Topic: Telecom, Internet & Information Policy

Lasers: The End of Privacy?

Gizmodo points to some outré technology on the Department of Homeland Security’s drawing board.

Within the next year or two, the U.S. Department of Homeland Security will instantly know everything about your body, clothes, and luggage with a new laser-based molecular scanner fired from 164 feet (50 meters) away. From traces of drugs or gun powder on your clothes to what you had for breakfast to the adrenaline level in your body—agents will be able to get any information they want without even touching you.

I don’t know about each of the technologies in this article, but the one I do know of—Raman spectroscopy—works by exciting a molecule with a laser. When the molecule returns to its normal state, it gives off a distinct photon that can be treated as a signature of the molecule. Thus, munitions and drug detection becomes “easy.”

Here’s why “easy” is in scare-quotes: At anything other than a very small distance, you have to shine a very high-intensity laser and have very sensitive detection equipment to gather the signature. The laser would fry people’s skin and burn their retinas, and the sensor would probably not work in the noisy, dusty areas where they might use these devices. There may be some new technology that defeats these challenges of physics, of course, but I hope not.

The article says there has “so far been no discussion about the personal rights and privacy issues involved.” Not true!

On page nine of Cato’s brief to the Supreme Court in Florida v. Jardines, we noted this developmental technology as an example of something that could perform quite invasive analysis without being a “search” under the Jacobsen/Caballes corollary to the “reasonable expectation of privacy” test from Katz v. United States.

The doctrine that arose from Katz was that a Fourth Amendment search occurs when one’s reasonable expectations of privacy are upended by government action. When government action only detects only illegal drugs, such as when a drug-detecting dog sniffed Caballes’s car, this is something in which a person can have no reasonable expectation of privacy, so no search has occurred. Get it?

Technologies like remote Raman spectroscopy illustrate the absurd result Katz doctrine produced in Jacobsen and Caballes. Katz and the Jacobsen/Caballes corollary are junk.

Cato’s Jardines brief points out the better way to administer the Fourth Amendment: When government agents use uncommon technology to perceive otherwise imperceptible things, that is searching. If the searching is appurtenant to our persons, houses, papers, and effects, it must be reasonable. In the vast majority of cases, that means getting a warrant.

Lasers won’t be the end of privacy if I can help it.

Advertising, Credit Reporting, and ‘Anti-Objectification’

You need a set of priors that I lack to stay interested in the forthcoming Suffolk University Law Review article, “Selling Consumers, Not Lists: The New World of Digital Decision-Making and the Role of the Fair Credit Reporting Act.” I think the thing animating authors Ed Mierzwinski and Jeff Chester is what I call “anti-objectification,” a desire at the outskirts of the privacy concept. It is bad, anti-objectifiers appear to believe, when a person is treated as a mere object of commerce, observed and communicated with on that basis alone.

Without anti-objectification, I can’t find much of anything wrong in their description of the emerging world of digital data collection and marketing. There is an impressive and complex array of techniques coming online to discover what people want, learn when they want it, and communicate with them in ways that will spur them to act on their desires.

Given the wrongs they perceive in these developments—which, again, I must guess at—Mierzwinski and Chester make a broad pitch to have online marketing drawn under the blanket of Fair Credit Reporting Act regulation. Not only the Federal Trade Commission, but the new, unconstrained Consumer Financial Protection Board, should look at bringing online advertising within the FCRA, they say.

Given the paucity of (apparent) harms to be rectified, one struggles to examine how broadening regulation of the information economy would improve things. But I don’t know why the Fair Credit Reporting Act would be a model anyway. In forty years, the FCRA has not cured the ills that Senator Proxmire (D-WI) recited when he introduced the law—to judge by the words of self-styled consumer advocates, at least. New challenges have emerged, and the FCRA has turned credit bureaus to the government’s use in financial surveillance. The FCRA preempted state common law—you can’t sustain a defamation action against a credit bureau, no matter how wrong its reporting is—replacing it with opaque and unwieldy bureaucratic procedures for those who believe their credit bureau records are inaccurate.

The FCRA already reduces consumer welfare by keeping new entrants out of the credit reporting business. When companies edge toward providing data that might be used for credit decisions, employment screening, housing, and the like, they quickly learn to eschew that market so they can avoid the FCRA’s obligations and regulator inquests. The result? Our economy is making less intelligent decisions about credit, employment, and housing. Efficiences that would lower costs to consumers across the board are not being found.

I drew lessons from the failure of the Fair Credit Reporting Act to fix things in my paper “Reputation under Regulation: The Fair Credit Reporting Act at 40 and Lessons for the Internet Privacy Debate.”

