Topic: Telecom, Internet & Information Policy

Surprised by the Latest Privacy Invasion? Don’t Be

You shouldn’t be surprised by the revelation that police departments across the country are gathering data about innocent people’s movements.

Using automated scanners, law enforcement agencies across the country have amassed millions of digital records on the location and movement of every vehicle with a license plate, according to a study published Wednesday by the American Civil Liberties Union. Affixed to police cars, bridges or buildings, the scanners capture images of passing or parked vehicles and note their location, uploading that information into police databases. Departments keep the records for weeks or years, sometimes indefinitely.

The ACLU study is here.

You should be outraged that your tax dollars are going into surveillance that undercuts your privacy, but don’t be surprised. Why not? Because Cato told you so.

Here’s text from a study we published nearly nine years ago, Understanding Privacy—and the Real Threats to It:

Red-light cameras and speed cameras are another part of the rapidly growing Big Brother infrastructure. Little technical difference separates a digital camera that takes occasional snapshots from one that records continuous footage. Equipped with optical character recognition technology, traffic cameras may soon have the technical capability to read license plates and scan traffic for specific cars. Networked cameras will be able to track cars throughout a city and on the highways. And database technology will make it possible to create permanent records of the movements of all cars captured on camera.

That material is based on testimony I gave to the House Transportation and Infrastructure Committee’s Subcommittee on Highways and Transit almost a dozen years ago. In it, I addressed the constitutional status of public monitoring like this. I talked about how license plates deprive drivers of the ability to navigate streets anonymously. That’s not the worst privacy invasion, given how driving laws and traffic disputes are administered. But it’s akin to requiring people to wear nametags to walk on public sidewalks.

Because the law has deprived people of the ability to protect privacy, the better view is that there is a Fourth Amendment search when law enforcement notes the license plates on cars. This search is inherently unreasonable if they do so when they do not suspect crime. As soon as red-light cameras are used for anything other than snapping suspected speeders — and they soon will be — these cameras should be shown a red light themselves.

Courts have only just begun to grapple with these issues, including the Supreme Court in the Jones case, which last year held that the government couldn’t attach a GPS device to a car and monitor its movements, even in public, without getting a warrant. I wrote about the state of Fourth Amendment law in this area in an article cleverly (ahem) titled: “U.S. v. Jones: Fourth Amendment Law at a Crossroads.”

Concerned? Yes, you should be. Angry? If you need that outlet. But don’t be surprised to learn that police departments are tracking of every car’s movements without a warrant.

At Cato Unbound: The Private Digital Economy

What if money were private?

One very correct answer is, simply: Money already is private. Sure, there’s the old familiar legal tender of the U.S. government, but the idea of money, and the practices that surround it, are not necessarily tied to the greenback. We all know how money works, and other things can certainly be used in the dollar’s place – if a buyer and a seller agree. From there, if more buyers and sellers agree, the items they use may become a medium of exchange – a class of things held with the intention of passing them along in the market rather than using them directly.

As most of you probably know, that’s exactly what’s happening right now with bitcoin. But is bitcoin sound money? For that matter, what is it that makes a thing sound money? Gold wasn’t sound money just because of its inherent goldiness; it had (and has) distinct, identifiable properties that make it a pretty good money – properties that, say, land, automobiles, or hydrogen conspicuously lack.

How does bitcoin stack up? Will an all-digital private currency one day supplant fiat money? If so, will it be bitcoin or something else? There are alternatives, and some of them are quite successful, albeit less highly publicized in the West. 

Cato’s own Jim Harper discusses these issues in his lead essay for July 2013’s Cato Unbound. Coming up we have essays by Internet security consultant Dan Kaminsky, tech policy analyst Jerry Brito of the Mercatus Center, and Ph.D. candidate Chuck Moulton, who is writing his dissertation on transitions from unsound to relatively sound monetary systems. 

Congress Spends Your Tax Dollars on a National ID

It’s appropriations season! – that wonderful time of year when the House and Senate pass competing versions of legislation to fund government agencies, bureaus, and…whatever pork and pet projects they can squeeze in.

Congress has made most of its spending decisions over the past few years through last-minute continuing resolutions or consolidated appropriations bills. That makes it harder to follow the money (which may be part of the reason they’ve been doing it that way), but it’s important to watch the dollars because some of that money is going toward national ID systems and biometrics.

Last week the House passed their FY 2014 Department of Homeland Security appropriations bill. As in years past, the legislation contains funding for three of everyone’s favorite identification programs: REAL ID, E-Verify, and US-VISIT/the Office of Biometric Identity Management (OBIM), a DHS office covering biometrics for travelers at airports, ports, and other points of entry.

For the coming fiscal year, the House appropriated $114 million for E-Verify, $232 million for OBIM, and $1.2 billion for the State Homeland Security Grant Program (SHSGP), from which grants for REAL ID implementation get doled out to states.

