Topic: Telecom, Internet & Information Policy

Adventures in FOIA-Land (or: Red Tape Is Not Transparent)

By
Julian Sanchez

The Justice Department’s Inspector General has just completed their most recent review of surveillance under the FISA Amendments Act of 2008, which is set to expire at the end of this year. The report, however, is classified—meaning the public is unlikely to see it before Congress votes to reauthorize the law for another five years during the lame duck session. Steven Aftergood of the Federation of American Scientists is trying to get a declassified version released—but he’s probably got a long wait ahead of him.

As regular readers of the Cato blog may recall, I recently wrote about my efforts to get even earlier versions of this report out of the government, in hopes of understanding something about the National Security Agency’s use of the sweeping surveillance powers granted by the FISA Amendments Act. Because it authorizes broad, programmatic interception of international communications without individualized search warrants, Congress insisted that the intelligence community produce a semi-annual report evaluating the NSA’s compliance with the law’s various procedures and safeguards, and highlighting potential civil liberties issues. Given the vast scale of surveillance under the FAA, it’s hardly a guarantee of adequate oversight, but it’s something. The ACLU had managed to get the first few such reports released, under the Freedom of Information Act, so way back in June, I filed a FOIA request of my own for the most recent reports. I asked for expedited review, arguing that since Congress is expected to extend those surveillance powers before the end of December, there was a strong public interest in getting these evaluations out as early as possible. Let me say again: I submitted this request in June.

In September—long past the statutory deadline of 20 business days—I finally heard back from the Justice Department, which said they could “neither confirm nor deny the existence” of reports that were required by federal law. Unsurprisingly, I appealed this facially ridiculous denial of my request—and to her credit, the senior FOIA officer at DOJ immediately acknowledged that this response had been inappropriate.  By mid-September, just under three months after my initial request went in, I was informed that they’d identified the reports I was looking for and forwarded them to the Office of the Director of National Intelligence (ODNI) for a declassification review, which they expected would be completed by early November. Joy! Would we actually get information about an intelligence program out of the government without a lawsuit? Maybe even in time to have a semi-informed public debate?

Well, no. ODNI informed me earlier this month that they were wrapping up their review and redaction Any Day Now, at which point… their redacted version would be forwarded, one at a time, to every other intelligence agency whose activities were referenced in the report. At each agency, it would go to the back of the line of FOIA requests, exactly as though it had just been submitted for the first time. Estimated time before a heavily censored version of these reports see the light of day: Another six months. At least. By which time, it won’t matter much what these reports say about NSA’s use of its sweeping powers, because Congress will have already given them another five years of spying authority.

Notice what this means in practice: Even though a court has already established, thanks to an ACLU lawsuit, that they are legally required to release redacted versions of these reports to the public on request, a cumbersome bureaucratic process effectively guarantees that it takes a solid year to get this information out, which means at best you’re working with what the assessment found two reports ago, allowing the government to assert that they’ve fixed whatever problems were found. In this case, the timing of the review process conveniently guarantees that whatever we learn will come far too late to influence this year’s vote on FAA powers, but be old news by the time Congress takes up the question again. It’s a little hard to swallow the claim that all this delay is remotely necessary: Are we really supposed to believe that the Office of the Director of National Intelligence will be so slipshod about letting sensitive classified information through that their work has to be independently double checked by every other intelligence agency? And that this process has to take six months or longer, even after ODNI has done their initial review and redaction? Of course it doesn’t: This is a bureaucratic procedure designed, not to protect national security, but to allow stalling on the release of politically inconvenient information that the courts won’t allow to be completely hidden from the public.

This is, needless to say, a far cry from early promises that Obama would preside over “the most transparent administration in history”—and it’s part of a larger pattern of failure on that front. What we should really be asking is why I had to submit this request at all. In his first days in office, after all, President Obama issued a directive not only urging agencies to err on the side of disclosure, but to adopt a policy of proactive release of documents likely to be of public interest. Surely if there were any doubt about the public interest in the use of sweeping surveillance powers, it should have been put to rest after the ACLU won release of the earliest compliance reports. So why didn’t the Justice Department follow President Obama’s directive and draft these reports with an eye toward preparing a declassified public version, knowing full well that civil liberties groups would come asking? Well, because then they wouldn’t be able to obfuscate and delay for months and months. Because then the public might be able to have an informed discussion about the secret surveillance powers we’ve given our spy agencies before we vote to extend them. Heaven forfend.

