Tag: privacy

Economics Will Be Our Ruination II

Economics appears to be a neutral tool, but it often subtly embeds values that we are better off surfacing and discussing. In a recent post henceforth to be known as “Economics Will Be Our Runiation I,” I pointed out how, by preferring to measure the movement of dollars, orthodox economics treats leisure as a bad thing and laments advances in technology-based entertainments.

This installment of EWBOR focuses on an interesting and insightful article recently published in the University of Pennsylvania Law Review, “An Economic Understanding of Search and Seizure Law.” In it, George Washington University Law School professor Orin Kerr shows that the Fourth Amendment helps increase the efficiency of law enforcement by accounting for external costs of investigations. Here is his model:

The net benefit of any particular investigative step can be described as P*V – Ci – Ce, where P represents the increase in probability that the crime will be solved and successfully prosecuted, V represents the net value of a successful prosecution resulting from deterrence and incapacitation, Ci represents the internal costs of the investigative step, and Ce represents its external costs.

Ci means things like the cost of training and equipping police officers and paying their salaries, as well as their own use of their time. Ce, external costs, “include privacy harms and property losses that result from an investigation that is imposed on a suspect. They also include the loss of autonomy and freedom imposed directly on the subject of the investigation (who may be guilty or innocent) as well as his family or associates.” Kerr rightly includes in Ce more diffuse burdens such as community hostility to law enforcement.

Drones Are a Must For Trump’s Nativist Police State

Yesterday my colleague Alex Nowrasteh wrote an extensive list of reasons why Donald Trump, the presumptive Republican Party presidential nominee, is the nativist dream candidate. The list leaves little doubt that if Trump makes it to the White House he will seek to violate the Constitution, create a police state, put citizens’ privacy at risk, and build a border wall (despite its estimated $25 billion price tag) all in the name of reducing legal and illegal immigration to the United States.

Trump’s immigration plan ought to worry civil libertarians because, as Alex points out, he supports mandatory E-Verify, the ineffective employment eligibility verification program that puts privacy at risk. Trump’s disregard for effective policy and privacy rights can be seen not only in his views on E-Verify but also his support for 24/7 border drones.

Last month Trump told Syracuse.com that he would order the 24/7 surveillance of the U.S. borders, adding, “I want surveillance for our borders, and the drone has great capabilities for surveillance.”

What Trump might not know is that drones on the U.S. border don’t have a great track record. At the end of 2014 the Department of Homeland Security’s Inspector General released an audit of the Customs and Border Protection’s Unmanned Aircraft System Program. The program includes MQ -9 Predator B drones (also called “Reapers”), perhaps best known for its combat missions abroad, as well as the Guardian, the Predator B’s maritime variant. The program’s audit was unambiguous:

The program has also not achieved the expected results. Specifically, the unmanned aircraft are not meeting flight hour goals. Although CBP anticipated increased apprehensions of illegal border crossers, a reduction in border surveillance costs, and improvement in the U.S. Border Patrol’s efficiency, we found little or no evidence that CBP met those program expectations.

Unsurprisingly, cartels at the southern border are taking part in an arms race with CBP, using jamming devices on patrol drones. Almost a year after the inspector general’s audit Timothy Bennett, a science-and-technology program manager at the Department of Homeland Security, explained how the cartels hinder CBP operations:

DHS was unable to say just how often smugglers tried to jam or spoof border-watching UAVs. But Bennett said the attacks are hindering law enforcement abilities to map drug routes. “You’re out there looking, trying to find out this path [they’re] going through with drugs, and we can’t get good coordinate systems on it because we’re getting spoofed. That screws up the whole thing. We got to fix that problem,” he said.

The ineffectiveness of drones on the border is not the only concern. CBP drones also pose privacy concerns. Predator B drones carrying out combat missions abroad have been outfitted with Gorgon Stare, a wide-area surveillance technology that allows users to track objects within an area at least 10 square kilometers in size. Almost two years ago it was reported that once incorporated with Autonomous Real-Time Ground Ubiquitous Surveillance Imaging System (ARGUS-IS), another wide-area surveillance tool, Gorgon Stare can monitor 100 square kilometers. A video outlining ARGUS-IS’ capabilities is below.

Yes, Michael, REAL ID Is a Nationwide Data-Sharing Mandate

Baton Rouge IT consultant Michael Hale is right to be concerned about the unfunded mandates in the REAL ID Act. The U.S. national ID law requires states to issue driver’s licenses and share driver data according to federal standards. States complying with REAL ID will find that the U.S. Department of Homeland Security (DHS) dictates their driver licensing policies and the expenditure of state funds in this area forevermore. But he raises that concern at the tail end of a letter to the editor of The New Orleans Advocate that broadly endorses the national ID law based on incorrect information. Here’s some information that Mr. Hale and every American concernced with our liberty and security should know.

