Copyright 2000 Federal News Service, Inc.
Federal News Service
March 2, 2000, Thursday
SECTION: PREPARED TESTIMONY
LENGTH: 4344 words
HEADLINE:
PREPARED STATEMENT OF JERRY BERMAN EXEC. DIRECTOR OF THE CENTER FOR DEMOCRACY
& TECHNOLOGY AND JOHN MORRIS, DIRECTOR OF THE BROADBAND ACCESS PROJECT
BEFORE THE SENATE COMMITTEE ON COMMERCE, SCIENCE
AND TRANSPORTATION SUBCOMMITTEE ON COMMUNICATIONS
BODY:
(NOTE: Tables not transmittable) Mr. Chairman and members of the
Committee, the Center for Democracy & Technology (CDT) is pleased to have
this opportunity to speak to you on the short and long-term implications of the
AOL/Time Warner merger on consumers, and on the Internet itself. CDT is a
non-profit, public interest organization that is dedicated to developing and
implementing public policies to protect civil liberties and democratic values on
the Internet. CDT has been at the forefront of efforts to establish and protect
the very high level of constitutional protection that speech on the Internet has
been afforded by the United States Supreme Court in the Reno v. ACLU decision.
CDT led the coalition that wired the trial court in Philadelphia in that case,
and CDT has undertaken a major project to ensure that the open and democratic
characteristics of the narrowband Internet- so central to the Reno decision- are
carried over into the emerging broadband world. Mr. Chairman, the Internet is at
a critical junction in its evolution. Although as a popular mass medium the
Internet is less than ten years old, it is already entering into a period of
significant transformations. These transformations are threatening to undermine
the fundamental characteristics that make the Internet such a unique and dynamic
means of communication. We would like to address two different threats to the
Internet - threats to openness and threats to privacy - and the implications of
the AOL/TIme Warner merger on those issues. For both of these issues, the
critical starting point is to look at the vital characteristics that make the
Internet what it is today.
I. OPEN ACCESS
A. "Open"
Characteristics of the Narrowband Internet
In the first comprehensive
assessment of the Internet by an American court, the trial court in the Reno
case in 1996 found what it termed "a unique and wholly new medium of worldwide
human communication? The narrowband Internet developed into this dynamic medium
in large part because it has been "open" at virtually all levels of its
existence. The "network of networks" operates using open and freely available
technical standards, allowing literally millions of different (and often
incompatible) computers to communicate seamlessly. The open protocols used for
Internet traffic allow startup companies and individual software designers to
create and distribute new modes of communication over the Internet. Speakers,
large and small, rely on the openness of the Internet to speak easily,
inexpensively, and without significant restriction or limitations on the form or
content of the speech.
As one judge put it, the "Internet is a far more
speech-enhancing medium than print, the village green, or the mails."2 That
judge concluded that "(f)our related characteristics of Internet communication
have a transcendent importance" to the conclusion that the Internet deserves the
highest levels of constitutional protection:
First, the Internet
presents very low barriers to entry. Second, these barriers to entry are
identical for both speakers and listeners. Third, as a result of these low
barriers, astoundingly diverse content is available on the Internet. Fourth, the
Internet provides significant access to all who wish to speak in the medium, and
even creates a relative parity among speakers.3
The "openness" of the
narrowband Internet translates into an unprecedented ability of speakers to
speak and listeners to receive content, free from governmental or private
interference. Internet users have a wide range of choices as to how to access
the Internet and what to do with the communications medium once online. Users
can speak to the entire world with little or no investment. Listeners can access
a vast wealth of content quickly and easily, without significant governmentally-
or privately- imposed limitations. In short, the Internet offers individuals,
communities, non-profit organizations, companies, and governments an
unprecedented ability to speak and be heard.The infrastructure in which this
open, narrowband Internet exists is the telephone system, which operates with
full common carrier obligations. Thus, Internet Service Providers (ISPs), with
very little investment, could offer services within a community, free from
interference by the telephone company providing the "last mile" connection to
the ISP's customers. Internet users, in mm, could easily reach any of the often
hundreds of ISPs in any given community, and could do so without facing any
telephone-company-imposed restrictions (other than bandwidth limitations
inherent in an analog telephone line). The common carrier requirements in the
telephone system have led to a great diversity of ISPs, and to a great deal of
competition and innovation in the provision of Internet service.