So will there be any consequences for officials who’ve so flagrantly disregarded the president’s transparency directive? Or was the “order” to adopt more transparent policies just a bit of political theater, delivered with a wink and a nudge? I have my suspicions, but Obama still has time to prove me wrong.

Topics: 
Law and Civil Liberties, Telecom, Internet & Information Policy

The ITU’s Floundering Effort to Retake the Internet

By
Jim Harper

If you haven’t been following the push by regulators from the International Telecommunications Union to grab control of the Internet, Larry Downes’ article on Forbes.com this morning is a good window onto events.

Government regulators have long controlled and profited from telecommunications, also using it for surveillance. With the growth of the Internet, government regulators from around the world have lost their grip on communications, and now they are working to get it back. At the World Conference on International Telecommunications (or WCIT, commonly pronounced “wicket”) meeting in Dubai early next month, ITU regulators plan to introduce a series of proposals that would recapture telecommunications for the national regulatory bodies.

But, while showing just how out of touch ITU regulators are, Downs illustrates that the game has changed. A slick PR campaign will not help the ITU roll the telecom and Internet firms that oppose their plans. The telecom and Internet firms aren’t even the most important players.

The ITU is no different than the sponsors of ACTA, SOPA, PIPA, and other attempts at regulating the Internet, its content, or its users by governments large and small. Like the media lobbyists who continue to see the successful fight to kill SOPA and PIPA as a proxy war waged solely by Google and other Internet companies, the ITU simply can’t accept the reality that Internet users have become their own best advocates. Without prodding, they readily work together to defend a common-sense faith in self-governance for engineering resources and an unshakable belief in a free marketplace of ideas, the cornerstones of the Internet’s success.

That’s a little triumphal, but not too triumphal. The Internet is not governments’ to regulate.

Of course, governments will not release their grip on communications easily. The ITU’s unsubtle and ham-handed attempt to take control of the Internet is only one instance, belying more insidious work being done in the U.S. and abroad to tax and control us through our communications infrastructure.

Continued vigilance in the face of these efforts will defeat them, vigilance being—as always—the price of liberty.

Topics: 
Telecom, Internet & Information Policy

Where Should Libertarians and Conservatives Be on Copyright? (Event 12/6)

By
Jim Harper

Last week, an influential House Republican group made a feint toward supporting revamp of copyright law. On Friday, the Republican Study Committee issued a paper harshly criticizing copyright law as it stands today and calling for a variety of reforms. Then it quickly retracted the paper. On Saturday, the paper came down from the RSC site, and RSC Executive Director Paul Teller issued a statement saying that the paper had been issued “without adequate review.”

Today, it’s hard to find a source on the tech policy beat that isn’t writing about it: Politico, Hillicon Valley, C|Net, TechDirt, Ars Technica, and TechCrunch, for example. The American Conservative was on the story early, coming out with a highly laudatory comments on the RSC policy brief.

That was the beginning of the conversation. It continues on Thursday, December 6th when we’ll be hosting a book forum on the topic of copyright here at Cato.

The Mercatus Center’s Jerry Brito has edited a volume the thesis of which is evident in the title: Copyright Unbalanced: From Incentive to Excess. In addition to Brito, contributor (and Cato alum) Tom W. Bell will speak. And we’ll have able response and counterpoint given by Mitch Glazier, Senior Executive Vice President at the Recording Industry Association of America.

Jerry Brito has written more about the book in a Tech Liberation Front blog post this morning. Our book forum is on December 6th here at Cato. Register now.

Topics: 
General, Telecom, Internet & Information Policy

Unanswered Questions About the Petraeus Case

By
Julian Sanchez

As more details emerge about the FBI’s role in exposing the sex scandal that led to the resignation of CIA director David Petraeus, more than a few observers are finding the FBI’s broad power  to snoop through private and highly intimate e-mails more disturbing than any of the sexual misconduct those e-mails revealed. Yet despite a seemingly endless stream of FBI leaks about the investigation, a surprising number of crucial questions about this stunningly broad and intrusive inquiry remain unanswered.

