It certainly appears that politicians on both sides of the political aisle have decided that if they can agree on one thing, it's that social media companies are bad, and that they're bad because of Section 230, and that needs to change. The problem, of course, is that beyond that point of agreement, they actually disagree entirely on the reasons why. On the Republican side, you have people like Rep. Louis Gohmert and Senator Ted Cruz who are upset about platforms using Section 230's protections to allow them to moderate content that those platforms find objectionable. Cruz and Gohmert want to amend CDA 230 to say that's not allowed.
Meanwhile, on the Democratic side, we've seen Nancy Pelosi attack CDA 230, incorrectly saying that it's somehow a "gift" to the tech industry because it allows them not to moderate content. Pelosi's big complaint is that the platforms aren't censoring enough, and she blames 230 for that, while the Republicans are saying the platforms are censoring too much -- and incredibly, both are saying this is the fault of CDA 230.
Now another powerful Democrat, Rep. Frank Pallone, the chair of the House Energy and Commerce Committee (which has some level of "oversight" over the internet) has sided with Pelosi in attacking CDA 230 and arguing that companies are using it "as a shield" to not remove things like the doctored video of Pelosi:
.@Facebook’s failure to appropriately address intentional political disinformation harms its users, the public discourse, and our democracy. Sec 230 is meant to enable platforms to take down harmful content. It should not be a shield for inaction. https://t.co/HMJ9ARhKo9
But, of course, the contrasting (and contradictory) positions of these grandstanding politicians on both sides of the aisle should -- by itself -- demonstrate why mucking with Section 230 is so dangerous. The whole point and value of Section 230 was in how it crafted the incentive structure. Again, it's important to read both parts of part (c) of Section 230, because the two elements work together to deal with both of the issues described above.
(c) Protection for “Good Samaritan” blocking and screening of offensive material
(1) Treatment of publisher or speaker
No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.
(2) Civil liability No provider or user of an interactive computer service shall be held liable on account of—
(A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected; or
(B) any action taken to enable or make available to information content providers or others the technical means to restrict access to material described in paragraph (1).
It's these two elements together that make Section 230 so powerful. The first says that we don't blame the platform for any of the actions/content posted by users. This should be fairly straightforward. It's about the proper application of liability to the party who actually violated the law, and not the tools and services they used to violate the law. Some people want to change this, but much of that push is coming from lawyers who just want the bigger pockets to sue. It involves, what I've referred to as "Steve Dallas lawsuits" after the character in the classic comic strip Bloom County, who explains why you should always focused on suing those with the deepest pockets, no matter how tangentially they are to the law violating.
But, part (2) of the law is also important. It's the part that actually allows platforms the ability to moderate. Section 230 was an explicit response to the ruling in Stratton Oakmont v. Prodigy, in which a NY state judge ruled that because Prodigy wanted to provide a "family friendly" service, and therefore moderated out content it found objectionable (in order to support that "family friendly" goal), it therefore became automatically liable for any of the content that was left up. But, of course, that's crazy. The end result of such a rule would be either that platforms wouldn't do anything to moderate content, which would mean everything would be a total free for all -- and you couldn't have a "family friendly" forum at all, and everything would quickly fill up with spam/porn/harassment/abuse/etc -- or platforms would basically restrict almost everything to create a totally anodyne and boring existence.
The genius of Section 230 is that it enabled a balance that allowed for experimentation and this includes the ability to experiment with different forms of moderation. Everyone focuses on Facebook, YouTube and Twitter -- which all take moderately different approaches -- but having a Section 230 is also what allowed for the radically different approaches taken by other sites: like Wikipedia and Reddit (and even us at Techdirt). These use very different approaches, some of which work better than others, but much of which is community-dependent. It's that experimentation that is good.
But the very fact that both sides of the political aisle seem to be attacking CDA 230 but for completely opposite reasons really should highlight why messing with CDA 230 would be such a disaster. If Congress moves the law in the direction that Gohmert/Cruz want, then you'd likely get many fewer platforms, and some would just be overrun by messes, while others would be locked down and barely usable. If Congress moves the law in the direction that Pelosi/Pallone seem to want, then you would end up with effectively the same result: much greater censorship as companies try to avoid liability.
Neither solution is a good one, and neither would truly satisfy the critics in the first place. That's part of the reason why this debate is so silly. Everyone's mad at these platforms for how they moderate, but what they're really mad at is humanity. Sometimes people say mean and awful things. Or they spread disinformation. Or defamation. And those are real concerns. But there need to be better ways of dealing with it than Congress stepping in (against the restriction put on it by the 1st Amendment), and saying that the internet platforms themselves either must police humanity... or need to stop policing humanity altogether. Neither is a solution to the problems of humanity.
