The "rule of law" Administration is at it again. Ignoring the rule of law by ignoring applicable laws, the Administration decided to cozy up with law enforcement agencies while pretending to be serving the public. (h/t ProPublica)
Formed by executive order, the Presidential Commission on Law Enforcement and the Administration of Justice was formed by the DOJ. The Commission promised to tackle several important issues, including the handling of mental illnesses, substance abuse, and homelessness. It would supposedly seek input from education, employment, and mental health services to tackle these problems.
More problematically, the Commission thought it needed to address this perceived "problem:"
What is the cause of diminished respect for law enforcement and the laws they enforce, and how does it affect both police and public safety?
The answer would have been immediately apparent if the Commission had asked anyone else but law enforcement agencies to participate. But it didn't. And now a federal court has found that the Administration violated federal law by forming a one-sided commission unlikely to fairly address any of the issues in front of it. Here's how the court describes the President's new Commission en route to finding it broke the law. From the opinion [PDF]:
The Attorney General stressed the need to hear from “[a] diversity of backgrounds and perspectives” such as “community organizations, civic leadership, civil rights and victim’s rights organizations, criminal defense attorneys, academia, social service organizations, and other entities that regularly interact with American law enforcement.” Despite these stated goals, however, the Commission’s membership consists entirely of current and former law enforcement officials. No Commissioner has a criminal defense, civil rights, or community organization background. And Commission proceedings have been far from transparent. Especially in 2020, when racial justice and civil rights issues involving law enforcement have erupted across the nation, one may legitimately question whether it is sound policy to have a group with little diversity of experience examine, behind closed doors, the sensitive issues facing law enforcement and the criminal justice system in America today.
This one-sided panel does not comply with federal law. Nor does its closed-door meetings, which ignore transparency mandates. Here are the requirements of the law that governs the Administration's law enforcement commission:
Passed in 1972, FACA [Federal Advisory Committee Act] requires, among other things, that covered federal advisory committees be “fairly balanced” in the viewpoints represented, that meetings be open and publicly noticed, that a charter be prepared and filed, and that a designated federal officer be appointed to ensure compliance with FACA.
But that's not what happened. After saying some nice things about "diverse viewpoints," Attorney General Bill Barr stocked the commission with 18 former or current law enforcement officials. Barr then unilaterally decided this commission didn't need to comply with federal law.
Further, the memorandum noted, “[t]he Commission serves exclusively to advise the Attorney General and the President” and “is not intended to be subject to either the Federal Advisory Committee Act or Administrative Procedure Act.”
Another brief nod towards transparency was made by the Commission -- a nod that was made even briefer by the Commission shortly after it pretended to care about the public's opinion.
In February 2020, the Commission posted a notice on its website offering interested members of the public the opportunity to submit comments through May 31, 2020 regarding any aspect of the Commission’s work. But at some point between March 13 and March 28, the Commission shortened the comment window by two months, requiring all submissions by March 31, 2020, without posting notice in the Federal Register.
After a lengthy discussion of the government's arguments about whether or not this lawsuit can even be entertained by the court, much less FACA's applicability to its law enforcement commission, the court arrives at this conclusion:
There is no genuine dispute that the government has violated FACA’s transparency and public access requirements by holding closed hearings without timely notice in the Federal Register. And there is likewise no genuine dispute that the Commission has violated FACA’s oversight provisions by failing to file a charter for the Commission, 5 U.S.C. app. 2 § 9(c), and that Attorney General Barr has violated FACA by failing to assign a designated federal officer to the Commission to ensure compliance with FACA…
And the court says there's no dispute the composition of the Commission isn't "fairly balanced." This leads to the court's most damning assessment of the President's law enforcement committee.
The Commission’s function is to improve policing, including relations between law enforcement and the communities they protect. Yet the Commission does not include a single member who represents elements of those communities, rather than law enforcement. Thus, even employing a deferential review, the Court concludes that the Commission’s membership is not “fairly balanced in terms of the points of view represented and the functions to be performed by the advisory committee.” 5 U.S.C. app. 2 § 5(b)(2). Indeed, the Court is hard pressed to think of a starker example of non-compliance with FACA’s fair balance requirement than a commission charged with examining broad issues of policing in today’s America that is composed entirely of past and present law enforcement officials.
The court says nearly everything about the Commission must change. It must change its composition, supply sufficient advance notice for public comment, and otherwise comply with FACA. Until it can comply, it can't hold any more meetings. We'll see how serious the Administration is about improving the relationship between cops and communities. If the Commission decides to abide by the law and continue its work, maybe the Administration still cares about these issues. If it decides it would rather dump the Commission than comply with the law, we'll see how hollow its "rule of law" statements really are.
More than four years ago, the Copyright Office kicked off a project to do a big "study" on Section 512 of the DMCA, better known as either the "notice-and-takedown" section of copyright law, or the "safe harbors" section for websites. The Office took comments, held a few, somewhat bizarre "roundtables" (that we participated in)... and then... silence. Years of silence. Until yesterday when it finally released the report. It's 250 pages and there's a lot in there -- and we're likely to have a few more posts on it as we dig into the details, but to kick it off, I wanted to highlight just how bizarre a report it is, in that the authors don't seem to realize or ever acknowledge that the purpose of copyright law (and even this section) is to create the best possible services for the public.
Instead, the report seems to frame the entire Section 512 debate as a battle between the legacy copyright industry and giant internet companies. From the executive summary:
In enacting section 512, Congress sought to create a balance between two goals. One is
providing important legal certainty for OSPs, so that the internet ecosystem can flourish without
the threat of the potentially devastating economic impact of liability for copyright infringement as
a result of their users’ activity. The other is protecting the legitimate interests of authors and
other rightsholders against the threat of rampant, low-barrier online infringement. Congress
balanced these interests through a system where OSPs can enjoy limitations on copyright
liability—known as “safe harbors”—in exchange for meeting certain conditions, while giving
rightsholders an expeditious and extra-judicial method for addressing infringement of their
works. Thus, for some types of OSPs, their safe harbors are conditioned on taking down
infringing content expeditiously upon notification by a rightsholder.
In the twenty-plus years since section 512 went into effect, the question has often been
asked whether the balance that Congress sought has been achieved, particularly in the light of the
enormous changes that the internet has undergone. Indeed, that is the question that motivated
the Study that led to the present Report.
