Ohio AG Sues To Declare Google Search A Public Utility

 In light of rising concerns about the Cancel Culture, and specifically various actions by the #BigTech social media sites, there have been increasing calls for regulation of Facebook, Google, Twitter, and the like as common carriers. In other words, imposing regulation akin to traditional public utilities which, generally, are subject to nondiscrimination obligations.

For example, Justice Clarence Thomas has suggested the idea in a concurring opinion in Biden v. Knight First Amendment Institute. I wrote about Justice Thomas's opinion here in Part 3 of my "Thinking Clearly About Speaking Freely" series.

Now comes the Ohio Attorney General suing in an Ohio state court to have Google's search engine declared a utility-style common carrier subject to common carrier obligations.

While I'm concerned about many of the actions taken by the dominant social media platforms, I'm reluctant, at least at this point, to support moves to treat them as common carriers. As I explained recently here, they don't all hold themselves out indiscriminately to serve all comers in the way that traditional public utilities do, and they don't all necessarily exercise the same degree of marketplace dominance. These are the two most prominent indicia of common carriage at common law.  Moreover, common carrier regulation, more often than not, has been applied in a way that discourages investment and innovation, even when, in theory, the common carrier regime incorporates "reasonableness" standards that allow for some flexibility.

And aside from all that, with regard to the Ohio AG's action, I worry about a patchwork of state regimes imposing different regulatory requirements on what truly are national and international business operations.

No doubt the Ohio lawsuit bears close watching.

A 3 Minute Read Gone Bad

Jared Whitley has a piece titled "Facebook Is Not the Bad Guy" which The Weekly Standard ran on July 30. The piece advertises itself, right at the top, as a "3 min read."

Thankfully, it wasn't any longer. Because, say, if it were a "6 minute read," it might have been twice as flawed as it already is.

The premise of the piece is that, when it comes to data privacy and security concerns, the focus on Facebook, and presumably Google, Amazon, and other web giants, is misplaced. Mr. Whitley suggests "the media have been quite gleeful in their cheering of Facebook's recent bad news." Then, he claims "we're picking on the wrong bad guys." According to Mr. Whitley: "Telecom companies – AT&T, Verizon, Comcast – have access to more of our data and treat it with nowhere near the scruples that Silicon Valley does."

Even a cursory read of Mr. Whitley's piece will demonstrate he produces no evidence to support the claim that the "telecom companies" [he means: Internet service providers or ISPs] lack the "scruples" of Facebook, Google, and the other web giants. Mr. Whitley tosses out character-bashing bombs based on nothing more than his assertion "that they're eager to get into the digital advertising space that Google and Facebook dominate."

The reality, whether Mr. Whitley wants to admit it or not, is that Facebook has been in the news because its conduct and practices regarding privacy and data security have been problematic, even if not necessarily unlawful. Facebook's senior executives, including Mark Zuckerberg and Sheryl Sandberg, have acknowledged the company's privacy and data security shortcomings surrounding the Cambridge Analytica matters and other incidents.

My purpose here is not to pile on to Facebook to build a case that it is a "bad guy" – to use Mr. Whitley's terminology. Or to assert that a case has been made for heavy-handed government intervention of Facebook or Google. Rather my purpose is to show that if Mr. Whitley, or anyone else, is concerned about online privacy, it's unwise to ignore the web giants because, to paraphrase Willie Sutton, that's where the market power – and hence money – is.

It may be true, as Mr. Whitley claims, that the Internet service providers like Comcast and Verizon are eager to get into the digital advertising space. Sure enough. But it is also true, as he concedes, that in this space "Google and Facebook dominate."

As of December 2017, Google and Facebook accounted for 73% of the U.S. digital advertising market. And as of July 2018, Google had access to over 86% of all Internet searches in the United States and controlled almost 50% of the web browsing market. Despite its recent troubles, in July 2018, Facebook still controlled 54% of the social media market. The market shares of these web giants indisputably are significantly larger than that of any single Internet service provider.

In a February 2016 paper, “Online Privacy and ISPs: ISP Access to Consumer Data is Limited and Often Less than Access by Others,” Peter Swire and his colleagues stated that 70% of Internet service provider traffic would be encrypted by the end of 2016. Under that scenario, ISPs, at best, only have access to 30% of consumer data. Encryption keeps getting ever more prevalent so, in 2018, ISPs likely have access to even less consumer data. In other words, the Googles and Facebooks of the world, not the ISPs, have far greater access to consumers’ personal information than ISPs.