Rep. Louie Gohmert is one of the most technologically inept Congressmen we have the misfortune of being "served" by. Getting to the top of this list isn't easy. The halls of Congress are filled with people who truly don't understand the tech they're attempting to regulate. Nor do they appear to be making any effort to educate themselves. Gohmert, however, seems to believe his position as an elected official gives him tech smarts he actually doesn't have, so he spends a great deal of time embarrassing himself when grilling tech reps during Congressional hearings.
Gohmert was one of the participants in the Social Media Bloodsport Hearings of 2018. Held over the course of several months, the hearings were 75% grandstanding and 20% misunderstanding the issues at hand. Social media services have been hit hard recently for appearing to bury/deplatform right-wing accounts while simultaneously allowing the platforms to be overrun with foreign state-operated bots. It's ugly but the ignorance displayed by Gohmert and others during the hearings was just as galling.
It was at these hearings a new myth about internet platform immunity came into being. Somehow, these lawmakers looked at Section 230 of the CDA and decided it required platforms to be "neutral" to avail themselves of this protection. A Senate hearing in April featured Rep. Ted Cruz demanding to know if Facebook considered itself a "neutral public forum." Mark Zuckerberg said he'd look into it, claiming he wasn't familiar with the "specifics" of the "law [Cruz] was speaking to."
Bad answer. And the bad answer made Cruz look like he'd just played a successful round of "Stump the Tech Magnate." But he had done nothing more than state something not backed by actual law. That should have been the end of it, but people who really wanted to believe Section 230 immunity requires "neutral" moderation used Cruz's ignorance as the starting point for stupid lawsuits almost certainly destined for quick dismissals.
It's one thing for the public to make bad assumptions about federal laws. It's quite another when federal lawmakers do it. Rep. Gohmert, playing to the home crowd [read the replies], has declared he's going to strip immunity from service providers who "use algorithms to hide, promote, or filter user content."
Introduced a bill today that would remove liability protections for social media companies that use algorithms to hide, promote, or filter user content. Read more about it, here: https://t.co/qTDnQyuABr
That would be all service providers. Gohmert wants to strip immunity from all platforms solely because he believes in Ted Cruz's ignorant fiction. The bill hasn't been written yet, but the statement issued by Gohmert explains the basis for this incredibly idiotic legislation proposal:
Social media companies like Facebook, Twitter, and Google are now among the largest and most powerful companies in the world. More and more people are turning to a social media platform for news than ever before, arguably making these companies more powerful than traditional media outlets. Yet, social media companies enjoy special legal protections under Section 230 of the Communications Act of 1934, protections not shared by other media. Instead of acting like the neutral platforms they claim to be in order obtain their immunity, these companies have turned Section 230 into a license to potentially defraud and defame with impunity.
Section 230 does not require neutrality. It never has. It does not forbid content moderation. It actually encourages good faith efforts to keep platforms free of content they don't want. Twitter and Facebook could remove every right-leaning account on their platforms without losing Section 230 immunity -- which solely shields them from being held liable for content posted by third parties. It does not insulate them from charges of fraud or defamation if, in fact, either of these were committed by the companies, rather than their users.
For Gohmert's proposal to work, he would either need to add the missing "neutrality" component or do away with Section 230 immunity altogether. Both of these are terrible ideas. Neutrality would be impossible to define, much less enforce. And the removal of immunity would mean the end of social media platforms as we know them, as companies will not be willing to be sued for content created by platform users.
Gohmert's disingenuous idiocy doesn't end there.
In one hearing, one of the internet social media executives indicated a desire to be treated like Fox News. Fox News does not have their immunity and this bill will fulfill that unwitting request. Since there still appears to be no sincere effort to stop this disconcerting behavior, it is time for social media companies to be liable for any biased and unethical impropriety of their employees as any other media company. If these companies want to continue to act like a biased medium and publish their own agendas to the detriment of others, they need to be held accountable.
The difference between Fox News and Twitter is Fox News creates the content it publishes. Twitter does not. That's why Twitter has immunity and Fox News doesn't. Maybe some tech exec said something stupid during a stupid hearing filled with chest-beating and misconceptions, but that doesn't make Gohmert's proposal any less moronic.
Make no mistake: the same people agitating for "neutral public forums" are the people who will be deplatformed first if Section 230 immunity is removed. It's already happening while the immunity remains in place. Anyone trafficking in controversy will be shown the door before they can do any damage to the platforms that used to host them. If you want more blanket moderation and faster banning, by all means, gripe about immunity and neutrality. If you actually value the free flow of speech, keep dimwits like Gohmert out of office.
