Topic: Cato Publications

The Libertarian Vote in the New York Times

A big tip of the hat to John Tierney for his column today. It’s hidden behind a TimesSelect wall, but here’s a selection:

These federal intrusions are especially scorned by independent voters in the Western states where Republicans have been losing ground, like Colorado, Nevada, Arizona and Montana. Western Democrats have been siphoning off libertarian voters by moderating their liberal views on issues like gun control, but Republicans have been driving libertarians away with their wars on vice and their jeremiads against gay marriage (and their attempt to regulate that from Washington, too).

Libertarian voters tend to get ignored by political strategists because they’re not easy to categorize or organize. They don’t congregate in churches or union halls; they don’t unite to push political agendas. Many don’t even call themselves libertarians, although they qualify because of their social liberalism and economic conservatism: they want the government out of their bedrooms as well as their wallets.

They distrust moral busybodies of both parties, and they may well be the most important bloc of swing voters this election, as David Boaz and David Kirby conclude in a new study for the Cato Institute. Analyzing a variety of voter surveys, they estimate that libertarians make up about 15 percent of voters — a bloc roughly comparable in size to liberals and to conservative Christians, and far bigger than blocs like Nascar dads or soccer moms.

Find the study here.

Fake Boarding Pass Generator Underscores ID Woes

Yesterday, the blogosphere crackled with news that ‘net surfers could use a website to generate fake boarding passes that would enable them to slip past airport security and gain access to airport concourses. The news provides a good opportunity to illustrate a credentialing (and identity) system, how it works, and how it fails.

It’s very complicated, so I’m going to try to take it slowly and walk through every step.

The Computer Assisted Passenger Prescreening System (CAPPS) separates commercial air passengers into two categories: those deemed to require additional security scrutiny — termed “selectees” — and those who are not. When a passenger checks in at the airport, the air carrier’s reservation system uses certain information from the passenger’s itinerary for analysis in CAPPS. This analysis checks the passenger’s information against the CAPPS rules and also against a government-supplied “watch list” that contains the names of known or suspected terrorists.

Flaws in the design and theory of the CAPPS system make it relatively easy to defeat. A group with any sophistication and motivation can test the system to see which of its members are flagged, or what behaviors cause them to be flagged, then adjust their plans accordingly.

A variety of flaws and weaknesses inhabit the practice of watch-listing. Simple name-matching causes many false positives, as so many Robert Johnsons will attest. But the foremost weakness is that a person who is not known to be a threat will not be listed. Watch-listing does nothing about people or groups acting for the first time.

In addition, a person who is known and listed can elude the system by using an alias. The use of a false or synthetic identity (and thus an inaccurate boarding card) could assist in this. But the simplest wrongful use of this fake boarding card generator would be to make a boarding card that allows a known bad person to receive no more security scrutiny than all the good people.

When CAPPS finds that a passenger should be given selectee status, this is transmitted to the check-in counter where a code is printed on the passenger’s boarding pass. At the checkpoint, the boarding pass serves as a credential indicating that the person is entitled to enter the concourse, and also indicating what kind of treatment the person should get — selectee or non-selectee. The credential is tied to the person bearing it by also checking a government-issued ID.

In a previous post, I included a schematic showing how identification cards work (from my book Identity Crisis). This might be helpful to review now because credentials like the boarding pass work according to the same three-step process: First, an issuer (the airline) collects information, including what status the traveler has. Next, the issuer puts it onto a credential (the boarding pass). Finally, the verifier or relying party (the checkpoint agent) checks the credential and accords the traveler the treatment that the credential indicates.

Checking the credential bearer’s identification, a repeat of this three-step process, and comparing the names on both documents, ties the boarding pass to the person (and in the process imports all the weaknesses of identification cards).

Each of these steps is a point of weakness. If the information is bad, such as when a malefactor is not known, the first step fails and the system does not work. If the malefactor is using someone else’s ticket and successfully presents a fake ID, the third step has failed and the system does not work.

The simple example we’re using here breaks the second step. A person traveling under his own name may present a boarding pass for the flight for which he has bought a ticket — but the false boarding pass he presents does not indicate selectee status. He has eluded the CAPPS system and the watch list.

The fake boarding pass generator does not create a new security weakness. It reveals an existing one. Though some people may want to, it’s important not to kill the messenger (who, in this case, is a Ph.D. student in security infomatics at Indiana University who created the pass generator to call attention to the problem). As I’ve said before, identity-based security is terribly weak. Its costs — in dollars, inconvenience, economic loss, and lost privacy — are greater than its security benefit.

