: An Illustrated Critique of Differential Privacy

By Jane Bambauer and Krish Muralidhar

Two years ago, we coauthored an article that challenged the popular enthusiasm for Differential Privacy. Differential Privacy is a technique that permits researchers to query personal data without risking the privacy of the data subjects. It gained popularity in the computer science and public policy spheres by offering an alternative to the statistical disclosure control and anonymization techniques that had served as the primary mechanism for managing the tension between research utility and privacy.

The reputation of anonymization and “statistical disclosure control” methods is in a bedraggled state at the moment. Even though there is little evidence that reidentification attacks actually occur at any frequency in real life, demonstration attacks have captured the imagination of the press and of regulators. The founders of Differential Privacy helped erode confidence in SDC and anonymization so that Differential Privacy could shine by comparison. Differential Privacy was fundamentally different from what had come before because its standard guaranteed a certain level of privacy no matter how much special knowledge a data intruder had.

The problem is, Differential Privacy provides no assurance about the quality of the research results. As we showed in our paper, it destroys most of the research value of data. In order to salvage data utility, researchers in Differential Privacy have had to introduce relaxations to the privacy promises. But these relaxations have made Differential Privacy less “cryptographic” and more context-dependent, just like the methods of anonymization that the founders of Differential Privacy had rejected. In other words, Differential Privacy in its pure form is special but not useful, and in its modified form is useful but not special.

The Article concludes with a dilemma. On one hand, we praise some recent efforts to take what is good about differential privacy and modify what is unworkable until a more nuanced and messy—but ulitimately more useful—system of privacy practices are produced. On the other hand, after we deviate in important respects from the edicts of differential privacy, we end up with the same disclosure risk principles that the founders of differential privacy had insisted needed to be scrapped. In the end, differential privacy is a revolution that brought us more or less where we started.

Our article clearly hit a nerve. Cynthia Dwork refused to talk to me at a conference, and a few other computer scientists have written hostile critiques that aim primarily to impugn our intelligence and honesty rather than engaging with our arguments on the merits. Anand Sarwate calls our article “an exercise in careful misreading” and Frank McSherry writes

The authors could take a fucking stats class and stop intentionally misleading their readers.

The not-so-subtle subtext is “don’t listen to these idiots. They are bad people.”

Given this reaction, you would think that the critics have uncovered flaws in our applications and illustrations of Differential Privacy. They have not. Sarwate even admits that we “manage to explain the statistics fairly reasonably in the middle of the paper” and primarily takes issue with our tone and style.

I have little doubt that the condescension and character attacks are a symptom of something good: there has been a necessary adjustment in the public policy debates. Indeed, although our piece has received the occasional angry tweet or blog review, the private reaction has been positive. Emails and personal conversations have quietly confirmed that data managers understand the significant limitations of pure Differential Privacy and have had to stick with other forms of statistical disclosure controls that have fallen out of vogue.

We respond here to the criticisms, which come in four general types: (1) Differential Privacy should destroy utility—it’s working as planned; (2) We exaggerate the damage that DP does to utility; (3) We overlook the evolution in Differential Privacy that has relaxed the privacy standard to permit more data utility; and (4) There are methods other than adding Laplace noise that satisfy pure Differential Privacy. In brief, our responses are: (1) This is a disagreement about policy rather than a technical discrepancy; (2) Not correct, and when we take the suggestions offered by our critics, the noise gets worse; (3) Not correct; we spent an entire Part of our paper on deviations from pure Differential Privacy; and (4) Don’t hold your breath.

Read more…

Watch “Is Free Speech for Assholes?”

The panel discussion from the Speech Holes conference is now available online, where First Amendment scholars grapple with the age-old question, “Is Free Speech for Assholes?

Information Libertarianism

Jane and I have a new article coming out in volume 105 of California Law Review, titled Information Libertarianism. Here’s the abstract:

Recent First Amendment precedent is widely attacked as unprincipled: a deregulatory judicial agenda disguised as free speech protection. The scholarly consensus is mistaken. Descriptively, free speech protections scrutinize only information regulation, usefully pushing government to employ more direct regulations with fewer collateral consequences. Even an expansive First Amendment is compatible with the regulatory state, rather than being inherently libertarian. Normatively, courts should be skeptical when the state tries to design socially-beneficial censorship.  

This Article advances a structural theory that complements classic First Amendment rationales, arguing that information libertarianism has virtues that transcend political ideology. Regulating information is peculiarly difficult to do well. Cognitive biases cause regulators to systematically overstate risks of speech and to discount its benefits. Speech is strong in its capacity to change behavior, yet politically weak. It is a popular scapegoat for larger societal problems and an attractive tool for rent-seeking interest groups. Collective action, public choice, and government entrenchment problems arise frequently. First Amendment safeguards provide a vital counterpressure. Information libertarianism encourages government to regulate conduct directly because when the state censors communication, the results are often counterproductive. A robust First Amendment deserves support regardless of ideology.

