Tag: privacy

Julian Sanchez Talks Online Privacy on Monday, March 28 at 1pm ET on Facebook

Please join us this coming Monday, March 28 at 1pm Eastern on our Facebook page for a live video presentation, powered by Livestream, from Cato research fellow Julian Sanchez on the current state of online privacy policy.

Here is a brief list of topics he’ll cover:

  • An update on current challenges to overturn FISA, and what it means for you and me if those challenges succeed or fail
  • How this relates to current and recent efforts to reauthorize the Patriot Act, including a recap of testimony Sanchez recently delivered to the U.S. Senate Subcommittee on Crime, Terrorism, and Homeland Security
  • What’s on the FBI’s surveillance wish list
  • Reflections on the idea of an “online privacy bill of rights

We hope you can join us next Monday at 1pm Eastern for this event. Be sure to log in to Livestream with your Facebook account so you can chat with each other and submit questions–we’ll try to take as many as we can.

Not a fan of the Cato Institute yet? Join us below:


Obama Administration to Take a Stand on Privacy, But it Ain’t Fixing the Strip-Search Machine Morass

At least one report has it that a Commerce Department official will announce the Obama administration’s support for “baseline privacy legislation” at a Wednesday Senate Commerce Committee hearing.

You mean, like, the Fourth Amendment? If only it were so.

The action is in the House Government Reform Committee, which is holding a hearing on the Transportation Security Administration’s strip-search machines. What’s the administration’s “baseline privacy policy” on that?

I’ve already written two posts in the last year (1, 2) titled “Physician, Heal Thyself”…

Good News! Online Tracking is Slightly Boring

You have to wade through a lot to reach the good news at the end of Time reporter Joel Stein’s article about “data mining”—or at least data collection and use—in the online world. There’s some fog right there: what he calls “data mining” is actually ordinary one-to-one correlation of bits of information, not mining historical data to generate patterns that are predictive of present-day behavior. (See my data mining paper with Jeff Jonas to learn more.) There is some data mining in and among the online advertising industry’s use of the data consumers emit online, of course.

Next, get over Stein’s introductory language about the “vast amount of data that’s being collected both online and off by companies in stealth.” That’s some kind of stealth if a reporter can write a thorough and informative article in Time magazine about it. Does the moon rise “in stealth” if you haven’t gone outside at night and looked at the sky? Perhaps so.

Now take a hard swallow as you read about Senator John Kerry’s (D-Mass.) plans for government regulation of the information economy.

Kerry is about to introduce a bill that would require companies to make sure all the stuff they know about you is secured from hackers and to let you inspect everything they have on you, correct any mistakes and opt out of being tracked. He is doing this because, he argues, “There’s no code of conduct. There’s no standard. There’s nothing that safeguards privacy and establishes rules of the road.”

Securing data from hackers and letting people correct mistakes in data about them are kind of equally opposite things. If you’re going to make data about people available to them, you’re going to create opportunities for other people—it won’t even take hacking skills, really—to impersonate them, gather private data, and scramble data sets.

If Senator Kerry’s argument for government regulation is that there aren’t yet “rules of the road” pointing us off that cliff, I’ll take market regulation. Drivers like you and me are constantly and spontaneously writing the rules through our actions and inactions, clicks and non-clicks, purchases and non-purchases.

There are other quibbles. “Your political donations, home value and address have always been public,” says Stein, ”but you used to have to actually go to all these different places — courthouses, libraries, property-tax assessors’ offices — and request documents.”

This is correct insofar as it describes the modern decline in practical obscurity. But your political donations were not public records before the passage of the Federal Election Campaign Act in 1974. That’s when the federal government started subordinating this particular dimension of your privacy to others’ collective values.

But these pesky details can be put aside. The nuggets of wisdom in the article predominate!

“Since targeted ads are so much more effective than nontargeted ones,” Stein writes, ”websites can charge much more for them. This is why — compared with the old banners and pop-ups — online ads have become smaller and less invasive, and why websites have been able to provide better content and still be free.”

The Internet is a richer, more congenial place because of ads targeted for relevance.

And the conclusion of the article is a dose of smart, well-placed optimism that contrasts with Senator Kerry’s sloppy FUD.

We’re quickly figuring out how to navigate our trail of data — don’t say anything private on a Facebook wall, keep your secrets out of e-mail, use cash for illicit purchases. The vast majority of it, though, is worthless to us and a pretty good exchange for frequent-flier miles, better search results, a fast system to qualify for credit, finding out if our babysitter has a criminal record and ads we find more useful than annoying. Especially because no human being ever reads your files. As I learned by trying to find out all my data, we’re not all that interesting.

Consumers are learning how to navigate the online environment. They are not menaced or harmed by online tracking. Indeed, commercial tracking is congenial and slightly boring. That’s good news that you rarely hear from media or politicians because good news doesn’t generally sell magazines or legislation.

Privacy? Nuthin’. Respect My Authoritah!

A fascinating enforcement action under the Health Insurance Portability and Accountability Act (HIPAA) shows what really matters in the world of privacy regulation.

The U.S. Department of Health and Human Services has imposed a $4.3 million civil penalty against Maryland-based Cignet Health for violations of its regulations. HHS’s Office for Civil Rights (OCR) found that Cignet violated 41 patients’ HIPAA rights by denying them access to their medical records, which they requested between September 2008 and October 2009. The penalty for these violations is $1.3 million.