Mr. Hale believes that state driver data “will continue to be maintained by each individual state, and each state will decide who gets access to this information.” This is not the case. The REAL ID Act requires states to share driver data across a nationwide network of databases. The DHS and other national ID advocates downplay and deny this, but they are not persuasive because the requirement is right there in the statute:

To meet the requirements of this section, a State shall adopt the following practices in the issuance of drivers’ licenses and identification cards: …
(12) Provide electronic access to all other States to information contained in the motor vehicle database of the State.
(13) Maintain a State motor vehicle database that contains, at a minimum–
(A) all data fields printed on drivers’ licenses and identification cards issued by the State; and
(B) motor vehicle drivers’ histories, including motor vehicle violations, suspensions, and points on licenses.

Mr. Hale says, “The Real ID Act allows states to either adopt the Real ID or to come up with their own version of secure ID that Homeland Security can approve.” This is not true. The option of issuing a non-federal license or ID does not waive the obligation to share driver data nationwide.

Unlike the Department of Homeland Security and its pro-national ID allies, Mr. Hale gamely tries to argue the security merits of having a national ID. “The purpose of all this is to create a trustworthy form of ID that can be used to ensure air travel security,” he says. “The first step in securing a flight is to make sure everyone on board is who they claim to be.”

That argument is intuitive. In daily life, knowing who people are permits you to find them and punish any bad behavior. But U.S. federal public policy with national security implications and billions of taxpayer dollars at stake requires more articulate calculation.

The costs or impediments a national ID system would impose on dedicated terrorists, criminal organizations, and people lacking impulse control is minimal. For billions of dollars in taxpayer dollars expended, millions of hours standing in DMV lines, and placement of all law-abiding Americans into a national tracking system, REAL ID might mildly inconvenience the bad guys. They can, for example, bribe a DMV employee, spend a few thousand dollars to manufacture a false identity, or acquire the license of someone looking similar enough to themselves to fool lazy TSA agents. I analyzed all dimensions of identification and identity systems in my book, Identity Crisis: How Identification is Overused and Misunderstood.

There are other security measures where dollars and effort deliver more benefit. Or people might be left in control of their dollars and time to live as free Americans.

The Department of Homeland Security consistently downplays and obscures the true nature of the REAL ID Act’s national ID policy, and it never even tries to defend its security merits in any serious way. In the information technology community, the security demerits of having a national ID system backed by a web of databases as required by the law seems relatively clear.  People familiar with information technology tend to be more concerned, not less, with the power and peril of a national ID system.

The quest continues to make active citizens like Mr. Hale more aware of all dimensions of this issue.

Idaho May Implement REAL ID—by Mistake

Ten years ago, Idaho came out strongly against the REAL ID Act, a federal law that seeks to weave state driver licensing systems into a U.S. national ID. But Department of Homeland Security bureaucrats in Washington, D.C., have been working persistently to undermine state resistance. They may soon enjoy a small success. A bill the Idaho legislature sent to the governor Friday (HB 513) risks putting Idahoans all the way in to the national ID system.

Idaho would be better off if the legislature and Governor Butch Otter (R) continued to refuse the national ID law outright.

Idaho’s government was clear about the federal REAL ID Act in 2008. The legislature and governor wrote into state law that the national ID law was “inimical to the security and well-being of the people of Idaho.” They ordered the Idaho Transportation Department to do nothing to implement REAL ID.

Since then, the DHS has threatened several times to prevent people living in non-compliant states from going through TSA checkpoints at the nation’s airports. The DHS has always backed down from these threats—the feds would get all the blame if DHS followed through—but the threats have done their work. Compliance legislation is on the move in a number of states.

One of those states is Idaho, where that bill with Governor Otter would call for compliance with the REAL ID Act’s requirements “as such requirements existed on January 1, 2016.” That time limitation is meant to keep Idahoans out of the nation-wide database system that the REAL ID Act requires. But the bill might put Idahoans into the national ID system by mistake.

When the original “REAL ID Rebellion” happened with Idaho at the forefront, DHS was under pressure to show progress on the national ID. DHS came up with a “material compliance checklist,” which is a pared-back version of the REAL ID law. Using this checklist, DHS has been claiming that more and more states are in compliance with the national ID law. It is a clever, if dishonest, gambit.

Practical state legislators in many states have believed what the DHS is telling them, and they think that they should get on board with the national ID law or else their state’s residents will be punished. DHS is successfully dividing and conquering, drawing more power to Washington, D.C.

Rights in the Balance

The right to swing my fist ends where the other man’s nose begins.