For those who’ve managed to avoid the media feeding frenzy, The Atlantic has a handy timeline of what we know about the investigation so far. It appears to have begun with a complaint by Florida socialite Jill Kelley about some “harassing” e-mails she received from an anonymous source criticizing what the sender perceived as an inappropriate relationship between Kelley and some of the generals she’d befriended at a local military base. Though the e-mails contained no specific threats, and have been characterized by at least one source as more catty than menacing, Kelley reported them to a friend in the FBI. According to FBI sources, superiors became worried that the agent was “obsessed” with the case, ultimately barring him from the investigation.

Despite the relative thinness of the case—the FBI as a rule does not devote serious resources to tracking down senders of nonthreatening, catty e-mails, and only 10 cases have been prosecuted under federal cyberharassment law over the past two years—the Bureau opened a cyberstalking investigation, supposedly at least in part because they were concerned by references to the “comings and goings” of generals, and to events not on published schedules. Using subpoenas for the access logs of the anonymous e-mailer’s account, they linked it to activity on other accounts, as well as the hotels from which they had been accessed, ultimately exposing the author as Petraeus biographer Paula Broadwell.  Armed with this information, the FBI obtained legal process to compel the disclosure of the contents of her accounts, uncovering an illicit affair between Broadwell and Petraeus.

That’s what we know.  But there’s a lot that we don’t—a lot of pieces that just don’t fit. Here are some of the bigger unanswered questions:

  • Was this strictly a cyberstalking investigation, or did it become a national security or counterintelligence investigation at some point? If so, when, and with what predication?
  • Kelley, a “volunteer social planner” with no apparent security clearance, was attending many of the same events referenced in these e-mails, which suggests that they were not exactly top secret, and must have been known to many people in Kelley’s social circles. Why would anyone make the leap from knowledge of events shared by the Real Housewives of Tampa Bay to a potential leak of actual classified information? Wouldn’t any mystery surrounding this be resolved once the e-mailer was revealed as Petraeus’ biographer?
  • Reuters reports that investigators used “administrative subpoenas” to obtain Broadwell’s e-mail access logs. But the FBI has statutory subpoena authority only in a fairly limited class of criminal investigations: narcotics, child abuse, health fraud, telemarketing fraud. Under what authority did they issue such subpoenas in a cyberstalking investigation?
  • Alternatively, were National Security Letters used on the theory that there was enough evidence to justify pursuing the case as a counterintelligence investigation (despite multiple reports that it was a harassment case)? The NSL statute permits them to be used for”counterintelligence activities,” but “intelligence activities” are defined as being conducted on behalf of a foreign power. Was there any evidence whatsoever of such a foreign link?
  • Having identified Broadwell as the author of the e-mails, why was access to her accounts sought? If it was only to confirm that the e-mails shown to the FBI by Kelley had truly originated there, why wasn’t the request limited to those e-mails? Why not issue a preservation order to the e-mail provider, to prevent deletion of evidence, and confront Broadwell before resorting to such an intrusive measure?
  • Most reports indicate that the legal process used to obtain access to those accounts was a search warrant based on “probable cause.” Who issued it, and on what basis? “Probable cause” means “probable cause to believe evidence of a crime will be discovered.” What was the crime? What evidence was sought? Justice Department attorneys now appear to have concluded that Broadwell’s e-mails were not criminal after all. Was a different determination made at this stage of the investigation? By whom? What changed?
  • Broadwell is arguably a journalist—or at any rate, has been described as such by members of Congress. Investigations touching on such “sensitive” subjects are supposed to be personally approved by the attorney general because of potential First Amendment implications. Was Eric Holder informed of the FBI’s investigation of Broadwell before her e-mail accounts were accessed? Did he authorize the search personally?
  • Search warrants are supposed to “particularly describe” the evidence to be “seized.” Police searching for a stolen car are not supposed to rifle a suspect’s underwear drawer. Agents wiretapping a mob boss are not supposed to keep listening when the target’s wife calls her doctor on the same line. In cases involving digital evidence, this often means a two-step process where a cursory review of the account contents is conducted to determine which particular messages are within the scope of the warrant. Alternatively, providers may be given a time window or list of correspondents relevant to the investigation.  What was the scope of the warrant issued here? How did investigators end up reading “thousands” of e-mails between  Broadwell and Petraeus in the course of a search for evidence in a stalking investigation?
  • Some reports suggest that investigators became concerned the CIA director’s personal e-mail might have been hacked. Why would the CIA not be informed of such a serious potential breach immediately?
  • How did thousands of pages of e-mails between Kelley and Gen. John Allen come to be exposed in an investigation where Kelley was the putative victim? If they were not evidence of any crime, why were they shared, leading to their existence eventually becoming public knowledge?

