Topic: Telecom, Internet & Information Policy

NCSL Calls for Repeal of REAL ID

The National Conference of State Legislatures wants the REAL ID Act gone. It supports S. 717, the Identification Security Enhancement Act of 2007, which would repeal the REAL ID Act and reinstitute a negotiated rulemaking process on identity security that was established in the 9/11-Commission-inspired Intelligence Reform and Terrorism Prevention Act.

It’s not a foregone conclusion that an organization like this would reject a behemoth of a project like building a national ID and surveillance system. The NCSL isn’t a small-government organization, and it could just as well have lobbied for billions of dollars in funding.

Microsoft Volunteers to Be the Poster Child for DMCA Reform

One of the big challenges of writing about tech policy is the difficulty of explaining the subjects I write about for a general audience. This was a particular challenge a couple of years ago when I wrote a Cato Policy Analysis about the anti-circumvention provisions of the Digital Millennium Copyright Act—just typing that out is a chore. I wish I could have pointed to this story as an example, because it brilliantly illustrates my argument.

A few years back, Microsoft developed a copy-protection scheme called PlaysForSure (it will become clear shortly how ironic that name was) that was supposed to prevent music customers from engaging in Internet piracy with music they bought from online music stores. Microsoft licensed the format to a variety of different companies and aggressively promoted it as an alternative to Apple’s iTunes-iPod ecosystem. Unfortunately, Microsoft failed to close the gap with Apple, so in 2006 Microsoft unveiled a new product line called Zune, effectively discontinuing development of PlaysForSure. Zunes are incompatible with PlaysForSure music. If you built up a music library in the PlaysForSure format, it would, um, not play for sure (or at all) on a Zune music player.

Up to this point this is just an ordinary business story, and nothing for libertarians to be concerned about. Companies drop old product lines all the time, and sometimes that means customers are stuck with compatibility headaches. But there’s just one problem: not only will Microsoft not help you play your PlaysForSure music on a Zune, but it’s illegal under the DMCA for anyone else to develop software to convert PlaysForSure music to a format that could play on Zunes, iPods, or any other format. Such software would be considered a “circumvention device”—ostensibly a piracy tool—and could bring civil and criminal penalties. If you were stupid enough to buy music in PlaysForSure format, you’re stuck with the dwindling number of PlaysForSure-compatible music programs still left on the market. You can burn your music to CDs, and then re-rip them to an open format, but this is a time-consuming process if you have a large music library, and it will lead to some degradation in the quality of the music.

As if all that weren’t enough, Microsoft yesterday announced the next step in its campaign to make the DMCA look ridiculous: this fall, it will be switching off the license servers that allow customers to “authorize” new computers and operating systems to play music from customers that bought music from its now-defunct MSN Music store. This means that if you have a library of music from the MSN Music store, and you buy a new computer or upgrade your operating system, there will be no legal way to take your music library with you.

If Congress hadn’t enacted the DMCA, this wouldn’t be a big deal. Third parties could develop software utilities that would automatically convert peoples’ PlaysForSure-formatted music collections into an open format like MP3, which would allow it be played on almost any computer or music player. Customers wouldn’t have to worry about whether their computer had been “authorized,” or whether the company they’d purchased the music from was running the necessary “license server.”

The most frustrating thing about this is that forcing consumers to jump through these hoops hasn’t made a dent in illicit file sharing. To this day, the music industry sells most of its music in the copy-protection-free CD format. Anyone can buy a CD, rip it to MP3 format, and upload it to the Internet. And music downloaded from peer-to-peer networks comes free of copy protection. Which means that the hassles imposed on consumers by the DMCA and copy protection formats like PlaysForSure haven’t slowed down piracy at all. All they’ve done is created unnecessary headaches for customers who were foolish enough to obey the law and pay for the music they downloaded.

Cracking Down - on Legal Permanent Residents

Prepare for more of this if electronic employment eligibility verification goes national. Reports Dianne Solís of the Dallas Morning News:

Federal immigration agents executing arrest warrants for workers at the Pilgrim’s Pride poultry plant in Mount Pleasant arrested the wrong Jesus García at his home near the plant – despite his repeated assurances that he was a legal permanent resident.

