Archives: 07/2009

Three Cheers to Swiss Government for Resisting U.S. Fiscal Imperialism

Switzerland has better tax policy than America and a far stronger human-rights policy regarding personal privacy. This makes the IRS unhappy, since the tax police would like to find out if some Americans have overseas bank accounts.

In an odious display of fiscal imperialism, the Department of Justice is demanding that one of the Swiss banks divulge any information about American clients - even though this would mean imposing America’s bad law on a foreign institution operating on foreign soil.

Thankfully, the Swiss government has stepped in to ensure that the bank cannot be extorted.

Bloomberg reports:

Switzerland said it would seize UBS AG data to prevent the U.S. Justice Department from pursuing a U.S. court order seeking the identities of 52,000 American account holders in a crackdown on tax evaders. The assertion came in court papers yesterday in federal court in Miami, where the Justice Department sued UBS on Feb. 19, a day after the bank avoided U.S. prosecution for helping wealthy Americans evade taxes. The U.S. effort to enforce a summons seeking the names would force UBS to violate Swiss laws barring disclosure of such data, the filing said.

The Swiss government “will use its legal authority to ensure that the bank cannot be pressured to transmit the information illegally, including if necessary by issuing an order taking effective control of the data at UBS that is the subject of the summons,” according to the filing.

…“It is hoped that it will be unnecessary for the Government of Switzerland to take the extraordinary action of issuing an order to seize the information at issue, but such an action should be expected if the IRS continues to pressure UBS to violate Swiss law,” according to the filing.

Socialist Surtax for Health Care

In their desperate bid to find half a trillion dollars or so to fund a health care expansion, Democrats have no shortage of bad ideas. Indeed, their new idea is even worse than last month’s dastardly plan to hike taxes on beer and wine.

The Democrat’s new idea is to slap a special “surtax” on high earners. A surtax is simply a flat additional charge based on adjusted gross income. The model for the new scheme seems to be a four percent surtax proposed by House tax writer Charlie Rangel in 2007.

Elsewhere I’ve explained why tax hikes on high earners is poor economic policy.  But politically, what’s striking is how far American economic policy is moving to the left of policies in other major nations.

The chart shows that the current top U.S. personal income tax rate (including the average state rate) is 42 percent, which is the same as the average in the 30 nations of the Organization for Economic Cooperation and Development (OECD).

President Obama already plans to increase the top federal rate from 35 percent to 40 percent at the end of 2010. That would push the combined federal-state rate to 47 percent, substantially above the average of other major industrial nations. Imposing a 4-percent surtax on top would push the top rate to 51 percent, which would be higher than many nations that were traditionally more socialist than America, including France (46%), Germany (48%), and Italy (45%).

Obama and the Democrats chafe at being labeled “socialists”, and it’s true that Republicans are just as socialist when it comes to spending policies. But tax rates higher than France? Tax rates over 50%? Come on Democrats, you’ve got to be kidding!

This “Cyberwar” Is a Cybersnooze

The AP and other sources have been reporting on a “cyberattack” affecting South Korea and U.S. government Web sites, including the White House, Secret Service and Treasury Department.

Allegedly mounted by North Korea, this attack puts various “cyber” threats in perspective. Most Americans will probably not know about it, and the ones who do will learn of it by reading about it. Only a tiny percentage of people will notice the absence of the Web sites attacked. (An update to the story linked above notes that several agencies and entities “blunted” the attacks, as well-run Web sites will do.)

This is the face of “cyberwar,” which has little strategic value and little capacity to do real damage. This episode also underscores the fact that “cyberterrorism” cannot exist – because this kind of attack isn’t terrifying.

As I said in my recent testimony before the House Science Committee, it is important to secure web sites, data, and networks against all threats, but this can be done and is being done methodically and successfully – if imperfectly – by the distributed owners and controllers of all our nation’s “cyber” assets. Hyping threats like “cyberwar” and “cyberterror” is not helpful.

Tax Marijuana to Pay for Teachers?

On my way into work this morning, I heard a report on the radio about a proposal in California to tax marijuana in order to alleviate the state’s budget meltdown. With the money the state could raise, said one supporter, California “could hire 20,000 teachers.”