But the entire framing of that premise is wrong on multiple levels. For proof, let's go back to the legislative record and the the Senate Judiciary Committee's report on why DMCA 512 was necessary, written by long term buddy to the recording industry, Senator Orin Hatch. (As a reminder, Senator Hatch was considered so in the tank for the recording industry that in Rob Reid's satirical sci-fi novel, Year Zero, about the recording industry, he jokes that Hatch is nicknamed "Senator Fido" for his willingness to do whatever the recording industry told him -- so not exactly a defender of the public). Yet, the report makes it abundantly clear that a major stakeholder of the DMCA is the "end-user" and that the DMCA needs to be careful not to be used to take down works that are legitimately placed online. From that report:
The Committee was
acutely concerned that it provide all end-users--whether
contracting with private or public sector online service
providers--with appropriate procedural protections to ensure
that material is not disabled without proper justification. The
provisions in the bill balance the need for rapid response to
potential infringement with the end-users legitimate interests
in not having material removed without recourse.
The Copyright Office was told repeatedly both about this clear stakeholder and was given many, many examples of how the DMCA 512 has failed on that front. And, yet very little of that is reflected in the report. Instead, the report mainly focuses on large internet providers liking the safe harbors, and copyright holders wanting it to be worse... and then claims that since only one side is "upset" clearly that means things are out of balance.
Roughly speaking, many OSPs spoke of section 512 as
being a success, enabling them to grow exponentially and serve the public without facing
debilitating lawsuits. Rightsholders reported a markedly different perspective, noting grave
concerns with the ability of individual creators to meaningfully use the section 512 system to
address copyright infringement and the “whack-a-mole” problem of infringing content reappearing
after being taken down. Based upon its own analysis of the present effectiveness of
section 512, the Office has concluded that Congress’ original intended balance has been tilted
askew.
It's like the public's interest has just been written right out of the law by the Copyright Office. And that's stunning. And it's also disappointing because our own comments (along with many others) to the Copyright Office highlighted the failing of the notice-and-takedown process in that it frequently censors non-infringing material.
Also, the "conclusion" that the "original intended balance has been tilted askew" also further misrepresents the entire history of the DMCA. Remember, there were two major sections to the DMCA: 512 (the part we're discussing here, which is the notice-and-takedown safe harbors) and 1201 (which is the digital locks/anti-circumvention parts). Part of the "negotiation" to get the DMCA passed (mainly between legacy copyright holders and telcos) was that these two sections were balanced against each other. That is "copyright guys get 1201 if we protect service providers with 512 safe harbors." Some of us already had trouble with how unbalanced a trade that was, but the really ridiculous thing here is to have the Copyright Office pretend that 512 alone was designed to be a "balance" between service providers and copyright holders (ignoring the massively unbalanced 1201).
This is like saying "I'll trade you a bucket of oranges for a watermelon" and then, after that trade is concluded, whining "how come you get all the oranges! That's unfair!"
There are many, many other problems with the report, and we'll likely be digging into those in the coming weeks, but the very fact that the report appears to write the public out of its stakeholder analysis (even ignoring the Constitutional underpinnings and the stated basis for the law) suggests that the entire analysis is very, very skewed.
People within the Copyright Office keep telling me that I'm being unfair to the hardworking team there. And, to be clear, I do think that they really do mean well and actually do want to do the right thing. But if they want to be taken seriously, to put out a report that is so off the rails from the very start, it becomes more and more difficult to take their analysis seriously.
There seems to be some recurrent confusion about Section 230: how can it let a website be immune from liability for its users' content, and yet still get to affect whether and how that content is delivered? Isn't that inconsistent?
The answer is no: platforms don't lose Section 230 protection if they aren't neutral with respect to the content they carry. There are a few reasons, one being constitutional. The First Amendment protects editorial discretion, even for companies.
But another big reason is statutory, which is what this post is about. Platforms have the discretion to choose what content to enable, because making those moderating choices is one of the things that Section 230 explicitly gives them protection to do.
The key here is that Section 230 in fact provides two interrelated forms of protection for Internet platforms as part of one comprehensive policy approach to online content. It does this because Congress actually had two problems that it was trying to solve when it passed it. One was that Congress was worried about there being too much harmful content online. We see this evidenced in the fact that Section 230 was ultimately passed as part of the "Communications Decency Act," a larger bill aimed at minimizing undesirable material online.
Meanwhile Congress was also worried about losing beneficial online content. This latter concern was particularly acute in the wake of the Stratton Oakmont v. Prodigy case, where an online platform was held liable for its user's content. If platforms could be held liable for the user content they facilitated, then they would be unlikely to facilitate it, which would lead to a reduction in beneficial online activity and expression, which, as we can see from the first two subsections of Section 230 itself, was something Congress wanted to encourage.
To address these twin concerns, Congress passed Section 230 with two complementary objectives: encourage the most good content, and the least bad. Section 230 was purposefully designed to achieve both these ends by providing online platforms with what are ultimately two complementary forms of protection.
The first is the one that people are most familiar with, the one that keeps platforms from being held liable for how users use their systems and services. It's at 47 U.S.C. Section 230(c)(1).
No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.
It's important to remember that all this protection provision does is say that the platform cannot be held liable for what users do online; it in no way prohibits users themselves from being held liable. It just means that platforms won't have to be afraid of its users' online activity and thus feel pressured to overly restrict it.
Meanwhile, there's also another lesser-known form of protection built into Section 230, at 47 U.S.C. Section 230(c)(2). What this protection does is also make it safe for platforms to moderate their services if they choose to. Because it means they can choose to.
No provider or user of an interactive computer service shall be held liable on account of (A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected; or (B) any action taken to enable or make available to information content providers or others the technical means to restrict access to material described in paragraph (1).
Some courts have even read subsection (c)(1) to also cover these moderation decisions too. But ultimately, the wisdom of Section 230 is that it recognizes that to get the best results – the most good content and also the least bad – it needs to ensure platforms can feel safe to do what they can to advance both of these things. If they had to fear liability for how they chose to be platforms, they would be much less effective partners in achieving either. For instance, if a platform had to fear legal consequences for removing user content, they simply wouldn't. (We know this from FOSTA, which, by severely weakening Section 230 has created disincentives for platforms to try to police user content.) And if platforms had to fear liability for enabling user activity on its systems, they also wouldn't do that either. They would instead end up engaging in undue censorship, or cease to exist at all. (We also know this is true from FOSTA, which, by weakening Section 230, has driven platforms to censor wide swaths of content, or even cease to provide platform services to lawful expression.)
