Topic: Telecom, Internet & Information Policy

Ohio Backs off of REAL ID

Sometimes there are setbacks to the efforts of the Department of Homeland Security, the American Association of Motor Vehicle Administrators, and state motor vehicle bureaucrats to quietly knit together a national ID. If this story is true, Ohio appears to be breaking with the national ID plan.

What’s remarkable about this case is Ohio’s recognition that the federal government will never act on the threat that TSA will refuse drivers’ licenses and IDs from states that decline to implement the REAL ID Act.

Ohio is among a growing number of states that are refusing to comply with federal standards intended to toughen access to driver’s licenses. … The states are betting that federal officials do not implement plans to accept only “Gold Star” licenses as proof of identity to fly on commercial flights or to enter federal buildings and courthouses. “We’re not so sure the federal government” will only honor IDs that meet its requirements, [Ohio Department of Public Safety spokesman Joe] Andrews said.

Time was when states fell in line at the suggestion of this federal government threat. Eight-and-a-half years after REAL ID became law, the states may be recognizing the inability of the feds to coerce them into implementing their national ID.

FDA Moves To Crush 23andMe

23andMe is a service that combines a home-based saliva testing DNA-sample kit combined with a web-based service to explain what the results mean and put you in touch with other users. At $99, it’s a breakthrough hit in affordable personal technology – and now the Food and Drug Administration is determined to snuff it out. I discuss this appalling development in a new post at Overlawyered: 

…Some of us want to seek out distant relatives and clues about national origins, or satisfy curiosity about patterns of disease in our family lines. For adoptive families, home genome testing can be hugely valuable in cases where one knows little about the medical history of an adoptee’s birthfamily. It’s our body, and our right to inform ourselves about it — or so we thought.

The FDA very likely has decent legal grounds to forbear from a crackdown should it choose to. But the key takeaway sentence from Matthew Herper’s piece in Forbes criticizing the company is: “This is not the way to deal with a powerful government regulator.” Disrespectful, anti-authority attitudes from someone an agency intends to regulate? Ask former Buckyballs CEO Craig Zucker where that gets you. …

Science blogger Razib Khan has suggested that information services like 23andme, rather than submit to expensive and cumbersome regulation as “medical devices,” may simply pack up and move offshore. But even if they do, that won’t be the end of our government’s jealous wish to regulate them – or so I predict in my post.

P.S. Is it relevant that governments themselves, through their law enforcement agencies, run elaborate saliva-, blood- and DNA-collection operations that are hedged with few of the protections of voluntariness, privacy and openness that one finds with 23andMe?

Government: The Bigger, the Leakier

One of the many problems with Big Government is that it abuses our privacy. The potential for abuse has been greatly heightened in the information age. The problem is not just that government officials themselves can abuse the vast troves of data that they collect, but that thieves, hackers, organized crime, and other private actors can gain access as well.

Federal bureaucracies are collecting vast amounts of data and storing it in giant sieves. Officials promise to put safety procedures in place, but those procedures always fall short because the government is so large and vulnerable to human failure. Two stories in the Washington Post today highlight the problems.

One story solves the mystery of how Edward Snowden was able to walk away with tens of thousands of secret NSA documents. As a computer systems administrator, he apparently just asked a couple of dozen agency employees for their log in passwords.

Another story describes how a defense contractor in Asia allegedly used moles in the U.S. Navy Department to gain access to sensitive data about contracts, ship movements, and internal investigations. The contractor used old-fashioned tools to prey on the weaknesses of Navy officials: money and prostitutes. The leaks happened “despite past pledges by the Pentagon to strengthen oversight,” notes the Post.

The huge data data collection effort to support Obamacare is another threat. Despite government promises about ensuring privacy, we now know that the administration skipped crucial security and privacy testing as it rushed to launch the health website.  

Politicians and officials will keep promising to fix things, but as long as the government is a giant vacuum cleaner sucking up and storing vast troves of data, sensitive information will leak. Another dimension of risk is the increased proclivity of our government to share tax, financial, security, and intelligence data with other governments.

Free Trade on the Internet

This is from a recent speech by Senator Ron Wyden (D-OR):

Today, the Internet represents the shipping lane of 21st Century goods and services. It is reshaping global commerce just like social media is reshaping societies. But right now the trade rules don’t neatly apply to the digital economy, despite the growing number of protectionist barriers popping up. The most recent WTO rules were written before the Internet.

It’s time for the digital economy to be within the Winners Circle by keeping data flows open and ensuring that foreign markets aren’t more legally hazardous than the U.S.

This is an important point. With regard to international trade in goods, the impact of the Internet has been significant, but only within certain limits. With the exception of goods for which electronic versions have been developed, you still need to make the goods at a factory and ship them around the world.  

With services, by contrast, the Internet revolution has been greater. A number of services that used to be difficult to trade internationally at all are now tradable with the click of a mouse. To use an example I’ve written about recently, online higher education services are taking off. Someday soon it may be just as convenient for a Washingtonian to get a degree from Melbourne University in Australia as it is to do so from Georgetown.

One problem, though, as Senator Wyden points out, is that many of our international trade rules were written in the pre-Internet era. This became apparent during the WTO dispute over online gambling. The rules could barely fit with this new industry.