Comments and feedback warmly welcomed!

The iPhone Writ Large

Apple and the Department of Justice are dueling over whether the iPhone maker must write code to help the government break into the San Bernadino shooter’s phone. The government obtained a warrant to search the phone (a nicety, perhaps, since the phone’s owner has consented to the search, and the shooter is dead). But, the killer took advantage of the iPhone 5C’s security: it’s locked with a passcode, and it is likely to wipe the contents after a certain number of incorrect attempts to enter that code. (And, iOS forces a delay in retrying the passcode once the user incorrectly enters the code 4 times.) DoJ relies on the All Writs Act, originally passed in 1789, back when the Blackberry was the smartphone of choice.

There’s been some excellent analysis of the situation; I would point you in particular to Dan Guido’s technical analysis of Apple’s ability to comply, Cyrus Farivar and David Kravets’s overview of the legal precedent and facts, and Michael Dorf’s primer on the AWA. There is also a fair amount of spin, BS, and misunderstanding on both sides of the argument. So, I thought I’d chime in, just to make matters worse, with a few points.

First, this is not a fight about Apple’s encryption – at least, not directly. The government wants the ability to attempt to crack the passcode via brute force. What it wants Apple to do is to make that easier, and to make mistakes less costly. (I’m not sure why the latter is vital. The FBI could easily clone the phone’s storage, so if it gets bricked, they can swap in a new version. Certainly, it’s convenient to have Apple deactivate the error bomb, but hardly necessary.)

Second, we don’t fully understand the depth of the government’s request. Guido notes that iOS imposes a minimum of 80ms per passcode query. That still lets an attacker run a lot of queries, but it’s not at all clear that this is anything other than a programming choice. Quoting him, the DoJ has demanded that “[Apple] will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware.” (emphasis mine) Again, I’m not expert in iOS, but it looks like the 80ms delay is a choice made by iOS, not a limit introduced by hardware capabilities. I would bet that the government wants an iOS update that runs queries as fast as the processor, memory, and storage can handle them, which will cut its time to break in.

Third, there may be nothing useful on the phone. Both attackers are dead. The FBI says it can’t rule out that there are accomplices out there, but they’re doing a thorough job of investigating the shooter’s brother, along with other possible conspirators, and at this point, we also can’t rule out a second gunman on the grassy knoll. I don’t think there is much exigency here. Yes, getting into the iPhone might help the investigation. But it’s not clear that there is any extant threat, nor even any extant defendants. This looks a bit like a fishing expedition.

Fourth, this is a political play by the government. The FBI has been pushing for some time to get law enforcement access to encryption systems. (This is often referred to as a backdoor, but it’s really just key escrow. It means either that data is encrypted such that more than one private key will decrypt it, or that the vendor keeps a copy of all private keys and can access them. Lotus Notes, which I worked on for five years, introduced key escrow reluctantly in version 5. And, to comply with export controls limiting the strength of encryption sold outside the U.S., the company turned over part of the private key that Notes uses to the U.S. government. This meant, for example, that key strength was 128 bits against the world, except for the U.S. government, against which it was 64 bits.) It hasn’t gotten much traction; even the NSA has come out against it. I think that’s why the FBI / DoJ have launched this effort to compel Apple. If they succeed, they get a means to bypass encryption more easily without having to pass any legislation or get any new regulations. If they fail, it provides a politically potent example with which to press its cause: we can’t fight terrorists without backdoors! And, the case has generated some bad publicity and badwill for Apple. Marmot impersonator Donald Trump has called for a boycott of Apple, despite using an iPhone himself.

Fifth, if the government presses its legal case (which I fully expect them to do), I think they’ll win. The All Writs Act is the sort of catchall that seems like it ought to run afoul of due process or separation of powers concerns, but the Supreme Court has upheld it. As I understand U.S. v. N.Y. Telephone Co., there are three prongs to the analysis of an AWA request to a third party: whether the measure is necessary, whether the burden imposed on the target is unreasonable, and whether the party is too distant / removed from the situation (a sort of gloss on burden and reasonableness). The iOS update is arguably necessary, since Apple’s security could brick the phone if DoJ doesn’t guess correctly, quickly. Since Apple is the vendor, they are not likely to be too removed. Burden is the harder one, but it’s much easier to remove functionality than to add it. This is Apple’s best hope, but it doesn’t seem a strong one. The case law on AWA is mixed, but it generally runs in favor of the government.

Sixth, the government’s contention that this update applies only to a single iPhone is sophistry. Sure, the code will specify this particular device’s hardware identifiers and the like. But changing that for future iPhones – at least, future iPhones 5C – is trivial: it’s literally find-and-replace in the code. So, the update isn’t a universal zero-day or anything like that. But it is a tool that will be ready the next time law enforcement wants to hack an iPhone – and, it’s one where Apple will no longer have a credible burden argument to resist creating an update. Neither side is portraying this problem very accurately: it’s not a one-off and it’s not a silver bullet that kills iOS security.

