Topic: Telecom, Internet & Information Policy

Substantiating the Libertarian Vision, One Anecdote at a Time

Yesterday, it was six seconds to get a “yes” from a private entity when a government official took eight days, four hours to reach “no.”

Today, “Why is it that one guy with a laptop can accomplish more in 20 minutes that an army of city officials and bureaucrats can in as many weeks?

While the D.C. Taxicab Commission dithers over issuing a new map, some guy just went ahead and made one on Google maps.

False Suspicion and Cold Comfort

A post on the Washington DC/Metro Area Flickr users group has touched a nerve with readers of DCist, who are sharing stories of similar experiences in the comments.

D.C. area photographer “Yonas,” taking pictures in the Gallery Place Metro station, caught the eye of Metro Police who found it suspicious. They demanded identification and subjected the photographer to questioning.

This offends me about five different ways, but it provides a good opportunity to illustrate how suspicion is properly generated — and, in this case, how it is not properly generated — using patterns. The same concepts apply to the cop on the beat and the high-tech search through data.

I testified to a Senate Judiciary Committee hearing on data mining earlier this year regarding searches for terrorists and terrorism planning:

Pattern analysis is looking for a pattern in data that has two characteristics: (1) It is consistent with bad behavior, such as terrorism planning or crime; and (2) it is inconsistent with innocent behavior.

In … the classic Fourth Amendment case, Terry v. Ohio, …  a police officer saw Terry walking past a store multiple times, looking in furtively. This was (1) consistent with criminal planning (“casing” the store for robbery), and (2) inconsistent with innocent behavior — it didn’t look like shopping, curiosity, or unrequited love of a store clerk. The officer’s “hunch” in Terry can be described as a successful use of pattern analysis before the age of databases.

Recall that after 9/11 people were questioned and even arrested for taking pictures of bridges, monuments, and buildings. To common knowledge, photographing landmarks fits a pattern of terrorism planning. After all, terrorists need to case their targets. But photographing landmarks fits many patterns of innocent behavior also, such as tourism, photography as a hobby, architecture, and so on. This clumsy, improvised [pattern analysis] failed the second test of pattern development.

Photography on public property will almost never be suspicious enough to justify even the briefest interrogation. Photography is a serendipitous activity so it appropriately gets wide latitude. (Other facts could combine with public-location photography to create a suspicious circumstance on rare occasions, of course.)

It bears mentioning that regulations allow photography in Metro stations, but I don’t find regulation of this kind terribly comforting. It reminds me of Prague shortly after the Velvet Revolution, where I observed that people were consciously coming to grips with the revolutionary idea: “All that is not forbidden is allowed.” The prior state of affairs had been the opposite, “All that is not allowed is forbidden.” I hope this latter rule is not in force on our subways or anywhere else in this country.

If You’re in North Carolina …

I’ll be speaking tomorrow at the Security and Liberty Forum hosted by the Privacy and Technology Committee of the American Civil Liberties Union of North Carolina and the Department of Computer Science, UNC-Chapel Hill.

That’s Saturday, April 14, 2007 from 1-5 p.m., Chapman Hall on the UNC Campus.

Scant Evidence? That’s Voter Fraud Calling

One of the more clever country song titles I ever heard was If the Phone Don’t Ring, You’ll Know It’s Me.

That’s something like the predicament of searchers after the menace of voter fraud, who can’t seem to find much of it. The New York Times today reports that “scant evidence” exists of a significant problem.

Voter fraud is the idea that individuals might vote multiple times, in multiple jurisdictions, or despite not being qualified. This is distinct from election fraud, which is corruption of broader voting or vote-counting processes. While voter fraud (and/or voter error) certainly happens, it is apparently on a trivial scale. It probably has not changed any election results, and probably will not do so if ordinary protective measures are maintained.

This is important because voter fraud has been used as an argument for subjecting our nation’s citizens to a national ID. The Carter-Baker Commission found little evidence of voter fraud, but went ahead and called for adopting REAL ID as a voter identification card. One of the Commission’s members apparently retreated from that conclusion, having learned more about REAL ID.

For proponents of a national ID, if the phone’s not ringing, that’s voter fraud calling.

High-Tech Welfare for High-Tech Billionaires

Voters in a New Mexico county appear to have approved a tax increase to build the nation’s first commercial spaceport. Two other counties will also hold tax referendums before the project can proceed. British billionaire Richard Branson and his company Virgin Galactic have signed a long-term lease to use the spaceport.

But why should the taxpayers of rural New Mexico be paying for facilities for billionaire space entrepreneurs? If the spaceport is going to be profitable, then businesses could pay for it. And even if it weren’t profitable, the space business has attracted the attention of a lot of people with a sense of adventure and billions of dollars, from Branson to Microsoft cofounder Paul Allen, the seventh richest man in America.

The argument to spend tax dollars on the spaceport is very similar to the argument for tax-funded stadiums and convention centers. Proponents say it will bring jobs and tax revenues to the three rural counties. But apparently it isn’t a sure enough thing for businesses to invest their own money.

Cato scholars have argued for years against corporate welfare. The spaceport is a classic example of corporate welfare, though in this case it might better be called billionaire welfare. It will transfer money from middle-class and working people to subsidize businesses and billionaires who won’t have to invest their own money — just like the typical stadium deal, paid for by average taxpayers to benefit millionaire players and billionaire owners.

At least in this case the voters get to decide, which rarely happens with stadium subsidies. The vote pitted “political, business and education leaders” against retirees and groups representing the poor.

“I’m not opposed to the spaceport, but I think it’s a terrible idea to tax poor people to pay for something that will be used by the rich,” said Oscar Vasquez Butler, a county commissioner who represents many of the unincorporated rural colonias where the poorest New Mexicans live, often without proper roads and water and sewage systems. “They tell us the spaceport will bring jobs to our people, but it all sounds very risky. The only thing we know for sure is that people will pay more taxes.”

April Fool’s Dud

Over the weekend, I put an April Fool’s Day post up on Tech Liberation Front, indicating a security breach in the NAPHSIS EVVE system.  It was almost instantaneously debunked by a commenter.  Thank you so much, blogosphere … .  The post was intended to illustrate some issues with identification-based security and the REAL ID Act.

The National Association for Public Health Statistics and Information Systems has developed and implemented the Electronic Verification of Vital Events system to allow immediate confirmation of the information on a birth certificate presented by an applicant to a government office anywhere in the nation irrespective of the place or date of issuance.

That sounds neat, but it is being incorporated into the REAL ID national ID system apparently without regard to the security issues involved. If we are going to use driver’s licenses for security purposes, each link in the chain of issuance is then a potential vulnerability.

What if the NAPHSIS EVVE system and others like it were compromised and made to confirm the issuance of birth certificates that didn’t actually exist? We could have untold numbers of licenses issued based on fraud. The system we have now, which provides a modicum of security, could collapse as fraudulently acquired driver’s licenses proliferate.

Two weeks ago, at the meeting of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee, I asked Stewart Baker, Assistant Secretary for Policy at DHS, what counter-measures might be employed by attackers on the REAL ID national ID system. He said, “We have done some thinking about that …” I’m not sure our confidence should be inspired.

Every weakness in the system should be explored carefully. I summarized some of them in Appendix A of my testimony at the Homeland Security and Governmental Affairs Committee last week.