So, yesterday the House Judiciary Committee did what the House Judiciary Committee seems to do best: hold a stupid, nonsensical, nearly fact-free "hearing" that serves as nothing more than an opportunity for elected members of Congress to demonstrate their ignorance of an important topic, while attempting to play to their base. This time, the topic was on the content filtering practices of Facebook, Twitter and Google. Back in May there was actually a whole one day conference in Washington DC on this topic. The Judiciary Committee would have been a lot better served attending that than holding this hearing. I'd recommend not wasting three hours of your life watching this thing, but if you must:
The shortest summary would be that some Republican members of Congress think that these websites censor too much conservative speech, and some Democratic members of Congress think that they don't censor enough other speech (including hoaxes and conspiracy theories)... and almost no one wants to admit that this is not even remotely an issue that Congress should be concerned about. There's a narrative that has been picked up by many that insist that social media platforms are unfairly censoring "conservatives." There is basically zero evidence to support this. Indeed, a thorough analysis of the data back in March by Nieman Labs and Newswhip found that conservative-leaning sites get much, much, much more engagement on Facebook than liberal-leaning sites.
But, never let facts get in the way of a narrative. Since that seems to be the way many hyperpartisan sites (at either end of the spectrum) deal with these things, Congress is helping out. The only bit of sanity, perhaps bizarrely, came from Rep. Ted Lieu, who reminded everyone of the importance of free markets, free speech and the fact that private platforms get to decide how they manage their own services. Considering that Republicans often like to claim the mantle of being the "small, limited government" party who wants the government's hands out of business regulation, the fact that most of the hearing involved Republicans screaming for regulating internet platforms and a Democrat reminding everyone about the importance of a free market, capitalism and free speech, it really was quite a hearing. Lieu's remarks were some of the rare moments of sanity during the hearing -- including defending Facebook leaving Alex Jones' conspiracy theories on its site. Let's start with that high point before we dive into the awfulness. His comments come at about 2 hours and 10 minutes into the video:
... we're having this ridiculous hearing on the content of speech of private sector companies. It's stupid because there's this thing called the First Amendment. We can't regulate content! The only thing worse than an Alex Jones video is the government trying to tell Google... to prevent people from watching the Alex Jones video. We can't even do it if we tried. We can't even do any legislation out of this committee. And we're having this ridiculous second installment hearing after the first hearing about Diamond and Silk not getting enough likes on Facebook.
He then went on to ask questions "so the American public understands what a dumb hearing this is." And those questions -- again -- seemed like the kinds more expected from supposedly "free market" conservatives. Specifically he asked the companies if they were private companies aiming to maximize profits for shareholders. And he wasn't doing that to show that companies were evil, he was doing that to show that that's how the free market works. He followed up with this:
I noticed all of you talked about your own internal rules. Because that's what this should be about. You all get to come up with your own rules. But not because government tells you what to do. Or because government says you have to rule this way or that way. And the whole notion that somehow we should be interfering with these platforms from a legislative, governmental point of view is an anathema to the First Amendment. And really it's about the marketplace of ideas.
Kudos to Rep. Lieu. This is the kind of speech that you'd normally expect to hear from a "small government" conservative who talks about respecting the Constitution. But, in this case, it's a Democrat. And it's shameful that others (on both sides of the aisle) weren't making the same point. Instead, there was a ton of pure nonsense spewed from the Republicans at the hearing. It's hard to fathom that the following statements were made by people we've actually elected to our legislative body. There were so many dumb statements made that it's difficult to pick out just a few.
Let's start with Rep. Steve King, who has made quite a name for himself saying and repeating bigoted nonsense. Starting at about an hour and five minutes in the video, King seemed particularly concerned about traffic to Gateway Pundit, a site famous for trafficking in utter nonsense.
It's a matter of Congressional record that Gateway Pundit, Mr. Jim Hoft, has introduced information into the record that in the span of time between 2016 and 2018, he saw his Facebook traffic cut by 54%. Could you render an explanation to that?
Um... what? How the hell is it of any concern to Congress whatsoever the traffic a single site gets? And, as we were just discussing recently, traffic to lots of news sites from Facebook has dropped massively as Facebook has de-prioritized news. In that post, we pointed out that Slate was self-reporting a drop in Facebook traffic over that same period of time of 87%. Based on that, why isn't King asking about Slate's traffic dropping? Perhaps because Gateway Pundit publishes the kind of nonsense King supports and Slate points out that King is a bigot?
And... isn't that, again, kind of the point of the First Amendment? To protect news sites from having Congress play favorites?
Incredibly, King then concludes his time by first claiming he's all for free speech and free enterprise, but wonders about turning social media sites into regulated utilities.
I'm all for freedom of speech and free enterprise and for competition and finding a way that we can have competition itself that does its own regulation, so government doesn't have to, but if this gets further out of hand, it appears to me that Section 230 needs to be reviewed, and one of the discussions that I'm hearing is 'what about converting the large behemoth organizations that we're talking about here into public utilities.'
Are we living in an upside down world? A Democrat is praising the free market, profits and free speech, and a Republican is advocating for limiting free speech and in favor of turning some of the most successful US companies into public utilities? What is even going on here?
