Topic: Telecom, Internet & Information Policy

Secret Spying and the Supreme Court’s Constitutional Catch-22

The memory of the abuses perpetrated by colonial officials wielding “general warrants” inspired the framers of our Constitution’s Fourth Amendment to constrain the government’s power to invade citizens’ privacy. With today’s 5-4 ruling in Clapper v. Amnesty International, the Supreme Court has announced that the modern equivalent of those general warrants—dragnet surveillance “authorizations” under the FISA Amendments Act—will be effectively immune from Fourth Amendment challenge.

The FAA permits the government to secretly vacuum up Americans’ international communications on a massive scale, without any individualized suspicion—and at least some of that surveillance has already been determined to have violated the constitution by a secret intelligence court. Yet today’s majority has all but guaranteed no court will be able to review the constitutionality of the law as a whole by imposing a perverse Catch-22: Even citizens at the highest risk of being wiretapped may not bring a challenge without proof they’re in the government’s vast database. The only problem is the government is never required to reveal who has been spied on.

In essence, the Court has said that even if the law is unconstitutional, even if it has violated the Fourth Amendment rights of thousands of Americans, there’s no realistic way to get a court to say so.

Precisely when secrecy shields the government from public political accountability, the Clapper ruling announces, the Constitution is powerless to protect us as well.

I’ll have a more detailed analysis of the ruling (and dissent) tomorrow.

Legislative Data and Wikipedia Workshop—March 14th and 15th

In my paper, “Publication Practices for Transparent Government,” I talked about the data practices that will produce more transparent government. The government can and should improve the way it provides information about its deliberations, management, and results.

“But transparency is not an automatic or instant result of following these good practices,” I wrote, “and it is not just the form and formats of data.”

It turns on the capacity of the society to interact with the data and make use of it. American society will take some time to make use of more transparent data once better practices are in place. There are already thriving communities of researchers, journalists, and software developers using unofficial repositories of government data. If they can do good work with incomplete and imperfect data, they will do even better work with rich, complete data issued promptly by authoritative sources.

We’re not just sitting around waiting for that to happen.

Based on the data modeling reported in “Grading the Government’s Data Publication Practices,” and with software we acquired and modified for the purpose, we’ve been marking up the bills introduced in the current Congress with “enhanced” XML that allows computers to automatically gather more of the meaning found in legislation. (Unfamiliar with XML? Several folks have complimented the explanation of it and “Cato XML” in our draft guide.)

No, we are not going to replace the lawyers and lobbyists in Washington, D.C., quite yet, but our work will make a great deal more information about bills available automatically.

And to build society’s capacity “to interact with the data and make use of it,” we’re hoping to work with the best outlet for public information we know, Wikipedia, making data about bills a resource for the many Wikipedia articles on legislation and newly passed laws.

Wikipedia is a unique project, both technically and culturally, so we’re convening a workshop on March 14th and 15th to engage Wikipedians and bring them together with data transparency folks, hopefully to craft a path forward that informs the public better about what happens in Washington, D.C. We’ve enlisted Pete Forsyth of Wiki Strategies to help assemble and moderate the discussion. Pete was a key designer of the Wikimedia Foundation’s U.S. Public Policy Initiative—a pilot program that guided professors and students in making substantive contributions to Wikipedia, and that led to the establishment of the Foundation’s Global Education Program.

The Thursday afternoon session is an open event, a Wikipedia tutorial for the many inexperienced editors among us. It’s followed by a Sunshine Week reception open to all who are interested in transparency.

On Friday, we’ll roll up our sleeves for an all-day session in which we hope Wikipedians and experienced government data folks will compare notes and produce some plans and projects for improving public access to information.

You can view a Cato event page about the workshop here. To sign up, go here, selecting which parts of the event you’d like to attend. (Friday attendance requires a short application.)

Why Have a Machine-Readable Federal Government Organization Chart?

When I write and talk about getting better data about the federal government, its activities, and spending, I mostly have in mind strengthening public oversight by bringing computers to bear on the problem. You don’t have to know much about transparency, organizational management, or computing to understand that having a machine-readable government organization chart is an important start.

There should be a list, that computers can process, showing what agencies, bureaus, programs, and projects exist in the federal government and how they are related. Then budgets, bills in Congress, spending programs and actual outlays, regulations, guidance documents, and much more could be automatically tied to the federal organizational units affected and involved.

But it’s not only public oversight that would benefit from such a list.

Mike Riggs at Reason magazine has found that the Office of Management and Budget’s sequestration report issued last September listed a cut to the National Drug Intelligence Center’s budget even though the NDIC went out of business last June.

The first line item on page 121 of the OMB’s September 2012 report says that under sequestration the National Drug Intelligence Center would lose $2 million of its $20 million budget. While that’s slightly more than 8.2 percent (rounding error or scare tactic?), the bigger problem is that the National Drug Intelligence Center shuttered its doors on June 15, 2012–three months before the OMB issued its report to Congress.