But even if Section 230 protected platforms for only one of these potential forms of liability, not only would it not be nearly as effective at achieving Congress's overall goal of getting both the most good and least bad online as protecting them in both ways would, but it wouldn't be nearly as effective for achieving even just one of those outcomes as a more balanced approach would. The problem is that if ever platforms find themselves in the position of needing to act defensively, out of fear of liability, it tends to undermine their ability to deliver the best results on either of these fronts. The fear of legal liability forces platforms to divert their resources away from the things they could be doing to best ensure they facilitate the most good, and least bad, content and instead spend them on only what will protect them from whatever the threat of legal liability is causing them to spend outsized attention on.
As an example, see what happens under the DMCA, where Section 230 is inapplicable and liability protection for platforms is so conditional. Platforms are so fearful of copyright liability that this fear regularlycauses them to overly deletelawful, and even often beneficial, content, despite such a result being inconsistent with Congress's legislative intent, or waste resources weeding out the bad takedown demands. It's at least fortunate that the DMCA expressly does not demand that platforms actively police their users' content for infringement. Because if they had to spend their resources policing content in this way it would come at the expense of policing their content in a way that would be more valuable to the user community and public at large. Section 230 works because it ensures that platforms can be free to devote their resources to being the best platforms they can be to enable the most good and disable the most bad content, instead of having to spend them on activities that are focused only what protects them from liability.
To say, then, that a platform that monitors user content must then lose its Section 230 protection is simply wrong, because Congress specifically wanted platforms to do this. Furthermore, even if you think that platforms, even with all this protection, still don't do a good enough job meeting Congress's objectives, it would still be a mistake to strip them of them of what protection they have, since removing it will not help any platform, current or future, from ever doing any better.
What tends to confuse people is that curating user content appearing on a platform does not turn the content into something the platform should now be liable for. When people throw around the imaginary "publisher/platform" distinction as a basis for losing Section 230 protection they are getting at this idea that by exercising editorial discretion over the content appearing on their sites it somehow makes the content become something that the platforms should now be liable for.
But that's not how the law works. Nor how could it work. And Congress knew that. At minimum, platforms simply facilitate way too much content for them to be held accountable for any of it. Even when they do moderate content, it is still often at a scale beyond which it could ever be fair or reasonable to hold them accountable for whatever still remains online.
Section 230 never required platform neutrality as a condition for a platform getting to benefit from its protection. Instead, the question of whether a platform can benefit from its protection against liability in user content has always been contingent on who created that content. So long as the "information content provider" (whoever created the content) is not the "interactive computer service provider" (the platform), then Section 230 applies. Curating, moderating, and even editing that user content to some degree doesn't change this basic equation. Under Section 230 it is always appropriate to seek to hold responsible whomever created the objectionable content. But it is never ok to hold liable the platform they used to create it, which did not.
This is not all that surprising, but President Obama, during his SXSW keynote interview, appears to have joined the crew of politicians making misleading statements pretending to be "balanced" on the question of encryption. The interview (the link above should start at the very beginning) talks about a variety of issues related to tech and government, but eventually the President zeroes in on the encryption issue. The embed below should start at that point (if not, it's at the 1 hour, 16 minute mark in the video). Unfortunately, the interviewer, Evan Smith of the Texas Tribune, falsely frames the issue as one of "security v. privacy" rather than what it actually is -- which is "security v. security."
In case you can't watch that, the President says he won't comment directly on the Apple legal fights, but then launches into the standard politician talking point of "yes, we want strong encryption, but bad people will use it so we need to figure out some way to break in."
If you watch that, the President is basically doing the same thing as all the Presidential candidates, stating that there's some sort of equivalency on both sides of the debate and that we need to find some sort of "balanced" solution short of strong encryption that will somehow let in law enforcement in some cases.
This is wrong. This is ignorant.
To his at least marginal credit, the President (unlike basically all of the Presidential candidates) did seem to acknowledge the arguments of the crypto community, but then tells them all that they're wrong. In some ways, this may be slightly better than those who don't even understand the actual issues at all, but it's still problematic.
Let's go through this line by line.
All of us value our privacy. And this is a society that is built on a Constitution and a Bill of Rights and a healthy skepticism about overreaching government power. Before smartphones were invented, and to this day, if there is probable cause to think that you have abducted a child, or that you are engaging in a terrorist plot, or you are guilty of some serious crime, law enforcement can appear at your doorstep and say 'we have a warrant to search your home' and they can go into your bedroom to rifle through your underwear to see if there's any evidence of wrongdoing.
Again, this is overstating the past and understating today's reality. Yes, you could always get a warrant to go "rifle through" someone's underwear, if you could present probable cause that such a search was reasonable to a judge. But that does not mean that the invention of smartphones really changed things so dramatically as President Obama presents here. For one, there has always been information that was inaccessible -- such as information that came from an in-person conversation or information in our brains or information that has been destroyed.
In fact, as lots of people have noted, today law enforcement has much more recorded evidence that it can obtain, totally unrelated to the encryption issue. This includes things like location information or information on people you called. That information used to not be available at all. So it's hellishly misleading to pretend that we've entered some new world of darkness for law enforcement when the reality is that the world is much, much brighter.
And we agree on that. Because we recognize that just like all our other rights, freedom of speech, freedom of religion, etc. there are going to be some constraints that we impose in order to make sure that we are safe, secure and living in a civilized society. Now technology is evolving so rapidly that new questions are being asked. And I am of the view that there are very real reasons why we want to make sure that government cannot just willy nilly get into everyone's iPhones, or smartphones, that are full of very personal information and very personal data. And, let's face it, the whole Snowden disclosure episode elevated people's suspicions of this.
[...]
That was a real issue. I will say, by the way, that -- and I don't want to go to far afield -- but the Snowden issue, vastly overstated the dangers to US citizens in terms of spying. Because the fact of the matter is that actually that our intelligence agencies are pretty scrupulous about US persons -- people on US soil. What those disclosures did identify were excesses overseas with respect to people who are not in this country. A lot of those have been fixed. Don't take my word for it -- there was a panel that was constituted that just graded all the reforms that we set up to avoid those charges. But I understand that that raised suspicions.
Again, at least some marginal kudos for admitting that this latest round was brought on by "excesses" (though we'd argue that it was actually unconstitutional, rather than mere overreach). And nice of him to admit that Snowden actually did reveal such "excesses." Of course, that raises a separate question: Why is Obama still trying to prosecute Snowden when he's just admitted that what Snowden did was clearly whistleblowing, in revealing questionable spying?