These numbers are consistent with past levels of appropriations for these programs, with the exception of REAL ID, which had its own funding stream until it was folded into SHSGP in fiscal 2012.

NSA Spying, NSA Lying, and Where the Fourth Amendment Is Going

If you want a good primer on the NSA spying disclosed so far, check out the item by Cato alum Tim Lee on the Washington Post’s WonkBlog. It’s a blessedly brief but informative run-down covering:

- mass collection of phone records;

- the PRISM program, which gathers data about Americans incidentally to its stated aim of foreign surveillance; and

- the NSA’s fiber optic eavesdropping: “[T]he NSA has a broad program (actually, several of them) to sweep up Internet traffic from fiber optic cables.”

Also, be sure to read the letter Senators Wyden (D-OR) and Udall (D-CO) sent to NSA head General Keith Alexander yesterday. In it, they point out inaccurate and misleading statements the NSA made in a recently distributed fact sheet. At a certain point, inaccuracies become willful.

On the question of whether surveillance of every American’s phone calling is constitutional, Lee notes how the government and its defenders will rely on a 1979 case called Smith v. Maryland. In that case, the government caused a telephone company to install a pen register at its central offices to record the numbers dialed from the home of a suspected robber. Applying doctrine that emerged from Katz v. United States (1967), the Court found that a person doesn’t have a “reasonable expectation of privacy” in phone calling information, so no search occurs when the government collects and examines this information.

It takes willfulness of a different kind to rely on Smith as validation the NSA’s collection of highly revealing data about all of us. Smith dealt with one suspect, about whom there was already good evidence of criminality, if not a warrant. The NSA program collects call information about 300+ million innocent Americans under a court order. And the Supreme Court is moving away from Katz doctrine, having avoided relying on it in recent major Fourth Amendment cases such as Jardines (2013), Jones (2012), and Kyllo in 2001.

Nobody knows where exactly the Court is headed with the Fourth Amendment in the challenging area of communications, but I’ve argued for reaching back to the wisdom of Justice Butler, dissenting in Olmstead (1929):

Telephones are used generally for transmission of messages concerning official, social, business and personal affairs, including communications that are private and privileged – those between physician and patient, lawyer and client, parent and child, husband and wife. The contracts between telephone companies and users contemplate the private use of the facilities employed in the service. The communications belong to the parties between whom they pass.

Cato Comments on TSA Body Scanners

In 2007, the president and CEO of the RAND Corporation, James Thomson, wrote up his impressions of the management at the Department of Homeland Security. “DHS leaders … ‘manage by inbox,’ with the dominant mode of DHS behavior being crisis management,” he wrote. “DHS implements most of its programs with little or no evaluation of their performance.”

If you want proof, look no further than the nation’s airports. Across the United States, the Transportation Security Administration harries American travelers daily, giving them a Hobson’s choice between standing, arms raised, before a nude body scanner or undergoing a prison-style pat-down. It doesn’t have to be this way.

Nearly two years ago, the U.S. Court of Appeals for the D.C. Circuit ordered TSA to do a notice-and-comment rulemaking on its nude body scanning policy. Few rules “impose [as] directly and significantly upon so many members of the public” as the use of body scanning machines, the court said. Its ruling required the agency to publish its policy, take comments from the public, and consider them in formalizing its rules.

The last day to comment on the proposed rules is Monday, June 24th. You can submit your comments until then.

In our comment, Cato senior fellow John Mueller, Mark G. Stewart from the University of Newcastle in Australia, and I take the TSA to task a number of ways. The TSA fails to account for privacy in its proposed policy, even though the lawsuit that required the rulemaking was based on its privacy consequences.

The policy proposal that TSA issued is hopelessly vague. In fact, the court decision requiring the TSA to put its policies on record is more informative about what the rights of travelers and responsibilities of the TSA are.

Instead of placing its risk management work in the docket, TSA claims that its “risk-reduction analysis” is classified. There is almost no basis for treating such work as secret. Indeed, Mueller and Stewart have done a risk assessment of nude body scanners, published it in an article and their book, and spoken about it at public conferences. Their analysis has shown that the nude body scanning policy does not provide cost-effective security. Quite simply, spending money on nude body scanning buys a tiny margin of security at a price that is too dear. If you add non-monetary costs such as privacy and liberty, as well as opportunity costs such as time wasted due to body scanning, the cost-ineffectiveness of body scanners becomes all the more clear.

Travelers wary of TSA mistreatment choose driving over flying for many short or medium-length journeys. Given the far greater danger of driving, this means more injuries and as many as 500 more Americans killed per year on the roads. Outside of war zones, TSA policies visit more death on Americans than Islamist extremist terrorism has worldwide since 9/11.

