Tag: privacy

NSA Snooping: a Majority of Americans Believe What?

Yesterday, the Washington Post and the Pew Research Center released a joint poll that purportedly showed that “a large majority of Americans” believe the federal government should focus on “investigating possible terrorist threats even if personal privacy is compromised.”

But a careful look at the poll shows citizens are far less sanguine about surrendering their privacy rights, as the facts continue to be revealed.

Pollsters faced a difficult challenge—to accurately capture public opinion during a complex and evolving story. Recall, on Wednesday of last week, the story was about the NSA tracking Verizon phone records. So the pollsters drew up a perfectly reasonable and balanced question:

As you may know, it has been reported that the National Security Agency has been getting secret court orders to track telephone call records of MILLIONS of Americans in an effort to investigate terrorism. Would you consider this access to telephone call records an acceptable or unacceptable way for the federal government to investigate terrorism?

Fifty-six percent found this “acceptable.” Thus, the “majority of Americans” lead in the Washington Post.

However, on Thursday, the Washington Post revealed explosive details about the massive data-collection program PRISM—and the public was alerted that the NSA was not just collecting phone records, but email, Facebook, and other online records. So the pollsters quickly drew up a new question, asked starting Friday, from June 7-9:

Do you think the U.S. government should be able to monitor everyone’s email and other online activities if officials say this might prevent future terrorist attacks?

Fifty-two percent—a majority—said “no.” So Americans feel differently about the story based on the facts on Wednesday, when the story was about tracking “telephone calls,” and facts on Thursday, when the story was about monitoring all “email and other online activity.”

The Washington Post could have fairly gone with a story that a majority of Americans do not agree that the federal government should monitor everyone’s email and online communication, even if it might prevent future terrorist attacks.

Unfortunately, that’s not the story that the Washington Post went with. Subsequent media coverage of the Post-Pew poll has neglected this nuance and cemented this misinterpretation of what “majority of Americans” believe.

A more reasonable interpretation of the Post-Pew poll is that citizens’ views seem to be changing as more details are revealed about the massive extent of the NSA snooping program. Indeed, most citizens have not been following this story as closely with only 48 percent report following thing “very closely” or “fairly closely.”

I’ll be watching eagerly to see what the next polls find out about that ever elusive “majority of Americans.”

A Brief Civil Liberties Quiz

See if you can spot the civil-liberties victory:

  1. The Supreme Court says the government can put your DNA in a national database, even if you were wrongly arrested.
  2. The State of Mississippi imposes mandatory collection of the DNA of babies born to teenage moms, neither of which is suspected of a crime.
  3. The Department of Justice is tracking and threatening to prosecute reporters, for the crime of reporting.
  4. The National Security Agency is collecting everyone’s phone records, even if they suspect you of nothing.
  5. The U.S. Senate kills a bill that could lead to a registry of law-abiding gun owners.

Answer: #5. 

Those crazy senators are looking less crazy all the time. 

How Identification Is Overused and Misunderstood

Justice Anthony Kennedy seems to be carving out his place as the Supreme Court justice who doesn’t “get” identity. Maryland v. King was the case issued today that shows that.

His opener was the 2004 decision in Hiibel v. Sixth Judicial District Court of Nevada, which ratified laws requiring people to disclose their names to police officers on request.

In that case, Deputy Lee Dove of the Humboldt County (NV) Sheriff’s Department had received a report that a man had slugged a woman. He didn’t know the names of the alleged perpetrator or the victim, but Dove found Larry Hiibel standing next to his truck at the side of the road talking to his seventeen-year-old daughter seated inside. Dove didn’t check to see if they were having a dispute, or if anyone had hit anyone. He just started demanding Hiibel’s ID.

“Knowledge of identity may inform an officer that a suspect is wanted for another offense, or has a record of violence or mental disorder,” Justice Kennedy wrote, approving Hiibel’s arrest for refusing to show his papers:

On the other hand, knowing identity may help clear a suspect and allow the police to concentrate their efforts elsewhere. Identity may prove particularly important in [certain cases, such as] where the police are investigating what appears to be a domestic assault. Officers called to investigate domestic disputes need to know whom they are dealing with in order to assess the situation, the threat to their own safety, and possible danger to the potential victim.

Even if he had gotten Larry Hiibel’s ID, that wouldn’t have told Dove any of these things. Dove would have had to stop his battery investigation to investigate Hiibel’s background, which he didn’t do until after he had arrested Hiibel–and after his partner had thrown Hiibel’s distraught daughter to the ground. (There’s your battery.)

