Topic: Telecom, Internet & Information Policy

Strange Bedfoes against NSA Reform Bill

The push to rein in the authorities of the National Security Agency—covertly expanded by a secret court to permit indiscriminate bulk collection of Americans’ communications  and financial records—has become a truly bipartisan affair. In a way, this is nothing new: Liberals who recall the abuses of the Hoover era have long teamed with conservatives skeptical of government power in efforts to check excessive surveillance.  With a Senate vote looming to move forward with the USA FREEDOM Act, however, a still stranger mix of opponents is seeking to block what has emerged as the primary vehicle for intelligence reform in the post-Snowden era.

First, and least surprising, there’s the “More Catholic than the Pope” contingent—boosters of the intelligence community who seem convinced that the bill will somehow put Americans at risk, despite the insistence of Director of National Intelligence James Clapper that the proposed safeguards would not hinder intelligence operations. This stance is exemplified by a stunningly misleading Wall Street Journal op-ed penned by former Attorney General Michael Mukasey and forrmer NSA head Michael Hayden. Since the terrorist Islamic State group, or ISIS, is currently in the headlines, naturally it is invoked to tar the bill as “a reform that only ISIS could love.”  Never explained: Why, precisely, we should expect an authority to indiscriminately sweep up domestic telephone records to be a critical tool for monitoring a group that seems primarily concerned with consolidating its power overseas, not fielding operatives in the United States.  After all, even when it comes to domestic investigations—where one might have expected the NSA’s mass database to show its value—two independent review groups with full access to classified records have concluded that the program had little or none.  Incoming Senate majority leader Mitch McConnell has described the reforms as “tying our hands behind our back”—but a hand is a useful appendage.  On the public record, “tying our hair back” might a be more apt description—the bulk database has obscured the FBI’s by flooding the Bureau with dead-end “tips,” while any truly pertinent information it provided was invariably duplicative of records that agents had already obtained using traditional, targeted authorities.

Yet the USA FREEDOM framework actually preserves the core capabilities of this ineffective program: It creates a new mechanism for the government to do “connection chaining” by quickly and continuously obtaining, from multiple phone carriers, the records of suspected terror affiliates and their contacts. Mukasey and Hayden falsely decribe the new process as requiring a “warrant”—which it does not, on the consensus legal understanding that a “warrant” is a particularized authority based on the Fourth Amendment’s relatively high evidentiary standard of “probable cause.”  They also, somewhat comically, describe it as requiring the government go “scurrying” to telecomunications providers to “comb through” records, presumably by consulting a card catalogue.  Yet the point of the new framework, with a mandate that carriers provide “technical assistance” to NSA, is precisely to ensure that carriers can rapidly search their files to provide information about numbers once the secret FISA court has signed off (or, indeed, in advance of the court’s approval in an emergency).  Nor, indeed, do Mukasey and Haden so much as mention “National Security Letters,” a separate tool that can be used to obtain certain types of communications records without any judicial involvement. Unfortunately, the USA FREEDOM Act does not implement the recommendation of the President’s Surveillance Review group that these, too, require court authorization. Nor, conspicuously, does their tendentious discussion of the various safeguards currently in place mention the numerous massive and systemic violations of the rules imposed by the FISA court—violations that easily passed undetected for years precisely because NSA itself maintained the database rather than making particularized requests to carriers through the FISA court.

In short, the bill doesn’t really affect the government’s capabilities, only the way they’re implemented.  First, phone numbers to be searched will have to be specifically approved by the FISA Court—as Congress expected would be the case when it approved these authorities, and as has already been required since Februrary under a presidential directive.  Second, NSA will quickly obtain particular records, corresponding to “specific selectors” like phone numbers or other account identifiers, by passing its search queries to the carriers who already maintain those rather than compiling its own massive database, overwhelmingly consisting of irrelevant data about innocent people. This ought to be a pure win: A privacy protective re-architecting that reduces the potential for abuse without meaningfully interfering with the government’s ability to obtain the information in which it has a legitimate interest.   Which, of course, is why current intelligence officials have characterized the reforms as reasonable. Retired officials—the ones who implemented the bulk program and insisted its vast invasiveness was absolutely necessary—may be reluctant to admit they’ve been proven wrong, but their stubbornness does not amount to much of an argument.

