Topic: Telecom, Internet & Information Policy

REAL ID, the Race Card

I testified in Congress yesterday, at a hearing on the REAL ID Act in the Senate Homeland Security and Governmental Affairs Committee’s Subcommittee on Oversight of Government Management, the Federal Workforce, and the District of Columbia.  My testimony is here.

An issue that I sought to highlight comes from studying the REAL ID regulations carefully: The standard that the Department of Homeland Security selected for the 2D bar code that would go on REAL ID compliant cards includes race/ethnicity as one of the data elements. 

DHS does not specifically require inclusion of this information, but states are likely to adopt the entire standard.  Thus, starting in May 2008, many Americans may be carrying nationally uniform cards that include race or ethnicity in machine-readable formats – available for scanning and collection by anyone with a bar code reader.   Government agencies and corporations may affiliate racial and ethnic data more closely than ever with information about our travels through the economy and society.

This was not intended by the authors of the REAL ID Act, nor was it intended by the regulation writers at the Department of Homeland Security.  The Belgian colonial government in 1930s Rwanda had no intention to facilitate the 1994 genocide in that country either, but its inclusion of group identity in ID cards had that result all the same.

The woman in the image below, believed to be a genocide victim, is categorized as a Tutsi just below her photograph.  Her name is not seen, as it appears on the first page of this folio-style ID document.  The names of her four children, though, are written in on the page opposite the photo.

The lessons of history are available to us. The chance of something like this happening in the United States is blessedly small, but it is worth taking every possible step to avoid this risk, given an always-uncertain future.  In a society that strives for a color-blind ideal, the federal government should have no part in creating a system that could be used to track people based on race. 

 photo by Jerry Fowler, USHMM

Update on Hillary 1984

The mysterious creator of the Orwellian YouTube ad about Hillary Clinton has been unmasked. He is Philip de Vellis, a strategist with Blue State Digital, a digital consulting firm with ties to rival Sen. Barack Obama. The ad ended with a plug for Obama, but the Obama campaign had denied any knowledge of it. Blue State designed Obama’s website; the company fired de Vellis yesterday. And Democratic operative de Vellis was properly chastened: “I want to make it clear that I don’t think that Hillary Clinton is Big Brother or a bad person or anything.”

DHS Privacy Committee Meeting Tomorrow

The DHS Data Privacy and Integrity Advisory Committee meets tomorrow (Mar. 21) at the Crowne Plaza Washington National Airport in Arlington. 

The morning agenda is heavy on REAL ID, and we’ll hear from Jonathan Frenkel, a Senior Policy Advisor at DHS who was one of the key officials responsible for writing the recently issued regulations.

REAL ID News and Views

An interesting report says that at least one member of the Carter-Baker Commission would not have signed on to its recommendation to use REAL ID as a voter ID card had she known more about it.

Meanwhile, the Boston Globe editorializes against REAL ID, calling it “unrealistic.”

Greater safety is imperative. But given its flaws, the Real ID law should be scrapped. The country needs to invest more thought, time, debate, and money into how best to upgrade driver’s licenses.

Confidentiality

Washington University School of Law professor Neil Richards and George Washington University Law School professor Daniel Solove have an important new law review article out.  Privacy’s Other Path: Recovering the Law of Confidentiality is a useful reminder of a dimension of privacy apart from the privacy torts so famously inspired by Warren and Brandeis in their 1890 Harvard Law Review article.

Confidentiality is the idea that you can share information subject to restrictions on further disclosure and use.  There are often implicit understandings about how shared or mutually created information should be treated.  It’s an important point that’s been conveniently forgotten in government arguments for “data retention,” for example.  Confidentiality in the financial services sphere has been eviscerated by the Bank Secrecy Act and the Supreme Court cases that followed it, as well as Smith v. Maryland in the telecommunications context.

Richards and Solove’s work has its awkward turns - they characterize continental Europe’s focus on dignity and America’s focus on liberty as highly individualistic, while suggesting that confidentiality is ”based on the protection of relationships.”  If these characterizations are relevant at all, confidentiality can be seen just as much as a protection of individuals, the difference being that confidentiality is rooted more deeply in contract.  Small matter, though. 

Overall a good work, and an important reminder.

(HT: Schneier)

Missouri Joining the REAL ID Rebellion

The Missouri House of Representatives voted overwhelmingly Thursday to reject the REAL ID Act.

Representative Jim Guest (R- King City) is quoted in the Carthage Press saying,  ‘‘We must not lose what this nation was founded upon.  The Real ID Act is a direct frontal assault on our freedoms.’’

The bill now goes to the Senate.

Google Does a Good Thing

I have written here a couple of times about concerns with Google’s data retention practices in light of its susceptibility for use in government surveillance. 

Happily, a couple of Google lawyers have announced on the Google blog that the company will be making the data from their server logs “much more anonymous, so that it can no longer be identified with individual users, after 18-24 months.” That’s a big, important change, as Google’s privacy policy has never before pledged to destroy or anonymize data about all of our searches.

Now, there are some interesting details - details that are highlighted by the text I quoted above. “Anonymous” is correctly regarded as an absolute condition. Like pregnancy, anonymity is either there or it’s not. Modifying the word with a relative adjective like “more” is a curious use of language.

Google has a challenge, if they’re going to anonymize data and not destroy it, to make sure that a person’s identity and behavior cannot be reconstructed from it. As AOL’s fiasco with releasing “anonymized” search data showed, clipping off the obvious identifiers won’t do it. As data mining capabilities advance, anonymizing techniques will have to keep ahead of that.

There are interesting things that can be done to synthesize data, making it statistically relevant while factually incoherent. Hopefully, Google will sic some of its finest famously-smarty-pants engineers on the task of making their anonymous data really, really anonymous.

(Cross-posted from TechLiberationFront)