Tag: privacy

Argentina Decriminalizes Personal Drug Consumption

Following in Mexico’s footsteps last week, the Supreme Court of Argentina has unanimously ruled today on decriminalizing the possession of drugs for personal consumption.

For those who might be concerned with the idea of an “activist judiciary,” the Court’s decision was based on a case brought by a 19 year-old who was arrested in the street for possession of two grams of marijuana. He was convicted and sentenced to a month and a half in prison, but challenged the constitutionality of the drug law based on Article 19 of the Argentine Constitution:

The private actions of men which in no way offend public order or morality, nor injure a third party, are only reserved to God and are exempted from the authority of judges. No inhabitant of the Nation shall be obliged to perform what the law does not demand nor deprived of what it does not prohibit.

Today, the Supreme Court ruled that personal drug consumption is covered by that privacy clause stipulated in Article 19 of the Constitution since it doesn’t affect third parties. Questions still remain, though, on the extent of the ruling. However, the government of President Cristina Fernández has fully endorsed the Court’s decision and has vowed to promptly submit a bill to Congress that would define the details of the decriminalization policies.

According to some reports, Brazil and Ecuador are considering similar steps. They would be wise to follow suit.

600 Billion Data Points Per Day? It’s Time to Restore the Fourth Amendment

Jeff Jonas has published an important post: “Your Movements Speak for Themselves: Space-Time Travel Data is Analytic Super-Food!”

More than you probably realize, your mobile device is a digital sensor, creating records of your whereabouts and movements:

Mobile devices in America are generating something like 600 billion geo-spatially tagged transactions per day. Every call, text message, email and data transfer handled by your mobile device creates a transaction with your space-time coordinate (to roughly 60 meters accuracy if there are three cell towers in range), whether you have GPS or not. Got a Blackberry? Every few minutes, it sends a heartbeat, creating a transaction whether you are using the phone or not. If the device is GPS-enabled and you’re using a location-based service your location is accurate to somewhere between 10 and 30 meters. Using Wi-Fi? It is accurate below 10 meters.

The process of deploying this data to markedly improve our lives is underway. A friend of Jonas’ says that space-time travel data used to reveal traffic tie-ups shaves two to four hours off his commute each week. When it is put to full use, “the world we live in will fundamentally change. Organizations and citizens alike will operate with substantially more efficiency. There will be less carbon emissions, increased longevity, and fewer deaths.”

This progress is not without cost:

A government not so keen on free speech could use such data to see a crowd converging towards a protest site and respond before the swarm takes form – detected and preempted, this protest never happens. Or worse, it could be used to understand and then undermine any political opponent.

Very few want government to be able to use this data as Jonas describes, and not everybody wants to participate in the information economy quite so robustly. But the public can’t protect itself against what it can’t see. So Jonas invites holders of space-time data to reveal it:

[O]ne way to enlighten the consumer would involve holders of space-time-travel data [permitting] an owner of a mobile device the ability to also see what they can see:

(a) The top 10 places you spend the most time (e.g., 1. a home address, 2. a work address, 3. a secondary work facility address, 4. your kids school address, 5. your gym address, and so on);

(b) The top three most predictable places you will be at a specific time when on the move (e.g., Vegas on the 215 freeway passing the Rainbow exit on Thursdays 6:07 - 6:21pm – 57% of the time);

(c) The first name and first letter of the last name of the top 20 people that you regularly meet-up with (turns out to be wife, kids, best friends, and co-workers – and hopefully in that order!)

(d) The best three predictions of where you will be for more than one hour (in one place) over the next month, not counting home or work.

Google’s Android and Latitude products are candidates to take the lead, he says, and I agree. Google collectively understands both openness and privacy, and it’s nimble enough still to execute something like this. Other mobile providers would be forced to follow this innovation.

What should we do to reap the benefits while minimizing the costs? The starting point is you: It is your responsibility to deal with your mobile provider as an adult. Have you read your contract? Have you asked them whether they collect this data, how long they keep it, whether they share it, and under what terms?

