Tag: consumer choice

Mr. President, Here Is Our Answer

President Obama continues to portray the debate over health care reform as a choice between his plan for a massive government-takeover of the US healthcare system and “doing nothing.”  Those who oppose his plan are said to be “obstructionist” or in favor of the status-quo.  Yesterday, the President again said, “I’ve got a question for all those folks [who oppose his plan]: What are you going to do? What’s your answer? What’s your solution?”

Well, I can’t speak for all his critics, but the Cato Institute has a long record of supporting health care reform based on free-markets and competition.  If the President wanted to know more he might have read my recent op-ed in the Los Angeles Times or Michael Cannon’s piece in Investors Business Daily.  He could have read our book, Healthy Competition.  Or he might have just gone to healthcare.cato.org and read our plan:

  • Let individuals control their health care dollars, and free them to choose from a wide variety of health plans and providers.
  • Move away from a health care system dominated by employer-provided health insurance. Health insurance should be personal and portable, controlled by individuals themselves rather than government or an employer. Employment-based insurance hides much of the true cost of health care to consumers, thereby encouraging over-consumption. It also limits consumer choice, since employers get final say over what type of insurance a worker will receive. It means people who don’t receive insurance through work are put at a significant and costly disadvantage. And, of course, it means that if you lose your job, you are likely to end up uninsured as well.
  • Changing from employer to individual insurance requires changing the tax treatment of health insurance. The current system excludes the value of employer-provided insurance from a worker’s taxable income. However, a worker purchasing health insurance on their own must do so with after-tax dollars. This provides a significant tilt towards employer-provided insurance, which should be reversed. Workers should receive a standard deduction, a tax credit, or, better still, large Health Savings Accounts (HSAs)  for the purchase of health insurance, regardless of whether they receive it through their job or purchase it on their own.
  • We need to increase competition among both insurers and health providers. People should be allowed to purchase health insurance across state lines. One study estimated that that adjustment alone could cover 17 million uninsured Americans without costing taxpayers a dime.
  • We also need to rethink medical licensing laws to encourage greater competition among providers. Nurse practitioners, physician assistants, midwives, and other non-physician practitioners should have far greater ability to treat patients. Doctors and other health professionals should be able to take their licenses from state to state.   We should also be encouraging innovations in delivery such as medical clinics in retail outlets.
  • Congress should give Medicare enrollees a voucher, let them choose any health plan on the market, and let them keep the savings if they choose an economical plan. Medicare could even give larger vouchers to the poor and sick to ensure they could afford coverage.
  • The expansion of “health status insurance” would protect many of those with preexisting conditions. States may also wish to experiment with high risk pools to ensure coverage for those with high cost medical conditions.

Mr. President, the ball is back in your court.

Picture Don Draper Stamping on a Human Face, Forever

Last week, a coalition of 10 privacy and consumer groups sent letters to Congress advocating legislation to regulate behavioral tracking and advertising, a phrase that actually describes a broad range of practices used by online marketers to monitor and profile Web users for the purpose of delivering targeted ads. While several friends at the Tech Liberation Front have already weighed in on the proposal in broad terms – in a nutshell: they don’t like it – I think it’s worth taking a look at some of the specific concerns raised and remedies proposed. Some of the former strike me as being more serious than the TLF folks allow, but many of the latter seem conspicuously ill-tailored to their ends.

First, while it’s certainly true that there are privacy advocates who seem incapable of grasping that not all rational people place an equally high premium on anonymity, it strikes me as unduly dismissive to suggest, as Berin Szoka does, that it’s inherently elitist or condescending to question whether most users are making informed choices about their privacy. If you’re a reasonably tech-savvy reader, you probably know something about conventional browser cookies, how they can be used by advertisers to create a trail of your travels across the Internet, and how you can limit this.  But how much do you know about Flash cookies? Did you know about the old CSS hack I can use to infer the contents of your browser history even without tracking cookies? And that’s without getting really tricksy. If you knew all those things, congratulations, you’re an enormous geek too – but normal people don’t.  And indeed, polls suggest that people generally hold a variety of false beliefs about common online commercial privacy practices.  Proof, you might say, that people just don’t care that much about privacy or they’d be attending more scrupulously to Web privacy policies – except this turns out to impose a significant economic cost in itself.

