Topic: Telecom, Internet & Information Policy

The E-Verify Debate as it Stands in Kansas

Here’s a good article in the Wichita Eagle on the debate over E-Verify, with particular reference to the state of Kansas, where the legislature recently considered requiring employers to use this system for a federal background check on all new hires.

My paper, “Electronic Employment Eligibility Verification: Franz Kafka’s Solution to Illegal Immigration,” is here.

Headline Writers’ Lacking Literary Knowledge

Twice in two days now, I’ve come across news articles using the term “Big Brother” to refer to private sector information practices that affect privacy. Big Brother is not an appropriate shorthand here. In his book 1984, George Orwell gave the name “Big Brother” to the oppressive government that observed and controlled the lives of the book’s protagonists. The unique oppressive powers of this governmental entity were a central motif of the book.

Yesterday’s Washington Post had an article headlined “FTC Wants to Know What Big Brother Knows About You.” Is the Federal Trade Commision examining warrantless wiretapping, one hopes? Alas, no — they’re looking at “behavioral targeting” on the Web. This is when advertisers collect information about Web surfers with cookies, using it to direct more relevant ads their way.

Consumers who care to can “opt out” of nearly all “behavioral targeting” by setting their browsers not to receive third-party cookies. In both Internet Explorer and Firefox, the “Tools” pull-down has a selection called “Options.” Clicking the “Privacy” tab allows users to set blanket bans on cookies or site-specific preferences.

Behavioral targeting is in no way an exercise of the legal monopoly on coercion, much less an oppressive exercise of that power.

Ars Technica, an otherwise excellent tech publication, mangled the same literary reference in this headline: “Big Brother is Watching: Companies Snoop E-mail to Combat Leaks.” Employers monitoring communications on their systems are neither exercising government power nor oppressing their employees.

The most cogent, if not the kindest, explanation of this came in the comments to a recent blog post by Bruce Shneier (one I disagreed with). There, commenter “ManOnBlog” said:

You check your constitutional rights at the door when you go to work. They can tap your phone, read your email, paw through your computer, open your locker, etc. The list of what they can’t do legally is shorter than what they can do.

Commenter “@ ManOnBlog” replied:

> You check your constitutional rights at the door when you go to work.

No, you don’t.

> They can tap your phone

No, they can’t. They can tap *their* phone, which you use.

> Read your email

No, they can’t. They can read *their* email, which you use in the course of your job (although generally speaking they need to be VERY CAREFUL about this, because although your corporate mail store is indeed company property they have obligations to protect the individual information that is in that mail store if it is your personal info).

> paw through your computer

No, they can’t. They can paw through *their* computer. Again, see the email line above.

> open your locker


The distinction between government and private action is something more people should understand — especially people who write headlines for a living.

De-Debunker: Low-Hanging Fruit

Another day, another debunking.

DHS Assistant Secretary for Policy Stewart Baker has another effort to debunk information about the E-Verify program on DHS’ Leadership Journal blog. In this case, it’s “Debunking the ‘E-Verify Capacity Problem.’”

Critics say that only 60 thousand employers are registered with E-Verify, while there are 6 million employers in the U.S. But this is an example of using an accurate statistic to produce a misleading result. Many of those 6 million employers won’t hire a single worker this year. Others will hire thousands. What counts is how many individual hires the system can handle… . Based on a recent load testing, the system has the capacity to handle 240 million queries a year. That’s three to four times the number of people who are usually hired in a given year.

Fair enough, and frankly I hadn’t been aware of there being an argument about a “capacity” problem with E-Verify’s servers or data systems.

Running a Web search on “E-Verify capacity” to see what the capacity argument is, I found little other than a Government Accountability Office report which says the following:

A mandatory E-Verify program would necessitate an increased capacity at both U.S. Citizenship and Immigration Services (USCIS) and SSA to accommodate the estimated 7.4 million employers in the United States… . Although DHS has not prepared official cost figures, USCIS officials estimated that a mandatory E-Verify program could cost a total of about $765 million for fiscal years 2009 through 2012 if only newly hired employees are queried through the program and about $838 million over the same 4-year period if both newly hired and current employees are queried… . . SSA has estimated that implementation of a mandatory E-Verify program would cost a total of about $281 million and require hiring 700 new employees for a total of 2,325 additional workyears for fiscal years 2009 through 2013.

That’s a very different kind of capacity - and very expensive. I have written here before about a Social Security Administration workers’ union official who pointed out the lacking capacity at SSA to handle national E-Verify.