Think about how you can obscure yourself. Put your phone in airplane mode when you are going someplace unusual - or someplace usual. (You might find that taking a break from being connected opens new vistas in front of your eyes.) Trade phones with others from time to time. There are probably hacks on mobile phone system that could allow people to protect themselves to some degree.

Privacy self-help is important, but obviously it can be costly. And you shouldn’t have to obscure yourself from your mobile communications provider, giving up the benefits of connected living, to maintain your privacy from government.

The emergence of space-time travel data begs for restoration of Fourth Amendment protections in communications data. In my American University Law Review article, “Reforming Fourth Amendment Privacy Doctrine,” I described the sorry state of the Fourth Amendment as to modern communications.

The “reasonable expectation of privacy” doctrine that arose out of the Supreme Court’s 1967 Katz decision is wrong—it isn’t even founded in the majority holding of the case. The “third-party doctrine,” following Katz in a pair of early 1970s Bank Secrecy Act cases, denies individuals Fourth Amendment claims on information held by service providers. Smith v. Maryland brought it home to communications in 1979, holding that people do not have a “reasonable expectation of privacy” in the telephone numbers they dial. (Nevermind that they actually have privacy—the doctrine trumps it.)

Concluding, apropos of Jonas’ post, I wrote:

These holdings were never right, but they grow more wrong with each step forward in modern, connected living. Incredibly deep reservoirs of information are constantly collected by third-party service providers today.

Cellular telephone networks pinpoint customers’ locations throughout the day through the movement of their phones. Internet service providers maintain copies of huge swaths of the information that crosses their networks, tied to customer identifiers. Search engines maintain logs of searches that can be correlated to specific computers and usually the individuals that use them. Payment systems record each instance of commerce, and the time and place it occurred.

The totality of these records are very, very revealing of people’s lives. They are a window onto each individual’s spiritual nature, feelings, and intellect. They reflect each American’s beliefs, thoughts, emotions, and sensations. They ought to be protected, as they are the modern iteration of our “papers and effects.”

All Hail the Demise of a Bad Policy!

Well, not actually. Instead, the Washington Post’s headline says “U.S. Web-Tracking Plan Stirs Privacy Fears.” The story is about the reversal of an ill-conceived policy adopted nine years ago to limit the use of cookies on federal Web sites.

A cookie is a short string of text that a server sends a browser when the browser accesses a Web page. Cookies allow servers to recognize returning users so they can serve up customized, relevant content, including tailored ads. Think of a cookie as an eyeball - who do you want to be able to see that you visited a Web site?

Your browser lets you control what happens with the cookies offered by the sites you visit. You can issue a blanket refusal of all cookies, you can accept all cookies, and you can decide which cookies to accept based on who is offering them. Here’s how:

  • Internet Explorer: Tools > Internet Options > “Privacy” tab > “Advanced” button: Select “Override automatic cookie handling” and choose among the options, then hit “OK,” and next “Apply.”

I recommend accepting first-party cookies - offered by the sites you visit - and blocking third-party cookies - offered by the content embedded in those sites, like ad networks. Or ask to be prompted about third-party cookies just to see how many there are on the sites you visit. If you want to block or allow specific sites, select the “Sites” button to do so. If you selected “Prompt” in cookie handling, your choices will populate the “Sites” list.

  • Firefox: Tools > Options > “Privacy” tab: In the “cookies” box, choose among the options, then hit “OK.”

I recommend checking “Accept cookies from sites” and leaving unchecked “Accept third party cookies.” Click the “Exceptions” button to give site-by-site instructions.

Because you can control cookies, a government regulation restricting cookies is needless nannying. It may marginally protect you from government tracking - they have plenty of other methods, both legitimate and illegitimate - but it won’t protect you from tracking by others, including entities who may share data with the government.

The answer to the cookie problem is personal responsibility. Did you skip over the instructions above? The nation’s cookie problem is your fault.