Also, the President is simply wrong that it was just about issues involving non-US persons. The major reform that has taken place wasn't about US persons at all, but rather about Section 215 of the PATRIOT Act, which was used almost entirely on US persons to collect all their phone records. So it's unclear why the President is pretending otherwise. The stuff outside of the US is governed by Executive Order 12333, and there's been completely no evidence that the President has changed that at all. I do agree, to some extent, that many do believe in an exaggerated view of NSA surveillance, and that's distracting. But the underlying issues about legality and constitutionality -- and the possibilities for abuse -- absolutely remain.
But none of that actually has to do with the encryption fight, beyond the recognition -- accurately -- that the government's actions, revealed by Snowden, caused many to take these issues more seriously. And, on that note, it would have been at least a little more accurate for the President to recognize that it wasn't Snowden who brought this on the government, but the government itself by doing what it was doing.
So we're concerned about privacy. We don't want government to be looking through everybody's phones willy-nilly, without any kind of oversight or probable cause or a clear sense that it's targeted who might be a wrongdoer.
What makes it even more complicated is that we also want really strong encryption. Because part of us preventing terrorism or preventing people from disrupting the financial system or our air traffic control system or a whole other set of systems that are increasingly digitalized is that hackers, state or non-state, can just get in there and mess them up.
So we've got two values. Both of which are important.... And the question we now have to ask is, if technologically it is possible to make an impenetrable device or system where the encryption is so strong that there's no key. There's no door at all. Then how do we apprehend the child pornographer? How do we solve or disrupt a terrorist plot? What mechanisms do we have available to even do simple things like tax enforcement? Because if, in fact, you can't crack that at all, government can't get in, then everybody's walking around with a Swiss bank account in their pocket. So there has to be some concession to the need to be able get into that information somehow.
The answer to those questions in that final paragraph are through good old fashioned detective work. In a time before smartphones, detectives were still able to catch child pornographers or disrupt terrorist plots. And, in some cases, the government failed to stop either of those things. But it wasn't because strong enforcement stymied them, but because there are always going to be some plots that people are able to get away with. We shouldn't undermine our entire security setup just because there are some bad people out there. In fact, that makes us less safe.
Also: tax enforcement? Tax enforcement? Are we really getting to the point that the government wants to argue that we need to break strong encryption to better enforce taxes? Really? Again, there are lots of ways to go after tax evasion. And, yes, there are lots of ways that people and companies try to hide money from the IRS. And sometimes they get away with it. To suddenly say that we should weaken encryption because the IRS isn't good enough at its job just seems... crazy.
Now, what folks who are on the encryption side will argue, is that any key, whatsoever, even if it starts off as just being directed at one device, could end up being used on every device. That's just the nature of these systems. That is a technical question. I am not a software engineer. It is, I think, technically true, but I think it can be overstated.
This is the part that's most maddening of all. He almost gets the point right. He almost understands. The crypto community has been screaming from the hills for ages that introducing any kind of third party access to encryption weakens it for all, introducing vulnerabilities that ensure that those with malicious intent will get in much sooner than they would otherwise. The President is mixing up that argument with one of the other arguments in the Apple/FBI case, about whether it's about "one phone" or "all the phones."
But even assuming this slight mixup is a mistake, and that he does recognize the basics of the arguments from the tech community, to have him then say that this "can be overstated" is crazy. A bunch of cryptography experts -- including some who used to work for Obama -- laid out in a detailed paper the risks of undermining encryption. To brush that aside as some sort of rhetorical hyperbole -- to brush aside the realities of cryptography and math -- is just crazy.
Encryption expert Matt Blaze (whose research basically helped win Crypto War 1.0) responded to this argument by noting that the "nerd harder, nerds" argument fundamentally misunderstands the issue:
Figuring out how to build the reliable, secure systems required to "compromise" on crypto has long been a central problem in CS.
If you can't read that, Blaze is basically saying that all crypto includes backdoors -- they're known as vulnerabilities. And the key focus in crypto is closing those backdoors, because leaving them open is disastrous. And yet the government is now demanding that tech folks purposely put in more backdoors and not close them, without recognizing the simple fact that vulnerabilities in crypto always lead to disastrous results.
So the question now becomes that, we as a society, setting aside the specific case between the FBI and Apple, setting aside the commercial interests, the concerns about what could the Chinese government do with this, even if we trust the US government. Setting aside all those questions, we're going to have to make some decisions about how do we balance these respective risks. And I've got a bunch of smart people, sitting there, talking about it, thinking about it. We have engaged the tech community, aggressively, to help solve this problem. My conclusions so far is that you cannot take an absolutist view on this. So if your argument is "strong encryption no matter what, and we can and should in fact create black boxes," that, I think, does not strike the kind of balance that we have lived with for 200, 300 years. And it's fetishizing our phones above every other value. And that can't be the right answer.
This is not an absolutist view. It is not an absolutist view to say that anything you do to weaken the security of phones creates disastrous consequences for overall security, far beyond the privacy of individuals holding those phones. And, as Julian Sanchez rightly notes, it's ridiculous that it's the status quo on the previous compromise that is now being framed as an "absolutist" position:
CALEA--with obligations on telecoms to assist, but user-side encryption protected--WAS the compromise. Now that's "absolutism".
Also, the idea that this is about "fetishizing our phones" is ridiculous. No one is even remotely suggesting that. No one is even suggesting -- as Obama hints -- that this is about making phones "above and beyond" what other situations are. It's entirely about the nature of computer security and how it works. It's about the risks to our security in creating deliberate vulnerabilities in our technologies. To frame that as "fetishizing our phones" is insulting.
There's a reason why the NSA didn't want President Obama to carry a Blackberry when he first became President. And there's a reason the President wanted a secure Blackberry. And it's not because of fetishism in any way, shape or form. It's because securing data on phones is freaking hard and it's a constant battle. And anything that weakens the security puts people in harm's way.
I suspect that the answer is going to come down to how do we create a system where the encryption is as strong as possible. The key is as secure as possible. It is accessible by the smallest number of people possible for a subset of issues that we agree are important. How we design that is not something that I have the expertise to do. I am way on the civil liberties side of this thing. Bill McCraven will tell you that I anguish a lot over the decisions we make over how to keep this country safe. And I am not interested in overthrowing the values that have made us an exceptional and great nation, simply for expediency. But the dangers are real. Maintaining law and order and a civilized society is important. Protecting our kids is important.