Immigration and Customs Enforcement agents targeted workers at Pilgrim’s plants in Texas and four other states, and by Thursday, had arrested 311 workers on identity fraud charges or immigration violations.

“We think it is a case of mistaken identity,” said Fernando Dubove, Mr. García’s attorney. “It is the wrong Jesus García. It is really tough when you have a common name.”

This is probably just coincidence, but were an electronic employment eligibility verification system in place, illegal immigrants would affirmatively pursue this as a strategy, deepening the simple identity frauds they commit now to get ‘legal’ employment. They would acquire proof of identification as good or better than the true holder of a given identity.

In my recent paper, “Electronic Employment Eligibility Verification: Franz Kafka’s Solution to Illegal Immigration,” I discussed what would happen when mistaken identity/identity fraud situations arose in the EEV systems now being debated on Capitol Hill:

[L]aw-abiding citizens would regularly stand accused of identity fraud. The SSA and DHS would not know which user of a name-SSN pair was the genuine person and which was using a false identity. EEV would tentatively nonconfirm all users of that name-SSN pair. The “true” individuals attached to fraudulently used identities would learn of identity fraud in their names when they were refused work by EEV and plunged into a bureaucratic morass.

Luckily, these victims of the system would just be denied employment and not arrested - if that’s your idea of luck …

Sensors and Social Consequences

A “sensor” is a device that measures a physical quantity and converts it into a signal that can be read by an observer or instrument. Sensors that convert analog information into digital form are the most interesting. The information they collect is easy to store, transmit, and reuse.

Digital sensors are all around - the keyboard on your computer, your cell phone, the surveillance cameras in your office building, and so on.

Lots of good things come from having these sensors around, and the systems they attach to - that’s for sure. But they don’t always serve our interests. Let’s take a look at an example of digital sensing gone wrong.

A colleague of mine recently returned from a business trip, where he engaged in important and sober work. He arrived home late from his trip, and his patient and loving wife, already in bed, engaged him in some conversation. Fairly quickly, she asked him whether he had enjoyed himself at the strip bar (!). My hard-working and serious colleague was concerned. Why, on returning to the warm glow of his happy home-life, should he be asked this question?

As he tells it, he found himself short on cash one evening, and ducked into the nearest establishment looking for an ATM. The generous purveyors of this … nightclub - who could have known it was something more? - graciously allowed him entry for the few moments it took to get the cash and be on his way.

ATMs are digital sensors. They record usage information and tie it to other details, like location. This is known as “meta-data” - information about information, such as where and when a given piece of information was collected.

The ATM transmitted this data and meta-data back to my colleague’s bank and, through an online banking system, to his wife. The system identified the ATM as being at “Antics Topless Lounge” or something like that. You can understand the short string of inferences that his caring, truly lovely wife drew when presented with this single item of sensed data.

The reporting of ATM location information is a convenience to those who may have forgotten where they used the ATM, but it’s less welcome to someone whose sweet and lovely life-partner might draw unfortunate inferences from ATM use in certain locations. Sensors have social consequences, and they’re not all good.

So I was nonplussed by the cover of the latest issue of Government Technology magazine. It shows the front of a police car, photographed from a low angle to give it a pugnacious look. (Alas, I can’t find the image online.) The car is decked out with lights and sirens, of course, but also with sensors - on the roof and behind the windshield.

“FREEZE FRAME,” says the magazine cover, “License plate scanners extend the reach of local police.” Inside, an article describes how license plate scanning by U.S. police agencies is “the next big thing” for catching stolen cars and locating suspects. But the real benefit, according to the chief of detectives and commanding officer of the Detective Bureau at the Los Angeles Police Department, “comes from the long-term value of being able to track vehicles - where they’ve been and what they’ve been doing … .”

Make no mistake: there is value in that, just like there’s value in knowing where you used the ATM. But there’s risk in that, too. It’s not an unalloyed good to give people data about your comings and goings - other than your loving, caring family, of course.