Now, I have nothing insightful to say about the likely revenue or anything along those lines that would come from taxation of wacky tabacky – it’s not my issue.  I can tell you, though, that the addiction that has largely brought California to its knees, ironically, is the very one that the would-be weed taxer in the story held up as a terrific target for resulting funds: state education spending, especially on teachers.

For starters, by law at least 40 percent of California’s budget must be spent on education, and considering that most education spending goes to employee salaries, by default that makes teachers one of the biggest drains on state coffers. But that’s just by default – as the quote above suggests, teachers themselves seem to have a powerful grip on the state and the minds of its people.

One bunch of teachers that almost literally has a kung-fu grip on the minds – or is it the throats? – of Californians is the California Teachers Association, a 340,000-member behemoth of a teacher union, which really says something when you consider that teachers unions are themselves the behemoths of labor unions. Little gets done affecting education without the CTA’s approval.

Then there is class-size reduction. Despite dubious evidence of the value of class-size reduction, in the mid-1990s – when the state felt flush with cash – California undertook a massive effort to bring K-3 class sizes down from an average of 29 students, to an average of 20. The undertaking required a leap from 62,226 K-3 teachers in the 1995-96 school year to 91,902 in 1998-99. According to the 2002 “capstone” report from the CSR Research Consortium, it was an expensive effort that produced at best minor improvements. Despite costing a billion dollars or more each year of implementation, researchers could find “only limited evidence linking [test score] gains to CSR.”

To be fair to the beleaguered Golden State,  it’s not the only place where politicians, and often the public, seem to be constantly jonesing for more teachers and education spending. As I have laid out before, nationwide we have gone from 22.3 pupils per teacher in 1970 to 15.7 in 2005, and real per-pupil expenditures have more than doubled. Meanwhile, academic outcomes have been pretty much flat.

What explains this slavish addiction? It’s hard to say for sure, but it seems to come down to this: people feel that education is important; that the more teachers we have, the better; and that you can never spend too much on the children. But it clearly isn’t that simple. Government failure is very, very real – especially with a government monopoly as monstrous as public schooling – and sooner or later you have to pay the price for constantly doing the same crippling thing just to make yourself feel good.

Duncan’s Donut: The Ed. Sec.’s Impact on Chicago Student Achievement Was Near Zero

For seven months, Secretary of Education Arne Duncan and the media have bombarded us with tales of how Duncan dramatically boosted student achievement as leader of Chicago Public Schools. Based on two new independent analyses, Duncan’s real impact appears to have been near zero. 

The usual evidence presented for Duncan’s success is the rise in the pass rate of elementary and middle school students on Illinois’ own ISAT test. But state tests like the ISAT are notoriously unreliable (they tend to be corrupted by teaching to the test and subject to periodic ”realignments” in which the passing grade is lowered or the test content is eased). In January, the Schools Matter blog argued that exactly such a realignment had occurred in 2006.

So to get a reliable measure of Duncan’s impact, I pulled up the 4th and 8th grade math and reading scores for Chicago on the National Assessment of Educational Progress – a test that is much less susceptible to massaging by states and districts.  I then compared the score changes in Chicago to those for all students in Large Central Cities around the nation, and tested if the small differences between them were statistically significant. Not one of them is even remotely significant at even the loosest accepted measure of significance (the p < 0.1 level). Chicago students did no better than those in similar districts around the nation between 2002/2003 and 2007, a period covering virtually all of Duncan’s tenure in Chicago.

As I was finishing up this statistical analysis a few minutes ago, I came across a new report by the Civic Committee of The Commercial Club of Chicago. According to the Civic Committee report, the elementary and middle-school ISAT gains touted by Duncan and the media appear to be almost entirely illusory: artifacts of the 2006 realignment. Chicago high school students, who take a different test that was not realigned, perform no better today than they did in 2001 – so whatever real gains did occur in the early grades evaporated by the end of high school.