The truth is, if we were dealing with a frictionless Coaseian market of fully-informed users, regulation would not be necessary, but it would not be especially harmful either, because users who currently allow themselves to be tracked would all gladly opt in. In the real world, though, behavioral economics suggests that defaults matter quite a lot: Making informed privacy choices can be costly, and while an opt-out regime will probably yield tracking of some who would prefer not to be under conditions of full information and frictionless choice, an opt-in regime will likely prevent tracking of folks who don’t object to tracking. And preventing that tracking also has real social costs, as Berin and Adam Thierer have taken pains to point out. In particular, it merits emphasis that behavioral advertising is regarded by many as providing a viable business model for online journalism, where contextual advertising tends not to work very well: There aren’t a lot of obvious products to tie in to an important investigative story about municipal corruption. Either way, though, the outcome is shaped by the default rule about the level of monitoring users are presumed to consent to. So which set of defaults ought we to prefer?

Here’s why I still come down mostly on Adam and Berin’s side, and against many of the regulatory remedies proposed. At the risk of stating the obvious, users start with de facto control of their data. Slightly less obvious: While users will tend to have heterogeneous privacy preferences – that’s why setting defaults either way is tricky – individual users will often have fairly homogeneous preferences across many different sites. Now, it seems to be an implicit premise of the argument for regulation that the friction involved in making lots of individual site-by-site choices about privacy will yield oversharing. But the same logic cuts in both directions: Transactional friction can block efficient departures from a high-privacy default as well. Even a default that optimally reflects the median user’s preferences or reasonable expectations is going to flub it for the outliers. If the variance in preferences is substantial, and if different defaults entail different levels of transactional friction, nailing the default is going to be less important than choosing the rule that keeps friction lowest. Given that most people do most of their Web surfing on a relatively small number of machines, this makes the browser a much more attractive locus of control. In terms of a practical effect on privacy, the coalition members would probably achieve more by persuading Firefox to set their browser to reject third-party cookies out of the box than from any legislation they’re likely to get – and indeed, it would probably have a more devastating effect on the behavioral ad market. Less bluntly, browsers could include a startup option that asks users whether they want to import an exclusion list maintained by their favorite force for good.

On the model proposed by the coalition, individuals have to make affirmative decisions about what data collection to permit for each Web site or ad network at least once every three months, and maybe each time they clear their cookies. If you think almost everyone would, if fully informed, opt out of such collection, this might make sense. But if you take the social benefits of behavioral targeting seriously, this scheme seems likely to block a lot of efficient sharing. Browser-based controls can still be a bit much for the novice user to grapple with, but programmers seem to be getting better and better at making it more easy and automatic for users to set privacy-protective defaults. If the problem with the unregulated market is supposed to be excessive transaction costs, it seems strange to lock in a model that keeps those costs high even as browser developers are finding ways to streamline that process. It’s also worth considering whether such rules wouldn’t have the perverse consequence of encouraging consolidation across behavioral trackers. The higher the bar is set for consent to monitoring, the more that consent effectively becomes a network good, which may encourage concentration of data in a small number of large trackers – not, presumably, the result privacy advocates are looking for. Finally – and for me this may be the dispositive point – it’s worth remembering that while American law is constrained by national borders, the Internet is not. And it seems to me that there’s a very real danger of giving the least savvy users a false sense of security – the government is on the job guarding my privacy! no need to bother learning about cookies! – when they may routinely and unwittingly be interacting with sites beyond the reach of domestic regulations.

There are similar practical difficulties with the proposal that users be granted a right of access to behavioral tracking data about them.  Here’s the dilemma: Any requirement that trackers make such data available to users is a potential security breach, which increases the chances of sensitive data falling into the wrong hands. I may trust a site or ad network to store this information for the purpose of serving me ads and providing me with free services, but I certainly don’t want anyone who sends them an e-mail with my IP address to have access to it. The obvious solution is for them to have procedures for verifying the identity of each tracked user – but this would appear to require that they store still more information about me in order to render tracking data personally identifiable and verifiable. A few ways of managing the difficulty spring to mind, but most defer rather than resolve the problem, and add further points of potential breach.