Finally, this case leaves aside the hard issue. Imagine Apple’s next iOS update locks the company out of access: once a user encrypts data, there’s no way for a third party to access it short of a brute force attack. Can the government mandate an operating system update that reverses this? Or that captures the user’s password securely somewhere accessible to Apple / law enforcement if need be? This is, in other words, the encryption / escrow debate, and it has strong flavors of the fight over whether tech firms must build in features that protect against copyright infringement (the one the Supreme Court ducked in MGM v. Grokster). That’s the real puzzle, and one for which this iPhone story is merely a play within a play.

Tyler Broker on Expanding the “No Speculation” Test in Free Speech Cases

My friend and former student Tyler Broker is publishing an interesting and provocative free speech essay in the Gonzaga Law Review. I’ve asked Tyler to prepare a guest blog post. A draft of the full essay is available here.

Who would be so base as to challenge the conventional wisdom that commercial speakers receive less protection than noncommercial speakers? On the other hand, who would be so incurious as to leave unexamined the fact that during the last 20 years not a single regulation on commercial speech has been upheld by the United States Supreme Court while noncommercial speakers have occasionally lost?

The conventional wisdom is correct, to some extent. Federal regulators impose an extensive and complex set of rules on commercial advertising that have no analogs for noncommercial speech. And yet, when First Amendment challenges are brought, the Supreme Court applies a scrutiny that is rhetorically harsher but substantively weaker to noncommercial speech. This essay does not criticize nor argue for additional limits on the evolution of the commercial speech doctrine, in fact quite the opposite. The essay proposes a leveling up process, arguing that the Central Hudson “no speculation rule” should apply to all free speech cases.

No case better illustrates the mechanics of the commercial speech doctrine than Rubin v. Coors Brewing Co., 514 U.S. 46 (U.S. 1995). In Rubin, a beer manufacturer challenged the Federal Alcohol Administration Act’s (FAAA), 27 U.S.C.S. § 201, prohibition against disclosing alcohol content on beer labels. The Rubin Court struck down the restriction as an irrational governmental regulatory scheme, and cast serious doubt as to whether the regulation would advance the government interest in preventing the overconsumption of alcohol “in a direct and material way”. The Rubin Court acknowledged it was “common sense” to assume “that a restriction on the advertising of a product characteristic would decrease consumer selection of a product based on that trait,” yet insisted that commercial speech regulation must not promote the government interest based on “mere speculation or conjecture.”

In contrast to the judicial skepticism in Rubin, the Roberts Court in Morse v. Frederick, 551 U.S. 393, (2007) relied on a form of speculation and conjecture. There the Court accepted a principal’s speculation not only about the consequences of a student’s message “Bong Hits 4 Jesus” displayed during a school sanctioned event at a public place, but also about the student’s intent and mental state. This speculation was allowed to stand even though 1) the Court admitted the banner was “cryptic” and could be interpreted in many ways; 2) there was no evidence the sign caused a disruption; and 3) there was no evidence that would suggest any student who views such a sign is more susceptible to drug use. Further adding to the doctrinal incoherence, the Court in Frederick refused to treat the banner as political despite the fact that Alaska voters had debated and substantially supported marijuana legislation for two decades. An evidence-based standard has been found wanting even in noncommercial cases involving political speech such as Arizona Free Enterprise Club’s Freedom Fund PAC v. Bennett, which received the strictest scrutiny possible by the Court.

When courts refuse to allow government speculation and conjecture to establish the need for censorship, the government is usefully pressed to provide material evidence proving that its speech restrictions truly serve its stated objectives. All free speech scrutiny should incorporate some form of a “no speculation” rule, requiring material evidence to justify the regulation of speech. The reasoning of the commercial speech cases is sound enough to inform all other areas of free speech scrutiny. To protect speakers from overreaching restrictions based on the Court’s (or a principal’s) untested common sense, the government must supply some evidence that the harms of speech are real.


Is Free Speech for Assholes?

The College of Law at the University of Arizona is holding a First Amendment conference in February; the public lecture, which features a bevy of free speech luminaries, is titled, “Is Free Speech for Assholes?” The panel will debate the virtues and pitfalls of current First Amendment doctrine, from corporate speech to hate speech to whether free expression is leading to a new Lochner era. Please attend!

When: Thursday, 25 February 2016, 12:15PM

Where: Room 164, James E. Rogers College of Law, University of Arizona, 1201 E. Speedway, Tucson, AZ

Who: Jack Balkin (Yale), Ron Collins (Washington), Genevieve Lakier (Chicago), Helen Norton (Colorado), Margot Kaminski (OSU), Seth Kreimer (Penn), David Skover (Seattle)

What else: free lunch!

Speech Holes Poster