If society lacks awareness of cookies, Microsoft (Internet Explorer), the Mozilla Foundation (Firefox), and producers of other browsers (Apple/Safari, Google/Chrome) might consider building cookie education into new browser downloads and updates. Perhaps they should set privacy-protective defaults. That’s all up to the community of Internet users, publishers, and programmers to decide, using their influence in the marketplace.

Artificially restricting cookies on federal Web sites needlessly hamstrings federal Web sites. When the policy was instituted it threatened to set a precedent for broader regulation of cookie use on the Web. Hopefully, the debate about whether to regulate cookies is over, but further ‘Net nannying is a constant offering of the federal government (and other elitists).

By moving away from the stultifying limitation on federal cookies, the federal government acknowledges that American grown-ups can and should look out for their own privacy.

Assessing the Claim that CDT Opposes a National ID

It was good of Ari Schwartz to respond last week to my recent post querying whether the Center for Democracy and Technology outright opposes a national ID or simply “does not support” one.

Ari says CDT does oppose a national ID, and I believe that he honestly believes that. But it’s worth taking a look at whether the group’s actions are consistent with opposition to a national ID. I believe CDT’s actions – most recently its support of the PASS ID Act – support the creation of a national ID.

(The title of his post and some of his commentary suggest I have engaged in rhetorical excess and mischaracterized his views. Please do judge for yourself whether I’m being shrill or unfair, which is not my intention.)

First I want to address an unusual claim of Ari’s – that we already have a national ID system. If that is true, his support for PASS ID is more sensible because it is an opportunity to inject federal privacy protections into the existing system (putting aside whether it is a federal responsibility to manage a state system or systems).

Do We Already Have a National ID?

I have heard a few people suggest that we have a national ID in the form of the Social Security Number. I believe the SSN is a national identifier, but it fails the test of a national identification card or system because it is not used for identification. As we know well from the scourge of identity fraud, there is no definitive way to tie an SSN to a person. The SSN is not used for identification (at least not reliably and not alone), which is the third part of my national ID definition. (Senator Schumer might like the SSN to form the basis of a national ID system, of course.)

But Ari says something different. He does not claim any definition of “national ID” or “national ID system.” Instead, he appeals to the authority of a 2003 report from a National Academy of Sciences group entitled “Who Goes There?: Authentication Through the Lens of Privacy.” That report indeed says, “State-issued driver’s licenses are a de facto nationwide identity system” – on the second-to-last substantive page of its second-to-last substantive chapter

But this is a highly selective use of quotation. The year before, that same group issued a report called “IDs – Not That Easy: Questions About Nationwide Identity Systems.” From the beginning and throughout, that report discussed the many issues around proposals to create a “nationwide” identity system. If the NAS panel had already concluded that we have a national ID system, it would not have issued an entire report critiquing that prospect. It would have discussed the existing one as such. Ari’s one quote doesn’t do much to support the notion that we already have a national ID.

What’s more, CDT’s own public comments on the proposed REAL ID Act regulations in May 2007 said that its data-intensive “one person – one license/ID card – one record” policy would ”create a national identification system.”

If a national ID system already existed, the new policy wouldn’t create one. This is another authority at odds with the idea that we have a national ID system already.

Support of PASS ID might be forgiven if we had a national ID system and if PASS ID would improve it. But the claim we already have one is weak.

“Political Reality” and Its Manufacture

But the heart of Ari’s claim is that supporting PASS ID reflects good judgment in light of political reality.

Despite the fact that there are no federal politicians, no governors and no appointed officials from any party publicly supporting repeal of REAL ID today, CDT still says that repeal is an acceptable option. However, PASS ID would get to the same outcome, or better, in practice and has the added benefit of actually being a political possibility… . I realize that Harper has invested a lot of time fighting for the word “repeal,” but at some point we have to look at the political reality.

A “Dear Colleague” letter inviting support for a bill to repeal REAL ID circulated on the Hill last week. How many legislators will hesitate to sign on to the bill because they have heard that the PASS ID Act, and not repeal of REAL ID, is CDT’s preferred way forward?