The difference in these kinds of capacity reveals an inference in my and others’ criticism of E-Verify that Baker and the folks at DHS may be missing. I may have been too obscure again yesterday when I wrote, “Just because you have a glass coffee table, that doesn’t mean you can build a glass sundeck.”

The class of businesses currently using E-Verify is particularly proactive about not hiring illegal immigrants – either because they are naturally fastidious or because they have been subject to enforcement actions that practically or legally require it. They may self-select against hiring potential illegal immigrants – perhaps avoiding native or fluent Spanish speakers, for example. If their motivation is avoiding trouble with the feds, these employers may not tell workers about tentative nonconfirmations, getting rid of them under other pretenses. Or they may prescreen workers using E-Verify before even hiring them. (Sure, E-Verify fan, tell yourself it’s against the rules - like driving over the speed limit is against the rules.) This all makes it look to folks like Stewart Baker like they’re catching illegal workers.

For what they’re worth, these employers are the low-hanging fruit for the E-Verify program. This is the best E-Verify will get. The rest of the nation’s employers, and the workers they hire, will produce higher error rates and new, more difficult problems.

The capacity of E-Verify’s databases and servers may be fine. The capacity of the various federal agencies to sort out the results of national E-Verify – not so good.

L-1 and China - Oh, Nevermind - Naomi Klein

In a recent Cato TechKnowledge, I highlighted a company called L-1 Identity Solutions that is likely to be a key sponsor of any continuing efforts to implement the REAL ID Act, our moribund national ID law.

L-1 features prominently in a current Rolling Stone article which points out how the company is working with China to build surveillance technologies that the state will use in its attempt to maintain a grip on power.

But before you get to that, you have to stomach this:

Remember how we’ve always been told that free markets and free people go hand in hand? That was a lie. It turns out that the most efficient delivery system for capitalism is actually a communist-style police state, fortressed with American “homeland security” technologies, pumped up with “war on terror” rhetoric. And the global corporations currently earning superprofits from this social experiment are unlikely to be content if the lucrative new market remains confined to cities such as Shenzhen. Like everything else assembled in China with American parts, Police State 2.0 is ready for export to a neighborhood near you.

There are serious issues here, but they’re so mixed up with ideological vomitus that it’s hard to carry on reading. If this paragraph isn’t just meaningless, the author has obviously deemphasized telling an interesting story in favor of indoctrinating readers with–well, whatever the substance is behind those anti-globalization street-puppet shows.

Sure enough, when I went to see who wrote it, it was Naomi Klein. The same Naomi Klein, I assume, who inspired Johan Norberg to pen his recent briefing paper, “The Klein Doctrine: The Rise of Disaster Polemics.”

Milton Friedman’s legacy survives her book with ease, so it didn’t trouble me much. But confusing the kids who read Rolling Stone about the role of communism in keeping China unfree? That could actually do some damage.

E-Verify Debunking Exposes Debunking Errors

Congratulations are due once again to the Department of Homeland Security for engaging in open dialogue about its programs, even controversial ones like “E-Verify” – a system that Congress may require all U.S. employers to use for running federal background checks on every single new employee.

Openness is healthy, and the comments to a recent post on E-Verify by my old friend DHS Assistant Secretary for Policy Stewart Baker are poking some holes in his somewhat facile analysis. I’ll weigh in with a little more, based mostly on my recent paper “Electronic Employment Eligibility Verification: Franz Kafka’s Solution to Illegal Immigration.”

Baker says that critics claim the error rate in E-Verify is as high as 4% and will lead to millions of Americans losing their jobs by mistake. To refute this, he points to a study commissioned by the Department of Homeland Security showing that 94.2% of new hires in a sample of 1,000 E-Verify queries were automatically verified, 0.5% resolved a mismatch, and 5.3% received a final nonconfirmation (that is, they either didn’t try or couldn’t challenge the finding that they were ineligible for employment under U.S. immigration law).

Unfortunately, Baker doesn’t point to the actual study. He just links to a picture of a conclusion from it, so we can’t do much to analyze these figures. If these are the results from reviewing only 1,000 new hires by current E-Verify users, that is far too small a sample and too skewed a group to reflect what would happen were the program taken national.

And he concludes: “Of the thousand, 942 are instantly verified. Instant verification of legal workers surely can’t be an error.” Of course it can! Any number of the 942 might have been illegal immigrants who submitted the name and Social Security Number of a legal worker to the employer.

But putting Baker’s glib, erroneous conclusion aside, I believe the 4% figure cited by critics is not about today’s small E-Verify program. It’s the error rate in the Social Security Administration’s Numident database found by the SSA’s own Inspector General (and it’s 4.1%!). Simple math suggests that this would produce a tentative nonconfirmation in 1 out of 25 new hires in the country were E-Verify to go national.

