Email warnings in Canada are reported to be effective in deterring downloads, part of a project called "notice and notice." Why does it work?? Consistent with the massive amount of research on deterrence in every context from taxes to drugs to speeding to burglary--what deters is not the threat of a stiff penality. It is the likelihood of getting caught, which the email recalls.

Note the privacy angle--the downloader who was warned wonders who the ISPs are sharing data with, such that he received a warning, and the ISPs are quick to reassure him.

I've long been a self-annointed "privacy skeptic" as far as information-sharing in the private sector is concerned. We start out with an Internet designed and build for a closed, trusting community of academics. It has very few "enforcement friendly" features of the sort it would have had if it were built for a commercial community to begin with--features that are the equivalent of the fact that many things that people do in the "real" "physical" world are within the line of sight of others, such as shopkeepers. So we end up with people having the expectation that everything they do in cyberspace is protected by the full panoply of due process, unless they are warned otherwise. Now this clearly has some benefits for victims of abuse and so on. But it also has tremendous potential for mischief.

The network would, I think, naturally tend to evolve more enforcement friendly features over time, as spam, fraud, rampant copytheft, and so on continue. But this whole business is complicated by the layers of normative and policy concerns laid over the network over top of a purely pragmatic problem-solving approach. Policies that are overly protective of privacy in all contexts can throw a monkey wrench in even the most moderate steps out of the enforcement problems. What one ends up with therefore is less individual liability for wrongs and more proxies for that, such as expanded vicarious liability or tech restrictions such as the DMCA.

Luckily there is a way out of this morass without top-down intervention from the government--it starts with the ISP's contracts with their customers, which can put customers on notice that some information, especially of illegal actions, might be shared upon request. It needn't be especially specific; the ISP is unlikely to know, in advance, what situations will arise exactly. It might distinguish criminal investigations from civil, or not. . . Any notice at all can begin to bring people's expectations of privacy online more into line with common sense.

Ultimately, one can use technology in a way so that one ends up with a world that is much more privacy-preserving than a shopping mall ever could be--in one sense. No human being need ever see the results of packet searches for copytheft, for example, and they need not be stored or even shared below a certain threshold. Warnings, too, could be automated, until perhaps a certain number had been sent. Is is a threat to privacy if only machines "know" what I am up to? Especially if other machines "knew" anyway? What's one more machine, really?

To answer my own question, it is indeed a significant threat if the due process that keeps the government from accessing that information to store and use for police or tax purposes is eroded. And in many countries around the world, that due process is nonexistent.

There's another problem with the evolution of more enforcement-friendly networks; if that evolution takes place with too specific an enforcement problem in mind, it will be unsuited for other contexts. What do I mean by that? Enforcement must be fair. It cannot be weighted against one party or the other. If one side has an accelerated "internet friendly" option--the other side should have one too. If the network evolves in the context of an enforcement problem where one side is the "bad guy" and the other side is the "good guy" or where one side is considered "credible" and the other side is not, it will be very much subject to abuse. We need a Rawlsian veil--policymaking a la Hayek, where no party knows for certain what exactly its interest in the proceedings will be going forward. And we don't have that situation at all.

So, civil libertarian friends (and former friends presently much annoyed with me) find themselves--arguing against any kind of effective online enforcement. And they argue against any kind of proxies for effective enforcement--expanded liability of anyone easy to catch. It ends up being a very conservative position, in which they wed themselves inextricably to eighteenth-century enforcement models.

And we have a network replete with every kind of mischief, and real growth potential being eroded.

In my view, again, the best first step out of this mess is to return to a more common-sense idea of privacy online, using technology to full advantage, and thinking in a more creative way about how to keep fairness in process alive in new ways. But it is all too much for me.

posted by Solveig Singleton @ 8:08 AM | Internet: P2P, Search Engines...

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment(0)