Around an hour and 18 minutes, we get our old friend Rep. Louis Gohmert, who has a fairly long and extensive history of making the dumbest statements possible concerning technology issues. And he lived down to his usual reputation in this hearing as well. It starts off by him trying to play down the issue of Russian interference in elections, by claiming (?!?) that the Russians helped Truman get elected, and then claiming that Russians had helped basically every Democratic President get elected in the past 70 years. And then spent a long time trying to complain that the platforms wouldn't tell him if Chinese or North Korean intelligence services had also used their platforms. Remember, these companies were asked to come and testify specifically about Russian use of their platforms to interfere with the election and Gohmert stepped in with this insane "what about other countries, huh?" argument:
Gohmert: I need to ask each of you. You've been asked specifically about Russian use of your platforms. But did you ever find any indication of use of your platform, utilized by the Chinese, North Korea, or any other foreign country intelligence or agency of that country. First, Ms. Bickert?
Bickert/Facebook: I would note, Congressman, that we're not in North Korea or China. In terms of whether we've seen attacks on our services, we do have -- we are, of course, a big target -- we do have a robust security team that works...
Gohmert: Well, but that's not my question. It's just a very direct question. Have you found... You don't have to be in North Korea to be North Korean Intelligence and use... We have foreign government intelligence agencies IN THIS COUNTRY. So have... It seems to me you were each a little bit vague about "oh yes, we found hundreds" or whatever. I'm asking specifically, were any of those other countries besides Russia that were using your platform inappropriately? It should be a yes or no.
Actually, no, it shouldn't be a yes or no. That's a dumb and misleading question for a whole long list of reasons. Of course, lots of other intelligence agencies are using Facebook, because of course they are. But, the entire point of this line of questioning seems to be Gohmert trying to play down Russian use of the platform, which is... odd. Especially after he started out by praising the fact that maybe the Russians might help "our side" get elected going forward.
Bickert: I don't have the details. I know we work to detect and repel attacks...
Gohmert: I know that. But were any of them foreign entities other than Russia?
Bickert: I can certainly follow up with you on that.
Gohmert: SO YOU DON'T KNOW?!? You sure seemed anxious to answer the Democrats questions about RUSSIA's influence. And you don't really know of all the groups that inappropriately used your platform? You don't know which were Russians and which were other foreign entities?
No, that's not what she's saying at all. She's pretty clearly saying that this hearing was specifically about Russian influence and that's what she was prepared to testify on. She didn't say that Facebook can't tell Russians from other entities, just that the other entities aren't the ones accused of messing with the election and thus there isn't that much relevant right now. But that's quite a deflection attempt by Gohmert.
Let's move on to Rep. Tom Marino at about an hour and a half into the video. Marino seems to have a fairly bizarre understanding of the law as it concerns defamation. He focuses on the guy from Twitter, Nick Pickles, and starts out by reading a definition of "libel." Then he asks
Have any of you considered libel? Or do you think you are immune from it?
This is an incredibly stupid question. Twitter is clearly not immune from libel. Marino's line of questioning is an attempt to attack CDA 230, which provides immunity to Twitter from liability for defamatory statements made by its users. This is an important distinction that Marino conveniently ignores as he continues to bug Pickles.
Pickles: We have clear rules that governs what happens on Twitter. Some of those behaviors are deplorable and we want to remove them immediately... So, terrorist content is one example, where we now detect 95% of the terrorist accounts we remove...
Marino: Okay, I understand that sir. But how about... we in Congress, we put up with it all the time. I know we're public officials, same with people in the movies... but do you specifically look for and address... republication can be used in a defamation case. Do you look at libel and defamation content?
I don't even know what that means. Do you look at libel content? What? How does Twitter know if something is libelous? Especially against public officials? How is Twitter supposed to make that judgment when that's what courts are there to figure out? And, for what it's worth, Twitter has been known to abide by court rulings on defamatory speech in deciding to take down that content, but Marino seems to be asking if they make an independent judgment outside of the courts of what's libelous. Which is both crazy and impossible. Pickles makes a valiant effort in response, noting how Twitter focuses on its rules -- which is all that it's required to do -- but Marino clearly seems to want to attack CDA 230 and magically make Twitter liable for libelous content on its platform. After Pickles again explains that it focuses on its rules, rather than making judicial rulings that it cannot make, Marino puts on a dumb smirk and makes another dumb statement:
With all due respect, I've heard you focus on your rules about 32 times. DO. YOU. LOOK. FOR. LIBEL. OR. DEFAMATION. IN. YOUR. COMPANY'S. OPINION?
You can't "look for libel or defamation" like that. That's not how it works. Marino is a lawyer. He should know this. The Facebook and YouTube representatives neatly sidestep Marino's silly line of questioning by pointing out that when informed of legal rulings determining "illegal" speech, they take it down. Marino doesn't even seem to notice this very specific distinction and asks "where do you draw the line?"
