What We Buy When We Buy Now

Retailers such as Apple and Amazon market digital media to consumers using the familiar language of product ownership, including phrases like “buy now,” “own,” and “purchase.” Consumers may understandably associate such language with strong personal property rights. But the license agreements and terms of use associated with these transactions tell a different story. They explain that ebooks, mp3 albums, digital movies, games, and software are not sold, but merely licensed. The terms limit consumers\u27 ability to resell, lend, transfer, and even retain possession of the digital media they acquire. Moreover, unlike physical media products, access to digital media is contingent — it depends on shifting business models, the success and failure of platforms, and often on the maintenance and availability of DRM authentication systems years after the consumer clicked “buy now.” This article presents the results of the first-ever empirical study of consumers\u27 perceptions of the marketing language used by digital media retailers. We created a fictitious Internet retail site, surveyed a nationally representative sample of nearly 1300 online consumers, and analyzed their perceptions through the lens of false advertising and unfair and deceptive trade practices. The resulting data reveal a number of insights about how consumers understand and misunderstand digital transactions. A surprisingly high percentage of consumers believe that when they “buy now,” they acquire the same sorts of rights to use and transfer digital media goods that they enjoy for physical goods. The survey also strongly suggests that these rights matter to consumers. Consumers are willing to pay more for them and are more likely to acquire media through other means, both lawful and unlawful, in their absence. Our study suggests that a relatively simple and inexpensive intervention — adding a short notice to a digital product page that outlines consumer rights in straightforward language — is an effective means of significantly reducing consumers’ material misperceptions. Sales of digital media generate hundreds of billions in revenue, and some percentage of this revenue is based on deception. Presumably, if consumers knew of the limited bundle of rights they were acquiring, the market could drive down the price of digital media or generate competitive business models that offered a different set of rights. We thus turn to legal interventions, such as state false advertising law, the Lanham Act, and federal unfair and deceptive trade practice law as possible remedies for digital media deception. Because of impediments to suit, including arbitration clauses and basic economic disincentives for plaintiffs, we conclude that the Federal Trade Commission (FTC) could help align business practices with consumer perceptions. The FTC’s deep expertise in consumer disclosures, along with a series of investigations into companies that interfered with consumers’ use of media through digital rights management makes the agency a good fit for deceptions that result when we “buy now.

Law and Policy for the Quantum Age

Law and Policy for the Quantum Age is for readers interested in the political and business strategies underlying quantum sensing, computing, and communication. This work explains how these quantum technologies work, future national defense and legal landscapes for nations interested in strategic advantage, and paths to profit for companies

What We Buy When We Buy Now

Retailers such as Apple and Amazon market digital media to consumers using the familiar language of product ownership, including phrases like “buy now,” “own,” and “purchase.” Consumers may understandably associate such language with strong personal property rights. But the license agreements and terms of use associated with these transactions tell a different story. They explain that ebooks, mp3 albums, digital movies, games, and software are not sold, but merely licensed. The terms limit consumers\u27 ability to resell, lend, transfer, and even retain possession of the digital media they acquire. Moreover, unlike physical media products, access to digital media is contingent — it depends on shifting business models, the success and failure of platforms, and often on the maintenance and availability of DRM authentication systems years after the consumer clicked “buy now.” This article presents the results of the first-ever empirical study of consumers\u27 perceptions of the marketing language used by digital media retailers. We created a fictitious Internet retail site, surveyed a nationally representative sample of nearly 1300 online consumers, and analyzed their perceptions through the lens of false advertising and unfair and deceptive trade practices. The resulting data reveal a number of insights about how consumers understand and misunderstand digital transactions. A surprisingly high percentage of consumers believe that when they “buy now,” they acquire the same sorts of rights to use and transfer digital media goods that they enjoy for physical goods. The survey also strongly suggests that these rights matter to consumers. Consumers are willing to pay more for them and are more likely to acquire media through other means, both lawful and unlawful, in their absence. Our study suggests that a relatively simple and inexpensive intervention — adding a short notice to a digital product page that outlines consumer rights in straightforward language — is an effective means of significantly reducing consumers’ material misperceptions. Sales of digital media generate hundreds of billions in revenue, and some percentage of this revenue is based on deception. Presumably, if consumers knew of the limited bundle of rights they were acquiring, the market could drive down the price of digital media or generate competitive business models that offered a different set of rights. We thus turn to legal interventions, such as state false advertising law, the Lanham Act, and federal unfair and deceptive trade practice law as possible remedies for digital media deception. Because of impediments to suit, including arbitration clauses and basic economic disincentives for plaintiffs, we conclude that the Federal Trade Commission (FTC) could help align business practices with consumer perceptions. The FTC’s deep expertise in consumer disclosures, along with a series of investigations into companies that interfered with consumers’ use of media through digital rights management makes the agency a good fit for deceptions that result when we “buy now.