The phrase “political reality” is more often used by advocates to craft the political reality they prefer than to describe anything truly real. Like the observer effect in experimental research, statements about “political reality” change political reality.  Convince enough people that a thing is “political reality” and the sought-after political reality becomes, simply, reality.

I wrote here before about how the National Governors Association, sensing profit, has worked diligently to make REAL ID a “political reality.” And it has certainly made some headway (though not enough). In the last Congress, the only legislation aimed at resolving the REAL ID impasse were bills to repeal REAL ID. Since then, the political reality is that Barack Obama was elected president and an administration far less friendly to a national ID took office. Democrats – who are on average less friendly to a national ID – made gains in both the House and Senate.

But how are political realities crafted? It has often been described as trying to get people on a bus. To pass a bill, you change it to get more people on the bus than get off.

The REAL ID bus was missing some important riders. It had security hawks, the Department of Homeland Security, anti-immigrant groups, DMV bureaucrats, public safety advocates, and the Bush Administration. But it didn’t have: state legislators and governors, privacy and civil liberties groups, and certain religious communities, among others.

PASS ID is for the most part an effort to bring on state legislators and governors. The NGA is hoping to broker the sale of state power to the federal government, locking in its own institutional role as a supplicant in Washington, D.C. for state political leaders.

But look who else was hanging around the bus station looking for rides! – CDT, the nominal civil liberties group. Alone it jumped on the bus, communicating to others less familiar with the issues that PASS ID represented a good way forward.

Happily, few have taken this signal. The authors of PASS ID were unable to escape the name “REAL ID,” which is a far more powerful beacon flashing national ID and all the ills that entails than CDT’s signal to the contrary.

This is not the first time that CDT’s penchant for compromise has assisted the national ID effort, though.

Compromising Toward National ID

The current push for a national ID has a short history that I summarized three years ago in a righteously titled post on the TechLiberationFront blog: “The Markle Foundation: Font of Evil II.”

Briefly, in December 2003, a group called the Markle Foundation Task Force on National Security in the Information Age recommended “both near-term measures and a longer-term research agenda to increase the reliability of identification while protecting privacy.” (Never mind that false identification was not a modus operandi of the 9/11 attacks.)

The 9/11 Commission, citing Markle, found that “[t]he federal government should set standards for the issuance of birth certificates and sources of identification, such as drivers licenses.” In December 2004, Congress passed the Intelligence Reform and Terrorism Prevention Act, implementing the recommendations of the 9/11 Commission, including national standards for drivers’ licenses and identification cards, the national ID system recommended by the Markle Task Force. And in May 2005, Congress passed a strengthened national ID system in the REAL ID Act.

An earlier post, “The Markle Foundation: Font of Evil,” has more – and the text of a PoliTech debate between myself and Stewart Baker. Security hawk Baker was a participant in the Markle Foundation group, as was national ID advocate Amitai Etzioni. So was the Center for Democracy and Technology’s Jim Dempsey.

I had many reservations about the Markle Foundation Task Force and its work product, and in an April 2005 meeting of the DHS Privacy Committee, I asked Dempsey about what qualified people to serve on that task force, whether people were invited, and what might exclude them. A month before REAL ID passed, he said:

I think the Markle Task Force at least sought balance. And people came to the table committed to dialogue. And those who came with a particular point of view, I think, were all committed to listening. And I think people’s minds were changed… . What we were committed to in the Markle Task Force was changing our minds and trying to find a common ground and to try to understand each other. And we spent the time at it. And that, I think, is reflected in the product of the task force.

There isn’t a nicer, more genuine person working in public policy than Jim Dempsey. He is the consummate honest broker, and this statement of his intentions for the Markle Foundation I believe to be characteristically truthful and earnest.

But consider the possibility that others participating on the Markle Foundation Task Force did not share Jim’s predilection for honest dialogue and compromise. It is even possible that they mouthed these ideals while working intently to advance their goals, including creation of a national ID.

Stewart Baker, who I personally like, is canny and wily, and he wants to win. I see no evidence that Amitai Etzioni changed his mind about having a national ID when he authored the recommendation in the Markle report that ultimately produced REAL ID.