At an hour and forty minutes, we have everyone's favorite, Rep. Lamar Smith, author of SOPA back in the day. He spews more utter nonsense claiming conservatives have been more negatively impacted by the moves of these social media companies, and then (bizarrely) argues that Google employees forcing the company not to help surveillance activity is somehow an attack on conservatives. Excuse me? Conservatives don't support the 4th Amendment any more? Say what? But the real craziness is this line:
Google has also deleted or blocked references to Jesus, Chick-Fil-A and the Catholic religion.
I'm going to call time out here and note [citation needed] on that one, Smith. Google pretty clearly shows me results on all three of those things. I've been trying to figure out what the hell he's referring to, and I'm guessing that Smith -- in his usual Smithian nonsensical way -- is confusing Google for Facebook, and Facebook's bad filter that initially blocked a page about "Chick-fil-Appreciation Day," and some Catholic church pages. The "Jesus" blocking is also Facebook and was in reference to an ad for a Catholic university.
All of these examples were not, as Smith implies, evidence of "liberal bias" on behalf of Facebook, but rather evidence of why it's so problematic that governments are putting so much pressure on Facebook to magically filter out all of the bad stuff. That's not possible without making mistakes. And what happens is that you set up guidelines and those guidelines are then handed to people who don't have nearly enough time to understand the context, and sometimes they make mistakes. It's not bias. It's the nature of trying to moderate millions of pieces of content every damn day, because if they don't, these same idiots in Congress would be screaming at them about how they're letting the bad content live on. I mean, it's doubly ridiculous for Smith to use the Jesus example as even the guy who bought the ad, the university's web communications director, specifically said that he didn't believe it had anything to do with bias, but was just a bad decision by an algorithm or a low level staffer.
Finally (and there are more, but damn, this post is getting way too long) we get to Rep. Matt Gaetz. At around an hour and 55 minutes into the hearing, he suddenly decides to weigh in that the First Amendment and CDA 230 are somehow in conflict, in another bizarre exchange between Gaetz and Twitter's Pickles.
Gaetz: Is it your testimony or is it your viewpoint today that Twitter is an interactive computer service pursuant to Section 230 sub c(1).
Pickles: I'm not a lawyer, so I won't want to speak to that. But as I understand, under Section 230, we are protected by that, yes.
Gaetz: So Section 230 covers you, and that section says "no provider of an interactive computer service shall be treated as the publisher or speaker of any information provided by another"... is it your contention that Twitter enjoys a First Amendment right under speech, while at the same time enjoying Section 230 rights?
Pickles: Well, I think we've discussed the way the First Amendment interacts with our companies. As private companies we enforce our rules, and our rules prohibit a range of activities.
Gaetz: I'm not asking about your rules. I'm asking about whether or not you believe you have First Amendment rights. You either do or you do not.
Pickles: I'd like to follow up on that, as someone who is not a lawyer... I think it's very important...
Gaetz: Well, you're the senior public policy official for Twitter before us and you will not answer the question whether or not you believe your company enjoys rights under the First Amendment?
Pickles: Well, I believe we do, but I would like to confirm with colleagues...
Gaetz: So what I want to understand is, if you say "I enjoy rights under the First Amendment" and "I'm covered by Section 230" and Section 230 itself says "no provider shall be considered the speaker" do you see the tension that creates?
There is no tension there. The only tension is between the molecules in Gaetz's brain that seemed to think this line of nonsensical argument makes any sense at all. There is no conflict. First, yes, it's obvious that Twitter is clearly protected by both the First Amendment and CDA 230. That's been established by dozens of court rulings with not a single ruling ever holding otherwise. Second, the "tension" that Gaetz sees is purely a figment of his own misreading of the law. The "no provider shall be considered a speaker" part, read in actual context (as Gaetz did earlier) does not say that platforms are not speakers. It says that they are not considered a speaker of other people's speech. In fact, this helps protect free speech by enabling internet platforms the ability to host any speech without facing liability for that speech.
That helps protect the First Amendment by ensuring that any liability is on the speaker and not on the tool they use to distribute that speech. But Twitter has its own First Amendment rights to determine what speech it decides to keep on its site -- and which speech it decides not to allow. Gaetz then, ridiculous, tries to claim that Pickle's response to that nonsensical response is somehow in conflict with what Twitter's lawyers have said in the silly Jared Taylor lawsuit. Gaetz asks Pickles if Twitter could kick someone off the platform "for being a woman or being gay." Pickles points out that that is not against Twitter's rules... and Gaetz points out that in the Taylor case, when asked the same question, Twitter's lawyers stated (1) that Twitter has the right to do so but (2) never would.
Again, both Pickles and Twitter's lawyers are correct. They do have that right (assuming it's not a violation of discrimination laws) but of course they wouldn't do that. Pickles wasn't denying that. He was pointing out that the hypothetical is silly because that's not something Twitter would do. Twitter's lawyers in the case were, correctly, pointing out that it would have the right to do such a nonsensical thing if it chose to do so, while also making it clear it would never do that. Again, that's not in conflict, but Gaetz acts as if he's "caught" Twitter in some big admission.
