Tag: privacy

No, America, You Don’t Need to Comply with the REAL ID Act

Like countless similar news stories recently, a report on Business Insider claims: “Residents from 5 US states could soon need a passport for a domestic flight.” The idea is that the Transportation Security Administration will begin to enforce the REAL ID Act in 2016 by denying airport access to travelers from non-compliant states.

It’s not true.

Nobody needs to get a passport to fly domestically. No state needs to implement the REAL ID Act’s national ID mandates.

I’ve been collecting examples of misleading reports like this at the Twitter hashtag “#TakenInByDHS.” A recent blog post of mine, also called “Taken In by DHS,” fleshes out the story of widespread misreporting on the situation with our national ID law.

In brief, the Department of Homeland Security is trying to get the states to convert their driver licensing systems into components of a U.S. national ID system. The REAL ID Act, which Congress passed in 2005, allows DHS to refuse IDs from non-compliant states, including IDs travelers present at TSA’s airport checkpoints.

This concerns some people when they first learn about it, but the REAL ID compliance deadline passed more than seven years ago with not one state in compliance. DHS has improvised deadline after deadline since then, and it has caved every single time its deadlines have been reached. I went through the history last year in my Cato Policy Analysis, “REAL ID: A State-by-State Update.”

DHS’s latest story is that it might start to enforce REAL ID in 2016. It won’t. 

DHS Uses Local Law Enforcement To Shut Down Tor Access For Library Patrons

Earlier this year, the Library Freedom Project launched an initiative to test the use of Tor exit relays in local libraries as a means of helping library patrons browse the internet annonymously. As the LFP noted

To begin this new project, we needed a pilot, and we had just the library in mind – Kilton Library in Lebanon, New Hampshire, one of two Lebanon Libraries. Chuck McAndrew is the IT librarian there, and he’s done amazing things to the computers on his network, like running them all on GNU/Linux distributions. Why is this significant? Most library environments run Microsoft Windows, and we know that Microsoft participated in the NSA’s PRISM surveillance program. By choosing GNU/Linux operating systems and installing some privacy-protecting browser extensions too, Chuck’s helping his staff and patrons opt-out of pervasive government and corporate surveillance. Pretty awesome.

At least it was awesome until the Department of Homeland Security got wind of the project.

As Julia Angwin of ProPublica reports today

In July, the Kilton Public Library in Lebanon, New Hampshire, was the first library in the country to become part of the anonymous Web surfing service Tor. The library allowed Tor users around the world to bounce their Internet traffic through the library, thus masking users’ locations.

Soon after state authorities received an email about it from an agent at the Department of Homeland Security.

“The Department of Homeland Security got in touch with our Police Department,” said Sean Fleming, the library director of the Lebanon Public Libraries.

After a meeting at which local police and city officials discussed how Tor could be exploited by criminals, the library pulled the plug on the project.

“Right now we’re on pause,” said Fleming. “We really weren’t anticipating that there would be any controversy at all.”

He said that the library board of trustees will vote on whether to turn the service back on at its meeting on Sept. 15.

Nearly everything in our society has been or will be exploited by criminals: cars, cellphones, hatchets, cleaning solutions, tape, boats, aircraft–the list is virtually endless. It’s part of living with and in a free society, and the feds don’t come knocking on 3M’s door every time a criminal uses their tape to facilitate a break-in or other criminal act. But federal agencies like DHS and the FBI are literally on an anti-encryption, anti-privacy crusade with respect to consumer electronics and software–especially high-quality, publicly audited and effective anonymization technology like Tor. The Kilton Library’s internet freedom project has just become the federal government’s latest victim in that misguided campaign.

To recap: DHS used the Lebanon, New Hampshire police department to lean on–if not outright intimidate–a local library into at least temporarily abandoning a tool that reinforces Fourth Amendment privacy protections–and in doing so treated all of the Kilton Library’s patrons as potential criminals first, and as citizens with rights a very distant second.

China’s REAL ID Program

China is implementing its “toughest-ever” mobile phone real-name registration system, according to the Want China Times. The effort seeks to get all remaining unregistered mobile phones associated with the true identities of their owners in the records of telecommunications firms. Those who do not register their phones will soon see their telecommunications restricted.

This policy will have wonderful security benefits. It will make identity fraud, anonymous communication, and various conspiracies much easier to detect and punish—including conspiracies to dissent from government policy.

The United States is a very different place from China—on the same tracking-and-control continuum. We have no official policy of registering phones to their owners, but in practice phone companies collect our Social Security numbers when we initiate service, they know our home addresses, and they have our credit card numbers. All of these are functional unique identifiers, and there is some evidence that the government can readily access data held by our telecommunications firms.

We have no national ID that would be used for phone registration, of course. The Department of Homeland Security says it will begin denying travel rights to people from states that do not comply with the REAL ID Act beginning in 2016.

E-Verify Simply Does Not Work

Nearly twenty years ago, John J. Miller of the Center for Equal Opportunity and Stephen Moore, then the director of fiscal policy studies at the Cato Institute, published a study responding to the rising demand for immigration law enforcement.

A National ID System: Big Brother’s Solution to Illegal Immigration” was the name of their Cato Institute policy analysis. They highlighted costs to the liberty of native-born Americans from systems that seek to root out illegal immigrants with identity cards and tracking. I reprised their study in a way and expanded on it seven years ago in “Electronic Employment Eligibility Verification: Franz Kafka’s Solution to Illegal Immigration.”

When I saw Alex Nowrasteh’s research into the results of mandates to use the Department of Homeland Security’s E-Verify program, I was delighted to see what experience makes available to backers of “internal enforcement” who don’t have our nation’s freedoms in mind. E-Verify simply does not work. That’s the upshot of our new study, “Checking E-Verify: The Costs and Consequences of a National Worker Screening Mandate.”

