A new California bill targeting Internet "bots"—short for robots that post retweets or do other automatic tasks on the worldwide web—sounds like a simple way to deal with the sometimes irksome automated accounts that can spread misinformation in the guise of media campaigns. But the legislation could wreak havoc on the internet, where around 52 percent of all traffic is generated in some way or another in this bot-based manner.
California's Legislature is known for its grand intentions, so this kind of bill is nothing new. But we all should be concerned when state lawmakers—who seem incapable of even fixing the state's most basic problems, such as underfunded pensions, decrepit infrastructure and the troubled education system—start tinkering with something as complex and fundamental as the internet.
The measure, Assembly Bill 1950 by Assemblyman Marc Levine (D-Marin County) would "require that bots are linked to a verified human and that all advertising purchases on social media to be made by verified human accounts." The apparent goal is to battle "fake" news, where automated accounts spread dubious news stories and create the impression of a grassroots groundswell.
It's a bit of a problem, given that internet users can be duped into thinking that social-media campaigns are authentic, when often they are the result of bots that automatically retweet or repost information. Yet there are several reasons to be leery about this effort to protect the public from this annoyance.
For starters, not all bots are bad things. As The Atlantic explained last year, these automated programs "are the worker bees of the internet, and also the henchmen. Some bots help refresh your Facebook feed or figure out how to rank Google search results; other bots impersonate humans and carry out devastating DDoS (distributed denial-of-service) attacks." Unfortunately, the Levine bill doesn't adequately distinguish between the two.
Furthermore, internet companies are already dealing with the problematic bots. For instance, Facebook has instituted a new program of mailing postcard verification to people to assure that real human beings are buying their ads. Frankly, these companies are perfectly capable of dealing with such problems without state intervention.
And the Levine bill would essentially favor Facebook's approach at the expense of other potential innovative methods. That would give a leg up to Facebook, which already has a system in place and has massive resources that can't be matched by smaller companies and internet startups. In other words, it would be easy for Facebook to conform to a new law, but it could impose huge burdens on other California-based internet companies.
"From Big Tech to social media startups, it's clear that self-regulation is failing society and damaging our democracy," Levine said in a statement. But the problem isn't one of self-regulation, but of rapid technological advancement. Internet security reflects the proverbial cat-and-mouse game. Companies come up with ways to block malware and other misuses of the web, but then the mischief-makers come along with new ways to circumvent the protections.
Government has an important role in battling fraud and internet crime, but it's naïve to believe that the California Legislature can fix with a few paragraphs what the leaders in the industry are struggling to control. California lawmakers can't possibly deal with something this technologically advanced, despite their pretenses. Levine argues that "sensible laws can finally bring accountability for unregulated and misleading use of social media," but that ignores reality.
Any new California rules will be easy to circumvent. "For websites, just don't have a physical presence in California, which is easy enough," said my R Street Institute colleague Charles Duan, who is associate director of technology and innovation policy for the Washington, D.C.-based free-market think tank. "For fake news advertisers, is it really that hard to socially engineer your way around whatever verification requirements come up?"
Exactly. It won't be hard at all to come up with workarounds. This is all "security theater," Duan adds, noting that the bill would only make it harder for legitimate companies to advertise given that they'll have to follow some new state-based regulations. The bot operators will simply locate in Nevada or Thailand, and they won't have to worry about California regulations. That would hobble smaller companies that are established here.
Let's re-emphasize that bots often are useful. Imperva Incapsula notes that they monitor website availability, legitimately extract and disseminate data, collect information for search engines and direct website information to mobile applications. These are good things, even though other bots empower hackers, spammers and scrapers.
The latter are genuine problems, but I'd trust the best tech folks in the business to deal with these matters before I'd turn to the California Legislature to tinker with such a massive part of the internet.
Steven Greenhut is Western region director for the R Street Institute. Write to him at firstname.lastname@example.org. This column was first published in the Orange County Register.