That doesn’t mean there’s no place for government or policy change here, but it’s not always the one the coalition endorses. Let’s look  more closely at some of their specific concerns and see which, if any, are well-suited to policy remedies. Only one really has anything to do with behavioral advertising, and it’s easily the weakest of the bunch. The groups worry that targeted ads – for payday loans, sub-prime mortgages, or snake-oil remedies – could be used to “take advantage of vulnerable consumers.” It’s not clear that this is really a special problem with behavioral ads, however: Similar targeting could surely be accomplished by means of contextual ads, which are delivered via relevant sites, pages, or search terms rather than depending on the personal characteristics or browsing history of the viewer – yet the groups explicitly aver that no new regulation is appropriate for contextual advertising. In any event, since whatever problem exists here is a problem with ads, the appropriate remedy is to focus on deceptive or fraudulent ads, not the particular means of delivery. We already, quite properly, have rules covering dishonest advertising practices.

The same sort of reply works for some of the other concerns, which are all linked in some more specific way to the collection, dissemination, and non-advertising use of information about people and their Web browsing habits. The groups worry, for instance, about “redlining” – the restriction or denial of access to goods, services, loans, or jobs on the basis of traits linked to race, gender, sexual orientation, or some other suspect classification. But as Steve Jobs might say, we’ve got an app for that: It’s already illegal to turn down a loan application on the grounds that the applicant is African American. There’s no special exemption for the case where the applicant’s race was inferred from a Doubleclick profile. But this actually appears to be something of a redlining herring, so to speak: When you get down into the weeds, the actual proposal is to bar any use of data collected for “any credit, employment, insurance, or governmental purpose or for redlining.” This seems excessively broad; it should suffice to say that a targeter “cannot use or disclose information about an individual in a manner that is inconsistent with its published notice.”

Particular methods of tracking may also be covered by current law, and I find it unfortunate that the coalition letter lumps together so many different practices under the catch-all heading of “behavioral tracking.” Most behavioral tracking is either done directly by sites users interact with – as when Amazon uses records of my past purchases to recommend new products I might like – or by third party companies whose ads place browser cookies on user computers. Recently, though, some Internet Service Providers have drawn fire for proposals to use Deep Packet Inspection to provide information about their users’ behavior to advertising partners – proposals thus far scuppered by a combination of user backlash and congressional grumbling. There is at least a colorable argument to be made that this practice would already run afoul of the Electronic Communications Privacy Act, which places strict limits on the circumstances under which telecom providers may intercept or share information about the contents of user communications without explicit permission. ECPA is already seriously overdue for an update, and some clarification on this point would be welcome. If users do wish to consent to such monitoring, that should be their right, but it should not be by means of a blanket authorization in eight-point type on page 27 of a terms-of-service agreement.

Similarly welcome would be some clarification on the status of such behavioral profiles when the government comes calling. It’s an unfortunate legacy of some technologically atavistic Supreme Court rulings that we enjoy very little Fourth Amendment protection against government seizure of private records held by third parties – the dubious rationale being that we lose our “reasonable expectation of privacy” in information we’ve already disclosed to others outside a circle of intimates. While ECPA seeks to restore some protection of that data by statute, we’ve made it increasingly easy in recent years for the government to seek “business records” by administrative subpoena rather than court order. It should not be possible to circumvent ECPA’s protections by acquiring, for instance, records of keyword-sensitive ads served on a user’s Web-based e-mail.

All that said, some of the proposals offered up seem,while perhaps not urgent, less problematic. Requiring some prominent link to a plain-English description of how information is collected and used constitutes a minimal burden on trackers – responsible sites already maintain prominent links to privacy policies anyway – and serves the goal of empowering users to make more informed decisions. I’m also warily sympathetic to the idea of giving privacy policies more enforcement teeth – the wariness stemming from a fear of incentivizing frivolous litigation. Still, the status quo is that sites and ad networks profitably elicit information from users on the basis of stated privacy practices, but often aren’t directly liable to consumers if they flout those promises, unless the consumer can show that the breach of trust resulted in some kind of monetary loss.

