Topic: Telecom, Internet & Information Policy

This Month’s Cato Unbound: Opportunities for Copyright Reform

By
Jason Kuznicki

Republican Study Committee staffer Derek Khanna made a splash in November when he authored a memo recommending simplification of our copyright system and a significant reduction in its term lengths.

His ideas didn’t sit too well with some folks, apparently, because the RSC removed the memo from its website and let him go.

Well. We kinda liked that memo, so we invited him to discuss its contents at Cato Unbound. He has just done so in this month’s lead essay.

Cato adjunct scholar Timothy B. Lee has written a thoughtful response detailing the dangers of civil asset forfeiture in copyright cases. And two more replies will be out in the next few days – one by Ryan Radia of the Competitive Enterprise Institute, and one by Mark Schultz of Southern Illinois University School of Law. Each will discuss practical, near-term ways to improve copyright policy, an area of ever-increasing commercial and legal importance.

As always, Cato Unbound readers are encouraged to take up our themes, and enter into the conversation on their own websites and blogs, or on other venues. We also welcome your letters. Send them to jkuznicki at cato dot org. Selections may be published at the editors’ option.

Topics: 
Law and Civil Liberties, Telecom, Internet & Information Policy

Larry Downes’ “A Rational Response to the Privacy ‘Crisis’ ”

By
Jim Harper

We don’t expect news reports to exhibit the tightest legal reasoning, of course, but Sunday’s New York Times story on location privacy made a runny omelet of some important legal issues relating to privacy.

The starting point is United States v. Jones, a case the Supreme Court decided last January. The Court held that government agents violated the Fourth Amendment when they attached a GPS tracking device to a vehicle without a warrant and used it to determine the location of a suspect for four weeks. Location information can be revealing.

“Some advocacy groups view location tracking by mobile apps and ad networks as a parallel, warrantless commercial intrusion,” says the story. A location privacy bill forthcoming from Senator Al Franken (D-MN) “suggests that consumers may eventually gain some rights over their own digital footprints.”

Jones was about government agents—their freedom of action specifically disabled by the Fourth Amendment—invading a recognized property right (in one’s car) to gather data. There is little analogy to location tracking by mobile devices, apps, and networks, which are privately provided, voluntarily adopted, and which violate no recognized right. Indeed, their tracking provides various consumer benefits. The Times piece equivocates between the government’s failure to get a legally required search warrant in Jones and uses of data that some may feel “unwarranted,” in the sense of being “uncalled for under the circumstances.”

The first line of Larry Downes’ new Cato Policy Analysis, “A Rational Response to the Privacy ‘Crisis’,” could have been written for the Times’ sloppy analogy:

“What passes today as a ‘debate’ over privacy lacks agreed-upon terms of reference, rational arguments, or concrete goals,” Downes says. The paper examines how the “creepy factor” permeates privacy debates rather than crisp thinking and clear-headed examination.

It’s not that location tracking doesn’t generate legitimate privacy concerns. It does. People don’t know how location information is collected and used. They don’t always know how to stop its collection. And the future consequence of location information collected today is unclear. But the capacity of private actors to harm individuals with location data is limited. Their incentive to do so is even smaller. And avoiding location tracking is simply done (at significant costs to convenience).

As Downes’ piece illustrates, we’ve seen this kind of debate before, and we’ll see it again: A particular innovation spurs privacy concerns and a backlash (whipped by legislators and regulators). A negotiation between consumers and industry, facilitated by the news media, advocates, and a variety of other actors, produces the way forward. As often as not, the way forward is a partial or complete embrace of the technology and its benefits. Plenty of times, the threat never materializes (see pervasive RFID).

Downes explores the legal explanation for what happens when consumers adopt new technologies that use personal information to produce custom content and services—this question of “rights over … digital footprints.” He finds that licensing is the best explanation for what is happening. When consumers use the many online services available to them, they license data that they might otherwise control.

The legal framework Downes puts forward sets the stage for iterative, contract-based development of rules for how data may be used in the information economy. It cuts against top-down dictates like Franken’s proposal to regulate future technologies today, knowing so little of how technology or society will develop.

Ultimately, no legislature can resolve the deep and conflicted cultural issues playing out in the privacy debate. Downes characterizes that debate as revealed tension between Americans’ Davey Crockett side—the privacy-protective frontiersmen—and our collective Puritanism. We are participants in and parts of a very watchful society.

It’s worth a read, Larry Downes’s “A Rational Response to the Privacy ‘Crisis’.”