Supreme Court Should Remove Kafka-esque Burden to Vindicating Property Rights

In order to create better telecom infrastructure, New York state law gives private telecom firms the power to take private property in exchange for just compensation. Verizon used this power to build terminal boxes on thousands of pieces of private property, thus essentially permanently occupying a part of the properties. Verizon is one of a few companies that enjoy this extraordinary, state-granted privilege to build things on other people’s property without their permission.

Those companies, however, must compensate the owners (at least theoretically) for these sorts of takings of property. Kurtz v. Verizon New York, Inc. arises from a putative class action alleging that Verizon failed to compensate 30,000-50,000 property owners for building terminal boxes on their property. Although Verizon is required to give property owners their “full compensation rights,” the plaintiffs argue that the company continuously flouts this requirement “as a matter of corporate policy and practice,” thus violating both the plaintiffs’ rights to procedural due process—for example, by not even notifying them that their property was being taken—and their Fifth Amendment rights to not have their property taken for public use without just compensation.

The U.S. Court of Appeals for the Second Circuit, however, ruled that the plaintiffs couldn’t proceed with their claims because of a case called Williamson County Regional Planning Commission v. Hamilton Bank of Johnson City (1985), in which the Supreme Court ruled that plaintiffs with takings claims have to seek relief from state courts before proceeding with a federal claim. Otherwise, the case will be dismissed for being not “ripe”—not ready for a federal court to hear the case.

Although this may seem like a small hoop-jumping exercise, this procedural requirement creates an unnecessary and burdensome extra step that can prevent many plaintiffs from ever having their takings claims heard in federal court. No other enumerated constitutional right has a similar requirement. Plaintiffs claiming a First Amendment violation, for example, don’t first have to exhaust their case in state courts.

The plaintiffs are now petitioning the Supreme Court to review the continuing relevance of Williamson County. In a brief supporting the petition, Cato, joining the Pacific Legal Foundation, argues that takings claims are ripe when the taking occurs, not after a plaintiff has gone through the state courts. Moreover, we point out that Williamson County, when combined with other rules of civil procedure, has actually prevented many claimants from ever bringing a case.

After exhausting their claims in state courts, some plaintiffs find that federal courts will dismiss their case on the ground that the matter has already been decided (what lawyers call res judicata, or “judged matter”). Other times, defendants will ask the judge to move the case from state court to federal court and then, once the case is in federal court, will argue that the plaintiffs did not exhaust their claims in state court (which of course they couldn’t have done because the defendants removed the case).

This Kafka-esque system is not the way to properly vindicate constitutional rights, and it’s certainly not what the Supreme Court imagined when it decided Williamson County. The Court should take this case to remove an unnecessary and harmful barrier to the protection of private property. 

Why Transparency Is Important

The benefits of transparency are hard to explain. Bit by bit, we’re improving public oversight of government, I’ve been heard to say, implying more libertarian-friendly outcomes—never quite sure that I’m getting my message through.

Now comes a comment on transparency that articulates its importance better than I ever could. It’s Obamacare architect Jonathan Gruber describing how lacking transparency allowed the president’s signature health care regulation to pass.

A gaffe in Washington is when somebody tells the truth. Thanks to this one, more people may understand how non-transparent government undercuts their freedoms. Insisting on government transparency can protect them.

Public Oversight of Congress, One Click at a Time

In mid-August, using Cato Deepbills data, the Legal Information Institute at Cornell University started alerting visitors to its U.S. Code pages that the laws these visitors care about may be amended by Congress.

The most visited bills are an interesting smattering of issues.

Getting top clicks is H.R. 570, the American Heroes COLA Act. Would it surprise you to learn that beneficiaries of Social Security’s Old Age, Survivors and Disability Insurance program are looking to see if veterans’ disability compensation will get the same cost-of-living increases? The relevant section of the Social Security Act on the Cornell site points to the bill that would grow veterans’ benefits in tandem with Social Security recipients’.

