Tag: privacy

China’s REAL ID Program

China is implementing its “toughest-ever” mobile phone real-name registration system, according to the Want China Times. The effort seeks to get all remaining unregistered mobile phones associated with the true identities of their owners in the records of telecommunications firms. Those who do not register their phones will soon see their telecommunications restricted.

This policy will have wonderful security benefits. It will make identity fraud, anonymous communication, and various conspiracies much easier to detect and punish—including conspiracies to dissent from government policy.

The United States is a very different place from China—on the same tracking-and-control continuum. We have no official policy of registering phones to their owners, but in practice phone companies collect our Social Security numbers when we initiate service, they know our home addresses, and they have our credit card numbers. All of these are functional unique identifiers, and there is some evidence that the government can readily access data held by our telecommunications firms.

We have no national ID that would be used for phone registration, of course. The Department of Homeland Security says it will begin denying travel rights to people from states that do not comply with the REAL ID Act beginning in 2016.

E-Verify Simply Does Not Work

Nearly twenty years ago, John J. Miller of the Center for Equal Opportunity and Stephen Moore, then the director of fiscal policy studies at the Cato Institute, published a study responding to the rising demand for immigration law enforcement.

A National ID System: Big Brother’s Solution to Illegal Immigration” was the name of their Cato Institute policy analysis. They highlighted costs to the liberty of native-born Americans from systems that seek to root out illegal immigrants with identity cards and tracking. I reprised their study in a way and expanded on it seven years ago in “Electronic Employment Eligibility Verification: Franz Kafka’s Solution to Illegal Immigration.”

When I saw Alex Nowrasteh’s research into the results of mandates to use the Department of Homeland Security’s E-Verify program, I was delighted to see what experience makes available to backers of “internal enforcement” who don’t have our nation’s freedoms in mind. E-Verify simply does not work. That’s the upshot of our new study, “Checking E-Verify: The Costs and Consequences of a National Worker Screening Mandate.”

Patel: Right Result, Wan Rationale

Making short work of the idea that facial challenges aren’t available under the Fourth Amendment, the Supreme Court ruled today in Los Angeles v. Patel that a city may not require its hotels to turn over their business records without some opportunity for review of the government’s demands. It’s the right result, but the Court was too quiet about its treatment of Fourth Amendment doctrine, and it did not take the opportunity to fully address situations like the case presented, in which the government dragoons private businesses into surveillance on its behalf.

Justice Sotomayor, writing for a 5-4 majority, held: “the provision of the Los Angeles Municipal Code that requires hotel operators to make their registries available to the police on demand is facially unconstitutional because it penalizes them for declining to turn over their records without affording them any opportunity for pre-compliance review.” Justice Scalia led one bloc of dissenters believing it was reasonable to institute this kind of regulation on business owners suspected of no substantive crime because their facilities are sometimes used for crime. Justice Alito dissented as well, arguing that there should be no facial challenge to the statute because constitutional applications of it exist.

Had the stars lined up, the Court might have used the Patel case to address simmering issues around current Fourth Amendment doctrine, as the Cato Institute’s brief for the Court suggested. The Court indeed eschewed the backward “reasonable expectation of privacy” test, which finds that Fourth Amendment interest exists when people reasonably feel that it does. It instead examined whether the government’s scheme was reasonable, which is where the language of the Fourth Amendment focuses courts’ attention. But the Court did not broadcast the inapplicability of “reasonable expectation” doctrine, so most lawyers and lower courts will probably not realize that another in a growing line of cases is applying the Fourth Amendment in a new and better way, by hewing more closely to the text.

Part of the reason the Court didn’t take all the constitutional bait was the unusually narrow challenge the hoteliers brought. They attacked the collection of information by the government, granting for the sake of argument in this case that the government has the power to require them to collect information about their customers for the government’s later use. Had the Court considered the totality of what we called “the warrantless search scheme,” it would have had to assess whether it is reasonable in our constitutional system for private businesses to be dragooned into wholesale, comprehensive surveillance on behalf of the government. That scope might have brought the Court’s conservatives off the sidelines and into defending the degree of privacy against government that existed when the Fourth Amendment was adopted. (Surely, the government couldn’t have conscripted businesses into mass surveillance of the public at the time of the framing.)

Folks who are paying attention will recognize that the “reasonable expectation of privacy” test continues to recede in importance. We will continue to wait, though, for the case that clearly and articulately applies the right against unreasonable seizures and searches to information as such. While Patel is a technical win, some later case or cases will have to truly address how the Fourth Amendment is to be administered in the modern era.

#TakenInByDHS

Are journalists across the nation working to establish a national ID in the United States? Most would object, “Certainly not!”

But in reporting uncritically on the Department of Homeland Security’s claimed deadlines for implementing the U.S. national ID law, many journalists are unwittingly helping impose a system that the federal government may one day use to identify, track, and control every American. Today I’ve started Tweeting about news articles in which this occurs with the hashtag #TakenInByDHS.

Under the terms of the REAL ID Act, which became law more than ten years ago, states were supposed to begin issuing licenses according to federal standards by May of 2008. States that didn’t follow federal mandates would see their residents turned away at airports when the Transportation Security Administration declined their drivers’ licenses and ID cards.