The Unpersuasive Case for the NSA Call Dragnet’s Effectiveness

Sen. Dianne Feinstein (D-CA) has an op-ed in the Wall Street Journal ($) defending the NSA’s bulk call records database as a “vital” counterterrorism tool.  While this wouldn’t make the program legal even if true, it also seems clear that the secret Foreign Intelligence Surveillance Court (FISC) has relied, rather uncritically, on the government’s assertions of “necessity” to draw the strained conclusion that every American’s phone records are “relevant” to FBI counterterrorism investigations. It’s thus worth pointing out how extraordinarily weak the case for the program’s utility really is.  Feinstein begins by recycling the claim that if only the NSA program had existed in 2001, the 9/11 hijackers could have been identified and halted before carrying out their catastrophic attack:

Intelligence officials knew about an al Qaeda safe house in Yemen with ties to [hijacker Khalid] al-Mihdhar as well as the safe house’s telephone number, but they had no way of knowing if anyone inside the U.S. was in contact with that phone number in Yemen. Only after 9/11 did we learn that al-Mihdhar, while living in San Diego, had called the safe house.

In congressional testimony in June, FBI Director Bob Mueller said that if intelligence officials had had the NSA’s searchable database of U.S. telephone-call records before 9/11, they would have been able to connect the number to al-Mihdhar and produce actionable intelligence on participants of the developing plot. NSA Director Keith Alexander testified before Congress in October that if the call-records program had existed before 9/11, there is a “very high” likelihood that we would have detected the impending attack that killed 3,000 Americans.

The most obvious problem with this argument is that the court order we’ve seen for phone records explicitly demands two distinct categories of records, for calls “(i) between the United States and abroad, or (ii) wholly within the United States, including local telephone calls.” The first category might have helped identify calls to or from a known safehouse in Yemen, but the latter, much larger category rather obviously would not.  This is simply an attempt to exploit the tragedy of 9/11 to deflect criticism of massive domestic surveillance that would not have been any use in preventing that attack.

Facebook Opens Takedown Hotline for Public School Officials

was critical earlier this year when lawmakers in my home state of Maryland enacted “Grace’s Law,” purporting to ban so-called cyberbullying — in this case, the use of hurtful online language as part of a course of conduct that inflicts serious emotional distress or harassment on a Maryland juvenile, apparently whether or not the speaker knows that the person distressed by the speech is a Maryland juvenile. I predicted that the law would run into trouble in the courts for infringing on much speech protected by the First Amendment.

On Tuesday, the new law took effect, and this morning Maryland attorney general Douglas Gansler unveiled a joint initiative with Facebook and the National Association of Attorneys General (NAAG) in which Facebook will create a new program for school officials, the Educator Escalation Channel — initially limited to use in the state of Maryland, presumably pending similar enactments elsewhere — allowing the officials to object to Facebook users’ content. Per local radio station WTOP, Maryland school officials will be offered the chance to flag “questionable or prohibited” language. That is to say, they will flag speech that isn’t prohibited by the new law but which they deem “questionable.”

The targets of the new program, according to Gansler as quoted by WTOP, include persons who are “not committing a crime… We’re not going to go after you, but we are going to take down the language off of Facebook, because there’s no redeeming societal value and it’s clearly hurting somebody.” That is to say, Gansler believes he has negotiated power for school officials to go after speech that is not unlawful even under the decidedly speech-unfriendly definitions of the new Maryland law, but which they consider hurtful and lacking in “redeeming societal value.”

Already, defenders of the new program are arguing that there’s no problem here, because Facebook as a private entity is free voluntarily to put whatever terms it wants to into its user agreement and enforce them however it likes. Of course, private companies deal voluntarily with a group of state enforcers like the NAAG only in the sense that you or I deal voluntarily with the Internal Revenue Service.

Can we now finally start taking the First Amendment implications of these laws seriously?

The Government Shutdown on the Web

If you’ve tried to reach a government site today, you may have noticed that the “shutdown” applies to the virtual homes and social media accounts of federal agencies no less than their brick-and-mortar offices… at least some them. It’s a bit hard to make sense of why some sites remain up (some with a “no new updates” banner) while others are redirected to a shutdown notice page—and in many cases it’s puzzling why a shutdown would be necessary at all. With the offices closed, you might not have personnel on hand to add new content or other updates, but is pulling the existing content down strictly necessary?  

For agencies that directly run their own Web sites on in-house servers, shutting down might make sense if the agency’s “essential” and “inessential” systems are suitably segregated. Running the site in those cases eats up electricity and bandwidth that the agency is paying for, not to mention the IT and security personnel who need to monitor the site for attacks and other problems. Fair enough in those cases. But those functions are, at least in the private sector, often outsourced and paid for up front: if you’ve contracted with an outside firm to host your site, shutting it down for a few days or weeks may not save any money at all. And that might indeed explain why some goverment sites remain operational, even though they don’t exactly seem “essential,” while others have been pulled down.

That doesn’t seem to account for some of the weird patterns we see, however. The main page at NASA.gov redirects to a page saying the site is unavailable, but lots of subdomains that, however cool, seem “inessential” remain up and running: the “Solar System Exploration” page at solarsystem.nasa.gov; the Climate Kids website at climatekids.nasa.gov; and the large photo archive at images.jsc.nasa.gov, to name a few. There are any number of good reasons some of those subdomains might be hosted separately, and therefore unaffected by the shutdown—but it seems odd they can keep all of these running without additional expenditures, yet aren’t able to redirect to a co-located mirror of the landing page.