In the face of this reality regarding market power dominance in the digital advertising space, I'm baffled as to why Mr. Whitley felt the need to portray Internet service providers as the "bad guys" in order to defend Facebook, Google, Amazon, or other web companies. In a two-sided market, ISPs connect consumers to Internet access and web companies like Facebook to deliver content. Both sides have an incentive to collect consumer data to deliver targeted advertising and to respond to evolving consumer demand with innovative, pro-consumer offerings. Done right, this enhances overall consumer welfare.

What we don't want to do (per Mr. Whitley) is to engage in unfounded sweeping generalizations. Instead, we want to have a regulatory regime that emphasizes consumer disclosure and consumer choice. And we want to target bad actors – "bad guys" if you will – for appropriate sanctions if they are found, after proper procedure, to have committed unfair or deceptive practices or other abuses.

And we want to make even a "3 min read," or perhaps especially a "3 min read," accurate, not rife with unfounded accusations.

What the Facebook Controversy Teaches About Privacy Regulation

by Randolph J. May and Michael J. Horney

You have probably heard about the “Facebook controversy.” Facebook allowed as many as 50 million Facebook profiles to be shared with a London-based analytics company, Cambridge Analytica. According to reports, among other things, these Facebook profiles were used by President Donald Trump’s presidential campaign to target advertisements to consumers during the 2016 election.

It is not clear at this point if Facebook or Cambridge Analytica did anything illegal, but the Federal Trade Commission (FTC) recently announced that it has opened an investigation, as it should. And Facebook’s CEO Mark Zuckerberg has published full-page ads in over ten British and American newspapers apologizing for a “breach of trust,” which at the very least, suggests the need for some remedial action by Facebook.  

Ensuring privacy online has been the subject of much debate over the last several years, especially after the FCC’s October 2016 adoption of its Broadband Privacy Order, which subsequently was overturned by Congress in March 2017. The congressional action generated considerable reaction on social media platforms, but one thing is very clear: Had the FCC’s Broadband Privacy Order remained in effect, it would not have prevented Facebook’s actions which led to the current controversy – or any future controversies regarding the handling of privacy expectations by an edge provider.

In an April 1 New York Times op-ed, the Obama administration’s FCC Chairman Tom Wheeler implies that the FCC’s October 2016 rules adopted under his leadership would have prevented Facebook’s practices that created the current controversy. (WARNING: Mr. Wheeler’s op-ed was published on April Fool’s Day!) Aside from the fact that Facebook’s “breach of trust” began back in 2014 before the FCC’s 2016 order was adopted, more importantly, the FCC’s rules only imposed privacy restrictions on broadband Internet providers, not edge providers like Facebook and Google.

So, if nothing else, the controversy surrounding Facebook’s “breach of trust” should highlight why the FCC’s Broadband Privacy Order was so problematic.

Web giants like Facebook and Google collect and sell huge amounts of consumer data. Indeed, that is the essence of their business models. As discussed in a June 2016 Perspectives from FSF Scholars, the reason consumers do not pay monthly subscription fees for Facebook and Google is because they instead “pay” by giving up their personal information. Nowadays, consumers frequently sign onto mobile applications using their Facebook and Google accounts. When a consumer uses a social media login to access a third-party application, he or she grants permission for all activities on that application to be shared with the respective social media platform. Among U.S. consumers, Facebook represents over 79% of social logins and Google represents nearly 12% of social logins. The use of web browsers and mobile operating systems allows these service providers to access a massive amount of consumer information. Google Chrome currently comprises nearly 60% of the of the U.S. web browser market.

In contrast, Internet service providers cannot access nearly the amount of consumer data that edge providers access and the range of personal data they access is more restricted. A February 2016 study by respected privacy scholar Peter Swire, along with colleagues Justin Hemmings and Alana Kirkland, found that WiFi offloading and encryption substantially limit ISPs’ access to consumer data. In fact, the paper determined that broadband providers have access to less than 30% of subscribers’ data, significantly less than the amount of data visible to edge providers.

The FCC’s October 2016 Broadband Privacy Order, to which Mr. Wheeler refers in his April Fool’s Day op-ed, was misguided in that it imposed more stringent regulations on broadband Internet service providers than those that applied to edge providers like Google and Facebook under Federal Trade Commission precedents – even though the edge providers certainly posed no less privacy threat than the ISPs. Thus, the FCC’s Broadband Privacy Order created a disparate privacy regulatory regime that clearly favored the web giants.