The saying, it turns out, has some of its pedigree in Prohibition, during which the right to serve drinks was said to interfere with the rights of the family. But misapplication to “group rights” aside, it’s a phrase that captures our system of rights well. You are (or should be) free to do whatever you wish, so long as you don’t injure others in their rights.

You can see society hammering out the dividing line between rights in a case that produced a jury verdict last Friday: Hulk Hogan vs. Gawker. The provocative website published a mid-2000 video of the former wrestler and TV personality having sex with a friend’s wife. Hogan sued and won a verdict of $115 million, which Gawker will appeal.

The argument on Hulk’s side is that public exposure of a person’s intimate moments and bodily functions violates a right to privacy. The free speech argument is that a person has a right to broadcast and discuss anything he or she pleases.

These are both important rights. The privacy right is a little younger, having developed since about 1890. The free speech right pre-existed its 1791 acknowledgement in the Bill of Rights, so speech has a stronger heritage. But the dividing line will never be decided once and for all. Common practices and common mores will set and reset the line between these rights through accretion and erosion, the way a winding river divides a plain. That way of producing rules is very special: common law courts deciding in real cases what serves justice best.

Building the Bitcoin Ecosystem: Privacy Edition

Many in the Bitcoin community seek increased financial privacy. As I wrote in a 2014 study of the Bitcoin ecosystem, “Bitcoin can facilitate more private transactions, which, when legal in the jurisdictions where they occur, are the business of nobody but the parties to them.” That study identified “algorithmic monitoring of Bitcoin transactions” as a rather likely and somewhat consequential threat to the goal of financial privacy (pg. 18). It was part of a cluster of similar threats.

Good news: The Bitcoin community is doing something about it.

The Open Bitcoin Privacy Project recently issued the second edition of its Bitcoin Wallet Privacy Rating Report. It’s a systematic, comparative study of the privacy qualities of Bitcoin wallets. The report is based on a detailed threat model and published criteria for measuring the “privacy strength” of wallets. (I’ve not studied either in detail, but the look of them is well-thought-out.)

Reports like this are an essential, ecosystem-building market function. The OBPP is at once informing Bitcoin users about the quality of various wallets out there, and at the same time challenging wallet providers to up their privacy game. It’s notable that the wallet with the highest number of users, Blockchain, is 17th in the rankings, and one of the most prominent U.S. providers of exchange, payment processing, and wallet services, Coinbase, is 20th. Those kinds of numbers should be a welcome spur to improvement and change. Blockchain is updating its wallet apps. Coinbase, which has offended some users with intensive scrutiny of their financial behavior, appears wisely to be turning away from wallet services.

Bitcoin guru Andreas Antonopolis rightly advises transferring bitcoins to a wallet you control so that you don’t have to trust a Bitcoin company not to lose it. The folks at the Open Bitcoin Privacy Project are working to make wallets more privacy protective. Kudos, OBPP.

There’s more to do, of course, and if there is a recommendation I’d offer for the next OBPP report, it’s to explain in a more newbie-friendly way what the privacy threats are and how to perceive and weigh them. Another threat to the financial privacy outcome goal—ranked slightly more likely and somewhat more consequential than algorithmic monitoring—was: “Users don’t understand how Bitcoin transactions affect privacy.”

Minnesota to Become a National ID State?

When Congress passed the REAL ID Act, it hadn’t held a hearing to examine the merits and demerits—or practicalities—of instituting a U.S. national ID. Unworkable, the Chairman of the Senate Homeland Security Committee called it. In the U.S. House, REAL ID was attached to a must-pass military spending bill after the House vote on that bill. REAL ID wasn’t a shining example of democratic deliberation.

But REAL ID requires state cooperation. States must convert their driver licensing bureaus into arms of the U.S. Department of Homeland Security. This means that states may deliberate openly about whether databases of information about their residents should be poured into a national ID system. (This is a clear requirement from the statute. States that commit to REAL ID compliance now eventually must “[p]rovide electronic access to all other States to information contained in the motor vehicle database of the State.”)

Minnesota is a state where Department of Homeland Security bureaucrats have recently pressured elected officials to fall in line. And in Minnesota today a “Legislative Working Group on Real ID Compliance” will meet to discuss “possible compliance measures.” The chair of the group is Rep. Peggy Scott (R) and the alternate chair is Sen. Scott Dibble (DFL).

Now, the Minnesota legislature is moving pretty fast. Their governor appears to have been successfully buffaloed by the Department of Homeland Security. But at least there is an open meeting that Minnesotans and interested advocates can attend to inform the legislature.

So now the question can be joined: Will Minnesota’s elected officials put the state’s residents into a national ID system?

The web page on which this meeting is listed appears as though it will change. Other members of Minnesota’s “Legislative Working Group on REAL ID Compliance”—folks who will have a big say on whether Minnesota becomes a national ID state—are listed below.

Pages