Other Markle participants I have talked to were unaware of what the report said about identity-based security, national identity standards, or a national ID. They don’t even know (or didn’t at the time) that lending your name to a report also lends it your credibility. Whatever privacy or civil liberties advocates were involved with the Markle Task Force got rolled – big-time – by the pro-national-ID team.

CDT is a sophisticated Washington, D.C. operation. It is supposed to understand these dynamics. I can’t give it the pass that outsiders to Washington might get. By committing to compromise rather than any principle, and by lending its name to the Markle Foundation Task Force report, CDT gave credibility to a bad idea – the creation of a national ID.

CDT helped produce the REAL ID Act, which has taken years of struggle to beat back. And now they are at it again with “pragmatic” support for PASS ID.

CDT has been consistently compromising on national ID issues while proponents of a national ID have been doggedly and persistently pursuing their interests. This is not the behavior of a civil liberties organization. It’s why I asked in the post that precipitated this debate whether there is anything that would cause CDT to push back from the table and say No.

Despite words to the contrary, I don’t see evidence that CDT opposes having a national ID. It certainly works around the edges to improve privacy in the context of having a national ID – reducing the wetness of the water, as it were – but at key junctures, CDT’s actions have tended to support having a U.S. national ID. I remain open to seeing contrary evidence.

Would PASS ID Really Save States Money?

The proposed PASS ID Act is a national ID just like REAL ID, and it threatens privacy just as much. Some argue that a national ID under PASS ID should be palatable, though, because it reduces costs to states.

But savings to states under PASS ID are not at all clear. Let’s take a look at the costs of creating a U.S. national ID.

The REAL ID Act, passed in May 2005, required states to begin implementing a national ID system within three years. In regulations it proposed in March 2007, the Department of Homeland Security extended that draconian deadline. States would have five years, starting in May 2008, to move all driver’s license and ID card holders into REAL ID-compliant cards.

The Department of Homeland Security estimated the costs for this project at $17.2 billion dollars (net present value, 7% discount). Costs to individuals came it at nearly $6 billion – mostly in wasted time. Americans would spend more than 250 million hours filling out forms, finding birth certificates and Social Security cards, and waiting in line at the DMV.

The bulk of the costs fell on state governments, though: nearly $11 billion dollars. The top three expenditures were $5.25 billion for customer service at DMVs, $4 billion for card production, and $1.1 billion for data systems and IT. Getting hundreds of millions of people through DMVs and issuing them new cards in such a short time was the bulk of the cost.

To drive down the cost estimate, DHS pushed the implementation schedule way back. In its final rule of January 2008, it allowed states a deadline extension to December 31, 2009 just for the asking, and a second extension to May 2011 for meeting certain milestones. Then states would have until the end of 2017 to replace all cards with the national ID card. That’s just under ten years.

Then the DHS decided to assume that only 75% of people would actually get the national ID. (Never mind that whatever benefits from having a national ID drop to near zero if it is not actually “national.”)

The result was a total cost estimate of about $6.85 billion (net present value, 7% discount). Individual citizens would still spend $5.2 billion worth of their time (in undiscounted dollars) on paperwork and waiting at the DMV. But states would spend just $1.5 billion on data and interconnectivity systems; $970 million on customer service; and $953 million on card production and issuance—a total of about $2.4 billion. (All undiscounted—DHS didn’t publish estimates for the final rule the same way it published their estimates for the proposed rule.)

Maybe these cost estimates were still too high. Maybe they weren’t believable. Or maybe Americans’ love of privacy and hatred of a national ID explains it. But the lower cost estimate did not slow the “REAL ID Rebellion.” Given the costs, the complexity, the privacy consequences, and the dubious benefits, states rejected REAL ID.

Enter PASS ID, which supposedly alleviates the costs to states of REAL ID. But would it?

At a Senate hearing last week, not one, but two representatives of the National Governors Association testified in favor of PASS ID, citing their internal estimate that implementing PASS ID would cost states just $2 billion.

