Topic: Telecom, Internet & Information Policy

Bandying “Terrorism”

George Clooney has now joined North Korea’s United Nations ambassador Ja Song Nam in bandying charges of “terrorism” against a foe. North Korea’s emissary in New York complained in July that the production of Sony’s film, The Interview, was “the most undisguised sponsoring of terrorism as well as an act of war.”

So, too, according to Clooney, was the threat leveled by unknown persons against theaters that might show the film: “Then, to turn around and threaten to blow people up and kill people, and just by that threat alone we change what we do for a living, that’s the actual definition of terrorism,” he said.

We don’t know more about the definition, but the ambassador and Mr. Clooney do teach us about usage. “Terrorism” is a debased, all-purpose charge anyone can use against anyone. There is a special variant of the word in which the results of an action provide conclusive evidence of the motive behind it. Because U.S. theaters yanked The Interview from their Christmas Day schedules, Clooney can plausibly call the threat “terrorism.” Had most people, like me, assumed the threat to be an idle prank, it would not have been terrorism.

I remain unpersuaded of a North Korean connection or anyone’s meaningful capacity or willingness to attack theaters. The most proximate cause of The Interview’s cancellation, it seems to me, is risk aversion on the part of theater owners’ lawyers. They apparently concluded that an attack could be a foreseeable cause of death and injury, for which owners could be liable. (Go ahead, reformers. Call trial lawyers “terrorists.”)

Subject matter expert Paddy Hillyard, a professor of sociology at Queen’s University, Belfast, eschews the term “terrorism” for reasons he articulated in a 2010 Cato Unbound. He participated in Cato’s study of terrorism and counterterrorism (conference, forum, book). I’m one of many who don’t believe that “cyberterrorism” even exists.

The greatest risk in all this is that loose talk of terrorism and “cyberwar” lead nations closer to actual war. Having failed to secure its systems, Sony has certainly lost a lot of money and reputation, but for actual damage to life and limb, you ain’t seen nothing like real war. It is not within well-drawn boundaries of U.S. national security interests to avenge wrongs to U.S. subsidiaries of Japanese corporations. Governments in the United States should respond to the Sony hack with nothing more than ordinary policing and diplomacy.

NOBODY Expects the Spanish Press Contrition!

Back in October, Spain’s parliament passed a horribly ill-advised law at the behest of the Spanish news publishing lobby, the AEDE. Struggling to adapt to the information age in one of Europe’s more troubled economies, the AEDE thought it had hit on a brilliant new revenue source: They got a provision inserted in a new intellectual property law that, starting in January, will force news aggregation sites to pay newspapers for the privilege of linking to their stories.

This never made much sense: News aggregators are a massive source of traffic (and therefore ad revenue) for news sites.  In effect, the law seeks to make it more difficult and costly for anyone to give those sites free advertising.  Indeed, it’s hard to see the point of posting stories online unless you expect people to link to them, and it’s simple enough to automatically prevent search engines from indexing your site’s content if, for some obscure reason, you don’t want people to have an easy means of discovering your content.  But never mind the logic; the law seemed like a foolproof way for ailing news companies to milk a few euros from big tech corporations flush with cash. What could go wrong?

You know how the story ends, right?  Everyone but the newspapers themselves seems to have seen it coming, since something similar had just played out in Germany: Google News, the largest of the aggregators, announced last week that they would be shutting down operations in Spain. Since the company didn’t even show ads on its news site, keeping it open under the new regulations would be an unsustainable, money-losing proposition.

The hilarious coda to the story: The AEDE, which previously complained that news aggregators were “stealing” their work by publishing headlines and tiny snippets of stories, is now begging Spanish regulators to stop Google News from closing. The site’s shuttering, the group complained without irony, “would undoubtedly have a negative impact on citizens and Spanish businesses.” Give them points for chutzpah if nothing else: They’re not even waiting for the blood to dry on the hatchet before bemoaning the loss of their golden eggs.

Connolly: Yes to Privacy Act Liability for Mental and Emotional Distress

A couple of years ago I wrote here about the Supreme Court case denying that a person could collect damages from the government under the Privacy Act based on mental and emotional distress. It’s a narrow point, but an important one, because the harm privacy invasions produce is often only mental and emotional distress. If such injuries aren’t recognized, the Privacy Act doesn’t offer much of a remedy.

Many privacy advocates have sought to bloat privacy regulation by lowering the “harm” bar. They argue that the creation of a privacy risk is a harm or that worrisome information practices are harmful. But I think harm rises above doing things someone might find “worrisome.” Harm can occur, as I think it may have in this case, when one’s (hidden) HIV status and thus sexual orientation is revealed. It’s shown by proving emotional distress to a judge or jury.

Rep. Gerry Connolly (D-VA) has introduced the fix for the Supreme Court’s overly narrow interpretation of the Privacy Act. His Safeguarding Individual Privacy Against Government Invasion Act of 2014 would allow for non-pecuniary damages—that is, mental and emotional distress—in Privacy Act cases.