Privacy Regulation and Political Economy

Good-hearted people want to cure hunger, ignorance, and other human deficits. Many see the cure in taking from the group of “haves” and giving to the “have-nots.” Along with the injustice of the transfer itself, libertarians like to point out the backward incentives that generous, systematic giving creates. Poverty and ignorance becomes a low-end, but survivable, mode of living. It’s not really a surprise that these problems respond to subsidy by becoming intractable.

That’s simple math to people who understand incentives, so it shouldn’t be hard to recognize incentive structures and their warping in other areas. Take federalism. The Constitution set out a design for government that aligned political incentives well. With a limited federal government and plenary powers left with the states, elected officials closer to the people would provide better government because they would be responsible to smaller numbers of people at the ballot box.

When state officials go wrong, good-hearted, economically-minded people want to cure their deficits. Many see the cure in removing power from the state level to the federal through preemption. State regulation can interfere with national markets, and there is a Commerce Clause that arguably permits national regulation of all things commercial.

But the Commerce Clause was not a grant of plenary authority over commerce anywhere in the United States. It gave Congress power to “regulate commerce with foreign nations, and among the several states, and with the Indian tribes.” Think of a border sentry tasked mostly with preventing anyone from erecting gates.

One can “fix” bad state regulation by replacing it with a less-bad, nationally uniform rule. But doing so frees state officials from responsibility. The subsidy makes carelessness a low-end, but survivable mode of governing.

So with California Attorney General Kamala Harris brandishing $2,500 fines per download of apps in California if they don’t meet the terms of the California Online Privacy Protection Act, I don’t think the right answer is for the federal government to whisk in with its own less-bad privacy law that preempts California’s. The attorney general and the authors of California’s law should be allowed to let their behavior have its effects in their state, responding to their state’s voters if it has negative consequences.

The federal government’s only response should be to make clear that there are limits on California’s ability to bring out-of-staters into court. The federal government should preserve the right of people and businesses to exit states that make themselves unfriendly through high taxes, poor services, and inefficient regulation. This will set up the incentive structure under which governance in the United States will thrive, perhaps at the cost of California sinking into the ocean.

What I’m Telling Thursday’s Panelists

This morning, I’m gearing up for Thursday’s noon-time Cato book forum on the Mercatus/Jerry Brito book, Copyright Unbalanced: From Incentive to Excess.

With the recent release and withdrawal of a Republican Study Committee memo on copyright policy, there is even greater tension around the issues than usual. So here’s a line from the planning email I sent to panelists Jerry Brito, Tom W. Bell, and Mitch Glazier.

Given how hot the issues we’ll discuss tend to be, I’ll emphasize that we’re all friends through the transitive property of friendship. I’ll be policing against ad hominem and stuff like that coming from any side. In other words, don’t bother saying or implying why a co-panelist thinks what he does because you don’t know, and because I’ll make fun of you for it.

It might be worth coming just to see how well I do with my moderation duties. Whatever the case, I think our panelists will provide a vibrant discussion on the question of where libertarians and conservatives should be on copyright. Register here now.

Adventures in FOIA-Land (or: Red Tape Is Not Transparent)

The Justice Department’s Inspector General has just completed their most recent review of surveillance under the FISA Amendments Act of 2008, which is set to expire at the end of this year. The report, however, is classified—meaning the public is unlikely to see it before Congress votes to reauthorize the law for another five years during the lame duck session. Steven Aftergood of the Federation of American Scientists is trying to get a declassified version released—but he’s probably got a long wait ahead of him.

As regular readers of the Cato blog may recall, I recently wrote about my efforts to get even earlier versions of this report out of the government, in hopes of understanding something about the National Security Agency’s use of the sweeping surveillance powers granted by the FISA Amendments Act. Because it authorizes broad, programmatic interception of international communications without individualized search warrants, Congress insisted that the intelligence community produce a semi-annual report evaluating the NSA’s compliance with the law’s various procedures and safeguards, and highlighting potential civil liberties issues. Given the vast scale of surveillance under the FAA, it’s hardly a guarantee of adequate oversight, but it’s something. The ACLU had managed to get the first few such reports released, under the Freedom of Information Act, so way back in June, I filed a FOIA request of my own for the most recent reports. I asked for expedited review, arguing that since Congress is expected to extend those surveillance powers before the end of December, there was a strong public interest in getting these evaluations out as early as possible. Let me say again: I submitted this request in June.