That’s embarrassing for the administration, as it should be. Riggs asks, “Might there be other errors in the OMB’s report?”

Getting organized is not just about public oversight. Another reason to have a machine-readable federal government organization chart is to improve internal management and controls. This kind of mistake should be nearly impossible. People at OMB should be able to download the list of government entities at any time, day or night, and be sure that it is the correct listing that uniquely identifies and distinguishes all the organizational units of the federal government at that moment. We should be able to download it, too.

Unfortunately, OMB controller Danny Werfel has been riding the brake on transparency. He and the Obama administration as a whole should be stepping on the gas. In early February, the Sunlight Foundation found that more than $1.5 trillion in federal spending for fiscal year 2011 was misreported on USASpending.gov.

Laws of Creation: Property Rights in the World of Ideas

“What can be said about copyright that doesn’t anger somebody somewhere?”

“Not very much,” I said in answer to my own rhetorical question at the beginning of a December book forum on Copyright Unbalanced: From Incentive to Excess (Mercatus Center, 2012).

Copyright and other intellectual property laws are controversial: Some libertarians regard inventions of the mind as the rightful property of their creators. The Framers, they point out, empowered Congress to secure these rights to authors and inventors. Others lament these laws as information regulations that conflict with natural rights.

The latest turn in the copyright controversy is the Librarian of Congress’s decision no longer to exempt the unlocking of (newly purchased) mobile phones from the proscriptions of the Digital Millennium Copyright Act. In other words, consumers can no longer use their phones on a different network without the original carrier’s permission, even after their contracts have expired.

Derek Khanna, the former Republican Study Committee staffer fired after penning a memorandum strongly critical of current copyright law, called it in The Atlantic the “Most Ridiculous Law of 2013 (So Far),” and a petition asking the president to reverse the Librarian’s ruling has more than 87,000 of the 100,000 it requires to get the White House’s response.

We won’t necessarily get into that particular issue on March 20th when we hear from Ronald Cass and Keith N. Hylton, authors of the book Laws of Creation: Property Rights in the World of Ideas. But Cass and Hilton argue against the notion that changing technology undermines the case for intellectual property rights. Indeed, they argue that technological advances only strengthen the case for intellectual property rights. 

In the view of Cass and Hylton, the easier it becomes to copy innovations, the harder to detect copies and to stop copying, the greater the disincentive to invest time and money in inventions and creative works. Intellectual property laws are needed as much as ever.

Register now for this March 20 noon-time event. It’s the latest in a long series of Cato events examining copyright and intellectual property, subjects on which libertarians often find themselves divided.

More Internet Sales Taxes—and Your Privacy Compromised

Yesterday, Senator Mike Enzi (R-Wyo.) and 19 cosponsors introduced a bill to promote the collection of taxes on Internet sales. I can’t recall seeing a bill so universally condemned in the libertarian, free-market, anti-tax, and pro-innovation communities. The National Taxpayers Union issued a press release, a “myths & facts” one-pager, and wrote it up on their blog for good measure. Here’s the Heartland Institute’s press release. The Competitive Enterprise Institute calls it a raw deal. R Street seems to hate this bill with a burning passion. Our sweethearts at NetChoice went with a Valentine’s theme.

[Update: The Center for Freedom and Prosperity also does not like this bill.]

[Update 2: Americans for Tax Reform does not like Internet sales taxes.]

I think differently from these groups. Oh no, I don’t think it’s a good idea to let state and local tax authorities impose complex taxes on businesses around the country just because they sell online. Doing so would cause Internet sales taxes to soar because tax authorities would be able to impose taxes on people who can’t vote them out of office.

But I think it’s important not to forget the consequences for privacy if Congress were to approve interstate tax collection like this.

Dig down into the bill and you start to see what it takes for states and localities to tax products sent into their states by remote sellers.

For purposes of [collecting taxes], the location to which a remote sale is sourced refers to the location where the item sold is received by the purchaser, based on the location indicated by instructions for delivery that the purchaser furnishes to the seller. When no delivery location is specified, the remote sale is sourced to the customer’s address that is either known to the seller or, if not known, obtained by the seller during the consummation of the transaction, including the address of the customer’s payment instrument if no other address is available.

That means that sellers all over the country would have to turn the addresses of the people they sell to over to state tax authorities. You could design a system to minimize the privacy problems here, but not eliminate them—especially when the time comes for the officials in one state to audit the sales in another.

With All Due Respect, Mr. President, That Is Not True

Conor Friedersdorf notes that stay-at-home mom (and video blogger) Kira Davis asked tougher questions of President Obama on a recent Google+ “hangout” than Steve Kroft of 60 Minutes ever asked. You can watch the exchange in this video starting at the 35:10 mark.