As the
Internet moves into the broadband world, it moves away from the mandated
openness of common carriage. It is now clear that broadband service over the
telephone network - in the form of Digital Subscriber Line, or
DSL, service - will be a significant avenue for users to obtain
broadband access to the Internet. It is also clear, however, that broadband
service over cable networks will for the foreseeable future be the leading
method to deliver broadband Internetaccess. Cable operators are not subject to
common carriage requirements, and are thus not required to allow multiple ISPs
to offer a diversity of Internet service options to cable Internet users. This
difference has raised the very real possibility that the open, dynamic, and
democratic Internet might come to be dominated and in part controlled by a small
number of private companies that own the critical "last mile" cable connection
into users' homes.
B. CDT's Broadband Access Project
As this
Committee is well aware, these concerns have led to the often bitter- and often
loud - debate over the past eighteen months over whether cable systems should be
forced to permit unaffiliated ISPs to offer broadband services over the cable
systems. When confronted with the competing arguments and claims in early 1999,
the Center for Democracy & Technology decided that it simply did not know
enough about the issues to be able to take a position. Instead, CDT undertook
its Broadband Access Project to conduct a neutral, balanced assessment of the
factual and policy issues surrounding the emergence of broadband technology.
CDT sought and obtained support for the Broadband Access Project from a
broad cross section of the emerging broadband industry. The Project's
participants include cable operators AT&T and Time Warner, ISPs America
Online and Mindspring, local exchange carriers Bell Atlantic and SBC
Communications, interexchange carder MCI WorldCom, and technology companies such
as Microsoft. Although these broadband companies were fiercely fighting in the
marketplace, on Capitol Hill, and elsewhere, they decided that it would also be
worthwhile to participate in a dialogue to discuss the issues raised by
broadband technology. In addition to these and other companies, the Project has
also included working closely with the public interest advocacy groups that have
been at the forefront of the open access debate.
Our consultations and
analysis are continuing, and we expect to be able to release the results of the
project within the coming months.
But two very significant
developments in the broadband world have led us to conclude that it is
appropriate now to share with this Committee the current draft (as of late
February, 2000) of one of the documents our Project is preparing - a clear and
careful statement of openness principles that we believe should be applicable to
the provision of broadband services over the Internet.These principles -
attached as Attachment A - do not represent any agreement by any company or
public interest participant in CDT's Broadband Access Project, but instead
reflect CDT's efforts to craft a set of principles that respond to the concerns
and views raised by the project participants. These principles are expressly
silent on the critical question of whether any govemmental action should be
taken to enforce the principles - our initial intent was to attempt to
articulate what our common goal is, before addressing how to reach that goal.
Moreover, these principles are continuing to evolve as we continue to work with
the project participants.The two developments that have led us to release the
draft principles at this time are both statements by leading cable operators of
th eir own sets of principles to govern open access on their cable systems.
First, in December of 1999, AT&T and the ISP Mindspring sent a joint letter
to Chairman William Kennard of the Federal Communications Commission, outlining
a set of principles that AT&T stated would guide its dealings with
unaffiliated ISPs seeking to provide broadband service over AT&T's cable
networks (Attachment B).
Second, and what of course prompts this
hearing, is the announced merger of AOL and Time Warner, and the "Memorandum of
Understanding" that those two companies released earlier this week (Attachment
C). Both of these corporate statements of principles represent very significant
and positive steps towards open access. CDT offers its draft principles in the
hope that they may assist this Committee and other policymakers in assessing AOL
Time Warner's Memorandum of Understanding, as well as the AT&T/Mindspring
statement of principles. A summary and side-by-side comparison of the three sets
of principles are offered below. Although the sets of principles use different
words, many of the points are common to all three sets.
C. Moving
Forward on Open Access: The Next Steps
As the above comparison suggests,
the AOL Time Warner Memorandum of Understanding represents a very positive step
towards open access. AOL Time Warner has made a positive commitment on many, but
not all, of the points articulated in CDT's draft principles. A number of key
points remain unclear, including, for example, the number of ISPs that will be
supportable on a typical Time Warner cable system. As AOL Time Warner
acknowledges, the Memorandum of Understanding is only the first step toward open
access.