You suspect wrong. Because while your position sounds reasonable and "balanced" (and I've seen some in the press describe President Obama's position here as "realist"), it's actually dangerous. This is the problem. The President is discussing this like it's a political issue rather than a technological/math issue. People aren't angry about this because they're "extremists" or "absolutists" or people who "don't want to compromise." They're screaming about this because "the compromise" solution is dangerous. If there really were a way to have strong encryption with a secure key where only a small number of people could get in on key issues, then that would be great.
But the key point that all of the experts keep stressing is: that's not reality. So, no the President's not being a "realist." He's being the opposite.
So I would just caution against taking an absolutist perspective on this. Because we make compromises all the time. I haven't flown commercial in a while, but my understanding is that it's not great fun going through security. But we make the concession because -- it's a big intrusion on our privacy -- but we recognize that it is important. We have stops for drunk drivers. It's an intrusion. But we think it's the right thing to do. And this notion that somehow our data is different and can be walled off from those other trade-offs we make, I believe is incorrect.
Again, this is not about "making compromises" or some sort of political perspective. And the people arguing for strong encryption aren't being "absolutist" about it because they're unwilling to compromise. They're saying that the "compromise" solution means undermining the very basis of how we do security and putting everyone at much greater risk. That's ethically horrific.
And, also, no one is saying that "data is different." There has always been information that is "walled off." What people are saying is that one consequence of strong encryption is that it has to mean that law enforcement is kept out of that information too. That does not mean they can't solve crimes in other ways. It does not mean that they don't get access to lots and lots of other information. It just means that this kind of content is harder to access, because we need it to be harder to access to protect everyone.
It's not security v. privacy. It's security v. security, where the security the FBI is fighting for is to stop the 1 in a billion attack and the security everyone else wants is to prevent much more likely and potentially much more devastating attacks.
Meanwhile, of all the things for the President to cite as an analogy, TSA security theater may be the worst. Very few people think it's okay, especially since it's been shown to be a joke. Setting that up as the precedent for breaking strong encryption is... crazy. And, on top of that, using the combination of TSA security and DUI checkpoints as evidence for why we should break strong encryption with backdoors again fails to recognize the issue at hand. Neither of those undermine an entire security setup.
We do have to make sure, given the power of the internet and how much our lives are digitalized, that it is narrow and that it is constrained and that there's oversight. And I'm confident this is something that we can solve, but we're going to need the tech community, software designers, people who care deeply about this stuff, to help us solve it. Because what will happen is, if everybody goes to their respective corners, and the tech community says "you know what, either we have strong perfect encryption, or else it's Big Brother and Orwellian world," what you'll find is that after something really bad happens, the politics of this will swing and it will become sloppy and rushed and it will go through Congress in ways that have not been thought through. And then you really will have dangers to our civil liberties, because the people who understand this best, and who care most about privacy and civil liberties have disengaged, or have taken a position that is not sustainable for the general public as a whole over time.
I have a lot of trouble with the President's line about everyone going to "their respective corners," as it suggests a ridiculous sort of tribalism in which the natural state is the tech industry against the government and even suggests that the tech industry doesn't care about stopping terrorism or child pornographers. That, of course, is ridiculous. It's got nothing to do with "our team." It has to do with the simple realities of encryption and the fact that what the President is suggesting is dangerous.
Furthermore, it's not necessarily the "Orwellian/big brother" issue that people are afraid of. That's a red herring from the "privacy v. security" mindset. People are afraid of this making everyone a lot less safe. No doubt, the President is right that if there's "something really bad" happening then the politics moves in one way -- but it's pretty ridiculous for him to be saying that, seeing as the latest skirmish in this battle is being fought by his very own Justice Department, he's the one who jumped on the San Bernardino attacks as an excuse to push this line of argument.
If the President is truly worried about stupid knee-jerk reactions following "something bad" happening, rather than trying to talk about "balance" and "compromise," he could and should be doing more to fairly educate the American public, and to make public statements about this issue and how important strong encryption is. Enough of this bogus "strong encryption is important, but... the children" crap. The children need strong encryption. The victims of crimes need encryption. The victims of terrorists need encryption. Undermining all that because just a tiny bit of information is inaccessible to law enforcement is crazy. It's giving up the entire ballgame to those with malicious intent, just so that we can have a bit more information in a few narrow cases.
President Obama keeps mentioning trade-offs, but it appears that he refuses to actually understand the trade-offs at issue here. Giving up on strong encryption is not about finding a happy middle compromise. Giving up on strong encryption is putting everyone at serious risk.
Two years ago, we were among those who noted how odd it was to see the MPAA in court arguing in favor of fair use, since the MPAA tends to argue against fair use quite frequently. The legal geniuses at the MPAA felt hurt by our post and some of the other news coverage on the issue, and put out a blog post claiming that the MPAA and its members actually love fair use. According to that post, the MPAA's members "rely on the fair use doctrine every day" and the idea that it "opposes" fair use is "simply false, a notion that doesn't survive even a casual encounter with the facts."
Now, as you may have heard, Wikileaks has put the leaked Sony emails online for everyone to search through for themselves. I imagine that there will be a variety of new stories coming out of this trove of information, now that it's widely available, rather than limited to the small group who got the initial email dumps. In digging through the emails, one interesting one popped up. It's Chris Dodd revealing the MPAA's true view on "fair use" in an email to Michael Froman, the US Trade Rep in charge of negotiating agreements like the Trans Pacific Partnership (TPP) agreement and the Transatlantic Trade & Investment Partnership (TTIP).
You see, about a year ago, Froman gave a speech where he made a very brief mention of the importance of fair use, and how, for the first time, the USTR would be including fair use in agreements. Here's what Froman said:
And, for the first time in any trade agreement, we are asking our trading partners to secure robust
balance in their copyright systems – an unprecedented move that draws directly on U.S.
copyright exceptions and limitations, including fair use for important purposes such as
scholarship, criticism, news commentary, teaching, and research.
Nothing major. Nothing controversial. In fact, as we've pointed out, the actual text in the various leaks of the TPP show that while it is true that the USTR has, for the first time, mentioned concepts related to fair use, it has only done so in a manner that would limit how fair use could be implemented.
And that brings us to Dodd's email to Froman, in which he reveals that, contrary to the MPAA's "we love fair use" claim in its public blog post, the MPAA is actually quite fearful of fair use and the idea that it might spread outside of the US to other countries:
Dear Ambassador Froman:
I am writing to you today regarding your Wednesday remarks at the Center for American Progress. I am concerned about your suggestion that previous free trade agreements’ copyright provisions were unbalanced and that USTR has addressed this lack of balance by including “fair use” in the TPP. Quite to the contrary, the recently ratified US-Korea FTA was supported by a broad cross-section of US industry, from tech and the internet community to the copyright community, and furthermore has been held up as a model agreement.