In fairness, that simple math may actually be simplistic – perhaps some cohorts have higher error rates and others lower. We know, for example, that naturalized citizens suffer error rates in the area of 10%. Perhaps older citizens that are leaving the workforce have higher error rates, leaving a lower error rate among current workers. And over time, the error rate would drop as workers were sent from their jobs to Social Security Administration offices trying to get their paperwork in order. (Put aside for now that the SSA takes more than 500 days to issue disability rulings.)

Baker’s conclusion that the 5.3% of workers finally nonconfirmed are illegal workers is without support. The statistic just as easily could show that the 5.3% of law-abiding American-citizen workers are given tentative nonconfirmations, and they find it impossible to get them resolved. More likely, some were dismissed by employers, never informed that there was a problem with E-Verify; some didn’t have the paperwork, the time, or the skills to navigate the bureaucracy; and some were illegal workers who went in search of work elsewhere, including under the table.

American workers pushed out of the workforce by E-Verify – Baker treats it as “common sense” that they’re illegal aliens, and he doesn’t look any further. The E-Verify program does the same - it has no system for contesting or appealing final nonconfirmations.

With his post, Secretary Baker has only raised the question of error rates in E-Verify. There are many sources of error in a system like this, and making it bigger would reveal more. Just because you have a glass coffee table, that doesn’t mean you can build a glass sundeck.

And we shouldn’t take our eye off the ball. “Mission creep” is a governmental law of gravity. Once in place, a national E-Verify system would be used to give the federal government direct regulatory control over law-abiding Americans. Federal authorities would use it to control not just work, but housing, financial services, and access to alcohol, tobacco, and firearms – for starters. Secretary Baker himself recently suggested using a national ID to control our access to cold medicine. The list of things his successors might do is endless.

Reversing the Course of a River

Bruce Schneier is a smart and interesting guy. His sound thinking on computer security has influenced me a great deal, and it extrapolates well into related fields like national security. So I’m always interested to find writings of his with which I disagree. A recent essay in Wired, entitled “Our Data, Ourselves” is one. It calls for “a comprehensive data privacy law.”

This law should protect all information about us, and not be limited merely to financial or health information. It should limit others’ ability to buy and sell our information without our knowledge and consent. It should allow us to see information about us held by others, and correct any inaccuracies we find. It should prevent the government from going after our information without judicial oversight. It should enforce data deletion, and limit data collection, where necessary. And we need more than token penalties for deliberate violations.

If he really believes that these rules should govern the collection and use of data - “all information about us!” - what an administrative nightmare that would be to implement. The benefits of doing so would be quite small in comparison.

Some of these things are agreeable, such as judicial oversight of government data collection (the Fourth Amendment is that law) but even a solid libertarian like myself wouldn’t endorse judicial oversight of government officials looking up information about me on public Web sites, for example.

And should I have a right to review any email in which people discuss this blog post and its author? Incredible.

The flaw in this article (beyond its carelessness) is Bruce’s treatment of these information practices as all-new, and needing an all-new regulatory regime, just because decision-making is now undertaken using “data.”

Whoever controls our data can decide whether we can get a bank loan, on an airplane or into a country. Or what sort of discount we get from a merchant, or even how we’re treated by customer support.

But it’s always been true that decisions like these are made using “data” - perhaps not in digital form, but data/information all the same. When has a decision ever been made not using “data”? We don’t need to throw out old rules about privacy, fairness, and so on just because information is digitized.

Many of Schneier’s premises are correct. The change from analog to digital data systems does cause a lot more tracks to form behind people as they traverse the economy and society. This creates lots of efficiency, convenience, wealth, and problems - threats to privacy, fair treatment, personal security, seclusion, and liberty. Let’s deal with them - each one - on their merits rather than trying to write a single law to overhaul the use of information in society.

Reversing the course of a river would be a tiny problem compared to what Schneier proposes.

Lieberman: Censor

The Google Public Policy blog has a write up of the company’s recent interactions with Senator Joseph Lieberman (D-CT) and his staff regarding some videos hosted on YouTube.

Senator Lieberman thinks that certain terrorism videos shouldn’t be displayed. Well, actually, a U.S. Senator has no business telling anyone what information should or shouldn’t be published. Congress can pass a law on the subject, which law would never pass First Amendment muster.

Perhaps Senator Lieberman thinks that censoring communications is some kind of anti-terrorism policy. Advocacy of terrorism of glorification of terrorist acts is stupid and dastardly, but the cure for bad speech is more speech or better speech, not censorship.