The DHS failed to issue implementing regulations timely, and backed off of the statutory deadline by regulatory fiat. No state was in compliance with REAL ID on deadline, and no state is compliant with REAL ID today. Over the years, the Department of Homeland Security has declared a variety of milestones and deadlines in a fairly impotent effort to bring state driver licensing policy under federal control. Many states have resisted.

The reason for DHS’s impotence is that making good on the threat to prevent Americans from traveling would almost surely backfire. If already unpopular TSA agents began refusing Americans their right to travel, it would be federal bureaucrats and members of Congress getting the blame—not state legislators.

But most state legislators haven’t done this calculation. They are reluctant to create a national ID, and they don’t want to expend taxpayer funds on a program that undercuts their constituents’ privacy. But told of their potential responsibility for bedlam at local airports, they will accede to such things.

OECD Scheme to Boost Taxes on Business Sector Will Hurt Global Economy and Enable Bigger Government

Citing the work of David Burton and Richard Rahn, I warned last July about the dangerous consequences of allowing governments to create a global tax cartel based on the collection and sharing of sensitive personal financial information.

I was focused on the danger to individuals, but it’s also risky to let governments obtain more data from businesses.

Remarkably, even the World Bank acknowledges the downside of giving more information to governments.

Here are some blurbs from the abstract of a new study looking at what happens when companies divulge more data.

Relying on a data set of more than 70,000 firms in 121 countries, the analysis finds that disclosure can be a double-edged sword. …The findings reveal the dark side of voluntary information disclosure: exposing firms to government expropriation.

And here are some additional details from the full report.

…disclosure has important costs in allowing exposure to government expropriation… We show that accounting information disclosure can be detrimental to firm development… Such disclosure allows corrupt bureaucrats to gain access to firm-level information and use it for endogenous harassment. …once firm information is disclosed, the threat of government expropriation is widespread. Information disclosure thus allows rent-seeking bureaucrats to gain access to the disclosed information and use it to extract bribes. …Our paper offers a vivid illustration that an important hindrance to institutional development—here in the form of adopting information disclosure—is government expropriation. …The results are thus supportive of Acemoglu and Johnson (2005) on the overwhelming importance of constraining government expropriation in facilitating economic development.

Yet this doesn’t seem to bother advocates of bigger government.

Good Precedents against NSA Spying

With debate about NSA spying continuing in the Senate, it’s worth looking at some of the historical and modern precedents for protecting our communications and communications data. A few highlights:

  • The earliest precedent for protection of communications in the United States is the treatment of mail. The founders used postal mail to communicate their revolutionary ideas and even to plan their insurrection against the tyranny of King George, so they prioritized protecting the privacy of the mail. In the Act of Feb. 20, 1792, passed a few short years after ratification of the Constitution, the U.S. Congress enshrined protections for mail in the law, creating heavy fines for opening or delaying mail.
  • The Supreme Court confirmed the existence of constitutional protection for postal communications in Ex Parte Jackson. In that 1877 case, the Court described the Fourth Amendment’s guarantees in very interesting and clear language: “Letters and sealed packages … are as fully guarded from examination and inspection, except as to their outward form and weight, as if they were retained by the parties forwarding them in their own domiciles.” Though we place mail in the hands of government agents, the Fourth Amendment protects it like it’s inside our homes.
  • The year Ex Parte Jackson case was decided, both Western Union and the Bell Company began providing voice telephone service. The Supreme Court addressed constitutional protection for phone calls some decades later in 1928. The Olmstead case was wrongly decided, we now know. It found that telephone communications weren’t protected by the Constitution. So the dissents are where to look for precedential language. Justice Brandeis’s famous dissent spoke of the “right to be let alone,” but Justice Butler provided thinking and language that should have more lasting value: “The contracts between telephone companies and users contemplate the private use of the facilities employed in the service,” he wrote. “The communications belong to the parties between whom they pass.” The communications belong to the parties. That’s a fasacinating and important way to think about our communications, as property that we own.

In Holding NSA Spying Illegal, the Second Circuit Treats Data as Property

The U.S. Court of Appeals for the Second Circuit has ruled that section 215 of the USA-PATRIOT Act never authorized the National Security Agency’s collection of all Americans’ phone calling records. It’s pleasing to see the opinion parallel arguments that Randy Barnett and I put forward over the last couple of years.

Two points from different parts of the opinion can help structure our thinking about constitutional protection for communications data and other digital information. Data is property, which can be unconstitutionally seized.

As cases like this often do, the decision spends much time on niceties like standing to sue. In that discussion—finding that the ACLU indeed has legal standing to challenge government collection of its calling data—the court parried the government’s argument that the ACLU suffers no offense until its data is searched.

“The Fourth Amendment protects against unreasonable searches and seizures,” the court emphasized. Data is a thing that can be owned, and when the government takes someone’s data, it is seized.

In this situation, the data is owned jointly by telecommunications companies and their customers. The companies hold it subject to obligations they owe their customers limiting what they can do with it. Think of covenants that run with land. These covenants run with data for the benefit of the customer.

Pages