Finally, a quick note about one element of the coalition recommendations that neither they nor their opponents seem to have discussed much – the insistence that there be no federal preemption of state privacy law. I assume what’s going on here is that the privacy advocates expect some states to be more protective of privacy than Congress or the FTC would be, and want to encourage that, while libertarians are more concerned with keeping the federal government from getting involved at all. But really, if there’s an issue that was made for federal preemption, this is it.  A country where vendors, advertisers, and consumers on a borderless Internet have to navigate 50 flavors of privacy rules to sell a banner add or an iTunes track does not sound particularly conducive to privacy, commerce, or informed consumer choice.

GOP Health Care Alternative: Drinking the Massachusetts Kool-Aid

Earlier this morning, my colleague, Michael Cannon, blogged a devastating critique of the Coburn-Burr-Ryan-Nunez alternative to the Obama health plan. As he shows, while the bill has some good features (changing the tax treatment of health insurance, expanding HSAs), the good is swamped by a bizarre collection of regulation, mandates, and hidden taxes.

In fact, the bill appears to be based, in large part, on what its sponsors call “the well-known, bi-partisan achievement of universal health care through a private system in Massachusetts.” But the Massachusetts model has failed to either achieve universal coverage or control health care costs. Rather, as I noted in this recent blog, it has led to more regulation, less consumer choice, and increased insurance premiums, while running huge budget deficits that have already led to one tax increase and are now causing the state to consider premium caps and global budgets. One wonders why congressional Republicans would want to head down that road.

Notably, Coburn-Burr-Ryan-Nunez abandons Rep. John Shadegg’s proposal to allow Americans to buy insurance across state lines in favor of a requirement that states establish Massachusetts-style connectors. But the Massachusetts Connector has been one of the worst aspects of that state’s reform, acting as a super-regulatory body, adding new mandated benefits, restricting consumer’s choice of plans, and adding both regulatory and administrative costs to insurance. (In fact, the Connector adds its own administrative costs, estimated at 4 percent of premium costs, for plans that are sold through it.) What the Connector has not done is live up to its promise of breaking the link between employment and insurance, giving workers personal, portable insurance that they could take with them from job to job, and which they would not lose when they lost their jobs. Unfortunately, the Connector has not lived up to its promise in the latter regard. In fact, as of May 2008, only 18,122 people had purchased insurance through the Connector. That’s very little gain for so much pain.

Since there is virtually no chance that the Coburn-Burr-Ryan-Nunez will actually be enacted, perhaps one shouldn’t get too excised about its failings. No doubt it is far superior to Obamacare. And, it is understandable that congressional Republicans want to appear as more than the “party of no.” Still, this looks like a sadly missed opportunity.

A Not So Happy Anniversary for the “Massachusetts Model”

Three years ago yesterday, then-Governor Mitt Romney signed into law the most far reaching state health care reform plan to date.  At the time, we warned that the plan, with its individual and employer mandates, new regulatory bureaucracy (the Connector), and middle-class subsidies would result in “a slow but steady spiral downward toward a government-run health care system.” Sadly, three years later, those predictions appear to be coming true.

  • While the state has reduced the number of residents without health insurance, some 200,000 people remain uninsured. Moreover, the increase in the number of insured is primarily due to the state’s generous subsidies, not the celebrated individual mandate.
  • Health care costs continue to rise much faster than the nationally. Since the program became law, total state health care spending has increased by 23 percent. Insurance premiums have been increasing by 10-12 percent per year, nearly double the national average.
  • New regulation and bureaucracy is limiting consumer choice and adding to costs.
  • Program costs have skyrocketed. Despite tax increases, the program faces huge deficits in the future. As a result, the state is considering caps on insurance premiums, cuts in reimbursements to providers, and even the possibility of a “global budget” on health care spending.
  • A shortage of providers, combined with increased demand, is increasing waiting times to see a physician, especially primary care providers.

With the “Massachusetts model” being frequently cited as a blueprint for state or national health care reform, it is important to recognize that giving the government greater control over our health care system will have grave consequences for taxpayers, providers, and health care consumers. That is the lesson of the Massachusetts model.