In September—long past the statutory deadline of 20 business days—I finally heard back from the Justice Department, which said they could “neither confirm nor deny the existence” of reports that were required by federal law. Unsurprisingly, I appealed this facially ridiculous denial of my request—and to her credit, the senior FOIA officer at DOJ immediately acknowledged that this response had been inappropriate.  By mid-September, just under three months after my initial request went in, I was informed that they’d identified the reports I was looking for and forwarded them to the Office of the Director of National Intelligence (ODNI) for a declassification review, which they expected would be completed by early November. Joy! Would we actually get information about an intelligence program out of the government without a lawsuit? Maybe even in time to have a semi-informed public debate?

Well, no. ODNI informed me earlier this month that they were wrapping up their review and redaction Any Day Now, at which point… their redacted version would be forwarded, one at a time, to every other intelligence agency whose activities were referenced in the report. At each agency, it would go to the back of the line of FOIA requests, exactly as though it had just been submitted for the first time. Estimated time before a heavily censored version of these reports see the light of day: Another six months. At least. By which time, it won’t matter much what these reports say about NSA’s use of its sweeping powers, because Congress will have already given them another five years of spying authority.

Notice what this means in practice: Even though a court has already established, thanks to an ACLU lawsuit, that they are legally required to release redacted versions of these reports to the public on request, a cumbersome bureaucratic process effectively guarantees that it takes a solid year to get this information out, which means at best you’re working with what the assessment found two reports ago, allowing the government to assert that they’ve fixed whatever problems were found. In this case, the timing of the review process conveniently guarantees that whatever we learn will come far too late to influence this year’s vote on FAA powers, but be old news by the time Congress takes up the question again. It’s a little hard to swallow the claim that all this delay is remotely necessary: Are we really supposed to believe that the Office of the Director of National Intelligence will be so slipshod about letting sensitive classified information through that their work has to be independently double checked by every other intelligence agency? And that this process has to take six months or longer, even after ODNI has done their initial review and redaction? Of course it doesn’t: This is a bureaucratic procedure designed, not to protect national security, but to allow stalling on the release of politically inconvenient information that the courts won’t allow to be completely hidden from the public.

This is, needless to say, a far cry from early promises that Obama would preside over “the most transparent administration in history”—and it’s part of a larger pattern of failure on that front. What we should really be asking is why I had to submit this request at all. In his first days in office, after all, President Obama issued a directive not only urging agencies to err on the side of disclosure, but to adopt a policy of proactive release of documents likely to be of public interest. Surely if there were any doubt about the public interest in the use of sweeping surveillance powers, it should have been put to rest after the ACLU won release of the earliest compliance reports. So why didn’t the Justice Department follow President Obama’s directive and draft these reports with an eye toward preparing a declassified public version, knowing full well that civil liberties groups would come asking? Well, because then they wouldn’t be able to obfuscate and delay for months and months. Because then the public might be able to have an informed discussion about the secret surveillance powers we’ve given our spy agencies before we vote to extend them. Heaven forfend.

So will there be any consequences for officials who’ve so flagrantly disregarded the president’s transparency directive? Or was the “order” to adopt more transparent policies just a bit of political theater, delivered with a wink and a nudge? I have my suspicions, but Obama still has time to prove me wrong.

The ITU’s Floundering Effort to Retake the Internet

If you haven’t been following the push by regulators from the International Telecommunications Union to grab control of the Internet, Larry Downes’ article on this morning is a good window onto events.

Government regulators have long controlled and profited from telecommunications, also using it for surveillance. With the growth of the Internet, government regulators from around the world have lost their grip on communications, and now they are working to get it back. At the World Conference on International Telecommunications (or WCIT, commonly pronounced “wicket”) meeting in Dubai early next month, ITU regulators plan to introduce a series of proposals that would recapture telecommunications for the national regulatory bodies.

But, while showing just how out of touch ITU regulators are, Downs illustrates that the game has changed. A slick PR campaign will not help the ITU roll the telecom and Internet firms that oppose their plans. The telecom and Internet firms aren’t even the most important players.

The ITU is no different than the sponsors of ACTA, SOPA, PIPA, and other attempts at regulating the Internet, its content, or its users by governments large and small. Like the media lobbyists who continue to see the successful fight to kill SOPA and PIPA as a proxy war waged solely by Google and other Internet companies, the ITU simply can’t accept the reality that Internet users have become their own best advocates. Without prodding, they readily work together to defend a common-sense faith in self-governance for engineering resources and an unshakable belief in a free marketplace of ideas, the cornerstones of the Internet’s success.

That’s a little triumphal, but not too triumphal. The Internet is not governments’ to regulate.

Of course, governments will not release their grip on communications easily. The ITU’s unsubtle and ham-handed attempt to take control of the Internet is only one instance, belying more insidious work being done in the U.S. and abroad to tax and control us through our communications infrastructure.

Continued vigilance in the face of these efforts will defeat them, vigilance being—as always—the price of liberty.