Hopefully, the revelation that people can use fake boarding passes to elude CAPPS and watch-lists is another step in the long, slow process of moving away from security systems that don’t work well, toward security systems that do. Good security systems address tools and methods of attack directly. They make sure all passengers on an airplane lack the capacity to do significant harm.

Should Government Identity Documents Use RFID?

Interesting question - and perhaps simpler than many people think. 

Back in June, the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee (on which I serve) published a draft report on the use of RFID for human tracking.  (“RFID” stands for radio frequency identification, a suite of technologies that identify items - and, if put in cards, track people - by radio.)  The report poured cold water on using RFID in government-mandated identity cards and documents.  This met with some consternation among the DHS bureaus that plan to use RFID this way, and among the businesses eager to sell the technology to the government.

Despite diligent work to put the report in final form, the Committee took a pass on it at its most recent meeting in September - nominally because new members of the Committee had not had time to consider it.  The Committee is expected to finish this work and finalize the report in December.

But skeptics of the report continue to come out of the woodwork.  Most recently, the Center for Democracy and Technology wrote a letter to the Privacy Committee encouraging more study of the issue, implicitly discouraging the Committee from finding against RFID-embedded government documents.  CDT invited ”a deeper factual inquiry and analysis [that] would foster more thoughtful and constructive public dialog.”

If the correct answer is ”no,” do you have to say “yes” to be constructive? RFID offers no anti-forgery or anti-tampering benefit over other digital technologies that can be used in identification cards - indeed it has greater security weaknesses than alternatives.  And RFID has only negligible benefits in terms of speed and convenience because it does not assist with the comparison between the identifiers on a card and the bearer of the card.  This is what takes up all the time in the process of identifying someone.   (If that’s too much jargon, you need to read my book Identity Crisis: How Identification is Overused and Misunderstood.)

I shared my impression of CDT’s comments in an e-mail back to Jim Dempsey.  Jim and CDT do valuable work, but I think they are late to this discussion and are unwittingly undermining the Privacy Committee’s work to protect Americans’ privacy and civil liberties. My missive helps illustrate the thinking and the urgency of this problem, so after the jump, the contents of that e-mail:

Jim:

I’ve had time now to read your follow-up comments on the Department of Homeland Security Privacy Committee’s draft report on RFID and human tracking, and you and I have spoken about it briefly.  I wanted to offer a response in writing, and make my thinking available to others, because you and CDT are important figures in discussions like this.

First, I think it’s important to put the burden of proof in the right place.  When DHS proposes a change as significant as moving to radio-frequency-based (RF), digital human identification systems, the burden of proof is on the DHS to show why they should be adopted.  The burden is not on the Committee to show why they should not.

The use of digital methods to identify people is a sea change in the process of identification.  You know well, because you have written on these subjects extensively, that digital technologies make it very easy to collect, store, copy, transfer, and re-use personal information.  The leading identification systems being proposed and deployed for use on Americans are not just digital – they go a step further and use radio frequency technology of various stripes. 

Digital identification systems, such as the government-mandated RF systems we discuss generally in the report, have entirely different consequences for privacy from the analog and visual identification methods primarily used in government ID up to this point.  We begin to explore these consequences in the report. 

The report tries to confine itself to the concerns created by the addition of RF because trying to reach all the concerns with government-mandated digital ID systems is such a formidable task and because RF systems are the leading ones under consideration and development. 

Which brings me to a second important point: These systems are being designed, built, and implemented right now

The DHS components that want to use RFID to track people are not awaiting the study or studies you propose.  The Privacy Committee’s role is to call out important privacy issues at relevant times and the draft report on using RFID for human tracking does that. 

If you wish to step back and ponder the issues, you are welcome to, but the inference I draw from your letter – that we should delay or suspend the Committee’s report on use of RFID for human tracking – would make the Committee a full participant in a program planning scenario we see too often in Washington, D.C.:  “Ready … fire … AIM!”

As you point out, the draft report does not reach every concern with every system, nor the detailed differences among them.  But it is not the job of the Committee to perform the in-depth study or studies you suggest. That is the job of the Department of Homeland Security components that seek to deploy these systems.

The members of the drafting subcommittee sought information about these systems and the privacy issues associated with them, and considered everything we were told and given by industry, privacy advocates, members of the public, and DHS components.  The information we have leads us fairly and accurately to conclude that the merits (and, through cost-benefit comparison, the net benefits) of these systems have not been shown.