Topics: 
General, Government and Politics, Telecom, Internet & Information Policy

On Digital Privacy, Congress’ Offer Is This: Nothing

By
Julian Sanchez

It had the makings of a shockingly reasonable legislative bargain: Two outdated federal privacy statutes would be reformed together, removing some unnecessarily stringent restrictions on sharing video records while finally imposing a clear warrant requirement for government searches of e-mail and other private files stored in the “cloud.” Then Congress, perhaps in homage to Darth Vader, decided to alter the deal: A bill weakening the Video Privacy Protection Act of 1988 has been sent to the president for his signature, but without the corresponding badly-needed reforms to the Electronic Communications Privacy Act of 1986.

On the merits, the changes to the Video Privacy Protection Act actually make sense. Passed in the wake of Robert Bork’s unsuccessful Supreme Court confirmation hearings, during which a newspaper published a list of videos rented by the nominee, the VPPA barred any disclosure of video rental records without the explicit and specific consent of the customer on each and every occasion. That seemed reasonable enough at the time, but has proved an annoyance to video streaming services like Netflix and Hulu, which would like to make it easy for users to automatically post the movies and TV shows they’ve watched to social media services like Twitter or Facebook without having to click an extra “I consent” box every time—something that’s not required when users similarly share the music they’re listening to on services like Spotify or Pandora. So those companies wanted to let users give up-front, blanket consent for automatic sharing of videos.

Only the most hardcore privacy watchdogs had a serious substantive problem with such a change, but many nevertheless disliked the idea of diluting one of the stronger privacy statutes on the books when, in so many other areas, changing technologies had rendered existing privacy protections far too weak. Perhaps the most glaring example of this was the Electronic Communications Privacy Act, which established a confusing crazy-quilt of standards for government searches of remotely stored e-mail and other files, often allowing them to be obtained without a search warrant—standards that several appeals courts have already held to fall short of what the Fourth Amendment requires.

So Sen. Pat Leahy (D-VT) had proposed an eminently logical compromise: Bundle together updates to the two statutes, easing the excessively stringent privacy rules for video records while simultaneously requiring the government to obtain a probable cause search warrant in order to look through a person’s e-mail and cloud-stored files, just as they must when they search a personal computer or wiretap a phone conversation. The bundling ensured that privacy advocates—even the hardcore ones who disapproved of the change to the video privacy law—wouldn’t raise too much fuss about it. Few expected Leahy’s package, which had been approved by the Senate Judiciary Committee, to be acted on until the next session of Congress.

Then came the Vader move: The House of Representatives passed its own bill amending the VPPA, but without the provisions enhancing protections for e-mail, and that legislation was quickly approved by the House. Again, this is not a bad thing in itself. But it’s a disturbing sign that, as technology changes, Congress is willing to water down privacy protections that have been rendered unnecessary or overly restrictive, but not to strengthen them even when they’ve clearly fallen badly out of sync with the way Americans communicate in the 21st century.

Topics: 
Government and Politics, Law and Civil Liberties, Regulatory Studies, Telecom, Internet & Information Policy

The Stephen Glass Problem in Intelligence Oversight

By
Julian Sanchez

In today’s debate over reauthorization of the FISA Amendments Act, Sen. Saxby Chambliss deployed a familiar rhetorical move popular with supporters of broad surveillance powers. Chambliss acknowledged that there have been “a few instances” in which the law has not operated as intended, permitting “overcollection” of entirely domestic communications. But this only goes to show that the oversight mechanisms embedded in the law are working so very well! Moreover, echoing Sen. Dianne Feinstein, he asserted (though of course we can’t check the claim) that the violations that have been discovered have been the result of error, not deliberate abuse.

The first thing to say about this argument is that it’s something of a tautology: Violations of the law (or its spirit) that we’ve identified have been successfully identified! If safeguards and oversight measures discover no such violations, we’re supposed to assume that everything is working great. If they do uncover violations, it’s proof that current oversight is robust and no further safeguards are needed. Catch 22!

A more subtle problem, however, is that oversight of large-scale secret surveillance programs are most likely to uncover inadvertent (and so relatively benign) violations rather than deliberate ones. I think of this as the Stephen Glass Problem, after the infamous fabulist who managed to publish dozens of wholly fabricated articles in The New Republic despite the magazine’s legendarily rigorous fact-checking process—a story wonderfully chronicled in the film Shattered Glass and a Vanity Fair article of the same name. The problem, as editors later realized, was that the fact checking process was very good at catching accidental errors, but not equipped to deal with a journalist who was deliberately fabricating stories, and then exploiting his knowledge of how the fact checkers worked to ensure that his fabrications would pass muster, creating phony web-sites, voice mail accounts, and e-mail addresses to “confirm” his bogus facts. Accidental violations are always easier to catch, because accidental violators are not taking steps to conceal their violations.