Gaetz falsely then claims that Pickles is misrepresenting Twitter's position:
Right but it is not in service of transparency if Twitter sends executives to Congress to say one thing -- that you would not have the right to engage in that conduct -- and then your lawyers in litigation say precisely the opposite.
Except that's not what happened at all. Pickles and the lawyers agreed. At no point did Pickles say that Twitter did not have "the right" to kick people off its platform for any reason. He just noted that it was not a part of their policy to do so, nor would it ever be. That's entirely consistent with what Twitter's lawyers said in the Taylor case. This is Gaetz making a complete ass out of himself in completely misrepresenting the law, the constitution and what Twitter said both in the hearing and in the courthouse.
Seriously, people, we need to elect better Representatives to Congress. This is embarrassing.
My goodness. Yesterday we posted about Rep. Louis Gohmert's incredible, head-shakingly ignorant exchange with lawyer Orin Kerr during a Congressional hearing concerning "hacking" and the CFAA. In that discussion, Gohmert spoke out in favor of being able to "hack back" and destroy the computers of hackers -- and grew indignant at the mere suggestion that this might have unintended consequences or lead people to attack the wrong targets. Gohmert thought that such talk was just Kerr trying to protect hackers.
I thought perhaps Rep. Gohmert was just having a bad day. Maybe he's having a bad month. In a different hearing, held yesterday concerning ECPA reform, Gohmert opened his mouth again, and it was even worse. Much, much worse. Cringe-inducingly clueless. Yell at your screen clueless. Watch for yourself, but be prepared to want to yell.
The short version of this is that he seems to think that when Google has advertisements on Gmail, that's the same thing as selling all of the information in your email to advertisers. And no matter how many times Google's lawyer politely tries to explain the difference, Gohmert doesn't get it. He thinks he's making a point -- smirking the whole time -- that what Google does is somehow the equivalent of government snooping, in that he keeps asking if Google can just "sell" access to everyone's email to the government. I'm going to post a transcript below, and because I simply cannot not interject how ridiculously uninformed Gohmert's line of questioning is, I'm going to interject in the transcript as appropriate.
Rep. Gohmert: I was curious. Doesn't Google sell information acquired from emails to different vendors so that they can target certain individuals with their promotions?
Google lawyer whose name I didn't catch: Uh, no, we don't sell email content. We do have a system -- similar to the system we have for scanning for spam and malware -- that can identify what type of ads are most relevant to serve on email messages. It's an automated process. There's no human interaction. Certainly, the email is not sold to anybody or disclosed.
Gohmert: So how do these other vendors get our emails and think that we may be interested in the products they're selling.
Okay, already we're off to a great start in monumental ignorance. The initial question was based on a complete falsehood -- that Google sells such information -- and after the lawyer told him that this is not true, Gohmert completely ignores that and still asks how they get the emails. It never seems to occur to him that they don't get the emails.
Google lawyer: They don't actually get your email. What they're able to do is through our advertising business be able to identify keywords that they would like to trigger the display of one of their ads, but they don't get information about who the user is or any...
Gohmert: Well that brings me back. So they get information about keywords in our emails that they use to decide who to send promotions to, albeit automatically done. Correct?
NO. Not correct. In fact, that's the exact opposite of what the lawyer just said. Gohmert can't seem to comprehend that Google placing targeted ads next to emails has NOTHING to do with sending any information back to the advertiser. I wonder, when Rep. Gohmert turns on his television to watch the evening news, does he think that the TV station is sending his name, address, channel watching info, etc. back to advertisers? That's not how it works. At all. The advertisers state where they want their ads to appear, and Google's system figures out where to place the ads. At no point does any information from email accounts go back to anyone. And yet Gohmert keeps asking.
And not understanding the rather basic answers. Unfortunately, the lawyer tries to actually explain reality to Gohmert in a professional and detailed manner, when it seems clear that the proper way to answer his questions is in shorter, simpler sentences such as: "No, that's 100% incorrect."
Lawyer: The email context is used to identify what ads are most relevant to the user...
Gohmert: And do they pay for the right or the contractual ability to target those individuals who use those keywords?
Lawyer: I might phrase that slightly differently, but the gist is correct, that advertisers are able to bid for the placement of advertisements to users, where our system has detected might be interested in the advertisement.
Gohmert: Okay, so what would prevent the federal government from making a deal with Google, so they could also "Scroogle" people, and say "I want to know everyone who has ever used the term 'Benghazi'" or "I want everyone who's ever used... a certain term." Would you discriminate against the government, or would you allow the government to know about all emails that included those words?
