Tag: privacy

Good News! Online Tracking is Slightly Boring

You have to wade through a lot to reach the good news at the end of Time reporter Joel Stein’s article about “data mining”—or at least data collection and use—in the online world. There’s some fog right there: what he calls “data mining” is actually ordinary one-to-one correlation of bits of information, not mining historical data to generate patterns that are predictive of present-day behavior. (See my data mining paper with Jeff Jonas to learn more.) There is some data mining in and among the online advertising industry’s use of the data consumers emit online, of course.

Next, get over Stein’s introductory language about the “vast amount of data that’s being collected both online and off by companies in stealth.” That’s some kind of stealth if a reporter can write a thorough and informative article in Time magazine about it. Does the moon rise “in stealth” if you haven’t gone outside at night and looked at the sky? Perhaps so.

Now take a hard swallow as you read about Senator John Kerry’s (D-Mass.) plans for government regulation of the information economy.

Kerry is about to introduce a bill that would require companies to make sure all the stuff they know about you is secured from hackers and to let you inspect everything they have on you, correct any mistakes and opt out of being tracked. He is doing this because, he argues, “There’s no code of conduct. There’s no standard. There’s nothing that safeguards privacy and establishes rules of the road.”

Securing data from hackers and letting people correct mistakes in data about them are kind of equally opposite things. If you’re going to make data about people available to them, you’re going to create opportunities for other people—it won’t even take hacking skills, really—to impersonate them, gather private data, and scramble data sets.

If Senator Kerry’s argument for government regulation is that there aren’t yet “rules of the road” pointing us off that cliff, I’ll take market regulation. Drivers like you and me are constantly and spontaneously writing the rules through our actions and inactions, clicks and non-clicks, purchases and non-purchases.

There are other quibbles. “Your political donations, home value and address have always been public,” says Stein, ”but you used to have to actually go to all these different places — courthouses, libraries, property-tax assessors’ offices — and request documents.”

This is correct insofar as it describes the modern decline in practical obscurity. But your political donations were not public records before the passage of the Federal Election Campaign Act in 1974. That’s when the federal government started subordinating this particular dimension of your privacy to others’ collective values.

But these pesky details can be put aside. The nuggets of wisdom in the article predominate!

“Since targeted ads are so much more effective than nontargeted ones,” Stein writes, ”websites can charge much more for them. This is why — compared with the old banners and pop-ups — online ads have become smaller and less invasive, and why websites have been able to provide better content and still be free.”

The Internet is a richer, more congenial place because of ads targeted for relevance.

And the conclusion of the article is a dose of smart, well-placed optimism that contrasts with Senator Kerry’s sloppy FUD.

We’re quickly figuring out how to navigate our trail of data — don’t say anything private on a Facebook wall, keep your secrets out of e-mail, use cash for illicit purchases. The vast majority of it, though, is worthless to us and a pretty good exchange for frequent-flier miles, better search results, a fast system to qualify for credit, finding out if our babysitter has a criminal record and ads we find more useful than annoying. Especially because no human being ever reads your files. As I learned by trying to find out all my data, we’re not all that interesting.

Consumers are learning how to navigate the online environment. They are not menaced or harmed by online tracking. Indeed, commercial tracking is congenial and slightly boring. That’s good news that you rarely hear from media or politicians because good news doesn’t generally sell magazines or legislation.

Privacy? Nuthin’. Respect My Authoritah!

A fascinating enforcement action under the Health Insurance Portability and Accountability Act (HIPAA) shows what really matters in the world of privacy regulation.

The U.S. Department of Health and Human Services has imposed a $4.3 million civil penalty against Maryland-based Cignet Health for violations of its regulations. HHS’s Office for Civil Rights (OCR) found that Cignet violated 41 patients’ HIPAA rights by denying them access to their medical records, which they requested between September 2008 and October 2009. The penalty for these violations is $1.3 million.

But Cigna’s real crime was willful disobedience of the government. Who knows why, but according to the government:

During the investigations, Cignet refused to respond to OCR’s demands to produce the records. Additionally, Cignet failed to cooperate with OCR’s investigations of the complaints and produce the records in response to OCR’s subpoena. OCR filed a petition to enforce its subpoena in United States District Court and obtained a default judgment against Cignet on March 30, 2010. On April 7, 2010, Cignet produced the medical records to OCR, but otherwise made no efforts to resolve the complaints through informal means.

OCR also found that Cignet failed to cooperate with OCR’s investigations on a continuing daily basis from March 17, 2009, to April 7, 2010, and that the failure to cooperate was due to Cignet’s willful neglect to comply with the Privacy Rule. Covered entities are required under law to cooperate with the Department’s investigations.

The penalty for that was $3 million.

Notably, the HHS release says nothing about the condition of the aggrieved parties. How are they doing with their $31,000 a piece? Does it fully compensate for their inability to access medical records during the relevant period?

Just kidding! Nobody really cares.

This enforcement action has nothing to do with remedying a genuine breach of privacy—an annoyance and genuine paperwork problem, yes—and everything to do with sending a message: You will respect my authoritah!