Read the rest of this post »

Topics: 
Foreign Policy and National Security, Government and Politics, Law and Civil Liberties, Telecom, Internet & Information Policy

The Senate’s Rushed Debate on NSA Spying Powers

By
Julian Sanchez

As I write, the Senate is gathering in an unusual special session to debate the reauthorization of the FISA Amendments Act, which I discussed in a recent Cato podcast. Unfortunately, as Sen. Ron Wyden pointed out in opening the discussion, this sparsely-attended holiday session is likely to be the only full floor debate on sweeping surveillance legislation that has been in force for four years already (during which we know it has already been used unconstitutionally), and is all but certain to be renewed for another five. That’s especially disturbing given that, when the House debated the law back in September, its strongest supporters revealed themselves to be profoundly confused about what the law does, and just how much warrantless spying on the communications of American citizens it permits, despite being nominally restricted to “foreign targets.”

Our friends at the Heritage Foundation have a post up sounding the Klaxon to warn of dire consequences if the Senate fails to renew the law without substantial changes. Hearteningly, even Heritage seems to be comfortable with proposed reforms requiring the secret FISA Court to publish declassified versions of substantial interpretations of the statute, so we are not effectively living under a body of secret law.  But their vague claim that some amendments would “substantially change the nature of the legislation” doesn’t really hold up.

Here’s a rundown of amendments that will be proposed. With the exception of a genuinely radical one offered by Sen. Rand Paul—proposing that the Fourth Amendment applies to our digital records and communications even when they’re stored by an Internet company—they’re all very mild, utterly common sense tweaks. One offered by Sen. Pat Leahy would extend the FAA for three years rather than five, in hopes that we might actually have a more substantial debate about this incredible spying power soon. Sen. Jeff Merkley is offering the one mentioned above, ensuring that we’re not living under secret law.  

Finally, Sen. Wyden has two important amendments. One would require the NSA to produce a rough estimate of how many Americans’ communications are intercepted under the sweeping “vacuum cleaner” style programs authorized by FAA, which they have thus far refused to do, probably in part because the number would be distressingly high.  A second would prohibit “backdoor searches” targeting Americans.  The idea here is that precisely because warrantless FISA surveillance is so sweeping, and large numbers of Americans’ communications are likely to end up in the NSA database even if foreign groups are in theory the “target” of surveillance—as we know has already happened on a large scale—it becomes possible to effectively “target” Americans simply by entering their names or other identifying information in searches of the database.  That’s obviously a way of circumventing the law’s ban on “reverse targeting” that is really meant to spy on Americans under authority nominally aimed at foreigners. Wyden’s amendment would simply require an individualized FISA warrant when agents want to search their vast communications database for a particular American’s information. The NSA has objected to the term “backdoor searches” and the characterization of this process as a “loophole” in the law—but they certainly haven’t denied that the law as written allows them to do this, and have resisted this effort to prohibit it. Yet if, as supporters insist, this is really a law aimed at foreigners rather than Americans, surely such a requirement should be a no-brainer.

Amendments aside, it’s worth noting that nothing dire would happen if the law expired for a while. Programmatic surveillance authorizations under the law—covering entire “categories” of surveillance targets rather than particular people—last for a year, and would continue unmolested if the law lapsed. As we now know, claims made in 2008 about immediate problems arising from the expiration of the predecessor to the FAA were highly misleading, and one suspects deliberately so. We also know that the hyperbolic claims about the value of the initial, extralegal warrantless wiretap program didn’t hold up to scrutiny once the Inspectors General got around to auditing the program. There’s no realistic chance the Senate is going to let this legislation expire but, Mayan calendar notwithstanding, the world would not end if it did.

Given that this law is going to be renewed, ask yourself: Aren’t the checks discussed above just common sense? Shouldn’t we know what the laws we live under actually mean, as interpreted by the courts?  Shouldn’t we know approximately how many Americans are being secretly spied on by the government? If a surveillance program is, in principle, supposed to be exclusively aimed at foreigners, then shouldn’t a warrant be required before  that program can be explicitly and deliberately used to read the e-mails of Americans? It is hard to imagine how anyone could oppose any of these principles, whether or not they approve of the FISA Amendments Act as a whole. If our friends at Heritage—or more to the point, members of the Senate—do oppose any of these, we should at least ask for a convincing explanation of why, not a vague suggestion that we’re all in danger unless we shut up and embrace the status quo.