S. 1859, the Tax Extenders Act of 2013, is the second bill with the most referrals from Cornell. People looking into federal regulation of health insurance—or myriad other statutes—are finding their way to this complex piece of legislation. We know visitors to the Cornell site are legally sophisticated. They just might be able to follow what S. 1859 does.

Immigration is a hot-button issue, and Deepbills links at Cornell such as the code section dealing with reimbursement for detaining aliens are sending people to S. 744, the Border Security, Economic Opportunity, and Immigration Modernization Act.

Another hot-button issue and top source of clicks from Cornell’s site: federal gun control. People looking at gun control law are following links to Senator Dianne Feinstein’s (D-CA) bill to ban assault weapons.

As of Thursday morning, 674 people had clicked 855 times on links to the bills in Congress that affect the laws they’re interested in. Those numbers aren’t going to instantaneously revive public oversight of the government. But usage of these links is rising, and Tom Bruce at Cornell says he plans changes that may increase clicks by 3 to 5 times. He guesses that people see Cato’s sponsorship of the data they can access 20,000 times a day. (“I should have asked you for a penny per impression ;),” he says. Funny guy.)

A lot more people are aware of work Cato is doing to increase government transparency, but, more importantly, a small but growing cadre of people are being made aware of what Congress is doing. This positions them to do something about it. Public oversight of Congress is increasing one click at a time.

Old Technopanic in New iBottles

Gather around young’uns: Back in the antediluvean early 90s, when the digital world was young, a motley group of technologists and privacy advocates fought what are now, somewhat melodramatically, known as the Crypto Wars. There were many distinct battlefields, but the overarching question over which the Crypto Wars were fought was this: Would ordinary citizens be free to protect their communications and private files using strong, truly secure cryptography, or would governments seek to force programmers and computer makers to build in backdoors that would enable any scheme of encryption to be broken by the authorities?  Happily for both global privacy and the burgeoning digital economy—which depends critically on strong encryption—the American government, at least, ultimately saw the folly of seeking to control this new technology. Today, you are free to lock up your e-mails, chats, or hard drives without providing the government with a spare key.  (The conflict was featured on the front page of Wired Magazine’s second issue, and later detailed in Steven Levy’s lively book Crypto.)

Fast forward to 2014: Apple has announced that the new version of its mobile operating system, iOS, features full disk encryption to protect users’ data, and in contrast to earlier versions of iOS, Apple will not leave itself a backdoor that previously allowed the company to access at least some of the phone owner’s encrypted information.  The announcement has been greeted with alarm by cyberlaw professor Orin Kerr, in a series of  Washington Post blog entries that seem designed to prove Santayana’s hoary dictum about the perils of ignoring history. Apple, Kerr avers, is playing a “dangerous game” by implementing “a policy that only thwarts lawful search warrants.”  Police investigations, he fears, will now be stymied by criminals who refuse to unlock their phones, rendering search warrants to access those devices little more than “a nice piece of paper with a judge’s signature.”

Normally, Kerr’s writing on electronic privacy is marked by an understanding of modern telecommunications technology nearly as impressive as his legal erudition, but in this case, I fear, he has succumbed to an uncharacteristic fit of technopanic.  While he writes as though the corporate anarchists at Apple are brazenly thumbing their noses at police with a radical new policy, the truth is more nearly the opposite: It is Apple’s backdoor access that was the abberation, even for Apple.  If you encrypt your MacBook’s hard drive with Apple’s FileVault, or your Windows computer with Microsoft’s BitLocker, then unless the user chooses to send either company a backup copy of her encryption key, they can no more  unlock those encrypted files than a bookbinder can decipher the private code you employ in your personal diary.  Strong encryption is not even new to smartphones: Google’s Android operating system—the world’s most popular mobile platform, running on twice as many devices as iOS—has featured full-device encryption since 2011, and Google has never had backdoor access to those encrypted files.  And, of course, there have always been a wide array of third-party apps and services offering users the ability to encrypt their sensitive files and messages, with the promise that nobody else would hold the keys.  Does encryption occasionally stymie legitimate law enforcement investigations?  Of course—though way, way less often than you might think. The point to remember here, though, is that criminals have had access to backdoor-free encryption for many, many years before Apple announced its new policy without ushering in a terrifying new age of unstoppable criminals and impotent police.