It’s a simple fix to a contained problem in federal privacy legislation. It’s passage would not only close a gap in the statute. It would help channel the privacy discussion in the right way, toward real harms, which include provable mental and emotional distress.

Google’s Search “Monopoly”

Last week, while we Americans were “unbundling” the various parts of our turkeys, the European Parliament was talking about unbundling Google’s various features:

Members of the European parliament voted overwhelmingly on a measure aimed at keeping companies, such as Google, from dominating the search engine market.

The motion “calls on the [European] Commission to consider proposals with the aim of unbundling search engines from other commercial services as one potential long-term solution” to ensure fair competition.

While the vote was largely symbolic, its outcome could put EU anti-trust commissioner Margrethe Vestager under pressure to pursue complaints against Google, which critics say squeezes out its competitors using unfair advantages.

The Economist weighed in with a bit of criticism:

The European Parliament’s Googlephobia looks a mask for two concerns, one worthier than the other. The lamentable one, which American politicians pointed out this week, is a desire to protect European companies. Among the loudest voices lobbying against Google are Axel Springer and Hubert Burda Media, two German media giants. Instead of attacking successful American companies, Europe’s leaders should ask themselves why their continent has not produced a Google or a Facebook. Opening up the EU’s digital services market would do more to create one than protecting local incumbents.

The good reason for worrying about the internet giants is privacy. It is right to limit the ability of Google and Facebook to use personal data: their services should, for instance, come with default settings guarding privacy, so companies gathering personal information have to ask consumers to opt in. Europe’s politicians have shown more interest in this than American ones. But to address these concerns, they should regulate companies’ behaviour, not their market power. Some clearer thinking by European politicians would benefit the continent’s citizens.

Building on these points, I’d go even further.  It seems to me there is pretty clear demand for a privacy-focused internet company.  But I don’t see why governments need to get involved here.  Instead, companies – European ones, and others, too – just need to recognize this demand, and jump into the market with some competing products.  There are fewer barriers to entry in this market than most other markets; someone just needs to be willing to take a risk.

Computer-Aided Reporting: Looking Where the Light Is Good

Upshot (New York Times) writer Derek Willis tweeted this morning, “We need to stop doing stories (and maps) with meaningless data.” At the link, a story on Vox charts the poorest members of Congress. It’s based on a Roll Call story published in September.

His main point, I think, is the failure of the data to reliably reflect what it’s supposed to. The disclosures on which these stories rely don’t include the value of homes members own, for example, and information is reported in broad bands, so it’s probably not very accurate and may be wildly inaccurate.

The data is meaningless in another, more important way. Neither story suggests any correlation between wealth (or its absence) and legislators’ behavior or fitness for office. It’s just a look at who has money and who doesn’t—uninformative infotainment. Maybe some readers stack up inferences to draw conclusions about Congress or its members, but this is probably an exercise in confirming one’s biases.

This illustrates a real problem for computer-aided journalism. When the only data available depicts a certain slice of the world, that will skew editorial judgments toward that slice of the world, overweighting its importance in news reporting and commentary.

In my opinion, reporting on public policy suffers just such a skew. There is relatively good data about campaign financing and campaign spending, which makes it easy to report about. The relatively high level of reporting on this area makes it appear more important while the actual behavior of public officials in office—the bills they sponsor, the contents of bills, amendments, votes, and the results for society—goes relatively unreported.

It won’t be the fix for all that ails reporting on public policy, but our Deepbills project makes essential content of legislation available as data. It vastly expands the territory around U.S. federal public policy that computer-aided jounalists can cover. Deepbills data has been picked up various places, but we need more adoption before it will provide all the value it can to a better-informed public.

Update: On Wednesday, the House Government Reform and Oversight Committee will have a hearing on implementation of the DATA Act, which could yet further expand the data available to journalists, and all of us.

DATA Act Implementation

The administration is working to implement the DATA Act, which, if implemented well, could produce a sea-change in government transparency, and a shift of power from government insiders to the people.

Yesterday, I submitted to the Treasury Department’s Fiscal Service our 2012 “Grading the Government’s Data Publication Practices” study, along with the following comment, which notes the glaring absence of a machine-readable government organization chart.

In partial response to the notice, I’m pleased to submit the attached study, which may assist your inquiry.

Over several years, I have been studying transparency, which remains largely undelivered because it has been undefined.

In “Grading the Government’s Data Publication Practices,” you’ll find the results of that study. Transparency is produced by data that comes from an authoritative source, data that is complete, that is machine-discoverable, and that is machine-readable. When good data publication conditions obtain, the public and government managers alike, through information services, apps, and websites, will make use of the data to make the government more legible.

The study graded the quality of data publication about key entities in the legislative and budgeting/spending processes. The striking upshot was the absence of good data about a very elemental topic: the organizational units of the federal government. There is no machine-readable organization chart for the U.S. federal government. The absence of a machine-readable government organization chart stifles public and congressional oversight, and it frustrates internal management.