But Cigna’s real crime was willful disobedience of the government. Who knows why, but according to the government:

During the investigations, Cignet refused to respond to OCR’s demands to produce the records. Additionally, Cignet failed to cooperate with OCR’s investigations of the complaints and produce the records in response to OCR’s subpoena. OCR filed a petition to enforce its subpoena in United States District Court and obtained a default judgment against Cignet on March 30, 2010. On April 7, 2010, Cignet produced the medical records to OCR, but otherwise made no efforts to resolve the complaints through informal means.

OCR also found that Cignet failed to cooperate with OCR’s investigations on a continuing daily basis from March 17, 2009, to April 7, 2010, and that the failure to cooperate was due to Cignet’s willful neglect to comply with the Privacy Rule. Covered entities are required under law to cooperate with the Department’s investigations.

The penalty for that was $3 million.

Notably, the HHS release says nothing about the condition of the aggrieved parties. How are they doing with their $31,000 a piece? Does it fully compensate for their inability to access medical records during the relevant period?

Just kidding! Nobody really cares.

This enforcement action has nothing to do with remedying a genuine breach of privacy—an annoyance and genuine paperwork problem, yes—and everything to do with sending a message: You will respect my authoritah!

Why the Senate’s Vote on the Patriot Act Is Actually Pretty Good News

Last night, By an overwhelming 86-to-12 margin, the Senate approved a temporary 90-day extension of three controversial provisions of the Patriot Act scheduled to sunset at the end of the month. The House just voted to move forward on a parallel extension bill, which will presumably pass easily. Because I’m seeing some civil libertarian folks online reacting with dismay to this development, I think it’s worth clarifying that this is relatively good news when you reflect on the outlook from just a couple of weeks ago.

The House has already approved a one-year extension that would plant the next reauthorization vote on the right eve of primary season in a Presidential election cycle, all but guaranteeing a round of empty demagoguery followed by another punt. As of last week, everyone expected the Senate to bring Sen. Dianne Feinstein’s three year reauthorization—which also extends the odious FISA Amendments Act of 2008—to the floor. The discussion on the Senate floor last night makes it clear that this didn’t happen because of pushback from legislators who were sick of kicking the can and wanted time to hold hearings on substantive reforms.

This is actually a better outcome than simply letting the three sunsetting powers lapse—which, realistically, was not going to happen anyway. First, because at least one of the expiring authorities, roving wiretaps, is a legitimate tool that ought to be available to intelligence investigators if it’s amended to eliminate the so-called “John Doe” loophole. Second, because while all three of these provisions have serious defects that raise legitimate concerns about the potential for abuse, they are collectively small beer compared with National Security Letters, which have already given rise to serious, widespread, and well documented abuses. One of the three sunsetting powers has never been used, and the other two are invoked a couple dozen times per year. All three involve court supervision. The FBI issues tens of thousands of National Security Letter requests each year, the majority targeting American citizens and legal residents, without any advance court approval. The vast majority of the thousands of Americans whose financial and telecommunications records are seized each year are almost certainly innocent of any wrongdoing, but their information is nevertheless retained indefinitely in government databases. With very few exceptions, these people will never learn that the government has been monitoring their financial transactions or communication patterns. Forcing a debate now on the expiring provisions opens a window for consideration of proposals to rein in NSLs—including a new sunset that would create pressure for continued scrutiny.

A new Pew poll released this week reports that Americans remain fairly evenly split on the question of whether the Patriot Act is “a necessary tool that helps the government find terrorists” or “goes too far and poses a threat to civil liberties.” (Perhaps unsurprisingly, with the change of administration, Democrats have become more supportive and Republicans somewhat more skeptical.) But this is actually a signally unhelpful way to frame debate about legislation encompassing hundreds of reforms to the byzantine statutory framework governing American intelligence investigations—more a toolbox than a “tool.” The question shouldn’t be whether you’re “for” or “against” it, but whether there are ways to narrow and focus particular authorities so that legitimate investigations can proceed without sweeping in so much information about innocent people. A three-month extension signals that Congress is finally, belatedly, ready to start having that conversation.

Physician, Heal Thyself

Announcing a new Senate subcommittee devoted to privacy, Senators Leahy (D-VT) and Franken (D-MN) said nothing about privacy threats from government.

A “boom of new technologies over the last several years has … put an unprecedented amount of personal information into the hands of large companies that are unknown and unaccountable to the American public,” Franken said, according to an AFP report.

A boom of new technologies has put an unprecedented amount of personal information into the hands of the federal government—in some cases, illegally. It takes a lot of gall to point at commercial data collection from the atop the dunghill of federal privacy invasion. But there’s a lot of gall to go around in Washington, D.C.

Patriot Act Extension Runs Into Conservative Opposition

Reports the Los Angeles Times:

A House GOP push to permanently extend expiring provisions of the Patriot Act is running into opposition from conservative and “tea party”-inspired lawmakers wary of the law’s reach into private affairs.

Congress has made a practice of kicking the Patriot Act can down the road, but it could be that the new crop of legislators isn’t inclined to go along.

Julian Sanchez has blogged here about the complexities of this government surveillance law. His podcast on the topic, released yesterday, is titled “The Patriot Act Sneaks to Renewal.” Maybe it can’t sneak through after all…