Topic: Law and Civil Liberties

North Carolina: REAL ID Implementation on Hold

North Carolina is not one of the states that has joined the REAL ID Rebellion. By all accounts, it was plodding along, getting ready to implement the federal government’s national ID mandate.

But now comes news that the changes North Carolina had planned are on hold. “ ‘The Real ID Act is pretty much at a standstill nationwide,’ said Marge Howell, a spokeswoman for the Division of Motor Vehicles,” according to one report:

As a means of complying with the federal Real ID Act, the state DMV had planned on implementing a requirement that people who apply for a new or renewed driver’s license start producing documentation showing the motorist’s proof of identity and legal address beginning Dec. 1. That has now been delayed.

Another change, set to begin on July 1, requires the DMV to mail a motorist’s license to a residential address instead of instantly issuing a license. Howell said that program won’t go into effect statewide at the beginning of July. Instead, the DMV plans to phase that program in.

Even the compliant states are getting the message that REAL ID is a non-starter.

I recently queried whether one of the largest companies producing driver’s licenses would continue to agitate for the national ID law or embrace a diverse, competitive identification and credentialing marketplace.

Civil Liberties and Business

The Washington Legal Foundation has just published a Special Report: Federal Erosion of Business Civil Liberties (pdf).  Looks like a comprehensive analysis of the ongoing trend at the federal level to criminalize ordinary business activity. 

Check out this admission from the SEC’s Paul Atkins: “What is astonishing is that the attorney-client privilege, one of the foundational rights on which rests Anglo-American legal culture … should now be under siege.  The two federal agencies that have been most vigorous in seeking waiver of the attorney-client privilege have been the Department of Justice and – unfortunately, I must say – the Securities and Exchange Commission.”  Well, admitting the problem is the first step toward addressing the problem.  But notice the way he makes his agency appear uncontrollable.  It’s a fairly common tactic here in the capital.  Senators talk about “runaway spending” as if the federal budget was on some sort of auto-pilot.  And then they name highways and buildings after themselves to memorialize their “public service” and “leadership.”

When the status quo becomes politically unacceptable, Congress ought to abolish corporate welfare and restore the attorney-client privilege and other legal safeguards.

Related Cato work here and here.

ID Checks are About Control, Not Security

If there was ever any doubt that ID checks at airports are about control and not security, the Transportation Security Administration is clearing that up. Starting June 21, it says, “passengers that willfully refuse to provide identification at security checkpoint [sic] will be denied access to the secure area of airports.”

The claim is that this initiative is “the latest in a series designed to facilitate travel for legitimate passengers while enhancing the agency’s risk-based focus - on people, not things.” So let’s take a moment to look at how refusing airport access to the willful enhances security.

… OK! We’re done!

No terrorist or criminal would draw attention to him or herself by obstinately refusing an ID check. This is only done by the small coterie of civil libertarians and security experts who can’t stand the security pantomime that is airport identification checking. The rest of the people traveling without ID have lost theirs - and TSA officials at airports have no way of knowing which is which.

This new rule will do nothing to improve airport security, but watch for the incident when a TSA agent “doesn’t believe” someone who has truly lost his or her driver’s license and tries to strand a traveler in a faraway city.

A Free Market Gem in Guatemala

The L.A. Times has a very fine article today on Francisco Marroquín University, Guatemala’s libertarian institution of higher learning, and its founder, Manuel “Muso” Ayau.

Those of us who have visited UFM can testify as to the passion for liberty that fills the place. It’s certainly a free market gem in the midst of Central America.

Swire on Cybercrime Underenforcement

Peter Swire of the Center for American Progress has a paper out called “No Cop on the Beat: Underenforcement in E-Commerce and Cybercrime.” He identifies how local law enforcement lacks the ability and incentive to address various wrongs done on the Internet because of their complexity and their multi-jurisdictional nature.

Swire has identified a real problem. Just like everyone else, law enforcement struggles to keep up in the changing online environment. And it’s true that local law enforcement lacks incentive to expend efforts going after a distant cybercrime ring for the benefit of one local complainant and thousands of strangers.

(He calls this a “commons problem” and I understand how he means it to illustrate that law enforcement personnel and organizations are economic actors. Crime victims are a sort of public good to those organizations and they can’t enjoy the benefits of caring for most of those who would benefit from their work. I think this fits more neatly in the public choice box: local law enforcement in one jurisdiction doesn’t get any benefit — budgetary, political, or otherwise — from helping strangers, so they’re less inclined to do so.)