In Maryland v. King, Justice Kennedy did it again. He wrote the decision approving DNA identification of arrestees. Like demanding Hiibel’s ID, which had no relation to investigating battery, Maryland’s practice of collecting DNA has no relation to investigating or proving the crime for which King was arrested, and it does nothing to administer his confinement. This Justice Scalia made clear in a scathing dissent.

The Court alludes at several points to the fact that King was an arrestee, and arrestees may be validly searched incident to their arrest. But the Court does not really rest on this principle, and for good reason: The objects of a search incident to arrest must be either (1) weapons or evidence that might easily be destroyed, or (2) evidence relevant to the crime of arrest. Neither is the object of the search at issue here. (citations omitted)

Justice Kennedy appears to think there are certain behaviors around detention and arrest that law enforcement is allowed without regard to the detention or arrest. Here, he has sanctioned the gathering of DNA from arrested people, supposedly presumed innocent until proven guilty, to investigate the possibility of their connection to other, unknown crimes. His logic would allow searching the cell phone of a person arrested for public drunkenness to see if they have participated in an extortion plot.

There is plenty of time to run DNA identification data past cold case files after conviction, and all parties agree that’s what would have happened in King’s case. Given that, the Supreme Court has upheld DNA-based investigation of innocent people for their connections to cold cases because they happen to have been arrested. That’s the strange result of Maryland v. King.

Mobility Is Freedom, Not an Invasion of Privacy

Mobility is freedom, or at least an important part of it. Yet earlier this month challenges to expansions of that freedom came from, surprisingly, the Mises Institute of Canada, Reason magazine, and American Enterprise Institute. The issues are new automobile technologies, specifically self-driving cars and improved road pricing, and the challenges came from people who clearly don’t understand the technologies involved.

Self-driving cars, says Roger Toutant writing for the Mises Institute of Canada, will lead to “a national, state-operated, computer network that will be used to achieve an Orwellian level of vehicular control and information sharing. …The implications are ominous. In the future, private spheres will be invaded and all movements will be tracked.”

“Boot up a Google car,” agrees Greg Beato of Reason magazine, “and it’s not so easy to cut the connection with the online mothership.” If you get into a Google driverless car, “you immediately start sending great quantities of revealing information to a company that’s already hoarding every emoticon you’ve ever IMed.”

It is appropriate to question new technologies, but the answer is that’s not the way these cars work. None of the self-driving cars being developed by Volkswagen, Google, or other companies rely at all on central computers. Instead, all the computing power is built into each car.

Civil Liberties After Boston—My Take

It’s to be expected that privacy will suffer a bear market after a terrorist attack or attempt. I’ve seen worse, of course, but was concerned this week to read a piece by Richard Epstein on the Hoover Institution web site that I think sounds needless anti-privacy notes. Professor Epstein is not only an important public intellectual, but a Cato adjunct scholar of which we’re proud, and a friendly professional colleague (to whose defense I’ll leap when he’s wronged).

The issue is what policies governments might adopt toward the end of terrorism prevention. Professor Epstein finds the statement of Massachusetts state senator Robert Hedlund (R-Weymouth) to be a bridge too far. Hedlund says:

It’s not surprising that you have law enforcement agencies rushing out to use [the Boston bombing and subsequent manhunt] as pretext to secure additional powers but I think we have to maintain perspective and realize that civil liberties and the protections we’re granted under the Constitution and our rights to privacy, to a degree, are nonnegotiable…

You don’t want to let a couple of young punks beat us and allow our civil liberties to be completely eroded. I don’t fall into the trap that, because of the hysteria, we need to kiss our civil liberties away.

Professor Epstein calls that “dead wrong,” saying, “the last thing needed in these difficult circumstances is a squeamishness about aggressive government action.” Given the importance of preventing terrorism, claims of right against increased surveillance and racial or other profiling should be “stoutly resisted,” he says.

I agree with Professor Epstein that flat claims about a “right to privacy” shouldn’t limit surveillance. “Concern” with racial or ethnic profiling is not a sound basis for desisting from the practice. But I don’t take Hedlund’s statement to be a product of squeamishness, and I think it is in the main correct.