As I know you are aware, the inclusion of “fair use” in free trade agreements is extremely controversial and divisive. The creative community has been, and remains, a strong and consistent supporter of free trade, but the potential export of fair use via these agreements raises serious concerns within the community I represent. Over the last 24 hours, I have received calls from my member companies questioning what they perceive as a significant shift in US trade policy and, as a consequence, the value of the TPP to their industry.
It may be that people are reacting to the subsequent press releases by private groups following your remarks. I am certain these concerns have been elevated by indications from the US government that the ISP liability provisions in the TPP are going to be weakened. Nonetheless, this issue is of enough significance that I felt I must reach out to you directly prior to your departure for Singapore to register our deep concerns.
I am hopeful that I can report back to my members that that US trade policy has not changed, that USTR is committed to securing strong copyright provisions in the TPP. But, there is no question Wednesday’s speech is reverberating in the content community, and I would be remiss if I failed to raise these concerns to you personally. I would be very grateful if you would respond to these concerns at your earliest convenience. I realize you will be traveling, but this is a sense of urgency surrounding our concerns.
Regards,
Christopher J. Dodd
Motion Picture Association of America
So, the MPAA loves fair use... but the very idea that the USTR might include fair use in a trade agreement (as it had announced years earlier, and which it is doing in very limited -- and limiting -- ways) is "controversial and divisive"? All the way to the point that the MPAA is concerned about whether it can still support the effort? That does not sound like an organization that really does support fair use at all. In fact, it sounds like an organization that actively does "oppose" fair use, contrary to the claims in its blog post. Funny how the MPAA's public statements appear to completely disagree with what it says directly to politicians, huh?
While in the past, the EU Court of Justice has been more concerned about attempts to order ISPs to block access to entire websites over claims of infringement, late last year, we noted that the EUCJ's Advocate General Pedro Cruz Villalon had suggested that it was okay to issue an injunction against an ISP -- with some specific restrictions to try to limit the serious issue of overblocking. While the court will often follow the lead of the Advocate General, and the newly issued ruling does appear to reach the same final conclusions, it appears to have done so slightly different reasoning.
Either way, the key part is this:
The fundamental rights recognised by EU law must be interpreted as not precluding a court injunction prohibiting an internet service provider from allowing its customers access to a website placing protected subject-matter online without the agreement of the rightholders when that injunction does not specify the measures which that access provider must take and when that access provider can avoid incurring coercive penalties for breach of that injunction by showing that it has taken all reasonable measures, provided that (i) the measures taken do not unnecessarily deprive internet users of the possibility of lawfully accessing the information available and (ii) that those measures have the effect of preventing unauthorised access to the protected subject-matter or, at least, of making it difficult to achieve and of seriously discouraging internet users who are using the services of the addressee of that injunction from accessing the subject-matter that has been made available to them in breach of the intellectual property right, that being a matter for the national authorities and courts to establish.
In other words, it appears that broader injunctions, which do not specify exactly what an ISP must do to block access, are allowed. However, ISPs themselves will then be responsible for "taking all reasonable measures" to block access, as long as those measures don't block lawful content. That seems like kind of a huge mess for ISPs who will now have to deal with injunctions asking them to block stuff, where they'll be required to show "reasonable measures" but will also need to balance that against blocking access to legitimate content. This decision seems to try to thread a needle, where the result is likely to be many new lawsuits as censorship injunctions are issued, and ISPs have to figure out how to balance the order without blocking access to legitimate content. It seems likely that many ISPs will opt for limiting their own liability by defaulting towards overblocking to avoid having to face challenges suggesting they didn't take enough "reasonable measures."
On Friday, we wrote about how the RIAA has already started pitching the terrible idea that we should do away with the important DMCA safe harbors, which make sure that liability for infringement is properly applied to those actually infringing, rather than tools and services. The RIAA, however, thinks that it should be everyone else's responsibility to prop up their increasingly obsolete business model, so they want to do away with the safe harbors and make every internet service liable if anyone uses their service for infringement. Of course, what this would do is stifle innovation broadly, because companies would avoid any kind of user generated services, because the liability would be super high. Sure, some of the big players would stick around, because they've got enough money and lawyers, but new startups would be few and far between.
Thankfully, some are already pushing back against the RIAA's crazy desires, and the Internet Association has pointed out that this move by the RIAA highlights the industry's real end goal with SOPA: to make the internet responsible for propping up their business model.
“The DMCA provides a framework that appropriately balances the interests of copyright owners with the rights of users and the development of new and innovative products and services. The RIAA's statement that it wants to change the DMCA lends support to those who suspected that SOPA's stated objective of targeting offshore websites was really a stalking horse to achieve the RIAA's true objective — to amend the DMCA by having Internet companies police user activities,” Internet Association CEO Michael Beckerman said in a statement to MT. “Congress should reject the RIAA’s invitation to amend the DMCA.”
Of course, a reasonable argument could be made that the DMCA's safe harbors are already too far tilted towards copyright holders, considering the number of bogus takedowns we talk about regularly. A much more reasonable system would be a true notice and notice system, in which those accused of infringement would be given an opportunity to respond to a takedown notice before the content itself is taken down. That simple change would help prevent the all too common case of the DMCA being used for censorship.
Separately, the RIAA's end goal goes way beyond just making internet companies police user activities. They want nothing less than to have the internet re-crafted in their own image, protecting an obsolete business model while limiting any competition and disruption they don't like.
The laws governing intellectual monopolies in the UK are in a state of flux at the moment. After the previous government in its dying hours rammed through the shoddy piece of work known as the Digital Economy Act, the present coalition government took a more rational approach by commissioning the Hargreaves Review into the impact of digital technologies on this area. One of its key proposals was that policy should be based on evidence, not "lobbynomics"; the fact that this even needs to be mentioned says much about the way laws have been framed until now.
As a result, the UK's Intellectual Property Office (IPO) has been trying to gather evidence in order to help politicians draw up new policies that correspond to the data, not just dogma. Not surprisingly, perhaps, those that have done well under the previous evidence-free approach have been mounting a rearguard action against the changes.