I won’t belabor the specifics of all you invite the Committee to study in your comments, but I was particularly struck by your challenge to us to substantiate the following statement from the draft report:  “Without formidable safeguards, the use of RFID in identification cards and tokens will tend to enable the tracking of individuals’ movements, profiling of their activities and subsequent, non-security-related use of identification and derived information.”

Jim, we have yet to see an RF human identification system that does not collect and store information about every American subject to it for at least 75 years. You know that data collections this deep, held for periods of time this long, tend to find new, unanticipated, and often undesirable uses.  This is but one of the concerns with these systems.

Your letter is awfully sanguine for an organization that advocates for civil liberties and democratic values.  If CDT plans to do a “full and objective” assessment of RFID’s use in human tracking, I would be happy to help bring you up to speed.

 

Jim Harper
Director of Information Policy Studies
The Cato Institute

Libertarian Voters Hit the Headlines

Suddenly, a week after David Kirby and I published our study “The Libertarian Vote,” journalists and politicos are taking note of libertarian voters, along with disgruntled economic conservatives and social conservatives. In a story on our study, The Economist writes:

AMERICA may be the land of the free, but Americans who favour both economic and social freedom have no political home. The Republican Party espouses economic freedom — ie, low taxes and minimal regulation — but is less keen on sexual liberation. The Democratic Party champions the right of homosexuals to do their thing without government interference, but not businesspeople. Libertarian voters have an unhappy choice. Assuming they opt for one of the two main parties, they can vote to kick the state out of the bedroom, or the boardroom, but not both.

And that, of course, is why our study found that the 15 percent of American voters who are libertarian swung sharply toward the Democrats in 2004. Although they usually vote Republican, they’re not committed to the GOP. And they realized that the Bush Republicans have not been delivering fiscal responsibility, federalism, or any of the other policies that libertarians and other voters expect from Republicans.

If you think I have a starry-eyed view of some halcyon past when the Republican Party actually believed in small government, check out this Washington Post article that says that gays ”hold a tenuous, complicated spot within the ranks of the GOP, whose earlier libertarian, live-and-let-live values have been ground down by the wedge issue of opposition to gay rights.”

Meanwhile, faced with impending doom, Republicans and conservatives are taking pot shots at each other in the media. A front-page article in today’s New York Times, triggered by my former colleague Ryan Sager and his book The Elephant in the Room, features former House majority leader Dick Armey complaining about the religious right: “The Republicans are talking about things like gay marriage and so forth, and the Democrats are talking about the things people care about, like how do I pay my bills?” In a newsletter from James Dobson’s Focus on the Family, Rep. Mark Souder (R-Ind.) called Armey’s comments “disgusting” and insulting to “the many Christians around the United States who devoutly hold conservative moral beliefs.”

Neoconservative Bill Kristol scoffs at the suggestion that massive overspending is turning off economically conservative voters. American Conservative Union chairman David Keene responds, “The principal sin of the neoconservatives is overbearing arrogance. It is not so much that they have been wrong. It is that nobody has ever convinced them that they have been wrong.”

Over at the Washington Times, Ralph Hallow quotes Grover Norquist and Rush Limbaugh denouncing conservative “whining” about the failures of Bush and the Republican Congress. He also quotes a response from me: “The war looks like a mistake, and Republicans have been spending worse than Democrats. Both libertarians and social conservatives are disgusted with the Cunningham, Abramoff and Foley scandals. They’re thinking that maybe the Republicans have been in power too long and don’t deserve another term.”

And a CNSNews story about the “libertarian vote” study quotes a rebuttal from Josh Holmes of the Republican National Committee: “If you believe in limited government, if you believe in free and fair markets, and you believe the American people are capable of accomplishing great things without the government doing it for us, the Republican Party is the only choice. When Democrat leaders talk about rolling back tax cuts, nationalizing the health care system, and drastically increasing domestic spending, they are not a viable option for most libertarian voters.”

He’s got a point. Democrats aren’t trying very hard to pick up the disgruntled libertarians. But Holmes is trying to persuade us that we still live in that Republican dream world when the party was characterized by “libertarian, live-and-let-live values,” instead of the actual world of unnecessary wars, gay marriage bans, 50 percent spending increases, and the biggest expansion of entitlements in 50 years.

Both parties will try to turn out their base voters this year by demonizing the other side, and both have a lot of material to work with. For many voters, it will work. They will decide that “we can’t let the other side win because then we’ll have higher taxes/fiscal irresponsibility/appeasement of terrorists/failing wars/extreme social conservatism/out-of-control leftwing judges.”