A Model Regime of Privacy Protection (Version 2.0)

This version incorporates and responds to the many comments that we received to Version 1.1, which we released on March 10, 2005. Privacy protection in the United States has often been criticized, but critics have too infrequently suggested specific proposals for reform. Recently, there has been significant legislative interest at both the federal and state levels in addressing the privacy of personal information. This was sparked when ChoicePoint, one of the largest data brokers in the United States with records on almost every adult American citizen, sold data on about 145,000 people to fraudulent businesses set up by identity thieves. Other companies announced security breaches, including LexisNexis, from which personal information about 32,000 people was improperly accessed. Senator Schumer criticized Westlaw for making available to certain subscribers personal information including Social Security Numbers (SSNs). In the aftermath of the ChoicePoint debacle and other major information security breaches, both of us have been asked by Congressional legislative staffers, state legislative policymakers, journalists, academics, and others about what specifically should be done to better regulate information privacy. In response to these questions, we believe that it is imperative to have a discussion of concrete legislative solutions to privacy problems. What appears below is our attempt at such an endeavor. Privacy experts have long suggested that information collection be consistent with Fair Information Practices. This Model Regime incorporates many of those practices and applies them specifically to the context of commercial data brokers such as ChoicePoint. We hope that this will provide useful guidance to legislators and policymakers in crafting laws and regulations. We also intend this to be a work-in-progress in which we collaborate with others. We have welcomed input from other academics, policymakers, journalists, and experts as well as from the industries and businesses that will be subject to the regulations we propose. We have incorporated criticisms and constructive suggestions, and we will continue to update this Model Regime to include the comments we find most helpful and illuminating. Notice, Consent, Control, and Access 1. Universal Notice 2. Meaningful Informed Consent 3. One-Step Exercise of Rights 4. Individual Credit Management 5. Access to and Accuracy of Personal Information Security of Personal Information 6. Secure Identification 7. Disclosure of Security Breaches Business Access to and Use of Personal Information 8. Social Security Number Use Limitation 9. Access and Use Restrictions for Public Records 10. Curbing Excessive Uses of Background Checks 11. Private Investigators Government Access to and Use of Personal Data 12. Limiting Government Access to Business and Financial Records 13. Government Data Mining 14. Control of Government Maintenance of Personal Information Privacy Innovation and Enforcement 15. Preserving the Innovative Role of the States 16. Effective Enforcement of Privacy Rights Commentar

A Model Regime of Privacy Protection (Version 2.0)

This version incorporates and responds to the many comments that we received to Version 1.1, which we released on March 10, 2005. Privacy protection in the United States has often been criticized, but critics have too infrequently suggested specific proposals for reform. Recently, there has been significant legislative interest at both the federal and state levels in addressing the privacy of personal information. This was sparked when ChoicePoint, one of the largest data brokers in the United States with records on almost every adult American citizen, sold data on about 145,000 people to fraudulent businesses set up by identity thieves. Other companies announced security breaches, including LexisNexis, from which personal information about 32,000 people was improperly accessed. Senator Schumer criticized Westlaw for making available to certain subscribers personal information including Social Security Numbers (SSNs). In the aftermath of the ChoicePoint debacle and other major information security breaches, both of us have been asked by Congressional legislative staffers, state legislative policymakers, journalists, academics, and others about what specifically should be done to better regulate information privacy. In response to these questions, we believe that it is imperative to have a discussion of concrete legislative solutions to privacy problems. What appears below is our attempt at such an endeavor. Privacy experts have long suggested that information collection be consistent with Fair Information Practices. This Model Regime incorporates many of those practices and applies them specifically to the context of commercial data brokers such as ChoicePoint. We hope that this will provide useful guidance to legislators and policymakers in crafting laws and regulations. We also intend this to be a work-in-progress in which we collaborate with others. We have welcomed input from other academics, policymakers, journalists, and experts as well as from the industries and businesses that will be subject to the regulations we propose. We have incorporated criticisms and constructive suggestions, and we will continue to update this Model Regime to include the comments we find most helpful and illuminating. Notice, Consent, Control, and Access 1. Universal Notice 2. Meaningful Informed Consent 3. One-Step Exercise of Rights 4. Individual Credit Management 5. Access to and Accuracy of Personal Information Security of Personal Information 6. Secure Identification 7. Disclosure of Security Breaches Business Access to and Use of Personal Information 8. Social Security Number Use Limitation 9. Access and Use Restrictions for Public Records 10. Curbing Excessive Uses of Background Checks 11. Private Investigators Government Access to and Use of Personal Data 12. Limiting Government Access to Business and Financial Records 13. Government Data Mining 14. Control of Government Maintenance of Personal Information Privacy Innovation and Enforcement 15. Preserving the Innovative Role of the States 16. Effective Enforcement of Privacy Rights Commentar