But there is reason to doubt that figure. PASS ID is a lot more like REAL ID – the original REAL ID – in the way that most affects costs: the implementation schedule.

Under PASS ID, the DHS would have to come up with regulations in just nine months. States would then have just one year to begin complying. All drivers’ licenses would have to be replaced in the five years after that. That’s a total of six years to review the documents of every driver and ID holder, and issue them new cards.

How did the NGA come up with $2 billion? Maybe they took the extended, watered-down, 75%-over-ten-years estimate and subtracted some for reduced IT costs. (The NGA is free to publish its methodology, of course.)

But the costs of implementing PASS ID to states are more likely to be closer to $11 billion than the $2 billion figure that the NGA puts forward. In just six years, PASS ID would send some 245 million people into DMV offices around the country demanding new cards. States will have to hire and train new employees to handle the workload. They will have to acquire new computer systems, documents scanners, data storage facilities, and so on.

There is another source for cost estimates that draws the $2 billion figure into question: the National Governors Association itself. In September 2006, it issued a report with the National Conference of State Legislatures and the American Association of Motor Vehicle Administrators finding that the costs to re-enroll drivers and ID holders over a 5-year period would cost states $8.45 billion (not discounted).

Just as with REAL ID, re-enrollment under PASS ID would undo the cost-savings and convenience that states have gained by allowing online re-issuance for good drivers and long-time residents. As the NGA said:

Efficiencies from alternative renewal processes such as Internet and mail will be lost during the re-enrollment period, and states will face increased costs from the need to hire more employees and expand business hours to meet the five year re-enrollment deadline.

Angry citizens will ask their representatives why they are being investigated like criminals just so they can exercise their right to drive.

PASS ID does reduce some of the information technology costs of REAL ID, such as requirements to use systems that still do not exist, and requirements to pay for driver background checks through the Systematic Alien Verification for Entitlements system and the Social Security Online Verification system.

But PASS ID still requires states to “[e]stablish an effective procedure to confirm that a person [applying] for a driver’s license or identification card is terminating or has terminated any driver’s license or identification card” issued under PASS ID by any other state. How do you do that? By sharing driver information. The language requiring states to provide all other states electronic access to their databases is gone, but the need to share that information is still there.

A last hope for states is that the federal government will come up with money to handle all this. But the federal government is in even tougher financial straights than many states. The federal deficit for this fiscal year is projected to reach $1.84 trillion.

Experienced state leaders recognize that the promise of federal money may not be fulfilled. The weakly funded PASS ID mandate will likely become a fully unfunded mandate.

So, does PASS ID really save states money? I wouldn’t put any money on it … .

Review of the Big REAL ID Hearing

The Senate Homeland Security and Governmental Affairs Committee held a hearing yesterday on the REAL ID Act and the REAL ID revival bill, known as PASS ID. I attended and want to share with you some highlights.

Good News!

Little good came from the hearing, as it was primarily focused on how to get the states and people to accept a national ID. But there is some good news.

First, Department of Homeland Security Secretary Janet Napolitano declared REAL ID dead (much as I did in my testimony two-plus years ago). “DOA” is how she referred to it.

She also said that no state will be in compliance with REAL ID by the current December 31, 2009 deadline. This is important because a lot of people think that states doing anything about the security of drivers’ licenses and ID cards are complying with REAL ID.

Another highlight was the commentary of Senator Roland Burris (D-IL). He is a beleaguered outsider to the Senate and evidently wasn’t coached on the talking points around REAL ID and PASS ID. So he flat out asked why we shouldn’t just have “a national ID.”

Senator Susan Collins’ (R-ME) nervous smile was particularly noticeable when Burris asked why the emperor had no clothes. No one was supposed to talk about national IDs at this hearing! But that’s what PASS ID is.

REAL ID and PASS ID are two versions of the same national ID system, and nobody is denying it. That’s good news because the effort to rebrand REAL ID through PASS ID has failed.