But others are going to see through that, and the real problem for Republicans this year is how many potential Republican voters really don’t feel excited about voting Republican. It’s always easiest not to vote, so you have to be pretty committed to actually get to the polling place and stand in line. In this year’s election, Democrats are outraged and optimistic, so they’re more likely to vote. Republicans are embarrassed, ashamed, and disgusted, so a lot of them will just not find the energy to get to the polls. And if libertarian voters keep swinging away from the Republicans, then Republicans are going to lose seats even in places like the Mountain West that they should be able to count on.

The Search for a Libertarian Democrat

In his writings about “libertarian Democrats,” Markos “Kos” Moulitsas always cites Montana Gov. Brian Schweitzer as Exhibit A. In the current Cato Unbound symposium, he writes:

Mountain West Democrats are leading the charge. At the vanguard is Montana Governor Brian Schweitzer, who won his governorship the same day George Bush was winning Montana 58 to 38 percent. While the theme of Republican corruption played a big role in Schweitzer’s victory, he also ran on a decidedly libertarian Democrat message.

Hope springs eternal. But alas, in Cato’s “Fiscal Policy Report Card on America’s Governors,” released Thursday, Schweitzer gets an F for his taxing and spending policies. Author Stephen Slivinski writes, “Spending in his first proposed budget exploded.” Plus he reinstated an expiring tax.

We’re still waiting for a libertarian Democrat. Really. We’d love to find one.

Grading the Governors

Today, the Cato Institute released the eighth biennial report card on the nation’s governors.  It provides an index of fiscal restraint for each governor based on multiple objective measures of fiscal performance.  This year there are 23 variables on which the governors are graded – more than the 15 variables of the 2004 report card.  The methodology has been improved this time, too.  You can find a copy of the report here.

The formula for success in the report card is simple: If a governor cuts taxes and spending the most, he will get a high grade. Raise taxes and spending the most, he’ll get a low grade.

Cutting taxes is important, at least, because doing so makes a state more economically competitive.  As I report in the study, between 1990 and 2005 the rates of growth in employment and personal income in the top 10 tax-raising states were lower than the national average. The tax-cutting states, on the other hand, saw economic growth faster than the national average.

Cutting taxes is also important because it reduces the amount of private-sector resources that the government can stake a claim to.  Yet that’s only part of the story.  While this sounds elementary, it’s a key point.  The report card tries to capture how fond a governor is of big government.  There are many governors who cut merely cut taxes and think it’s enough to get them a good grade.  But if they increase spending, they really haven’t cut the size of government.  Thus, the top grades will always go to the governors who keep taxes and spending under control simultaneously.  It’s something you rarely find among most governors, Republican or Democrat.  That’s why there are always so few “A” and “B” grades in the report card.

Newsflash: Politician Does Right Thing (Twice)

At Cato, we often point out when politicians do something wrong — and who can blame us given the target-rich environment? But we should also salute the rare politician who does something right (more or less). So let’s give two tips of the hat to New York mayor Michael Bloomberg for choosing not to inflame two recent situations that could easily have been exploited for political gain.

Last July, parts of Queens lost electricity for more than a week because several of the borough’s feeder cables failed, leaving about 100,000 people without power. During and after the blackout, several NY politicos piled on Consolidated Edison, which is a tried-and-true political tradition in New York City. But Bloomberg broke with tradition, publicly refusing to bash the utility. Instead, he worked to lower the political temperature, and he urged others to do the same.

Now, Bloomberg is also declining to bash yesterday’s announced $5.4 billion sale of Stuyvesant Town and Peter Cooper Village, two massive middle-income apartment complexes in Manhattan. Together, the complexes comprise more than 11,000 units in 110 buildings covering some 80 acres of the most lucrative real estate on the planet. The sale is reported to be the largest real estate deal in American history.

As the impending sale became public, many New York politicians and political activists ripped the deal because of fears of “gentrification.” But Bloomberg, to his credit, said simply, “MetLife owns it, and they have a right to sell it.”

Of course, housing affordability is a legitimate public concern. But the much-ballyhooed policy prescriptions — e.g., rent control, affordable housing mandates, “inclusionary zoning” — are window dressing at best and counterproductive at worst.

Fortunately, there is a far-superior policy response that also is market-friendly: government need only remove the restrictions preventing the market from satisfying the demand for affordable housing. This is argued well by Harvard economist Ed Glaeser and Wharton School economist Joe Gyourko in the Fall 2002 issue of Regulation.

If Bloomberg really wants to make my day, he should read Glaeser and Gyourko’s article and allow developers to build as much housing as the New York market demands.