Susan Crawford blog :: Software, speech, and spyware legislation

This Month

Month Archive

May 2005
April 2005
March 2005
February 2005
January 2005

Year Archive

2007
2006
2005
2004
2003

Search Google

Previous:	Pittsburgh 2
Next:	ISP liability

Software, speech, and spyware legislation

by Susan on Sat 19 Mar 2005 10:03 PM EST | Permanent Link

HR 29, the SPY ACT, has a section requiring that "information collection programs" (or ICPs) provide notice and obtain user consent before they are transmitted or installed. ICPs also have to have particular functions.

Today's question: Would this section, if enacted into law, amount to compelled speech in a noncommercial setting -- and thus be unconstitutional?

Here's how this might work. "Information collection programs" are defined as "computer software" that either collects personally identifiable information and sends it to someone else or uses it to display ads -- or software that collects information about the web pages accessed by the computer and uses that information to trigger ads.

There's no requirement that the software be commercial. More generally, it's not clear that this software would fit under the Supreme Court's definition of "commercial speech." Yet ICPs are required by this section to present particular statements -- e.g., "This program will collect and transmit information about you. Do you accept?"

Requiring the use of particular labels and notices is arguably a violation of the First Amendment right "to refrain from speaking at all." (from the Supreme Court's opinion in Wooley v. Maynard). As the Supreme Court put it in Riley v. National Federation of the Blind of North Carolina: "Mandating speech that a speaker would not otherwise make necessarily alters the content of the speech. We view [doing so] as a content-based regulation of speech."

Although it is true that commercial speech receives less protection than non-commercial speech, and that disclosures can be required to keep commercial speech from being deceptive, it is not at all clear that software swept within the SPY ACT is necessarily commercial speech.

The Supreme Court has identified three factors which, when they're all present together, identify commercial speech: (1) an advertisement; (2) mentioning a specific product by name; that is (3) economically motivated speech. Software transmitted to users and networks -- even software that ends up triggering ads -- does not necessarily meet this standard.

And even if software is commercial speech, it is not necessarily misleading or part of an illegal activity -- the threshold inquiry for regulation of commercial speech under the Supreme Court's jurisprudence. As the Court said in Zauderer, "Our recent decisions involving commercial speech have been grounded in the faith that the free flow of commercial information is valuable enough to justify imposing on would-be regulators the costs of distinguishing the truthful from the false, the helpful from the misleading, and the harmless from the harmful."

Source code has been held (at least by the Sixth Circuit) to be expressive, pure speech that is protected by the First Amendment. So you'd have to show a compelling interest in restricting the speech and you'd have to convince a court examining the Act that the restriction was necessary and narrowly tailored.

The SPY ACT doesn't seem narrowly tailored, because it may sweep innocent speech within its scope and may be too vague to be predictable. And, of course, it doesn't deal with offline data abuses/surveillance practices of which users may not be aware.

This question is easier for CAN-SPAM, because it's clear that that act is focused on commercial speech. I'm not as certain about the constitutionality of the SPY ACT.

First Amendment mavens: please comment.

Posted to:

Main Page