Swire’s conclusion is that there should be more federal law enforcement — such as by the Federal Trade Commission and the the Justice Department — or “federated” law enforcement, combining state and federal authorities: “A more federated approach recognizes the usefulness of enforcement task forces that draw on multiple jurisdictions. Federal‐state task forces, for instance, have been used widely for drug prosecutions and, more recently, in fighting terrorism.”

While these are logical conclusions, I would be reluctant to call for greater federal law enforcement. There isn’t authority for it in the Constitution, and the uses of “federated” law enforcement he identifies — in the “War on Drugs” and the “War on Terror“ — have not been shining examples we ought to follow.

I suspect that Swire would class this as an objection he calls “We Don’t Want Enforcement,” of which he identifies two strains. One is the extent to which some of these “harms” are worthy of enforcement. This is a strong objection, not so much to Swire’s thesis, but to a second one that’s implicit. Swire is not just calling for federal or federated law enforcement aimed at protecting the public from violations of their rights (which manifest themselves as legally cognizable “harms”); he’s classing all kinds of mischief as “harms” to dramatically broaden the sweep of the federal law enforcement task.

Consider this strange circumlocution: “The focus here is on online fraud, malicious software, and other harms that are carried out through the Internet.” In the world of natural language “harms” are “caused,” not “carried out.” Malicious software is “distributed” or “propagated,” not “carried out.” Fraud and malicious software often cause harm, but sometimes do not.

Classing malicious software as a “harm” would make it actionable in the abstract, such as through prescriptive software regulation. If this is what he’s talking about, Swire should surface it and talk about it rather than wedging bad behavior with potential harmful results into the term “harm.” (He’s not alone — see this post and the resulting comments discussing whether increased exposure to risk is a “harm.”)

A second strain of the “We Don’t Want Enforcement” objection is a melange of privacy concerns that Swire would address with due process and privacy rules.

A third strain (with some relation to the privacy concern) emerges from the “commons”/public choice dynamic that Swire identified so astutely as part of the cause of the problem. Bureaucracies and their members are economic actors, and a greater federal law enforcement regime would naturally begin to seek greater powers from the moment it came into existence. This is very much at play in the “wars” on drugs and terror, where federal law enforcement agencies seek much more to promote their institutional interests in growth than the safety, freedom, and prosperity of the people. “We Don’t Want Federal Bureaucracies Doing Law Enforcement” is a much stronger objection than Swire recognizes.

My main concern, though, sounds in moral hazard. Should a federal law enforcement apparatus emerge too early, or occupy fields where it is not absolutely essential, people and organizations that should be responsible for their own security will shunt that responsibility off to the government. Supine and seemingly incompetent, they will fall victim to many crimes and harms that they would otherwise have defended themselves against.

I often analogize the development of security in the online environment to security in the offline environment. Imagine if you were building streets, houses, and buildings from scratch, never having seen such things before. It would take some time to recognize the value of doors, windows, and walls in preventing crime. When you’ve got that window in place, you also need to close the latch, etc.

An alternative to all this distributed learning is to post law enforcement on every corner of every street, or in front of every house. But having a cop on every corner is expensive and hard to administer. There’s risk of corruption, and laziness, and so on. The best security is provided by the most interested actors, and I’d be loathe to have federal law enforcement communicate that there is anyone more responsible than software companies, online service providers, payment systems, and individuals for securing the online environment.

There is some role for the federal government in preventing and detecting multi-jurisdictional and international crimes. I wouldn’t rush to embrace it, or to class a broad array of behaviors as “harms” so that the federal law enforcement role mushrooms into an ineffective and costly “War on Cybercrime.”

Fusion Centers in Search of a Problem

Via Secrecy News: “There is, more often than not, insufficient purely ‘terrorist’ activity to support a multi-jurisdictional and multi-governmental level fusion center that exclusively processes terrorist activity.” This is from a Naval Postgraduate School master’s thesis entitled: “An Examination of State and Local Fusion Centers and Data Collection Methods.”

Though they arose to counter the terrorism threat, “fusion centers” will seek out other things to do. Programs like these are born of slogans - “connect the dots” - “information sharing” - rather than sound security thinking. In a TechKnowledge piece last year titled, “Fusion Centers: Leave ‘Em to the States,” I juxtaposed the active fusion center in Massachusetts with the hair-on-fire overreaction of the Boston Police to a guerrilla marketing campaign featuring stylized Lite-Brites.