A Fake Crisis

Some other issue-framing is worth pointing out. Chairman Lieberman and Secretary Napolitano took pains to point out the importance of acting on PASS ID soon, claiming that the TSA would have to seriously inconvenience travelers with secondary searches at the end of the year if nothing was done.

But this is the same “crisis” that the DHS navigated a little over a year ago. States across the country were refusing to implement REAL ID. The DHS Secretary rattled his saber about inconveniencing travelers. And the DHS Secretary ended up giving all states a deadline extension. Secretary Napolitano will do the same thing if PASS ID fails - saber-rattling included. There is no crisis.

Vermont Governor Jim Douglas Supports a National ID

As I noted above, PASS ID is a national ID, just like REAL ID.

By testifying in support of PASS ID, Vermont governor Jim Douglas (R) put himself on record as supporting a U.S. national ID. He can pretend it’s not a national ID, of course, and he did his best to paper over the issue when Senator Burris asked about it. But Governor Douglas supports a national ID.

There was a time when Republicans stood for resisting federal incursions on state power. In the 104th Congress, the Senate Judiciary Committee had a subcommittee that focused on federalism and the preservation of state power (the Subcommittee on the Constitution, Federalism, and Property Rights). But the National Governors Association, with Douglas at the helm, is now in the process of negotiating the sale of state power over driver licensing and identification policy to the federal government.

Rampant Security Ignorance

The reason why he supports this national ID law, Governor Douglas said, is that he, like every governor, “is a security governor.”

With so many Senators and panelists conjuring security and the 9/11 Commission report, it would be a delight if someone actually examined the security benefits of a national ID. The information is there for them. Again, my testimony to the committee two years ago supplied at least some. Then, I said, “Implementation of REAL ID would impose more costs on our society than it would provide in security or other benefits,” and I articulated how and why a national ID fails to secure.

But Senator Lieberman said he “assumes” REAL ID provides national security benefits. Assumes? He and his staff apparently haven’t familiarized themselves with the level of national security that a national ID would create, taking into account the counterattacks and complications of such a system.

Five years after the vaunted 9/11 Commission report - and the three-quarters of a page it devoted to identity security - Senator Lieberman, the chairman of a committee dealing with domestic security, has yet to look into the merits.

In case Senator Lieberman needs some help …

I’m So Sick of the 9/11 Commission Report!

Speaking of the 9/11 Commission, it has been five years since that report came out, and people continue to parrot the line that REAL ID was a “key 9/11 Commission recommendation.”

The 9/11 Commission dedicated three-quarters of a page to the question of identity security, out of 400+ substantive pages. Its entire treatment of the subject is on page 390.

The 9/11 Commission did not articulate how a national ID system would defeat future terror attacks. It did not even articulate how a national ID would have defeated the 9/11 attacks had it been in place. A minor shift in behavior by the 9/11 attackers, such as using their passports to board planes, would have defeated REAL ID and PASS ID, were we somehow allowed “do-overs.”

We are not allowed “do-overs,” and the problem we face is not 9/11, but securing against current and future threats - including people who might shift their behavior in light of security measures we take.

These shifts in behavior might include taking a few extra steps to get the documentation they need, for access to the country or targets. These shifts in behavior might include attacking targets that do not require documentation. Identity-based security is a Maginot Line.

The 9/11 Commission report was written at a time when little research on identity-based security had been done. It was written by fallible humans who knew little about identity-based security, and who got it wrong. The report is not a religious text.

The report did say something important, though: “For terrorists, travel documents are as important as weapons”! (page 384) It’s a terrific turn of phrase because it shuts down the logic centers in the brain - eek, terrorists! - and ends the discussion.

The “travel documents” the report was talking about, though, were passports and visas, not drivers’ licenses and birth certificates - the things foreign terrorists use to get into the country. If we’re going to turn the driver’s license into an internal passport - and TSA checkpoints are the beginning of such a policy - then perhaps these are travel documents. Just, please, Secretary Napolitano, train your TSA agents to not say, “Your papers, please.”