There are, incredibly, quite a few more unanswered questions, but these seem like a good start. At every stage of this investigation—including the very fact of its existence—there are things that just don’t make much sense. If Justice Department officials don’t start answering them for reporters soon, they should be made to provide those answers to Congress—under oath.

Topics: 
Law and Civil Liberties, Telecom, Internet & Information Policy

A Condom Conundrum: Private Parts in the Public Sphere

By
Julian Sanchez

While they were turning out to the polls to help reelect President Obama on Tuesday, residents of Los Angeles County also approved a ballot initiative known as “Measure B,” requiring the producers of “adult films”—meaning porn, not Criterion Collection fare—to acquire a public health permit and adhere to a number of regulations, most controversially a mandate that performers wear condoms on the set. Prominent industry figures such as James Deen have opposed the measure on the grounds that it is unnecessary in light of the existing rigorous testing regime, counterproductive in the context of shoots that require performers to have intercourse for “nonstandard amounts of time,” and will ultimately be ineffective as filming will simply move outside Los Angeles County.

These are all compelling points, but the measure also raises some interesting theoretical questions in an industry where, as in journalism before it, new technology has blurred the once-sharp lines between amateur and professional content production.

While I will refrain from linking to any examples on this family-friendly blog, “traditional” professionally produced adult video now competes with an array of sites specializing in amateur or quasi-amateur sexual content. Some entrepreneurial couples and individuals launch their own personal sites, making home videos and live webcam streams available to subscribers. Other sites act as middlemen, purchasing home videos shot by amateur couples for online distribution. Still others serve as platforms on which individuals and couples can stream live sexual content from their home web cameras, earning revenue based on the number of viewers. While it seems clear that Measure B is not intended to target these amateur producers, they do seem to fall within the scope of the law’s definitions, strictly construed.

Here’s a thought experiment: Imagine a couple who sometimes tape their sexual activity for—at least initially—their own private enjoyment. In the past, when money was tight, they periodically sold these videos to a subscription-based website that specializes in homemade fare, and they expect that they may do so again in the future as the need arises. At what point are they required to  register with the state and pay a permit fee if they wish to continue taping in their own bedrooms? If they fail to do so, are they later liable should they attempt to sell or self-distribute those recordings, either for a subscription fee or on an ad-supported website?

Now, realistically, I find it almost inconceivable that Los Angeles would seek to enforce the law against the imaginary couple I’ve described. I find it slightly more plausible that an L.A.–based couple who maintain their own site could be affected, and one can also imagine an aggregation and distribution site or platform being targeted—perhaps at the urging of traditional studios looking to eliminate the competition—though it is hard to see how such sites could feasibly comply with some of the law’s requirements. If a similar law were adopted nationally, or by many states—making it harder for professional studios to resume business by moving elsewhere—some of these scenarios become a good deal less far-fetched.

Again, given that the intent of the law is fairly clearly to regulate traditional professional porn studios, I expect that in practice they are likely to be the exclusive targets of enforcement for the foreseeable future, and those who wish to continue shooting scenes sans-latex will find plenty of nearby jurisdictions happy to welcome their business. Still, I think it’s an interesting class of hypotheticals to contemplate, because it problematizes the widespread view that there’s some sharp and clear distinction between the realm of private intimacy shielded from state interference and the realm of commerce subject to broad regulation. Here, it becomes especially clear that the commercial regulation inevitably implicates rights of personal sexual choice and bodily autonomy. But commerce has never really been some hermetically sealed domain, where rules that conflict with the values or preferences of workers and entrepreneurs somehow don’t count as impinging on personal autonomy, in contrast with the sacrosanct domain of the home where such intervention would be anathema. In a digital economy that makes “home” and “workplace” the same place for a growing number of people—where the boundary between personal projects and production for profit becomes increasingly blurred—that distinction seems likely to become increasingly untenable in more and more areas.

Topics: 
Law and Civil Liberties, Regulatory Studies, Telecom, Internet & Information Policy

This Would Raise the Price of Cell Phone Service

By
Jim Harper

You’d think consumers didn’t care about price.

This HuffPo piece makes the wireless industry’s resistance to regulation requiring backup power at cell sites sound all “corporate-y.”