The Tethered Economy

Imagine a future in which every purchase decision is as complex as choosing a mobile phone. What will ongoing service cost? Is it compatible with other devices you use? Can you move data and applications across de- vices? Can you switch providers? These are just some of the questions one must consider when a product is “tethered” or persistently linked to the seller. The Internet of Things, but more broadly, consumer products with embedded software, are already tethered. While tethered products bring the benefits of connection, they also carry its pathologies. As sellers blend hardware and software—as well as product and service—tethers yoke the consumer to a continuous post-transaction rela- tionship with the seller. The consequences of that dynamic will be felt both at the level of individual consumer harms and on the scale of broader, economy- wide effects. These consumer and market-level harms, while distinct, reinforce and amplify one another in troubling ways. Seller contracts have long sought to shape consumers’ legal rights. But in a tethered environment, these rights may become nonexistent as legal processes are replaced with automated technological enforcement. In such an environment, the consumer-seller relationship becomes extractive, more akin to consumers captive in an amusement park than to a competitive marketplace in which many sellers strive to offer the best product for the lowest price. At the highest level, consumer protection law is concerned with promot- ing functioning free markets and insulating consumers from harms stemming from information asymmetries. We conclude by exploring legal options to re- duce the pathologies of the tethered economy

The FTC and Consumer Privacy in the Coming Decade

Large majorities of consumers believe that the term privacy policy conveys a baseline level of information practices that protect their privacy. In short, privacy, like free before it, has taken on normative meaning in the marketplace. When consumers see the term privacy policy, they believe that their privacy will be protected in specific ways. In particular, when consumers see the privacy policy they assume that a web site will not share their personal information. Of course, this is not the case. Privacy policies today come in all different flavors. Some companies make affirmative commitments not to share the personal information of their consumers. More frequently, however, privacy policies are used to inform consumers that unless they opt-out of certain information sharing, the company will communicate their personal information to other commercial entities. Given that consumers today associate the term privacy policy with specific practices that afford a normative level of privacy protection, the use of the term by a web site in the absence of adherence to these baseline practices can mislead consumers to expect privacy that, in reality, they are not afforded. This is not to suggest that companies are intending to mislead consumers, but rather that consumers today associate certain practices with privacy policy just as they associate certain terms and conditions with the word free. Because the term privacy policy has taken on a specific marketplace meaning and connotes a particular level of protection to consumers, the Federal Trade Commission should police the use of the term privacy policy to assure that companies using the term deliver a set of protections that meet consumers’ expectations, and that the term privacy policy doesn’t mislead consumers during marketplace transactions

Americans, Marketers, and the Internet: 1999-2012

This is a collection of the reports on the Annenberg national surveys that explored Americans\u27 knowledge and opinions about the new digital-marketing world that was becoming part of their lives. So far we’ve released seven reports on the subject, in 1999, 2000, 2003, 2005, 2009, 2010, and 2012. The reports raised or deepened a range of provocative topics that have become part of public, policy, and industry discourse. In addition to these reports, I’ve included three journal articles — from I/S, New Media & Society and the Journal of Consumer Affairs — that synthesize some of the findings and place them into policy frameworks. The journals have kindly allowed reproduction for this purpose