Even as to international travel documents, though, the 9/11 Commission got it wrong. Weapons are the only things as important as weapons. And the 9/11 terrorists didn’t actually use weapons any more substantial than box cutters. They “weaponized” a non-weapon. (Security is complicated, you see.)

Denying terrorists travel documents, drivers’ licenses, and IDs simply presents them some inconveniences - such as using people with no record of terrorism. Seventeen of nineteen 9/11 attackers were unknown to U.S. officials as threats, so it’s obviously not that much of an inconvenience.

Evading identity-based security is so easy. People do it all the time. And it won’t stop under anyone’s version of a national ID. But the 9/11 Commission said … !

Something New to Worry About

Much of the national ID battle happens at the federal level with these national ID laws, of course, but it’s important to realize that federal officials, state officials, companies, and non-profit groups are working to knit together a cradle-to-grave national ID system no matter what happens with REAL ID and PASS ID.

Here’s one worth highlighting: Thirteen states apparently are already scanning, or have scanned, their birth certificates into databases for use in the national ID system. The effort is being led by the National Association for Public Health Statistics and Information Systems in Silver Spring, Maryland. This group will undoubtedly have access to your private health information should federal e-health records be implemented, so you might want to familiarize yourself with them.

Is your state one of them? How many copies of your birth certificate can be found in how many places around the country? You might want to ask your state legislators about that. The future of this effort is to collect biometrics at birth, of course. This is a privacy problem.

But maybe all the privacy concerns have been taken care of. The proponents of REAL/PASS ID found themselves a fig leaf on that score.

Token Cover on Privacy Issues

Ari Schwartz from the Center for Democracy and Technology testified in favor of PASS ID. (Senator Akaka noted in his opening statement that CDT endorses PASS ID.)

He characterized opponents of REAL/PASS ID as wanting to “do nothing.” It’s a classic ploy - but cheaper than we’re used to seeing from Ari and CDT - to mischaracterize opponents as wanting to “do nothing.” As Ari knows well, I have advocated endlessly for a diverse and competitive identification and credentialing system that would provide all the security ID systems can, without government surveillance.

But Ari testified imaginatively about how PASS ID makes a national ID okay. He has concerns with it, of course, yadda yadda yadda - the privacy fig leaf obliged to wear a fig leaf himself.

And this is the unexpected bad news from the hearing. The Center for Democracy and Technology supports having a national ID in the United States.

Many would find this inexplicable, but it’s not. Though the people who work at CDT personally want very much to do the right thing, there are no principles to the organization beside compromise and having a seat at the table (neither of which are actually principles, of course).

CDT plays a wonderful convening role on many issues, and the name of the organization implies that it reconciles technology programs with fundamental societal values. But here it has given political cover to the push for a national ID in the United States. One can’t help wondering if there is anything that would cause CDT to push back from the table and say No.

Lack of Deep Thinking = Belief in the Living Constitution?

In a twist on the “lack of deep thinking” idea, part of what might be going on in Sotomayor’s head—why she keeps answering questions about judicial philosophy with reference to precedent rather than constitutional first principles is because she’s not an originalist. How can we hope for her to tell us her understanding of the meaning of the constitutional text, after all, if that text’s meaning changes with the times?

For example, Stuart Smalley Al Franken asked Sotomayor point blank, “do you believe the right to privacy includes the right to have an abortion?” The nominee began here response with: “The Court has said….” That is, it is not the Constitution—whatever your view of it may be, whether you think it contains a right to abortion or not—that is the supreme law of the land, but what nine black-robed philosopher-kings say. Of course, if your (non-)theory of constitutional interpretation is to keep “improving” the document—and to keep one step ahead of public opinion, so judges can effect social “progress”—then it’s irrelevant what the Constitution said before the Supreme Court put its gloss on it.

And if you subscribe to this “living Constitution” or “active liberty” theory, then naturally the life experiences of a “wise Latina,” along with lessons from foreign and international law—which, Sotomayor said as recently as her April speech to ACLU, get a judge’s “creative juices flowing”—are all valid parts of your jurisprudential toolkit.

CP Townhall