The National Research Council found in 2010 that the risk models the Department of Homeland Security uses for natural hazards are “near state of the art” and “are based on extensive data, have been validated empirically, and appear well suited to near-term decision needs.” This is not the case with airline security. In fact, the TSA will accept risks of death that are higher than terrorism in order to maintain nude body scanning policies. The original body scanners, which applied x-ray technology, posed a fatal cancer risk per scan of about one in 60 million. Asked about this on the PBS NewsHour, TSA head John Pistole said this risk was “well, well within all the safety standards that have been set.” The chance of an individual airline passenger being killed by terrorism is much lower: one in 90 million.

TSA’s nude body scanning policies probably cause more deaths than they prevent. For this reason, we recommend in our comment that the TSA suspend the current policies, commence a new rulemaking, and implement a rational policy resulting from an examination of all issues on the public record. After comments close, TSA will issue a final regulation on a schedule it determines, after which the regulation can be challenged in court, and very likely it will.

Hacking for Liberty

You’ve probably heard the old parable about the man looking for his car keys under a street lamp because the light is better there.

I’ve regularly worried aloud about the government transparency project following the same path. Most recently, I pointed out that the president’s executive order was about open data, not transparent government.

“Open data” is pretty much any data the government makes available in useful formats – Agriculture Department data about the gender of farm operators, for example. But don’t look there for government transparency. The Ag Department’s check register is still in the dark.

Transparent government is going to result from data that reflects the deliberations, management, and results of all the government’s agencies and organs. It’s fine to release interesting data, and it’s fine for people to build things with it, but the government transparency project doesn’t advance without data about what government entities are thinking and doing, and how well they’re doing it.

That’s why I’m happy to have offered the legislative data we produce to a hack-a-thon happening this week in San Francisco. Lincoln Labs’ Liberty Hackathon offers $5,000 in prizes to the top producers of technologies that advance civic values like individual privacy and economic liberty. “Top ideas and teams will be considered for future investment.” Sounds good.

My hope is that someone will build something that makes it easier to automatically track what’s happening in Congress, like, oh, spending for example. Our data can automatically reveal every bill that proposes spending, the amount, and the purpose. Wouldn’t it be nice to have that information at your fingertips? You might be inspired to contact your senators and member of Congress and tell them what you think. Maybe an app will tell you how your representatives voted on each and every spending bill that becomes law.

“Data excavation” is how Seamus Kraft at the OpenGov Foundation has characterized the work we do in our Deepbills project, and I’ve been very complimented by his recognition of the work. Transparency will not be a gift from government. We’ll have to dig out the data about the government’s deliberations, management, and results. Maybe this weekend some of the projects produced at the Liberty Hackathon will show how excavated government data energize democracy and protect liberty.

A Reply to Epstein & Pilon on NSA’s Metadata Program

Last week, my colleague Roger Pilon and Prof. Richard Epstein co-wrote a Chicago Tribune op-ed defending the National Security Agency’s bulk metadata collection program. I had not, initially, intended to respond directly: Cato scholars often disagree among themselves—as Roger and I long have in this area—and normally it suffices for us each to state our own affirmative arguments and let readers decide for themselves which is most convincing. However, as I now see that some observers—and in particular, a significant number of libertarians—have mistakenly taken this to mean that “Cato” supports the NSA program, which continues to dominate the news, I feel it’s necessary to say something here about why I (and, as I believe, the majority of my colleagues) reject that view.

In an area where so much remains secret, it is impossible to have a sensible debate unless we are at least clear on the public facts.  So before I address their broader arguments, it is necessary to correct a few important factual errors in the Tribune piece. Pilon and Epstein write:

The names linked to the phone numbers are not available to the government before a court grants a warrant on proof of probable cause, just as the Fourth Amendment requires.

This is incorrect. Nothing in the law would require a warrant to get the name associated with a number, and the public statements of FBI Director Robert Mueller directly contradict this claim.

At the risk of stating the obvious: phone numbers can often be associated with names by a simple Google search, and the NSA and FBI have access to far larger databases that would likely make such an association trivial.

But even if that weren’t the case, 18 USC §2709 allows names, addresses, and other “basic subscriber information” associated with a number to be obtained via a National Security Letter based on a certification of “relevance” to an investigation, with no need for judicial approval. As Director Mueller explained at a recent hearing, this is precisely how such information would be obtained here, assuming it were not already available.

Indeed, once that warrant is granted to examine content, the content can be used only for national security issues, not even ordinary police work.

This is also incorrect. Under 50 USC §1801, the minimization procedures governing information acquired from electronic surveillance shall “allow for the retention and dissemination of information that is evidence of a crime which has been, is being, or is about to be committed and that is to be retained or disseminated for law enforcement purposes.” As the FISA House Report makes clear, this does not refer to terrorism or espionage related crimes, which can already be retained and disseminated as “foreign intelligence information,” but rather to information about crimes “totally unrelated to intelligence matters.”