Still, Kerr is right that encryption will now be far easier and more prevalent: Unbreakable encryption is not novel, but the decision to make iOS and Android devices encrypted by default is.  Previously, at least, criminals had to be savvy enough to make the choice to use encryption consistently—and many weren’t.  Encryption by default, because it protects average crooks as well as sophisticated cybercriminals, is likely to be a practical impediment in many more investigations. Criminals can still be punished for refusing a court order to unlock their devices, but may escape more serious charges that would be provable only with that encrypted evidence.  Does this strengthen the case, as Kerr suggests, for legislation requiring device manufacturers to build in backdoors or retain sensitive data?  It does not, for several reasons.

First, as Kerr belatedly acknowledges in a follow-up post, there are excellent security reasons not to mandate backdoors. Indeed, had he looked to the original Crypto Wars of the 90s, he would have seen that this was one of the primary reasons similar schemes were almost uniformly rejected by technologists and security experts.  More or less by definition, a backdoor for law enforcement is a deliberately introduced security vulnerability, a form of architected breach: It requires a system to be designed to permit access to a user’s data against the user’s wishes, and such a system is necessarily less secure than one designed without such a feature.  As computer scientist Matthew Green explains in a recent Slate column (and, with several eminent colleagues, in a longer 2013 paper) it is damn near impossible to create a security vulnerability that can only be exploited by “the good guys.” Activist Eva Galperin puts the point pithily: “Once you build a back door, you rarely get to decide who walks through it.” Even if your noble intention is only to make criminals more vulnerable to police, the unavoidable cost of doing so in practice is making the overwhelming majority of law-abiding users more vulnerable to criminals.

Second, and at the risk of belaboring the obvious, there are lots of governments out there that no freedom-loving person would classify as “the good guys.” Let’s pretend—for the sake of argument, and despite everything the experts tell us—that somehow it were possible to design a backdoor that would open for Apple or Google without being exploitable by hackers and criminals. Even then, it would be awfully myopic to forget that our own government is not the only one that would predictably come to these companies with legal demands. Yahoo, for instance, was roundly denounced by American legislators for coughing up data the Chinese government used to convict poet and dissident Shi Tao, released just last year after nearly a decade in prison.  Authoritarian governments, of course, will do their best to prevent truly secure digital technolgies from entering their countries, but they’ll be hard pressed to do so when secure devices are being mass-produced for western markets.  An iPhone that Apple can’t unlock when American cops come knocking for good reasons is also an iPhone they can’t unlock when the Chinese govermment comes knocking for bad ones. A backdoor mandate, by contrast, makes life easy for oppressive regimes by guaranteeing that consumer devices are exploitable by default—presenting U.S. companies with a presence in those countries with a horrific choice between enabling repression and endangering their foreign employees.

Uber Signups Soar Following German Ban

Uber has experienced an explosion in signups in Germany after a Frankfurt court handed down a temporary injunction banning the transport technology company. The countrywide ban follows a suit brought against Uber by Taxi Deutschland, an association of taxi dispatchers. Taxi Deutschland claimed that Uber did not have the necessary permits to operate. Under German law, drivers without a commercial licenses can pick up passengers as long as they do not charge more than the operating costs for the ride.

The Telegraph notes that Uber says it will continue to operate in Germany despite Taxi Deutschland claiming it will seek a fine of as much as €250,000 every time Uber provides a service without a license.

Since the injunction was issued, Uber claims that it has experienced a larger than 500 percent increase in signups compared to the same period last week in some parts of Germany. As City A.M.’s Guy Bentley notes, the Uber app has been downloaded in parts of Germany where Uber drivers do not operate:

The taxi app company doubled signups in all five German cities where it operates, with demand in both Hamburg and Düsseldorf rising over 500 per cent. Even people who don’t live in cities where Uber operates are downloading the app, perhaps in an act of capitalist solidarity. Uber now ranks in the top ten most downloaded apps in Germany.

