X

Policy and privacy: Five reasons why 2012 mattered

It was the year of Internet activism with a sharp political point: Protests derailed the Stop Online Piracy Act, assisted in imploding a United Nations summit, and helped to postpone a data-sharing bill.

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
Declan McCullagh
8 min read

This was the year of Internet activism with a sharp political point to it: Protests drove a stake through the heart of a Hollywood-backed digital copyright bill, helped derail a United Nations summit, and contributed to the demise of a proposed data-sharing law.

In 2012, when Internet users and companies flexed their political muscles, they realized they were stronger than they had thought. It amounted to a show of force not seen since the political wrangling over implanting copy-protection technology in PCs a decade ago, or perhaps since those blue ribbons that appeared on Web sites in the mid-1990s in response to the Communications Decency Act. Protests by users also, more recently, prompted Instagram to abandon a policy that would have let it sell users' photos. Here are the five biggest stories of 2012 in the realm of public-policy and privacy.

1. The Stop Online Piracy Act
In an unprecedented protest against the Stop Online Piracy Act early this year, Internet users learned they were more influential than Hollywood's finest lobbyists.

That was a galvanizing moment in the history of online politicking: The protest included some 10 million Americans who signed petitions or phoned their elected representatives, coupled with calls-to-action appearing on Craigslist, Google, Wikipedia, and other high-profile Web sites (an outcome I'd predicted a month earlier). The flood of traffic from people vexed by the Hollywood-backed proposal even knocked U.S. Senate Web sites offline for a while.

It worked. Washington officialdom had never weathered such a deluge of criticism before, at least over tech-related legislation, and as the protests grew, politicians raced to distance themselves from SOPA and a related bill called Protect IP. On January 18, the day sites like Wikipedia went dark in protest, a parade of senators and House members told CNET they would bow to the wishes of their constituents by no longer supporting the legislation.

Sen. Orrin Hatch, the copyright enthusiast who once proposed allowing record labels to remotely destroy the computers of music pirates, went even further and said that "I will not only vote against moving the bill forward next week but also remove my co-sponsorship of the bill." After the Internet claimed that important scalp -- Hatch was arguably Hollywood's favorite senator -- more and more of his colleagues followed suit. A day or so later, the Senate and House of Representatives indefinitely postponed votes on the bills.

January's protests also revealed the weakness of the DC-centric strategy for SOPA, which was designed to render suspected pirate Web sites unreachable. The Motion Picture Association of America and its allies enlisted the Republican-leaning Americans for Tax Reform and the U.S. Chamber of Commerce as a way to inoculate themselves from charges that it was a Hollywood-backed proposal. But, as criticism mounted, the tax group told CNET that it doesn't "unequivocally support" SOPA, and the Chamber's enthusiasm for the legislation became muted after Yahoo and other tech companies began dropping out of the organization. The Internet campaign against SOPA was the opposite: decentralized and relying heavily on the Web and social networks.

Since then, SOPA has entered the political lexicon on Capitol Hill, even among people not affected by January's historic revolt. Politicians and their aides now fret privately about their proposals becoming "SOPA-fied," the new political shorthand for legislation so controversial it electrifies Internet companies and activists into mounting another offensive like the one in early 2012.

2. Cybersecurity
One important lesson from SOPA is that millions of Internet users can be successful when allied with technology firms willing to spend millions of dollars on lobbying. It's the same dollars-plus-votes alliance that, in the 1990s, overcame efforts by the FBI and the National Security Agency to restrict the export of encryption products -- and even, according to one unsuccessful bill, the domestic use of encryption as well.

That's why efforts among civil liberties and some conservative and libertarian groups to defeat the Cyber Intelligence Sharing and Protection Act, or CISPA, this spring weren't quite as successful.

The Republican-backed CISPA was designed to usher in a new era of information sharing between companies and government agencies, with the goal of helping to increase cybersecurity. But it included limited oversight and privacy safeguards, and would have overruled all existing privacy laws, including ones relating to wiretaps, Web companies' privacy policies, census data, medical records, and so on.

Silicon Valley companies may not exactly have loved CISPA, but they preferred it to competing Democrat-backed legislation from Sen. Joseph Lieberman of Connecticut, which would have also authorized more surveillance while imposing new regulations on companies deemed by a new National Cybersecurity Council to be "critical cyber infrastructure."

On the theory that CISPA was the least-worst legislation, technology companies mostly backed it. The House Intelligence committee proudly listed letters of support from Facebook, Microsoft, Oracle, Symantec, Verizon, AT&T, Intel, and trade association CTIA, which counts representatives of T-Mobile, Sybase, Nokia, and Qualcomm as board members. In February, Facebook Vice President Joel Kaplan wrote an enthusiastic letter to CISPA's authors to "commend" them on the legislation.

Internet users, on the other hand, protested. Over 800,000 people signed an anti-CISPA petition. Advocacy groups, including the American Library Association, the Electronic Frontier Foundation, the ACLU, and the libertarian-leaning TechFreedom, launched a "Stop Cyber Spying" campaign in mid-April -- complete with a write-your-congresscritter-via-Twitter app -- and the bill has drawn the ire of Anonymous. Rep. Ron Paul, the Texas Republican and presidential candidate, warned that CISPA represents the "latest assault on Internet freedom" and was "Big Brother writ large."