Writing in the Chicago Tribune a few days ago, columnist Greg Burns touted Duncan’s supposed success as CEO of Chicago Public Schools, and noted that Duncan had good prospects for winning the support of business leaders nationally, as he did in Chicago. But Chicago’s Commercial Club has now concluded that Duncan failed to accomplish what he has claimed, and given that the NAEP scores echo their findings, the education secretary may soon find national business leaders more skeptical as well.

Does the PASS ID Act Protect Privacy?

I’ve written about PASS ID here a couple of times before - first on whether or not it’s a national ID and, second, on the politics of this REAL ID revival bill. Now I’ll take a look at whether it fixes the privacy issues with REAL ID. Privacy is complicated. Buckle up.

The day the bill was introduced, the Center for Democracy and Technology issued a press release giving it a privacy stamp of approval.

“The PASS ID Act addresses most of the major privacy and security concerns with REAL ID,” said Ari Schwartz, Vice-President of CDT. The release cited four ways that PASS ID was an improvement over the bill it’s modeled on, REAL ID.

Interstate Data Sharing?

First, CDT said, PASS ID “[r]emoves the requirement that states ‘provide electronic access’ allowing every other state to search their motor vehicles records.” It’s technically true: The language from REAL ID directly requiring states to share information among themselves came out of PASS ID. But the requirements of the law will cause that information sharing to happen all the same.

Like REAL ID did, PASS ID would require states to confirm that “a person submitting an application for a driver’s license or identification card is terminating or has terminated any driver’s license or identification card” issued by another state.

How do you do that? You check the driver license databases of every other state. Maybe you do this by directly accessing other states’ databases; maybe you do this indirectly, through a “pointer system” or “hub.” But to confirm that you’re talking about the right person, you don’t just compare names. You compare names, addresses, pictures, and other biometrics.

Just like REAL ID, PASS ID would require states to share driver data on a very large scale. It just doesn’t say so. As with REAL ID, the security weaknesses of any one state’s operations would accrue to the harm of all others.

Mission Creep?

Second, CDT says that PASS ID “[l]imits the ‘official purposes’ for which federal agencies can demand a PASS ID driver’s license, thereby helping prevent ‘mission creep.’” Again, it’s technically true, but materially false.

REAL ID had an open-ended list of “official purposes” - things that the homeland security secretary could require a REAL ID for. PASS ID is not so open-ended, but that is a small impediment to only one form of mission creep.

PASS ID places no limits on how the DHS, other agencies, and states could use the national ID to regulate the population. It simply requires the DHS to use PASS ID for certain purposes. A simple law change or amendment to existing regulation would expand those uses to give the federal government control over access to employment, access to credit cards, voting - CDT’s own PolicyBeta blog called a plan to use REAL ID to control cold medicine a “terrifying” example of mission creep. And these are just the ideas that have already been floated.

When I testified before the Senate Judiciary Committee on REAL ID in May 2007, I spoke about what we had recently heard in a meeting of the DHS Privacy Committee:

Ann Collins, the Registrar of Motor Vehicles from the State of Massachusetts, … said, “If you build it, they will come.” What she meant by that is that if you compile deep data bases of information about every driver, uses for it will be found. The Department of Homeland Security will find uses for it. Every agency that wants to control, manipulate, and affect people’s lives will say, “There is our easiest place to go. That is our path of least resistance.”

PASS ID is the same medium for mission creep that REAL ID is. The problem is with having a national ID at all - not with what its enabling legislation says.

Privacy Protections?

Next, CDT says that PASS ID requires “privacy and security protections for PII stored in back-end motor vehicle databases.” (“PII” means “personally identifiable information.”)

A glaring oversight of REAL ID - and the competition for glaring oversights was fierce - was to omit any requirement for privacy and security of the databases states would maintain and share on behalf of the federal government. The DHS took pains in the REAL ID rulemaking to drain this swamp. It tried to require minimal information collection for identity verification and minimal information display on the card and in the machine readable zone. (It failed in important ways, as I will discuss below.) The REAL ID regulation required states to file security plans that would explain how the state would protect personally identifiable information. And it said it would produce a set of “Privacy and Security Best Practices.” None of this mollified REAL ID opponents, and the privacy bromides in the PASS ID Act won’t either.