Okay, try not to hit your head on your desk after that exchange. First, he (perhaps accidentally) gets a statement more or less correct, that advertisers pay to have their ads show up, but immediately follows that up with something completely unrelated to that. First, he tosses in "Scroogled" -- a term that Microsoft uses in its advertising against Gmail and in favor of Outlook.com -- suggesting exactly where this "line" of questioning may have originated. Tip to Microsoft lobbyists, by the way: if you want to put Google on the hot seat, it might help to try a line of questioning that actually makes sense.
Then, the second part, you just have to say huh? The lawyer already explained, repeatedly, that Google doesn't send any information back to the advertiser, and yet he's trying to suggest that the government snooping through your email is the same thing... and Google somehow not giving the government that info is Google "discriminating" against the government? What? Really?
Lawyer [confounded look] Uh... sir, I think those are apples and oranges. I think the disclosure of the identity...
Gohmert: I'm not asking for a fruit comparison. I'm just asking would you be willing to make that deal with the government? The same one you do with private advertisers, so that the government would know which emails are using which words.
Seriously? I recognize that there are no requirements on intelligence to get elected to Congress, but is there anyone who honestly could not comprehend what he meant by saying it's "apples and oranges"? But, clearly he does not understand that because not only does he mock the analogy, he then repeats the same question in which he insists -- despite the multiple explanations that state the exact opposite -- that advertisers get access to emails and information about email users, and that the government should be able to do the same thing.
Lawyer: Thank you, sir. I meant by that, that it isn't the same deal that's being suggested there.
Gohmert: But I'm asking specifically if the same type of deal could be made by the federal government? [some pointless rant about US government videos aired overseas that is completely irrelevant and which it wasn't worth transcribing] But if that same government will spend tens of thousands to do a commercial, they might, under some hare-brained idea like to do a deal to get all the email addresses that use certain words. Couldn't they make that same kind of deal that private advertisers do?
Holy crap. Gohmert, for the fourth time already, nobody gets email addresses. No private business gets the email addresses. No private business gets to see inside of anyone's email. Seeing inside someone's email has nothing to do with buying ads in email. If the government wants to "do the same deal as private advertisers" then yes it can advertise on Gmail... and it still won't get the email addresses or any other information about emailers, because at no point does Google advertising work that way.
Lawyer: We would not honor a request from the government for such a...
Gohmert: So you would discriminate against the government if they tried to do what your private advertisers do?
No. No. No. No. No. The lawyer already told you half a dozen times, no. The government can do exactly what private advertisers do, which is buy ads. And, just like private advertisers, they would get back no email addresses or any such information.
Lawyer: I don't think that describes what private advertisers...
Gohmert: Okay, does anybody here have any -- obviously, you're doing a good job protecting your employer -- but does anybody have any proposed legislation that would assist us in what we're doing?
What are we doing, here? Because it certainly seems like you're making one of the most ignorant arguments ever to come out of an elected officials' mouth, and that's saying quite a bit. You keep saying "private advertisers get A" when the reality is that private advertisers get nothing of the sort -- and then you ignore that (over and over and over and over again) and then say "well if private advertisers get A, why can't the government get A." The answer is because neither of them get A and never have.
Gohmert: I would be very interested in any phrase, any clauses, any items that we might add to legislation, or take from existing legislation, to help us deal with this problem. Because I am very interested and very concerned about our privacy and our email.
If you were either interested or concerned then you would know that no such information goes back to advertisers before you stepped into the room (hell, before you got elected, really). But, even if you were ignorant of that fact before the hearing, the fact that the lawyer tried half a dozen times, in a half a dozen different ways to tell you that the information is not shared should have educated you on that fact. So I'm "very interested" in what sort of "language" Gohmert is going to try to add to legislation that deals with a non-existent problem that he insists is real.
Gohmert: And just so the simpletons that sometimes write for the Huffington Post understand, I don't want the government to have all that information.
Rep. Sensenbrenner: For the point of personal privilege, my son writes for the Huffington Post.
Gohmert: Well then maybe he's not one of the simpletons I was referring to.
Sensenbrenner: He does have a Phd.
Gohmert: Well, you can still be a PHUL.
Har, har, har... wait, what? So much insanity to unpack. First of all, Gohmert seems to think that people will be making fun of him for suggesting that the government should "buy" access to your email on Google. And, yes, we will make fun of that, but not for the reasons that he thinks they will. No one thinks that Gohmert seriously wants the government to buy access to information on Google. What everyone's laughing (or cringing) at is the idea that anyone could buy that info, because you can't. No private advertiser. No government. It's just not possible.
But, I guess we're all just "simpletons."
Seriously, however, we as citizens deserve better politicians. No one expects politicians to necessarily understand every aspect of technology, but there are some simple concepts that you should at least be able to grasp when explained to you repeatedly by experts. When a politician repeatedly demonstrates no ability to comprehend a rather basic concept -- and to then granstand on their own ignorance -- it's time to find better politicians. Quickly.