It didn't work. The House of Representatives approved CISPA in April by a comfortable margin of 248 to 168. But because of ongoing partisan wrangling between in the Senate over Lieberman's bill, both have stalled.

3. United Nations Dubai summit
When the history of early 21st century Internet politicking is written, the meltdown of a United Nations summit in December will mark the date a virtual Cold War began.

In retrospect, the implosion of the Dubai summit was all but foreordained: It pitted nations with little tolerance for human rights against Western democracies that, at least in theory, uphold those principles. And it capped nearly a decade of behind-the-scenes jockeying by a U.N. agency called the International Telecommunication Union, created in 1865 to coordinate telegraph connectivity, to gain more authority over how the Internet is managed.

It didn't work. Backed by nearly a million people and some of the engineers responsible for creating the Internet and World Wide Web, the U.S. and dozens of other western democracies rejected the Dubai treaty. That dealt a serious blow to an alliance of repressive regimes -- led by Russia, China, Algeria, and Iran -- that tend to lack appreciation of the virtues of a traditionally free-wheeling Internet.

The new Internet political divide isn't east-west or north-south. Instead, it roughly tracks national governments' commitment to free expression and other human rights: the U.S., Canada, Europe, Australia, New Zealand, India, the Philippines, Japan, and dozens of other nations did not sign the Dubai treaty (PDF). Of the ITU's 193 member states, 89 have signed the treaty so far, putting the total at a little less than half. Signatories include Russia, China, Libya, Nigeria, Iran, Cuba, Cambodia, and Egypt.

ITU chief Hamadoun Touré and Mohamed Nasser al Ghanim, the summit's chairman, inadvisedly pushed to insert language dealing with regulation of "unsolicited" Internet communications and cybersecurity. In addition, a resolution appended to the treaty says "all governments should have an equal role and responsibility for international Internet governance" and formally expands "the activities of ITU in this regard."

That amounts to a direct challenge to the traditional way the Internet is governed, which is primarily by ICANN, the organization that manages Internet domain names and addresses, and by protocols created by groups such as the Internet Engineering Task Force and the World Wide Web Consortium. It suggests that topics related to Internet speech and surveillance could be put to a majority vote of the ITU's 192 member countries, many of which have less-than-favorable views toward human rights and Internet expression. And it ultimately didn't work: the summit imploded as a result.

4. GPS tracking
In January, the U.S. Supreme Court curbed the increasingly common practice of police using GPS devices to track Americans' vehicles without obtaining a warrant first.

The case arose out of a criminal prosecution of Antoine Jones and Lawrence Maynard, two suspected cocaine dealers who ran a nightclub in Washington, D.C. Jones said the warrantless use of a GPS device to track every movement of his vehicle over the course of a month violated the Fourth Amendment, which generally says that warrantless searches are "unreasonable."

Even though police are planting GPS bugs on Americans' vehicles thousands of times a year, the legal ground rules had remained unclear, and lower courts had split on whether a warrant should be required. Once relegated, because of their cost, to the realm of what spy agencies could afford, GPS tracking devices now are readily available to jealous spouses, private investigators, and local police departments for just a few hundred dollars.

A brief (PDF) submitted by the Justice Department had argued that no American has "a reasonable expectation of privacy in his movements from one place to another," even if technological advancements "allow police to observe this public information more efficiently."

The ruling in Jones doesn't end the debate. Still unanswered are questions about whether Americans' cell phones can be tracked without a warrant, and the Supreme Court left open the possibility that some types of warrantless tracking might not violate the Fourth Amendment's prohibition on "unreasonable" searches. The court's opinion concluded by warning: "We may have to grapple with these 'vexing problems' in some future case."

5. Washington expansionism
In 2012, federal bureaucracies started taking careful aim at Silicon Valley companies in a way not seen since the heyday of the Microsoft trial, which was also started by a Democratic presidential administration.

The Democratic chairman of the Federal Trade Commission, Jon Leibowitz, took the unusual step of announcing a formal investigation into Google's "search and search advertising" practices this fall, predicting it would conclude by the end of 2012 -- weeks before his term would end if Mitt Romney would have been elected. One report says Leibowitz, the Motion Picture Association of America's former lobbyist, wants "the glory" of being the regulator who takes on Google. A resolution is now expected next year.

"Republicans wouldn't think about bringing a case against Google," says Robert Lande, a professor at the University of Baltimore who specializes in antitrust law. Presidential party affiliation "matters a lot" in deciding whether to penalize companies like Google, Intel, and Microsoft, he says.

In December, the FTC announced it had expanded its regulations stemming from the Children's Online Privacy Protection Act, or COPPA, to sweep in geolocation information and other data. The problem, though, is that Congress hasn't authorized the expansion. FTC commissioner Maureen Ohlhausen wrote in a dissent that the regulations were illegal, saying that a key part "exceeds the scope of the authority granted us by Congress." The FTC has also pressured companies to agree to a Do Not Track mechanism, an effort that now seems to be imploding.

Washington has also targeted Apple, of course. The Justice Department filed a lawsuit in April for alleged e-book price fixing, the first time the Cupertino company has faced such intense regulatory scrutiny of its business practices. Richard Epstein, the prolific legal scholar and professor of law at New York University, said when it was filed that: "The betting here is that this lawsuit is a mistake."

Facebook, too, has been subject to its own FTC assault. In August, the social network settled allegations that it had not been straightforward enough with users in terms of their privacy. Now it must obtain users' "express consent" before sharing data.