One of the more interesting privacy “protections” in the PASS ID Act is a requirement that individuals may access, amend, and correct their own personally identifiable information. This is a new and different security/identity fraud challenge not found in REAL ID, and the states have no idea what they’re getting themselves into if they try to implement such a thing. A May 2000 report from a panel of experts convened by the Federal Trade Commission was bowled over by the complexity of trying to secure information while giving people access to it. Nowhere is that tension more acute than in giving the public access to basic identity information.

The privacy language in the PASS ID Act is a welcome change to REAL ID’s gross error on that score. At least there’s privacy language! But creating a national identity system that is privacy protective is like trying to make water that isn’t wet.

Limits on Use of Card Data?

CDT’s final defense of PASS ID is the presence of meager limits on how data collected from national ID cards will be used. Much like with mission creep, the statutory language is beside the point, but CDT points out that PASS ID “prohibits states from including the cardholder’s social security number in the MRZ and places limits on the storage, use, and re-disclosure of that information.”

“MRZ” stands for “machine-readable zone.” In the PASS Act and REAL ID Act, this is referred to as “machine-readable technology,” and in the REAL ID rulemaking, the DHS selected a 2D barcode standard for the back of REAL ID licenses and IDs. Think of government officials scanning your license the way grocery clerks scan your toilet paper and canned peaches.

It’s true that the PASS ID Act bars states from including the Social Security number in that easily scanable data, but it doesn’t prohibit anything else from being scanned - including race, which was included in DHS’ standard for REAL ID.

And don’t think that limits on the storage, use, and re-disclosure of card information would have any teeth. It would create a new crime: scanning licenses, reselling or trading information from them, or tracking holders of them “without lawful authority,” but it’s not clear what “without lawful authority” means. It would probably allow people to give implied permission for all this data-collection and -sharing by handing their cards to someone else. It would certainly allow governments to authorize themselves to collect and trade data from cards en masse.

Not that we should want this “protection.” The last thing we need is another obtusely defined federal crime. Nearly as bad as being required to carry a national ID is making it illegal for people to collect information from it when you want them to!

And in Some Ways PASS ID is Worse

But let’s talk some more about that machine-readable zone. When Congress passed REAL ID, suspicion was strong that the “MRZ” would be an RFID chip - a tiny computer chip that can be read remotely by radio.

Recognizing the insecurity of such devices - and the strong public opposition to it - DHS declined to adopt RFID for the REAL ID Act. It did, however, work with a few states and the U.S. State Department to develop an RFID-chipped license that it calls the “enhanced driver’s license.” This has a long read-range chip that will signal its presence to readers as much as fifteen or twenty feet away. The convenience gain DHS and State sought for themselves at the border would be a privacy loss, as scanning cards could become commonplace in doorways and other bottlenecks throughout the country - your whereabouts recorded regularly, as a matter of course, by public and private entities.

Why do we care about “enhanced drivers licenses”? Because the PASS ID Act would ratify them for use as national IDs. States could push their residents into using these chipped cards if they didn’t want to implement every last detail of PASS ID.

Needless to say, ID cards with long-distance (including surreptitious) tracking are a step backward for privacy. This is one sense in which PASS ID is worse than REAL ID.

Consider more carefully also what PASS ID and REAL ID are about in terms of biometrics. Both require states to “[s]ubject each person applying for a driver’s license or identification card to mandatory facial image capture.”

States across the country are using driver license photos to implement facial-recognition software that will ultimately be able to track people directly - nevermind whether you have an RFID-chipped license or show your card to a government official. They are aiming at preventing identity fraud, of course, but with advancing technology, before too long you will be subject to biometric tracking simply because you posed for an unsmiling digital photo at the DMV. REAL ID and PASS ID are part and parcel of promoting that.

Does PASS ID address “most of the major privacy and security concerns with REAL ID”? Not even close. PASS ID is a national ID, with all the privacy consequences that go with that.

Changing the name of REAL ID to something else is not an alternative to scrapping it. Scrapping REAL ID is something Senator Akaka (D-HI) proposed in the last Congress. Fixing REAL ID is an impossibility, and PASS ID does not do that.