Last week, we had talked about some concerns about how various cybersecurity provisions would allow those hit by malicious hackers to "hack back" or, as some call it, engage in an "active defense." There were significant concerns about this, but as Marvin Ammori briefly mentioned in last week's favorites post, Rep. Louis Gohmert seems to not only think hacking back is a good idea, but that it should be explicitly allowed under the CFAA (Computer Fraud and Abuse Act). You can see his explicit statements to this effect below during last week's House Judiciary Committee hearing on the CFAA. It appears he heard a story about someone installing some malware on a hacker's computer to get a photograph of them, and has decided "that's a good thing, that helps you get at the bad guys," without ever thinking of the very, very long list of dangerous consequences of allowing such things:
Here's the basic transcript. The really crazy part is where Gohmert says he doesn't care as long as the hack back is "destroying that hacker's computer."
Rep. Gohmert: It's my understanding that under 18 USC 1030 that it is a criminal violation of law to do anything that helps take control of another computer, even for a moment. Is that your understanding?
Orin Kerr: It depends exactly what you mean by "taking control." If "taking control" includes gaining access to the computer, assuming a network your not supposed to take control of, then yes, that would clearly be prohibited by the statute.
Rep. Gohmert: For example, my understanding is that there was a recent example where someone had inserted malware on their own computer, such that when their computer was hacked and the data downloaded, it took the malware into the hacker's computer, such that when it was activated, it allowed the person whose computer was hacked to get a picture of the person looking at the screen. So they had the person who did the hacking, and actually did damage to all the data in the computer. Now, some of us would think 'that's terrific, that helps you get at the bad guys.' But my understanding is that since that allowed the hackee to momentarily take over the computer and destroy information in that computer and to see who was using that computer, then actually that person would have been in violation of 18 USC 1030. So I'm wondering if one of the potential helps or solutions for us would be to amend 18 USC 1030 to make an exception such that if the malware or software that allows someone to take over a computer is taking over a hacker's computer, that it's not a violation. Perhaps it would be like for what we do for assaultive offenses, you have a self-defense. If this is a part of a self-defense protection system, then it would be a defense that you violated 1030. Anybody see any problems with helping people by amending our criminal code to allow such exceptions or have any suggestions along these lines?
Orin Kerr: Mr. Gohmert, that's a great question that is very much debated in computer security circles. Because, from what I hear there is a lot of this "hacking back" as they refer to it. But at least under current law, it is mostly illegal to do that.... The real difficulty is in the details. In what circumstances do you allow someone to counterhack, how broadly are they allowed to counterhack, how far can they go? The difficulty, I think, is that once you open that door as a matter of law, it's something that can be difficult to cabin. So I think if there is such an exception, it should be quite a narrow one to avoid it from becoming the sort of exception that swallows the rule.
Rep. Gohmert: Well, I'm not sure that I would care if it destroyed a hacker's computer completely. As long as it was confined to that hacker. Are you saying we need to afford the hacker protection so we don't hurt him too bad?
Orin Kerr: (brief confounded look on his face) Uh... no. The difficulty is that you don't know who the hacker is. So it might be that you think the hacker is one person, but their routing communications... Let's say, you think you're being hacked by a French company, or even a company in the United States...
Rep. Gohmert: Oh and it might be the United States Government! And we don't want to hurt them if they're snooping on our people. Is that...?
Orin Kerr: No.
Rep. Gohmert: I don't understand why you're wanting to be protective of the hacker.
Orin Kerr: The difficulty is first, identifying who is the hacker. You don't know when someone's intruding into your network who's behind it. So all you'll know is that there's an IP address that seems to go back to a specific computer. But you won't know who it is who's behind the attack. That's the difficulty.
First off, kudos to Orin Kerr for keeping a (mostly) straight face through that exchange. There are many amazing things about this particular exchange, but the fact that Rep. Gohmert is one of the people in charge of how the CFAA gets reformed, and doesn't understand these very basic concepts, is immensely troubling. Among the headsmackers in that exchange: the idea that hackers are bad -- and not just partially bad, but apparently obviously and totally bad, like out of a movie. Also: that they're somehow easy to identify and that a freebie on hackbacks wouldn't be abused in amazing ways. Further, as Kerr pretty clearly points out that you can't automatically track back and (without saying so directly, but clearly implying) that hackers likely would shield their identity or fake someone else's identity, Gohmert still doesn't get it and somehow thinks that Kerr is saying we don't want to allow hackbacks on US government snooping (which, again, Gohmert seems to have no problem with). Yikes. Please do not let people like this near laws that have anything to do with computers. To me, this level of misunderstanding is worse than the whole "series of tubes" garbage from a few years back by Senator Stevens.
I'm sorry, but it seems that if you can't understand that there isn't some magic list that says "these hackers are bad, and therefore we should destroy their computers," I don't think you should have any role in making laws around this topic.