Looking at both AOL Time Warner and the broadband industry more
broadly, there are at least three critical and independent steps toward open
access that policymakers must consider: 1. A set of open access principles and
goals must be refined and further articulated.
No matter which set of
principles serves as the starting point (CDT's, AOL Time Warner's, AT&T's,
or another set), there must be further discussions and, hopefully, consensus on
what exactly will be necessary for a broadband facility to be considered "open."
Consensus on these key threshold principles and goals must include policymakers,
the public interest community, and the Internet industry.
2. The entire
U.S. cable industry (beyond AT&T and Time Warner) must be brought into these
discussions about open access principles, and ultimately must undertake to
implement open access on their systems. Even if all currently pending mergers
are approved and AOL Time Warner and AT&T both implement open access on
their systems, there are many major cable systems that have not yet made a
commitment to open their cable systems.
3. Finally, any set of open
access principles must be fully and effectively implemented. As is often the
case with policy and technology, the devil will be in the details. This is all
the more true given the significant technical complexity that will be inherent
in any implementation of open access on a cable system. Open access commitments
by AOL Time Warner and AT&T are certainly positive developments, but until
actual contracts are signed with unaffiliated ISPs and open access is actually
implemented, there will unavoidably be uncertainty and concern about the true
prospects for open access.
Remaining is the critical question of how
these next steps are implemented. The traditional pre-Internet approach to this
type of policy situation has called for govemmental action to require and
oversee these and other steps toward open access. In the context of the
Internet, however, a variety of policy issues have been addressed in the first
instance not by govemmental action but by private serf- regulatory efforts.
Public interest organizations fighting for open access have strongly argued that
there must be a federal government policy, and federal oversight, to ensure that
AOL Time Warner, AT&T, and other private companies in fact implement true
open access. These public interest advocates assert that the democracy and free
speech on the Internet are so fundamentally important that they cannot be left
to private negotiations between Internet companies.4
From CDT's
perspective, the most significant problem with the idea of a government mandate
of open access is that such action would lead (and in some cases already has
led) to extensive litigation and, ultimately, prolonged delay. With the recent
movement toward open access by AT&T and Time Warner, it appears possible
that the cable industry as a whole is in fact moving on its own towards open
access. CDT believes that these efforts toward consensus and voluntary
implementation of open access should be given an opportunity to succeed.
Critically, however, the details of open access cannot be determined and
implemented without direct and continuing public interest involvement in the
decisions. The public interest advocates are correct in concluding that free
speech and democracy on the Internet are critically important, and require
public participation in the development and evolution of the Internet. The
Internet industry has frequently sought to keep government out and allow the
industry to solve problems without govemmental mandate. In most situations, this
voluntary approach is desirable, but for it to succeed when free speech and the
First Amendment are at stake, there must be a way for public interest voices to
take part in the network and infrastructure design decisions that will be
necessary to implement open access in the broadband Internet. There may also be
a role short of legislation that Congress can and should play. Hearings of this
type serve to focus attention -- attention of the industry, the media, and the
public -- on the issues raised here. If the industry is going to succeed in
addressing the critical issues of open access, it should do so with the
participation and input of policymakers at all levels of government. Ultimately,
however, if this effort fails to address these critical issues and fails to
implement meaningful open access, the government may at that time need to take
action.
II. PRIVACY
As with the open access issue, the critical
starting point on the privacy questions is the current state of privacy (and
citizens' expectations of privacy) and the ways in which the evolution of the
Internet may threaten privacy principles. As many of you know, the Center for
Democracy & Technology has long been an advocate for protecting privacy on
the Internet, and we have previously had the privilege of addressing this
Subcommittee on privacy issues? We will only briefly summarize our analysis of
privacy issues on the Internet, and then consider how the proposed AOL Time
Warner merger might impact the privacy issue. CDT believes that a key privacy
consideration should be individuals' long-held expectations of autonomy,
fairness, and confidentiality, and policy efforts should ensure that those
expectations are respected online as well as offline. These expectations exist
vis-a-vis both the public and the private sectors. By autonomy, we mean the
individual's ability to browse, seek out information, and engage in a range of
activities without being monitored and identified.