Producing machine-readable data that articulates what the organizational units of the federal government are should be a priority. It is probably one of the easier things to do technically, and it will produce important gains in transparency. Failure to produce and maintain a machine-readable federal government organization chart would also stand out if it is not done early on in DATA Act implementation.

We are currently in the process of re-grading data publication in the areas covered by the prior study. In future iterations of the grading study, I look forward to reporting that there is well-organized, complete information about all agencies, bureaus, programs, and projects, and the relationships among them.

Thank you!

Jim Harper

A cynic—and there might be one or two reading this blog!—would say that the government will never make itself transparent. Well, it certainly won’t if you don’t ask it to…

Strange Bedfoes against NSA Reform Bill

The push to rein in the authorities of the National Security Agency—covertly expanded by a secret court to permit indiscriminate bulk collection of Americans’ communications  and financial records—has become a truly bipartisan affair. In a way, this is nothing new: Liberals who recall the abuses of the Hoover era have long teamed with conservatives skeptical of government power in efforts to check excessive surveillance.  With a Senate vote looming to move forward with the USA FREEDOM Act, however, a still stranger mix of opponents is seeking to block what has emerged as the primary vehicle for intelligence reform in the post-Snowden era.

First, and least surprising, there’s the “More Catholic than the Pope” contingent—boosters of the intelligence community who seem convinced that the bill will somehow put Americans at risk, despite the insistence of Director of National Intelligence James Clapper that the proposed safeguards would not hinder intelligence operations. This stance is exemplified by a stunningly misleading Wall Street Journal op-ed penned by former Attorney General Michael Mukasey and forrmer NSA head Michael Hayden. Since the terrorist Islamic State group, or ISIS, is currently in the headlines, naturally it is invoked to tar the bill as “a reform that only ISIS could love.”  Never explained: Why, precisely, we should expect an authority to indiscriminately sweep up domestic telephone records to be a critical tool for monitoring a group that seems primarily concerned with consolidating its power overseas, not fielding operatives in the United States.  After all, even when it comes to domestic investigations—where one might have expected the NSA’s mass database to show its value—two independent review groups with full access to classified records have concluded that the program had little or none.  Incoming Senate majority leader Mitch McConnell has described the reforms as “tying our hands behind our back”—but a hand is a useful appendage.  On the public record, “tying our hair back” might a be more apt description—the bulk database has obscured the FBI’s by flooding the Bureau with dead-end “tips,” while any truly pertinent information it provided was invariably duplicative of records that agents had already obtained using traditional, targeted authorities.

Yet the USA FREEDOM framework actually preserves the core capabilities of this ineffective program: It creates a new mechanism for the government to do “connection chaining” by quickly and continuously obtaining, from multiple phone carriers, the records of suspected terror affiliates and their contacts. Mukasey and Hayden falsely decribe the new process as requiring a “warrant”—which it does not, on the consensus legal understanding that a “warrant” is a particularized authority based on the Fourth Amendment’s relatively high evidentiary standard of “probable cause.”  They also, somewhat comically, describe it as requiring the government go “scurrying” to telecomunications providers to “comb through” records, presumably by consulting a card catalogue.  Yet the point of the new framework, with a mandate that carriers provide “technical assistance” to NSA, is precisely to ensure that carriers can rapidly search their files to provide information about numbers once the secret FISA court has signed off (or, indeed, in advance of the court’s approval in an emergency).  Nor, indeed, do Mukasey and Haden so much as mention “National Security Letters,” a separate tool that can be used to obtain certain types of communications records without any judicial involvement. Unfortunately, the USA FREEDOM Act does not implement the recommendation of the President’s Surveillance Review group that these, too, require court authorization. Nor, conspicuously, does their tendentious discussion of the various safeguards currently in place mention the numerous massive and systemic violations of the rules imposed by the FISA court—violations that easily passed undetected for years precisely because NSA itself maintained the database rather than making particularized requests to carriers through the FISA court.

In short, the bill doesn’t really affect the government’s capabilities, only the way they’re implemented.  First, phone numbers to be searched will have to be specifically approved by the FISA Court—as Congress expected would be the case when it approved these authorities, and as has already been required since Februrary under a presidential directive.  Second, NSA will quickly obtain particular records, corresponding to “specific selectors” like phone numbers or other account identifiers, by passing its search queries to the carriers who already maintain those rather than compiling its own massive database, overwhelmingly consisting of irrelevant data about innocent people. This ought to be a pure win: A privacy protective re-architecting that reduces the potential for abuse without meaningfully interfering with the government’s ability to obtain the information in which it has a legitimate interest.   Which, of course, is why current intelligence officials have characterized the reforms as reasonable. Retired officials—the ones who implemented the bulk program and insisted its vast invasiveness was absolutely necessary—may be reluctant to admit they’ve been proven wrong, but their stubbornness does not amount to much of an argument.

Pages