In response to Davis’s question about transparency, President Obama said:

This is the most transparent administration in history, and I can document how that is the case. Everything from—every visitor that comes into the White House is now part of the public record. That’s something that we changed. Just about every law that we pass, every rule that we implement, we put online for everybody there to see.

With all due respect, Mr. President, that is not true.

Now, the White House has put visitor logs online. I was initially unimpressed with the achievement, but I do believe it took a good deal of effort, and there’s no discounting that. Perhaps it symbolizes how low the baseline for transparency has been. And alas the practice may have simply moved meetings out of the White House.

But it is not accurate to say, “Just about every law that we pass … we put online for everybody to see there.”

As a campaigner, President Obama promised to put every bill Congress sent him online for five days before signing it. As I recently reported again in a post called “Sunlight Before Signing in Obama’s First Term,” that was the president’s first broken promise, and in the first year of his administration he broke it again with almost every new law, giving just six of the first 124 bills he signed the exposure he promised. Over his first term, by my count, he gave less than 2/3rds of the bills he signed the promised sunlight.

And many important and controversial bills don’t get sunlight. (The post office renamings always do.) Recent bills denied promised sunlight include the controversial FISA Amendments Act Reauthorization and the “fiscal cliff” bill. Obamacare did not get sunlight—the president signed it the day after Congress presented it to him.

The first three laws President Obama has signed in the 113th Congress have not gotten the promised sunlight.

The Obama administration has taken some small pro-transparency steps, but far from what’s possible, and the House of Representatives is making the greater headway on transparency. President Obama has not put “just about” every bill sent him online. So, in the words of a stellar think tank here in D.C., “With all due respect, Mr. President, that is not true.”

Soviet Cybersecurity, Part II

A year ago, almost to the day, I blogged about a legislative package on cybersecurity being proposed in the Senate. “Soviet-Style Cybersecurity,” I called it, because of the “centralizing and deadening effect” it would have on the many and varied efforts to respond to the many problems lumped together as “cybersecurity.” President Obama’s new executive order, titled “Improving Critical Infrastructure Cybersecurity,” has similar, if slightly more sinister, qualities.

To understand my thinking in this area, you must first understand the concepts in a superlative law review article I first read when I was doing oversight of the regulatory process as a congressional staffer. “Administrative Arm-Twisting in the Shadows of Congressional Delegations of Authority” is by University of Flordia law professor Lars Noah. In it, he described the administrative practice of imposing sanctions or withholding benefits in order to elicit “voluntary compliance” from regulated entities. The upshot? There is no “voluntary” when businesses are repeat players or under ongoing supervision of an agency.

The cybersecurity executive order has arm-twisting all over it.

It is Soviet in its attempt to bring the endlessly varied and changing problems associated with securing computers, data, and communications under a top-down federal plan. Look at how it strains to replicate the nimble action that would be produced in an environment where cybersecurity lapses simply cost businesses money:

The Cybersecurity Framework shall include a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risk…. The Cybersecurity Framework shall provide a prioritized, flexible, repeatable, performance-based, and cost-effective approach….

Translation: “Put spontaneous ordering in the plan.” And, shockingly, this system is supposed to be designed in just 240 days.

Then there is the provision that calls for “voluntary” participation among providers of critical infrastructure and “other interested entities.” Remember, there is no “voluntary” when an agency with supervisory authority wants action.

Finally, we come to the sinister: Section 9(c) of the order requires the Secretary of Homeland Security, along with “Sector-Specific Agencies,” to “confidentially notify owners and operators of critical infrastructure” that the government has designated them as such.

That confidentiality is a secrecy trump-card, played in advance, to chill any company that might think of challenging its designation as “critical infrastructure,” subject to all that planning, planning, planning. A business that publicly challenges its designation has already committed an offense, in our terror-stricken and cyber-gullible land, for revealing a government confidence.

Embedded firmly in their cybersecurity role, government overseers will have one job and that is to prevent a “cyberattack”—most, far more imagined than real. They will invest the resources of the businesses they direct without regard to cost-effectiveness, performance, flexibility, or any of the other market-oriented values that the executive order touts.

Even the sections of the order that promote sharing of threat information from government to the private sector have an authoritarian approach. Rather than having the government propagate information about vulnerabilities far and wide to make all computing more secure, the order creates a closed system of insiders who would be ladled out access to information they could use in their security efforts.

This is inconsistent with industry-standard security reporting practice, which is (generally) to notify the producer of a vulnerability first and all who are susceptible to it in short order. A closed system will preserve vulnerabilities in some sectors, nominally to protect government “sources and methods,” but really to preserve government power.

In my Soviet-Style Cybersecurity post from a year ago, I marveled at how “this bill strains to release cybersecurity regulators—and their regulated entities—from the bonds of law.” Reading President Obama’s cybersecurity executive order for the first time, I wrote in the margin, “Can this be brought under law?” I don’t know that it can, as the president is calling on the executive branch to twist the arms of our nation’s businesses under the cover of secrecy.