Where I think Professor Epstein goes wrong insofar as he wants law enforcement to have its way is in setting aside “technical difficulties” and “means-ends” questions as peripheral. For me, the Fourth Amendment’s bar on unreasonable searches and seizures demands coordination between means and ends in light of the technological situation (both in terms of doing harm and discovering it). It is not a given that government action is reasonable, and no amount of priority given to a threat makes an incoherent response reasonable and constitutional.

Good, Market-Based Privacy Advocacy

Too much privacy advocacy is done by a self-appointed expert class who, believing their own preferences to be universal, beseech legislators and regulators to mold or even remake the information economy. I have nothing against self-appointed experts—I am one, and some of you have been falling for my schtick for a decade. But the hubris of claiming to know how things should come out? That’s too much.

So the Electronic Frontier Foundation’s “Who Has Your Back?” report is real stand-out. Using a clear, six-star grid, they assess how well major Internet companies and ISPs do when it comes to key dimensions of privacy protection.

This puts you, the consumer, in a position to choose with whom you want to do business. As importantly, it puts business decision-makers on notice: If they don’t satisfy actual consumer demand for privacy, they are more likely than before to lose money.

If consumers care about privacy, they will act on what’s in this report—and specifically on the dimensions of privacy protection that matter to them. If they don’t, they won’t, because they prioritize other things, and businesses can do the same. It’s an elegant system—a market-based system—for discovering and delivering what consumers want.

The alternative is a foggy war (politics being war by other means) in which the “consumer advocate” and “industry” use every artifice to persuade various authorities whether or not, and how, to intervene. The actual desire of the consumer is an afterthought in this regulatory battle.

So, Who Has Your Back?

The report is worth checking out. You might learn that a provider you trust is not so trustworthy. You might learn of services that you should try because they are good actors. You might disagree with the methodology, and that’s fine, too. The responses of businesses and consumers to this report will be far more finely tuned to actual consumer demand for privacy than the gaudy privacy show that runs ‘round the clock these days in Washington, D.C., state capitols, and Brussels.

Congratulations and thanks to the Electronic Frontier Foundation for some good, market-based privacy advocacy!

The Path to National Identification

In my 2008 paper, “Electronic Employment Eligibility Verification: Franz Kafka’s Solution to Illegal Immigration,” I wrote about where “internal enforcement” of immigration law leads: “to a national, cradle-to-grave, biometric tracking system.” More recently, I wrote “Internal Enforcement, E-Verify, and the Road to a National ID” in the Cato Journal. The “Gang of Eight” immigration proposal includes a large step on that path to national identification.

National ID provisions in the 2007 immigration bill were arguably its downfall. Scrapping the national ID provisions in the current bill would improve it, allowing our country to adopt more sensible immigration policies without suffering a costly attack on American citizens’ liberties.

Title III of the “Gang of Eight” bill is entitled “Interior Enforcement.” It begins by reiterating the current prohibition on hiring unauthorized aliens. (What seems to many a natural duty of employers was an invention that dates back only as far as 1986, when Congress passed the Immigration Reform and Control Act. Prior to that time, employers were free to hire workers based on the skills and willingness they presented, and not their documents. But since that time, Congress has treated the nation’s employers as deputy immigration agents.)

The bill details the circumstances under which employers may be both civilly and criminally liable under the law and provides for a “good faith defense” and “good faith compliance” that employers may hope to use as shelter. The bill restates (with modifications) the existing requirements for checking workers’ papers, saying that employers must “attest, under penalty of perjury” that they have “verified the identity and employment authorization status” of the people they employ, using prescribed documents or combination of documents. Cards that meet the requirements of the REAL ID Act are specifically cited as proof of identity and authorization to work.

In addition, the bill would create a new “identity authentication mechanism,” requiring employers to use that as well. It would take one of two forms. One is a “photo tool” that enables employers to match photos on covered identity documents to photos “maintained by a U.S. Citizenship and Immigration Services database.” If the photo tool is not available, employers must use a system the bill would instruct the Department of Homeland Security develop. The system would “provide a means of identity authentication in a manner that provides a high level of certainty as to the identity of such individual, using immigration and identifying information that may include review of identity documents or background screening verification techniques using publicly available information.”

The bill next turns to expanding the E-Verify system, requiring its use by various employers on various schedules. The federal government and federal contractors would have to use E-Verify as required already or within 90 days. A year after the DHS publishes implementing regulations, the Secretary of Homeland Security could require anyone touching “critical infrastructure” (defined here) to use E-Verify. She could require immigration law violators to use E-Verify anytime she likes.