“The biggest issue is they have not wanted to invest the money in hardening their networks sufficiently against a catastrophic event,” says Harold Feld, senior vice president at Public Knowledge.

Industry group CTIA says the proposed requirements “would unnecessarily burden wireless carriers and potentially undermine the investments and network planning that have made their networks so successful.”

What about the fact that the cost of backup power requirements would be passed on to consumers in the form of higher prices?

The case for a backup power regulatory mandate sounds weak. During the biggest storm in who-knows-when, in the most populous regions of the country, “thousands” were left without cell phone service. What percentage of the New York-New Jersey metropolitan area’s population is that?

“As power returned to many areas over the weekend, wireless carriers reported that more than 95 percent of their cell towers in areas affected by the storm were working.”

Lost service is a real thing that happened, but other dimensions of preparedness and response seem to have gone much worse.

To the extent lost service had a proximate relationship to someone not getting the help they needed, Superstorm Sandy makes clear the consequences of large weather events, and it will educate consumers and cell phone providers both about the risk of lost communications during natural disasters. Both will respond as they see fit.

But raise everybody’s cell phone bill permanently to secure against outlier events? Let’s put our thinking caps on:

Given the increased cost, marginal cell phone consumers would drop their service and they wouldn’t have access to communications when they were in emergency situations.

It seems to me that getting a cheaper cell phone plan to people who may often have occasion to report muggings-in-progress is a greater protection for the public than insuring the wealthier consumer against lost service during extremely rare weather events.

Topics: 
Telecom, Internet & Information Policy

Obama Lags House Republicans on Data Transparency

By
Jim Harper

For the last two years, we have been working on the question of data transparency. In a paper last fall called Publication Practices for Transparent Government, we examined what it takes to foster transparency. And we started informally grading the quality of data put out by Congress and the administration. First, it was legislative data, which, as I reported here, needs improvement. (Also see our Capitol Hill briefing.) Then it was budget, appropriations, and spending data. In that area, “needs improvement” is an understatement. (And another Capitol Hill briefing.)

Now we are in a position to formally grade the quality of data coming out of the government. And the interesting finding, to be formally released on Monday, is that President Obama lags House Republicans in transparent data publication. The paper is called “Grading the Government’s Data Publication Practices.”

Obama is the president who ran in 2008 on strong promises of transparent government. Within minutes of his taking office on January 20, 2009, the Whitehouse.gov website declared: “President Obama has committed to making his administration the most open and transparent in history.”

His first presidential memorandum, issued the next day, was entitled “Transparency and Open Government,” and it declared:

My Administration is committed to creating an unprecedented level of openness in Government. We will work together to ensure the public trust and establish a system of transparency, public participation, and collaboration. Openness will strengthen our democracy and promote efficiency and effectiveness in Government.

That hasn’t really happened.

President Obama’s Sunlight Before Signing campaign promise— his pledge to post laws to the White House website for five days of public comment before he signed them—was his first broken promise. It went virtually ignored in the first year of his administration.

But it wasn’t a lack of energy and creativity that derailed the transparency project.

It was a subtle “shift in vocabulary” in the open government effort. Instead of data about the core of government that made Obama’s campaign claims so attractive, data about the government’s deliberations, management, and results, the administration delivered data the government collects and warehouses about everything under the sun.

There is still no machine-readable organization chart for the federal government. The agencies, bureaus, programs, and projects of government—its basic building blocks—don’t have identifiers people could use to track the government with the aid of their computers. That is why, as you can see above, the administration gets very poor grades on its data publication practices.

Meanwhile, the Congress has plodded forward with data publication reforms that, although minor, represent progress. The House leadership, for example, produced docs.house.gov, at which it makes available the bills coming to the House floor in a format that can be automatically read and disseminated.

A follow-on, beta.congress.gov, will eventually replace the THOMAS Web site. THOMAS was revolutionary for its time, but ideally a basic web interface and bulk data access will make for a robust legislative information environment.

Congress’s grades are better than the administration’s, though nobody can argue that the job is done.

The report summarizes things this way:

Between the Obama administration and House Republicans, the former, starting from a low transparency baseline, made extravagant promises and put significant effort into the project of government transparency. It has not been a success. House Republicans, who manage a far smaller segment of the government, started from a higher transparency baseline, made modest promises, and have taken limited steps to execute those promises.

Topics: 
Telecom, Internet & Information Policy

Pages