Fairness requires
policies that provide individuals with control over information that they
provide to the government and the private sector. In terms of confidentiality,
we need to continue to ensure strong protection for e-mall and other electronic
communications.
As it is evolving, the Internet poses both challenges
and opportunities to protecting privacy. The Internet accelerates the trend
toward increased information collection that is already evident in our offline
world. The trail of transactional data left behind as individuals use the
Internet is a rich source of information about their habits of association,
speech, and commerce. When aggregated, these digital fingerprints could reveal a
great deal about an individual's life. The global flow of personal
communications and information coupled with the Internet's distributed
architecture presents challenges for the protection of privacy.
The
proposed merger of AOL and Time Warner does highlight both the increased risks
for privacy problems as the Internet evolves, and the great potential for
self-regulatory efforts to enhance privacy protection.
Both AOL
and Time Warner have access to significant mounts of personal data about their
subscribers. For AOL, this includes for example, information about online
service subscribers, AOL.COM portal users, and ICQ and instant messaging users.
Time Warner has access to information about ranging from cable subscriber usage
to magazine subscriptions. The specter of the merged companies pooling all of
their information resources, and then mining those resources for marketing and
other purposes, should be cause for concern.
Fundamentally, however, the
AOL Time Warner merger does not alter the equation for a privacy solution.
Protecting privacy on the Internet requires a multi-pronged approach that
involves self-regulation, technology, and legislation.
On
self-regulation, we must continue to press the Internet industry to adopt
privacy policies and practices, such as notice, consent mechanisms, and auditing
and self-enforcement infrastructures. We must realize that the Internet is
global and decentralized, and thus relying on legislation and govemmental
oversight alone simply will not assure privacy. Because of extensive public
concern about privacy on the Internet, the Internet is acting as a driver for
self-regulation, both online and offline. Businesses are revising and adopting
company- wide practices when writing a privacy policy for the Internet. Efforts
that continue this greater internal focus on privacy must be encouraged.
On the technology front, while the Internet presents new threats to
privacy, the move to the Internet also presents new opportunities for enhancing
privacy. Just as the Internet has given individuals greater ability to speak and
publish, it also has the potential to give individuals greater control over
their personal information. We must continue to promote the development of
privacy-enhancing and empowering technology, such as the World Wide Web
Consortium's Platform for Privacy Preferences ("P3P"), which will enable
individuals to more easily read privacy policies of companies on the Web, and
could help to facilitate choice and consent negotiations between individuals and
Web operators.
Finally, we must adopt legislation that incorporates into
law Fair Information Practices -long-accepted principles specifying that
individuals should be able to "determine for themselves when, how, and to what
extent information about them is shared."6 Legislation is necessary to guarantee
a baseline of privacy on the Internet, but it is not one-size-fits-all
legislation. Privacy legislation must be enacted in key sectors such as privacy
of medical records. For consumer privacy, there needs to be baseline standards
and fair information practices to augment the self-regulatory efforts of leading
Internet companies, and to address the problems of bad actors and uninformed
companies. Finally, there is no way other than legislation to raise the
standards for government access to citizens' personal information increasingly
stored across the Internet, ensuring that the 4th Amendment continues to protect
Americans in the digital age. In all of these areas, the positions of AOL and
Time Warner are and will be critical to achieving increased privacy protection.
Both American Online and Time Warner have strong privacy policies, have
generally been quick to respond if lapses or violations are identified,7 and
have been strong supporters of P3P and other privacy- enhancing technology. CDT
welcomes the acknowledgement by AOL CEO Steve Case (before the Senate Judiciary
Committee earlier this week) that some legislation will be necessary to
incorporate best privacy practices on the Internet. In evaluating the merger, it
will be critical to ensure that the merged company will continue a strong
commitment to privacy. Just as in the broadband area AOL Time Warner committed
to requiring arms length negotiations between different business units within
the merged company, the business units of the merged company should continue to
maintain their subscriber information separately and in conformance with clearly
stated privacy practices.