Why the Senate’s Vote on the Patriot Act Is Actually Pretty Good News

Last night, By an overwhelming 86-to-12 margin, the Senate approved a temporary 90-day extension of three controversial provisions of the Patriot Act scheduled to sunset at the end of the month. The House just voted to move forward on a parallel extension bill, which will presumably pass easily. Because I’m seeing some civil libertarian folks online reacting with dismay to this development, I think it’s worth clarifying that this is relatively good news when you reflect on the outlook from just a couple of weeks ago.

The House has already approved a one-year extension that would plant the next reauthorization vote on the right eve of primary season in a Presidential election cycle, all but guaranteeing a round of empty demagoguery followed by another punt. As of last week, everyone expected the Senate to bring Sen. Dianne Feinstein’s three year reauthorization—which also extends the odious FISA Amendments Act of 2008—to the floor. The discussion on the Senate floor last night makes it clear that this didn’t happen because of pushback from legislators who were sick of kicking the can and wanted time to hold hearings on substantive reforms.

This is actually a better outcome than simply letting the three sunsetting powers lapse—which, realistically, was not going to happen anyway. First, because at least one of the expiring authorities, roving wiretaps, is a legitimate tool that ought to be available to intelligence investigators if it’s amended to eliminate the so-called “John Doe” loophole. Second, because while all three of these provisions have serious defects that raise legitimate concerns about the potential for abuse, they are collectively small beer compared with National Security Letters, which have already given rise to serious, widespread, and well documented abuses. One of the three sunsetting powers has never been used, and the other two are invoked a couple dozen times per year. All three involve court supervision. The FBI issues tens of thousands of National Security Letter requests each year, the majority targeting American citizens and legal residents, without any advance court approval. The vast majority of the thousands of Americans whose financial and telecommunications records are seized each year are almost certainly innocent of any wrongdoing, but their information is nevertheless retained indefinitely in government databases. With very few exceptions, these people will never learn that the government has been monitoring their financial transactions or communication patterns. Forcing a debate now on the expiring provisions opens a window for consideration of proposals to rein in NSLs—including a new sunset that would create pressure for continued scrutiny.

A new Pew poll released this week reports that Americans remain fairly evenly split on the question of whether the Patriot Act is “a necessary tool that helps the government find terrorists” or “goes too far and poses a threat to civil liberties.” (Perhaps unsurprisingly, with the change of administration, Democrats have become more supportive and Republicans somewhat more skeptical.) But this is actually a signally unhelpful way to frame debate about legislation encompassing hundreds of reforms to the byzantine statutory framework governing American intelligence investigations—more a toolbox than a “tool.” The question shouldn’t be whether you’re “for” or “against” it, but whether there are ways to narrow and focus particular authorities so that legitimate investigations can proceed without sweeping in so much information about innocent people. A three-month extension signals that Congress is finally, belatedly, ready to start having that conversation.

Physician, Heal Thyself

Announcing a new Senate subcommittee devoted to privacy, Senators Leahy (D-VT) and Franken (D-MN) said nothing about privacy threats from government.

A “boom of new technologies over the last several years has … put an unprecedented amount of personal information into the hands of large companies that are unknown and unaccountable to the American public,” Franken said, according to an AFP report.

A boom of new technologies has put an unprecedented amount of personal information into the hands of the federal government—in some cases, illegally. It takes a lot of gall to point at commercial data collection from the atop the dunghill of federal privacy invasion. But there’s a lot of gall to go around in Washington, D.C.

Patriot Act Extension Runs Into Conservative Opposition

Reports the Los Angeles Times:

A House GOP push to permanently extend expiring provisions of the Patriot Act is running into opposition from conservative and “tea party”-inspired lawmakers wary of the law’s reach into private affairs.

Congress has made a practice of kicking the Patriot Act can down the road, but it could be that the new crop of legislators isn’t inclined to go along.

Julian Sanchez has blogged here about the complexities of this government surveillance law. His podcast on the topic, released yesterday, is titled “The Patriot Act Sneaks to Renewal.” Maybe it can’t sneak through after all…

The New York Times’ Glib Call for Internet and Software Regulation

You have to read all the way to the end to get exactly what the New York Times is getting at in its Sunday editorial, ”Netizens Gain Some Privacy.”

Congress should require all advertising and tracking companies to offer consumers the choice of whether they want to be followed online to receive tailored ads, and make that option easily chosen on every browser.

That means Congress—or the federal agency it punts to—would tell authors of Internet browsing software how they are allowed to do their jobs. Companies producing browser software that didn’t conform to federal standards would be violating the law.

In addition, any Web site that tailored ads to their users’ interests, or the networks that now generally provide that service, would be subject to federal regulation and enforcement that would of necessity involve investigation of the data they collect and what they do with it.

Along with existing browser capabilities (Tools > Options > Privacy tab > cookie settings), forthcoming amendments to browsers will give users more control over the information they share with the sites they visit. That exercise of control is the ultimate do-not-track. It’s far preferable to the New York Times’ idea, which has the Web user issuing a request not to be tracked and wondering whether government regulators can produce obedience.