Patel: Right Result, Wan Rationale

Making short work of the idea that facial challenges aren’t available under the Fourth Amendment, the Supreme Court ruled today in Los Angeles v. Patel that a city may not require its hotels to turn over their business records without some opportunity for review of the government’s demands. It’s the right result, but the Court was too quiet about its treatment of Fourth Amendment doctrine, and it did not take the opportunity to fully address situations like the case presented, in which the government dragoons private businesses into surveillance on its behalf.

Justice Sotomayor, writing for a 5-4 majority, held: “the provision of the Los Angeles Municipal Code that requires hotel operators to make their registries available to the police on demand is facially unconstitutional because it penalizes them for declining to turn over their records without affording them any opportunity for pre-compliance review.” Justice Scalia led one bloc of dissenters believing it was reasonable to institute this kind of regulation on business owners suspected of no substantive crime because their facilities are sometimes used for crime. Justice Alito dissented as well, arguing that there should be no facial challenge to the statute because constitutional applications of it exist.

Had the stars lined up, the Court might have used the Patel case to address simmering issues around current Fourth Amendment doctrine, as the Cato Institute’s brief for the Court suggested. The Court indeed eschewed the backward “reasonable expectation of privacy” test, which finds that Fourth Amendment interest exists when people reasonably feel that it does. It instead examined whether the government’s scheme was reasonable, which is where the language of the Fourth Amendment focuses courts’ attention. But the Court did not broadcast the inapplicability of “reasonable expectation” doctrine, so most lawyers and lower courts will probably not realize that another in a growing line of cases is applying the Fourth Amendment in a new and better way, by hewing more closely to the text.

Part of the reason the Court didn’t take all the constitutional bait was the unusually narrow challenge the hoteliers brought. They attacked the collection of information by the government, granting for the sake of argument in this case that the government has the power to require them to collect information about their customers for the government’s later use. Had the Court considered the totality of what we called “the warrantless search scheme,” it would have had to assess whether it is reasonable in our constitutional system for private businesses to be dragooned into wholesale, comprehensive surveillance on behalf of the government. That scope might have brought the Court’s conservatives off the sidelines and into defending the degree of privacy against government that existed when the Fourth Amendment was adopted. (Surely, the government couldn’t have conscripted businesses into mass surveillance of the public at the time of the framing.)

Folks who are paying attention will recognize that the “reasonable expectation of privacy” test continues to recede in importance. We will continue to wait, though, for the case that clearly and articulately applies the right against unreasonable seizures and searches to information as such. While Patel is a technical win, some later case or cases will have to truly address how the Fourth Amendment is to be administered in the modern era.


Are journalists across the nation working to establish a national ID in the United States? Most would object, “Certainly not!”

But in reporting uncritically on the Department of Homeland Security’s claimed deadlines for implementing the U.S. national ID law, many journalists are unwittingly helping impose a system that the federal government may one day use to identify, track, and control every American. Today I’ve started Tweeting about news articles in which this occurs with the hashtag #TakenInByDHS.

Under the terms of the REAL ID Act, which became law more than ten years ago, states were supposed to begin issuing licenses according to federal standards by May of 2008. States that didn’t follow federal mandates would see their residents turned away at airports when the Transportation Security Administration declined their drivers’ licenses and ID cards.

The DHS failed to issue implementing regulations timely, and backed off of the statutory deadline by regulatory fiat. No state was in compliance with REAL ID on deadline, and no state is compliant with REAL ID today. Over the years, the Department of Homeland Security has declared a variety of milestones and deadlines in a fairly impotent effort to bring state driver licensing policy under federal control. Many states have resisted.

The reason for DHS’s impotence is that making good on the threat to prevent Americans from traveling would almost surely backfire. If already unpopular TSA agents began refusing Americans their right to travel, it would be federal bureaucrats and members of Congress getting the blame—not state legislators.

But most state legislators haven’t done this calculation. They are reluctant to create a national ID, and they don’t want to expend taxpayer funds on a program that undercuts their constituents’ privacy. But told of their potential responsibility for bedlam at local airports, they will accede to such things.

OECD Scheme to Boost Taxes on Business Sector Will Hurt Global Economy and Enable Bigger Government

Citing the work of David Burton and Richard Rahn, I warned last July about the dangerous consequences of allowing governments to create a global tax cartel based on the collection and sharing of sensitive personal financial information.

I was focused on the danger to individuals, but it’s also risky to let governments obtain more data from businesses.

Remarkably, even the World Bank acknowledges the downside of giving more information to governments.

Here are some blurbs from the abstract of a new study looking at what happens when companies divulge more data.

Relying on a data set of more than 70,000 firms in 121 countries, the analysis finds that disclosure can be a double-edged sword. …The findings reveal the dark side of voluntary information disclosure: exposing firms to government expropriation.

And here are some additional details from the full report.

…disclosure has important costs in allowing exposure to government expropriation… We show that accounting information disclosure can be detrimental to firm development… Such disclosure allows corrupt bureaucrats to gain access to firm-level information and use it for endogenous harassment. …once firm information is disclosed, the threat of government expropriation is widespread. Information disclosure thus allows rent-seeking bureaucrats to gain access to the disclosed information and use it to extract bribes. …Our paper offers a vivid illustration that an important hindrance to institutional development—here in the form of adopting information disclosure—is government expropriation. …The results are thus supportive of Acemoglu and Johnson (2005) on the overwhelming importance of constraining government expropriation in facilitating economic development.

Yet this doesn’t seem to bother advocates of bigger government.