According to Uber, the increased signups on September 2 in the five German cities where it operates compared to the same period last week are as follows:

- Uber Hamburg up 590 percent

- Uber Dusseldorf up 518 percent

- Uber Munich up 329 percent

- Uber Berlin up 270 percent

- Uber Frankfurt up 228 percent

I noted in July that, according to Uber’s U.K. general manager, Uber enjoyed an 850 percent increase in British signups in one day following a London black cab protest against how Uber was being treated by London’s transportation agency.

Taxi companies are understandably frustrated by the rise of Uber and will continue to seek legal means to stifle the company’s growth. However, events in Germany and the U.K. have shown that attacks on Uber can provide the company with welcome exposure and new customers.

 

Net Neutrality — or Destroying Internet Innovation and Investment?

The Sunlight Foundation reports that the Federal Communications Commission has received more than 800,000 public comments on the topic of “net neutrality,” more than 60 percent of them form letters written by organized campaigns and more than 200 from law firms on behalf of themselves or their clients. That’s an impressive outpouring of public comments. 

But Berin Szoka, a long-ago Cato intern who now runs TechFreedom, argues, “This debate is no longer about net neutrality. A radical fringe has hijacked the conversation in an attempt to undo two decades of bipartisan consensus against heavy-handed government control of the Internet.” TechFreedom has just launched DontBreakThe.Net, a web-based campaign to expose the danger facing the internet from well-meaning demands for something called “net neutrality.” In an open letter to FCC chairman Tom Wheeler, Szoka says:

Subjecting broadband to Title II of the 1996 Telecom Act would trigger endless litigation, cripple investment, slow broadband deployment and upgrades, and thus harm underserved communities. Al Gore may not have exactly ‘invented the Internet,’ but President Clinton’s FCC chairman Bill Kennard deserves much credit for choosing not to embroil the Internet in what he called the ‘morass’ of Title II. Kennard’s approach of ‘vigilant restraint’ unleashed over $1 trillion in private investment, which built the broadband networks everyone takes for granted today. Abandoning that approach would truly break the Internet.

Net Neutrality supporters such as Google, Facebook, and the NAACP haven’t jumped on the Title II bandwagon because they understand that Title II would threaten the entire Internet. Title II proponents claim the FCC can simply ‘reclassify’ broadband, but in truth, there’s no such thing as reclassification, only re-interpretation of the key definitions of the 1996 Telecom Act. If the FCC re-opens that Pandora’s Box, the bright line Chairman Kennard drew between Title II and the Internet will disappear forever. Startups and edge/content providers will inevitably be caught in the fray. And besides, the FCC has a long history of overstepping its bounds.

Invoking Title II would trigger years of litigation. It’s not clear the FCC could ultimately ‘reclassify’ broadband at all, and even less clear the FCC could, or actually would, follow through on talk of paring back Title II’s most burdensome rules, like retail price controls. Even if ‘reclassification’ stood up in court, the FCC still couldn’t do what net neutrality hardliners want: banning prioritization. The FCC would succeed only in creating a dark cloud of legal uncertainty. That would slow broadband upgrades and discourage new entrants, such as Google Fiber, from entering the market at all.

The best policy would be to maintain the ‘Hands off the Net’ approach that has otherwise prevailed for 20 years. Innovation could thrive, and regulators could still keep a watchful eye, intervening only where there is clear evidence of actual harm, not just abstract fears. As former FCC Chairman Bill Kennard put it, ‘I don’t want to dump the whole morass of Title II regulation on the cable pipe.’ If we want to maintain a free and open Internet, and encourage broadband competition, the FCC would do well to heed his advice.

TechFreedom created this catchy graphic for its campaign to encourage more people to understand what’s at stake in the so-called “net neutrality” fight.

Don't Break the Net 

Pages