Tag: talking points

Cybersecurity: Talking Points vs. Substance

In the late stages of a legislative battle, it often comes down to “talking points.” Whoever puts out the message that sticks wins the debate—damn the substance.

Rep. Mike Rogers (R-MI) is prioritizing talking points over substance if a CQ report about a speech he gave to the Ripon Society is accurate. (He put it up on his Web site, from which one could infer endorsement. Rogers is not a cosponsor of SOPA, the Stop Online Piracy Act, so let’s not have the government taking down the house.gov domain just now, mkay?)

From the report:

“We’re finding language we can agree on,” he said in a speech to the Ripon Society, a moderate Republican group. “Are we going to agree on everything? Probably not. They don’t want anything, anytime, ever.” But, Rogers said, he hopes to give the groups “language that at least allows them to sleep at night, because I can’t sleep at night over these threats.”

This seems to suggest that a few tweaks to language, well in the works with the privacy community, will make his version of cybersecurity legislation a fait accompli. I’m a keen observer of the privacy groups, and I see no evidence that this is so. The bill is so broadly written that it is probably unrepairable.

And that is a product of Congress’s approach to this problem: Congress does not know how to address the thousands of difference problems that fall under the umbrella term “cybersecurity,” so it has fixed on promiscuous (and legally immunized) “information sharing” with government security agencies as the “solution.” Privacy can rightly be traded for other goods such as security, but with no benefits discernible from wanton information sharing, one shouldn’t expect sign-off from the privacy community.

That is not actually the message of the privacy community, who, on average, trust the government more than most conservatives and libertarians. The mainstream privacy community probably would accept highly regulatory and poorly formed cybersecurity legislation if it had enough privacy protections. But Rogers’ talking points try to push privacy folk onto the “unreasonable” part of the chess board, saying, “They don’t want anything, anytime, ever.”

That’s closer to my view than anything the orthodox privacy advocates are saying. Cybersecurity is not an area where the federal government can do much to help. But even I said in my 2009 testimony to the House Science Committee that the federal government has a role in improving cybersecurity: being a smart consumer that influences technology markets for the better.

What Representative Rogers—and all advocates for cybersecurity legislation—have failed to do is to make the affirmative case for their bills. “I can’t sleep at night” is not an answer to the case, carefully made by Jerry Brito of the Mercatus Center at Cato’s recent Hill briefing, that the threat from cyberattacks is overblown.

The briefing was called “Cybersecurity: Will Federal Regulation Help?” That’s a place one can go for substance.

Krugman and Oil Spills, cont’d

Last week Paul Krugman seized on the Gulf oil spill as another occasion to bash libertarians in general and the great Milton Friedman in particular. On Friday David skewered the Times columnist over his odd rhetorical ploy of treating politicians’ failure to follow Friedman’s principles as a refutation of those principles. Now economist Alex Tabarrok at Marginal Revolution reports that Krugman also completely misunderstands the current set of laws governing oil spill liability:

The Oil Pollution Act of 1990 (OPA), which is the law that caps liability for economic damages at $75 million, does not override state law or common law remedies in tort (click on the link and search for common law or see here). Thus, Milton Friedman’s preferred remedy for corporate negligence, tort law, continues to operate and there is no doubt that BP’s potential liability under common law alone would be in the billions of dollars.

…The point of the OPA was not to limit tort law but to supplement it.

Tort law, as traditionally understood, could only be used to recover damages to people and property rather than force firms to pay cleanup costs per se. Thus, in the OPA as I read it – and take the details with a grain of salt since I’m not a lawyer–there is no limit on cleanup costs. Moreover, the OPA makes the offender strictly liable for cleanup costs which means that if these costs are proven the offender must pay them regardless (there are a few defenses, such as an act of war, but they are unlikely to apply). The offender is also strictly liable for up to $75 million in economic damages above and beyond cleanup costs. Thus the $75 million is simply a cap on the strictly liable damages, the damages that if proven BP has to pay regardless. But there is no limit, even under the OPA, on economic damages in the event that BP failed to follow regulations or is otherwise shown to be negligent (same as under common law).

The link Krugman supplies, and perhaps the source of his error, was this Talking Points Memo item baldly describing “the maximum liability for oil companies after a spill” as “a paltry $75 million.” Even the most passing acquaintance with the aftermath of real-world oil spills should have been enough for Krugman and TPM author Zachary Roth to realize that liability for assessments to this one federal rainy-day fund is but one component, perhaps but a minor one, of liability for overall spill damage. And even as regards this one specialized federal fund, Krugman and Roth got it wrong, as a glance at the May 1 edition of Krugman’s own paper would have revealed:

When a rich and well-insured company like BP is responsible for the spill, the government will seek reimbursement of what it spends on cleanup from the company and its insurers.

So Krugman’s post not only strained to take a cheap shot at libertarians, but also thoroughly botched a factual background that it would have been easy enough for him to have looked up. Other that that, it was fine.