One of the people unhappy about both the Hargreaves Review and the IPO's response is the UK MP Peter Wishart, who made the following comments about them in Parliament earlier this year:
Ian Hargreaves was notionally in charge of that process [of looking at digital copyright], but having observed evidence being taken, and the report and recommendations be delivered, I suggest that the hand of the Intellectual Property Office was all over it. I believe that Ian Hargreaves was perhaps a figurehead, because the IPO seems to have driven the agenda. We will discuss some of the exceptions to copyright that the IPO proposed as part of its consultation, but it has been steering the process all the way through.
What is that predicated on? It is predicated on the belief that economic evidence should be at the heart of every initiative and everything that we do concerning intellectual property law. Ian Hargreaves has been perhaps a little cavalier when it comes to intellectual property, and we could say that he has made heroic assumptions about the value of some of the proposed recommendations and exceptions.
Wishart is also the Vice Chair of something called the All Party Parliamentary Intellectual Property Group. Here's how it describes itself:
The Group was launched in 2003 as a response to this and to create a resource for parliamentarians of both Houses interested in learning more about intellectual property (IP), its role in stimulating creativity and economic growth, how new services are developing to serve consumer needs, and the harm that can be caused when IP is not properly respected and protected.
As that makes clear, the All Party Parliamentary Intellectual Property Group is not an official UK government body, but more of a club for like-minded individuals. Earlier this year, the group announced its unofficial inquiry into how the UK government was handling intellectual monopolies:
The Group will seek to unpick the tangled web of cross-departmental responsibilities in this area by considering how policy has been developed, the effectiveness of the current approach, and whether the machinery of government can be improved for better policy formulation.
The group's philosophy is made plain early on in the document:
The fact that IP attracts so much interest reflects its increasing importance in our economy. Clearly IP on its own does not generate economic activity, but as a property right, it enables innovators, creators, manufacturers and designers to protect their innovation and monetise their work.
Except that copyright and patents aren't property rights, but "a government grant of a costly and dangerous private monopoly over ideas." Indeed, the increasing recognition that it makes no sense to treat copyright and patents as a property right really seems to stick in the craw of the parliamentary group. Here's what it says on the subject:
We were also concerned that officials from the IPO find it difficult to describe intellectual property as a property right. It was described as a framework by one official which immediately undermines it. If the IPO sees IP as a framework then it suggests they see it as something that can be shaped and altered at will. We question whether such a laissez fair[e] attitude would be taken to other property rights and if they were, whether senior Officials and Ministers would allow such an attitude to pervade.
Note that the IPO is blamed here for simply conveying a truth that is unpalatable to the group. Elsewhere, the report tries really hard to find other reasons to blame the IPO; unfortunately, the facts keep getting in the way:
The evidence we received and heard was varied in this respect. Certainly the IPO's role as a registration body for patents was seen as very positive as was its role in educating both consumers and business about IP.
Whoops, sounds like the IPO is doing a good job for patents, so what about for copyright?
People's criticisms of the IPO's policy making process appear to have been ignited by their most recent recommendations in relation to copyright. There were many groups who supported these recommendations and the process by which they came about, however a very large number did not.
Oh dear: "many groups" supported the IPO again; but luckily, others did not. That is hardly surprising, since some of the ideas being considered by the IPO would try to put a modicum of balance back in UK laws governing copyright. That's never really happened before, thanks to the ratchet effect that has ensured the public domain has been constantly impoverished when the law is changed.
The idea that stakeholders might have to give something back to the public in the form of minimal exceptions may be unheard of, but it's hardly unreasonable. Arguably, we need to run the ratchet back much further in order to obtain anything like a fair balance between the rights of stakeholders, and the rights of the public.
But the latter are rarely considered. Indeed, it's significant that the world "public" isn't mentioned once in the Parliamentary group's new report. The nearest thing we get is "consumers", notably in the following paragraph, which betrays a typical lack of understanding about how formerly passive consumers are morphing into active co-creators:
When the officials from the IPO gave evidence, they were very clear that they saw their role as providing balance -- they see this balance as ensuring consumers can have access to content. We believe the IPO should look more carefully at how the IP framework stimulates the creation and development of new content, services, designs and other IP rich innovation as much as how existing content can be accessed. Only if they do this, will consumers of the future continue to have access to the content, products and services they enjoy.
That paragraph sums up why the All Party Parliamentary Intellectual Property Group so dislikes the IPO: the latter is trying to provide balance, and that is really the last thing that the copyright maximalists and their allies want to see here.
For many years now, I've argued against the idea of calling for "balance" in copyright law -- because I don't think it makes much sense. In articles from 2007, 2009 and 2011, I argued that by focusing on "balance" -- as many critics of copyright law do today -- we make a huge mistake. Arguing for balance is setting up the system as a zero-sum game where each trade-off involves a winner and a loser. But history has shown that not to be the case. It is not a zero sum game, and things that might make one side think they're "losing" might actually make them better off (take the VCR for example -- which the movie industry insisted was a horrible abuse of copyright law... until it became the key reason why the industry thrived).
Now, following the postponement of the Africa IP Forum, which came about, in large part, due to civil society groups arguing that the event wasn't "balanced" enough, lawyer Alan Story has put together an altogether brilliant condemnation of the talk of "balance" in copyright law, arguing that it is impossible to balance a fundamentally unbalanced system. Much of his attack isn't necessarily on the concept of copyright law itself, but on the nature of the Berne Convention, on which (tragically) much of modern copyright law is based. There's so much in Story's writeup that is worth reading that I recommend you go check out the whole thing, but here are just a few snippets and some commentary.
Every one of the central principles or elements of copyright is one-sided and unbalanced, that is, they favour the owners of copyrighted goods..... The main elements of copyright include the ideology that the world’s knowledge and creations should be owned as private property, that they should be traded as commodities in global capitalist markets, that copyright owners should have exclusive rights, that fair dealing /fair use principles mean what is fair to owners, that creativity will dry up without the incentive of copyright, that there are no alternatives to copyright, that spreading copyright regimes (and the stricter the better) benefits the whole world, and a few other foundational principles and justifications of this Western legal and philosophical export to the global South. Take away these principles and you know longer have copyright. Conversely, accept these principles and you have accepted 98% of the story that WIPO and the US Department of Commerce will be disseminating in Cape Town when their re-scheduled IP summit is held. All that is required, they suggest, is some fine-tuning, a bit of ‘tweaking’ around the edges of the remaining 2%.