Thomas Stays the Course, Scalia Returns to the Fold

A bit lost in last week’s legal news regarding a majority of states now suing over Obamacare, the House voting to repeal Obamacare, and the anniversary of Citizens United, was the first interesting Supreme Court decision of the term.  Most notably, Justices Scalia and Thomas continued their valiant struggle to limit the scope of the constitutional misnomer that is “substantive due process” doctrine.

The case was NASA v. Nelson, a suit challenging the background checks for perspective NASA contractors as violating an evanescent constitutional right to informational privacy. The Court ruled unanimously against the challengers, with Justice Alito writing for the majority that, regardless whether such a right exists, it was not violated by the government’s probing questions on sexual history and mental health.

Justices Scalia and Thomas rightly found problems with this essentially useless ruling. Scalia, joined by Thomas, concurred in the result but wrote separately to say that if a right doesn’t exist then the Court should just say so.  He would have simply held that there is no constitutional right to “informational privacy”:

I must observe a remarkable and telling fact about this case, unique in my tenure on this Court: Respondents’ brief, in arguing that the Federal Government violated the Constitution, does not once identify which provision of the Constitution that might be. The Table of Authorities contains citations of cases from federal and state courts, federal and state statutes, Rules of Evidence from four states, two Executive Orders, a House Report, and even more exotic sources of law….  And yet it contains not a single citation of the sole document we are called upon to construe: the Constitution of the United States….  To tell the truth, I found this approach refreshingly honest. One who asks us to invent a constitutional right out of whole cloth should spare himself and us the pretense of tying it to some words of the Constitution.

In the course of his typically entertaining opinion we see Scalia back to his old self, caustically lambasting the “infinitely plastic concept of ‘substantive’ due process” and suggesting that it is “past time for the Court to abandon this Alfred Hitchcock line of our jurisprudence.”

Indeed, the seemingly oxymoronic concept of substantive due process has received much attention as of late, particularly in last term’s groundbreaking case of McDonald v. Chicago. McDonald, remember, examined whether the individual Second Amendment right articulated in District of Columbia v. Heller applied to the states.  I previously blogged about McDonald here and here, for example.

McDonald came out the right way but for the wrong reasons.  Rather than enforcing the right to keep and bear arms against the states via the Privileges or Immunities Clause, as nearly all constitutional scholars of every ideological stripe contend should be the case, the Court chose to invoke substantive due process.  Even Scalia agreed with this perversion, because apparently 140 years of bad precedent overrides originalism or whatever other interpretive theory he claims to support.  

Justice Thomas, on the other hand, agreed with the principled approach favored by most scholars (and Cato’s own amicus brief) and wrote separately to advocate overruling the Slaughter-House Cases and reinvigorate the Privileges or Immunities Clause.  Curiously, Justice Thomas couldn’t resist filing a separate one-paragraph concurrence in Nelson, seemingly for the sole purpose of citing—and reminding Justice Scalia of—his McDonald concurrence.

After all, Scalia is often regarded as the font of originalism.  In reality, he has proven himself to be an originalist of convenience, accepting corrupt interpretations when the mood strikes him.  During oral arguments in McDonald, for example, Scalia mocked attorney Alan Gura for daring to make an originalist argument that would overturn an old precedent.  Why challenge the substantive due process doctrine, wondered Scalia, when “even I have acquiesced to it?”

Scalia’s faint-hearted originalism does a disservice to that jurisprudential method.  With his acerbic wit, infectious personality, and unrivaled rhetorical skills, Scalia has become the poster-boy for originalism.  In response, the academic elite—who overwhelmingly reject originalism—focus on every Scalia opinion, hoping to catch a glimpse of the true justice who uses originalism to hide decisions often based largely on policy preferences.

Indeed, given Scalia’s pointed and insightful prose, there is always an opportunity to hoist him by his own petard.  In McDonald, for example, it was Scalia who, to use his own Nelson lines, “invoked the infinitely plastic concept of ‘substantive’ due process,” which of course “does not make this constitutional theory any less invented.”  For more on this, see “Judicial Takings and Scalia’s Shifting Sands,” the law review article I recently published with my colleague Trevor Burrus—in which we criticize Scalia’s conflicting views on constitutional fidelity in two cases from last term, McDonald and Stop the Beach Renourishment.

Recall that originalism involves a jurist’s resisting personal biases by trying to maintain fidelity to the very document that gives him his job.  This highly textualist approach is what makes Justice Thomas arguably the most predictable justice in the history of the Court.  And in the law, predictability is a good thing.  Underscoring this point is the concern about Justice Scalia’s vote in the Obamacare litigation—because of his concurring opinion in the medicinal marijuana case of Gonzales v. Raich—while Justice Thomas’s vote is assumed to be in hand.  (Precisely because Scalia is somewhat outcome-oriented, however, I personally don’t share that concern.)

I just hope that going forward, Justice Scalia will have the same thing for breakfast that he did the morning NASA v. Nelson came down.

H/t to my sometimes collaborator Josh Blackman; head over to his spectacular blog to read more extensive analysis.  And thanks to Trevor Burrus for his help with this post.