The history of the Internet, and the history
of telecommunications reform in general, is that policy regimes are first
created by consensus among a broad cross section of the community. CDT is
committed to participating in any process that helps to build a new social
contract embodying democratic values in the emerging broadband world.
NOTES: 1 American Civil Liberties Union v. Reno, 929 F. Supp. 824, 844
(E.D. Pa. 1996), affd, Reno v. American Civil Liberties Union, 521 U.S. 844
(1997).
2 Id. at 882 (Dalzell concurring).
3 Id. at 877 (Dalzell
concurring).
4 Until the announcement of its proposed merger with Time
Warner, American Online also advocated government action. Since the merger
announcement, however, AOL and Time Warner have adopted the approach taken by
AT&T in December, by effectively asking everyone to trust them and allow
them to implement open access voluntarily, without government fiat.
5
See, e.g., Testimony of Deirdre Mulligan, Staff Counsel of the Center For
Democracy & Technology, Before the Subcommittee on Communications of the
Senate Committee on Commerce, Science, and Transportation, July 27, 1999.
6 Alan Westin. Privacy and Freedom (New York: Atheneurn, 1967) 7. The
Code of Fair Information Practices as stated in the Secretary's Advisory Comm.
on Automated Personal Data Systems, Records, Computers, and the Rights of
Citizens, U.S Dept. of Health, Education and Welfare, July 1973:
There
must be no personal data record-keeping systems whose very existence is secret.
There must be a way for an individual to find out what information about him is
in a record and how it is used. There must be a way for an individual to prevent
information about him that was obtained for one purpose from being used or made
available for other purposes without his consent. There must be a way for the
individual to correct or amend a record of identifiable information about him.
Any organization creating, maintaining, using, or disseminating records of
identifiable personal data must assure the reliability of the data for their
intended use and must take precautions to prevent misuse of the data.
The Code of Fair Information Practices as stated in the OECD guidelines
on the Protection of Privacy and Transborder Flows of Personal Data
http://www.oecd.org/dsti/sti/ii/secur/prod/PRIV_EN.HTM:
1. Collection
Limitation Principle: There should be limits to the collection of personal data
and any such data should be obtained by lawful and fair means and, where
appropriate, with the knowledge or consent of the data subject. 2. Data quality:
Personal data should be relevant to the purposes for which they are to be used,
and, to the extent necessary for those purposes, should be accurate, complete
and kept up-to-date. 3. Purpose specification: The purposes for which personal
data are collected should be specified not later than at the time of data
collection and the subsequent use limited to the fulfillment of those purposes
or such others as are not incompatible with those purposes and as are specified
on each occasion of change of purpose. 4. Use limitation: Personal data should
not be disclosed, made available or otherwise used for purposes other than those
specified in accordance with the "purpose specification" except: (a) with the
consent of the data subject; or (b) by the authority of law. 5. Security
safeguards: Personal data should be protected by reasonable security safeguards
against such risks as loss or unauthorized access, destruction, use,
modification or disclosure of data. 6. Openness: There should be a general
policy of openness about developments, practices and policies with respect to
personal data. Means should be readily available of establishing the existence
and nature of personal data, and the main purposes of their use, as well as the
identity and usual residence of the data controller. 7. Individual
participation: An individual should have the right: (a) to obtain from a data
controller, or otherwise, confirmation of whether or not the data controller has
data relating to him; (h) to have communicated to him, data relating to him:-
within a reasonable time; - at a charge, if any, that is not excessive; - in a
reasonable manner; and, - in a form that is readily intelligible to him; (c) to
be given reasons if a request made under subparagraphs (a) and (b) is denied,
and to be able to challenge such denial; and, (d) to challenge data relating to
him and, if the challenge is successful to have the data erased, rectified
completed or amended. 8. Accountability: A data controller should be accountable
for complying with measures which give effect to the principles stated above.
7 See Testimony of Deirdre Mulligan, Staff Counsel of the Center for
Democracy & Technology, before the Subcommittee on Courts and Intellectual
Property of the House Committee on the Judiciary, March 26, 1998, at 11-13
(concerning disclosure of subscriber information to the U.S. Navy).
END
LOAD-DATE: March 4, 2000