Topics: 
Foreign Policy and National Security, Government and Politics, Telecom, Internet & Information Policy

FTC Oversteps Its Bounds

By
Jim Harper

This week, the Federal Trade Commission awarded itself a holiday gift: more regulation of the Internet.

Under the Children’s Online Privacy Protection Act, a 1998 law designed to insulate children from marketing, It Takes a Village-style, the FTC found that it gets to regulate more intensively and confusingly.

The regulation is a mostly unremarkable expansion of authority. Like any political actor would do, the FTC followed the path of least resistance, avoiding raising the hackles of any major player in the marketplace. (Regulation tends to advance the way spilled paint spreads on cobblestone.) Of course, there are few major players in the marketplace because COPPA has increased the cost of serving entertaining and educational content to children since the Internet’s earliest days. The Association for Competitive Technology got it right in a release calling COPPA “improved for big companies, not for education startups.”

One interesting point about the new regulation is not political, though. It’s legal. The agency arguably overstepped the authority Congress gave it.

FTC Commissioner Maureen Ohlhausen explains:

The statute provides, “It is unlawful for an operator of a website or online service directed to children, or any operator that has actual knowledge that it is collecting personal information from a child, to collect personal information from a child in a manner that violates the regulations prescribed [by the FTC].” … [T]he amendments add a new proviso to the definition of operator in the COPPA Rule: “Personal information is collected or maintained on behalf of an operator when: (a) it is collected or maintained by an agent or service provider of the operator; or (b) the operator benefits by allowing another person to collect personal information directly from users of such website or online service.” The proposed amendments construe the term “on whose behalf such information is collected and maintained” to reach child-directed websites or services that merely derive from a third-party plug-in some kind of benefit, which may well be unrelated to the collection and use of children’s information (e.g., content, functionality, or advertising revenue).

In other words, if a Web site directed at children uses third-party plug-ins to enhance its functionality, analytical capability, and such, and if the plug-in collects information, then the Web site operator is responsible as if it were collecting the information. The result? Web sites aimed at children will avoid using third-party technology to enhance the experience of kids.

Commissioner Ohlhausen: “I find that this proviso—which would extend COPPA obligations to entities that do not collect personal information from children or have access to or control of such information collected by a third-party—does not comport with the plain meaning of the statutory definition of an operator in COPPA.”

Read the rest of this post »

Topics: 
Government and Politics, Law and Civil Liberties, Regulatory Studies, Telecom, Internet & Information Policy

Time, Once Again, for Our Odd National ID Ritual

By
Jim Harper

It doesn’t happen on the same cycle as our annual holiday traditions, but the arrival of another REAL ID compliance deadline means that it’s time for some comfortable and time-worn rituals.

Federal bureaucrats caroling? Security hawks lighting the menorah? Alas, nothing so charming.

The January 15 “deadline” for state compliance with our national ID law, the REAL ID Act, will bring out state and local officials worrying about whether people will be able to board planes in late January. You see, REAL ID says that federal officials like the TSA can’t accept IDs from non-compliant states. Greg Roberts from the Lafayette (LA) Regional Airport thinks the TSA might turn away travelers bearing IDs from his state next month.

Federal officials will then send worried missives to Department of Homeland Security Secretary Janet Napolitano. “What will become of us if you don’t extend the deadline?” they’ll plead, hoping for their constituents to hear. Senators Jeff Bingaman (D) and Tom Udall (D) of New Mexico did that this week.

Next comes the secretary of homeland security.

Sometimes, our top homeland security official is very, very scary toward the states, like Michael Chertoff was. “There comes a point in time where all the discussion and analysis has to stop,” he said in a press conference nearly five years ago. “The time has come to bite the bullet.”

Sometimes, the DHS secretary is very, very quiet, like Janet Napolitano. Having blocked REAL ID legislation as Arizona’s governor, she’s been all over the map since becoming a federal official. She knows REAL ID is going nowhere, but she doesn’t want to attract the slings of Republican security hawks who would try to blame her and President Obama for it.

And that’s the most amusing part of this tradition. REAL ID is going nowhere fast. But people in the press don’t know that. And state and local officials don’t follow the issue carefully, so they think they have to fall in line with the national ID program. Yet they never have, and they never will.

Read the rest of this post »

Topics: 
Foreign Policy and National Security, Government and Politics, Law and Civil Liberties, Telecom, Internet & Information Policy

Pages