Story argues that the entire system is based around giving a ton of power and control to the copyright holder (who, he notes repeatedly, is very rarely the content creator). A system "balanced" between the rights of "users" and "creators" would actually contain, you know, some rights for users:
If you have an hour or two in the next few days, read through Berne, clause by clause, and keep a running tally of: a) how many rights are guaranteed and mandatory to the users of copyright in every Berne Convention country? ; b) how many rights are guaranteed to the owners of copyright? The answer to question a) is very brief. Other than what is included in Article 10 (1) of Berne, namely, the right to use quotations already available to the public, there is not a single mandatory right that all users in the world possess, and even this narrow right is qualified. This is another reason why some of us believe that not only is the international copyright system grossly unbalanced, but it is also unbalanceable.
He also hits on a key point that many have talked about in regards to the fact that nearly all creativity builds on the works of others. That's a recognition that users are creators so separating out "rights of users" vs "rights of creators" ignores the reality that nearly everyone falls into both camps:
To pit the interests and rights of users against those of authors (again used as a term to designate all creators, whether composers, sculptors, or video game developers) is also a serious mistake. It is based on binary formulation which suggests that users of copyrighted materials are not also creators and that creators of copyright materials are not also users. To return to the same sentence quoted in point 3) above, where else do creators get the requisite tools for their work other than from ‘education, research and access to information’?
Story also points out a specific problem under Berne, in that beyond the fact that it doesn't actually establish any real rights for users -- just for copyright holders -- it makes the system even worse (significantly worse) by merely setting "minimums," with mandatory floors. That means that copyright generally can only be ratcheted up, not down.
The question of duration of copyright provides us with one easily-grasped example. The Berne Convention states that member countries must, at a minimum, establish a copyright term of life of the author, plus a minimum of another 50 years. As is sometimes not appreciated, this already is a very long period of time; it means that a pop song written this year by a 25-year-old songwriter could still be restricted by copyright in the year 2112. Yet it is perfectly legal for a country to extend its copyright term to life of the author, plus 100 years, which would restrict the same song until 2152. This is what Mexico has done. Or the copyright term could be raised until it was forever, minus one day. Consider what would have been situation if Egyptian government had gone ahead with its announced plan of 2008 to use copyright law to protect its pyramids as cultural property. The Egyptian term of copyright would then have become life of the author, plus 5000 years. Absurd? Yes. Perfectly legal, however, under the Berne Convention. Conversely, if a country decided to reduce its term to simply life of the author, which would still often leave a term of 30 to 40 years or even longer, such a law could result in that country being expelled from the Berne Union as well as the World Trade Organisation. Moreover, copyright owners might complain future years of royalty payments had been lost due to term reduction and claim their private property had been taken without compensation. Such a circumstance shows the impossibility of balance.
You can't have "balance" when the entire system is set up strongly to benefit one particular group. And the thing is, that "group" is rarely actually the creators. Again, Story provides some details:
As for the supposed rights which the copyright system gives to musicians in disputes with recording companies, consider what happened to two leading musicians of the past century. If, as already mentioned, Bob Marley (1945-1981), called the ‘Third World’s first pop superstar’ (Wenner), was unable to hold onto the copyright to many of his best known songs, what chance does the so-called average musician have? Or how about what happened to the path-breaking US bebop jazz pianist Thelonius Monk (1917-1982) who signed a long-term recording in 1962 with Columbia Records, a major recording label at the time. When the contract was over in 1970, Monk amazingly owed Columbia more than US$100,000. Copyright did not help Monk much.
There's a lot more in the article and, if you haven't done so already, I really encourage you to read the whole thing. Story is arguing something slightly different than my argument against balance, but the two arguments are related. My argument is that balance only belongs in a system where you have a zero-sum game and giving one side something automatically means another side gets less. If you have a non-zero sum game, then the goal should never be about finding the balance, but about finding the "maxima" -- the point on the curve that provides the most benefits. If you actually believe the (US-defined) purpose of copyright law to be to "promote the progress" then it seems that should be the goal.
However, what Story is arguing is that the entire system of copyright was never set up to be a balance at all, but rather as a system to grant powers to copyright holders against everyone else -- and that the Berne Convention, in particular, is particularly nefarious in how this is set up. I don't think our arguments contradict each other, but are merely just two different ways of noting that copyright law today is not about balance at all, and focusing on balance is a mistake, and doesn't really help the situation. Like Story, I'd urge even those pushing for copyright reform to avoid the use of "balance" in discussing copyright law, because you're already playing into the wrong framework.
For many years I've argued against those (who I often agree with otherwise) who claim that we need "more balance" in copyright laws. As I've said, thinking of it as balance is the wrong frame of reference. It assumes that there is a necessary conflict between what's good for content creators and what's good for content consumers -- that improving the situation for one necessarily hurts the situation for the other. Yet, we've seen over and over again that this is not the situation in reality. You can improve the situation for both at once, and if you're thinking about "balancing" the two, you're already starting with the wrong framework.
Julian Sanchez has noticed something similar, though in other areas of the policy debate, such as the claim that we need to "balance privacy and security," and suggests that the whole balance metaphor is a serious problem in many such debates in part because it assumes a zero sum game (if you're better off, then I must be worse off):
Perhaps the most obvious problem with balancing metaphors is that they suggest a relationship that is always, by necessity, zero sum: If one side rises, the other must fall in exact proportion. Also implicit in balancing talk is the idea that equilibrium is the ideal, and anything that upsets that balance is a change for the worse. That's probably true if you're walking a tightrope, but it clearly doesn't hold in other cases. If you have a perfectly balanced investment portfolio and somebody gives you some shares of stock, the balance is upset (until you can shift some assets around), but you're plainly better off--and would be better off even if for some reason you couldn't trade off some of the stock to restore the optimal mix.
And when it comes to privacy and security:
In my own area of study, the familiar trope of "balancing privacy and security" is a source of constant frustration to privacy advocates, because while there are clearly sometimes tradeoffs between the two, it often seems that the zero-sum rhetoric of "balancing" leads people to view them as always in conflict. This is, I suspect, the source of much of the psychological appeal of "security theater": If we implicitly think of privacy and security as balanced on a scale, a loss of privacy is ipso facto a gain in security. It sounds silly when stated explicitly, but the power of frames is precisely that they shape our thinking without being stated explicitly.
Julian is reasonably worried that this type of "balance" thinking drives people to make very bad policy decisions, relying on what feels like a useful metric that is really quite misleading at times. It's definitely a worthwhile read, and let's hope we can start to get past the claim of "balance" where it is not appropriate.