When Congress overturned the Broadband Privacy Order in March 2017, the effect was to create a symmetrical privacy regulatory regime applicable to both edge providers and Internet service providers. This was an important step. Now, with the Facebook controversy capturing the public’s attention – and with Facebook’s Mark Zuckerberg set to testify soon before Congress regarding what he has called a “breach of trust” – perhaps Congress will decide to adopt new legislation delineating safeguards to protect consumer data.

If Congress does legislate, there is a reasonable debate to be had regarding the extent of the regulatory requirements and the way they are implemented. But one principle ought to be unarguable: It doesn’t make sense in today’s Internet ecosystem to treat Internet service providers more stringently than the Facebooks and Googles of the world when it comes to privacy regulation.

More on Facebook and Fake News

On November 25, I posted a blog, "Mark Zuckerberg and Fake News," in which I addressed Facebook CEO Mark Zuckerberg's post on "fake news." I included this excerpt from his November 25 post:

“The problems here are complex, both technically and philosophically. We believe in giving people a voice, which means erring on the side of letting people share what they want whenever possible. We need to be careful not to discourage sharing of opinions or to mistakenly restrict accurate content. We do not want to be arbiters of truth ourselves, but instead rely on our community and trusted third parties.”

And I said: "Mr. Zuckerberg commendably outlines some measures Facebook itself is considering to address the fake news issue."

Now, in a December 15 post, "News Feed FYI: Addressing Hoaxes and Fake News," Adam Mosseri, VP, News Feed, offers some steps that Facebook is taking now to address "fake news." These steps include: easier reporting; flagging stories as disputed; informed sharing; and disrupting financial incentives for spammers.

Mr. Mosseri acknowledges that these are first steps, and that Facebook intends to learn from them and adjust accordingly if advisable.

As Mr. Zuckerberg said in November, "[t]he problems here are complex, both technically and philosophically." This certainly is true, it's why it makes sense, as Mr. Mosseri says, to approach the fake news problem carefully.

The steps that Facebook has announced seem reasonable, certainly on a trial basis so that their effect on users' experience can be gauged. It's important that Facebook and other similar platforms take the initiative themselves to consider means of addressing the problem of fake news in ways that are compatible with the vast majority of users they seek to attract and serve. If they don't, there may be calls, however misplaced, by some for the government to "just do something."

That would be terribly wrong. On this point, I'll just repeat what I said in my earlier post:

"As a matter of sound policy, the government should stay out of the business of evaluating the truthfulness of news, except, for example, in rare instances involving public health and safety. And as a matter of law, the First Amendment’s free speech clause demands no less."

Mark Zuckerberg on Facebook and Fake News

So-called “fake news” has been in the news recently – whether in the “real news” or more supposed “fake news” sites – I’ll leave to you to decide. On November 19, Facebook’s CEO Mark Zuckerberg posted his views on the subject. I commend Mr. Zuckerberg’s thoughtful post as well worth a read. 

Right now, in the post-election environment, passions on behalf of some are running high, too high in some quarters. And when passions run high, oftentimes there are pleas for action, even when the solutions offered might be worse than the supposed ills. 

Read Mr. Zuckerberg’s entire post, but here is a brief excerpt that makes a lot of sense:

“The problems here are complex, both technically and philosophically. We believe in giving people a voice, which means erring on the side of letting people share what they want whenever possible. We need to be careful not to discourage sharing of opinions or to mistakenly restrict accurate content. We do not want to be arbiters of truth ourselves, but instead rely on our community and trusted third parties.” 

Mr. Zuckerberg goes on to say that “the percentage of misinformation is relatively small.” On this point, it’s worth taking a look at A. Barton Hinkle’s November 23 post at Reason, “The Fake News Epidemic of Fake News.” Mr. Hinkle contends there are at least two problems with the recent Buzzfeed story upon which so much of the buzz surrounding “fake news” rests: “First, the epidemic of fake news is overstated. Second, fake news is far from new.” 

In any event, in his post, Mr. Zuckerberg commendably outlines some measures Facebook itself is considering to address the fake news issue. Several look promising, at least in theory. You can decide for yourself. 

But the main point is that to the extent “fake news” is a serious problem at all, it should be left to the platforms themselves – and interested private third parties – to address it, not the government. 

As a matter of sound policy, the government should stay out of the business of evaluating the truthfulness of news, except, for example, in rare instances involving public health and safety. And as a matter of law, the First Amendment’s free speech clause demands no less.