Unlike my colleague and his saintly wife, it’s none of the police’s business where law-abiding citizens have been going and what they’ve been doing. When these sensors are used for mass surveillance and not just spotting bad guys, that crosses an important line.

This is not an argument against giving police these sensors. They will be a boon for law enforcement and an aid to our safety and security. But if the back-end systems put information about every vehicle’s location into a database for later use, that’s inappropriate surveillance of the law-abiding public. Unlike my colleague’s charming, gracious, and forgiving wife, the police shouldn’t be in a position to ask us whether we enjoyed ourselves at the strip bar.

Obama’s (Mostly) Irreconcilable Positions

I was pleased a couple of months ago to point out where presidential candidate Senator Barack Obama (D-IL) had distinguished himself and gotten it right on whether driver licensing should be linked to immigration status. The use of driver licensing for immigration enforcement is a major impetus behind the national ID system that our country should rightly avoid.

Such pleasures don’t last. The senator published an opinion piece in the Charlotte Observer this week calling for a “mandatory electronic system that enables employers to verify the legal status of their employees within days of hiring them.”

It is very hard to hold both positions. As I pointed out in my recent paper on electronic employment verification, it is nearly impossible to “strengthen” internal enforcement of immigration law through EEV without creating a national identification system:

[T]he things necessary to make a system like this really impervious to forgery and fraud would convert it from an identity system into a cradle-to-grave biometric tracking system. Almost no way exists to do national EEV that is not a step down that road.

Perhaps Senator Obama would implement an EEV system with a federally issued national ID card rather than the driver licensing system. (That’s not a good option either.) Perhaps he’s devised a credentialing system that allows people to prove eligibility to work under current immigration law without a national ID. (Such things are possible.) Most likely, the senator has expressed two pretty much irreconcilable positions.

Abstract Ideas Can’t Be Patented. Or Can They?

The Supreme Court has long held that laws of nature, physical phenomena, and abstract ideas are not eligible for patent protection. Because these things are discovered rather than invented, they are “free to all men and reserved exclusively to none.” In recent years, however, the United States Court of Appeals for the Federal Circuit, which hears most patent appeals, has begun to relax the restriction on such patents. I’ve written before about the problems created by software patents. Software is is ultimately just a sequence of mathematical formulas, and in their pure form they’re not patentable. But in a series of decisions in the 1990s, the Federal Circuit opened the door to patents that cover software when it’s loaded onto a computer, which of course is the only useful thing to do with software. Since then, we’ve seen an avalanche of patents on software, which have started creating serious problems for innovators in the software industry.

The latest example of the problems on patenting abstract concepts comes via Mike Masnick of Techdirt: a company had some problems with a satellite launch, and wanted to use a maneuver called a Lunar flyby to correct it. Unfortunately, Boeing holds a patent covering the maneuver they wanted to use, and they have been unable to negotiate a license of that patent. So they’re planning to let the satellite go down in flames and try to collect the insurance money on it.

Now, as Mike points out, the maneuver in question is just an application of basic physics to spaceflight. The basic principles have been understood since Newton, and NASA has been computing these kinds of orbital trajectories since the 1960s. The patent office should have rejected the patent for trying to patent a straightforward application of basic physics. Unfortunately, thanks to the Federal Circuit’s increasingly permissive standards for patentable subject matter, Boeing was granted the patent, and this company now faces the unappetizing choice of leaving the satellite in the wrong orbit or getting embroiled in litigation with Boeing.

Crucially, the Supreme Court has never endorsed the Federal Circuit’s experiment with allowing patents on abstract ideas, and several justices have voiced concerns about the direction the Federal Circuit has taken the rules for patentability. Apparently, the widespread outrage over the abuse of such patents has gotten the Federal Circuit’s attention, as it has decided to re-hear a case called In Re Bilski that could give it an opportunity to tighten up the rules for patenting abstract concepts. Several public interest groups have filed briefs in the case urging the court to do just that.

The Federal Circuit will be hearing the case en banc next month, and it has already become one of the most closely-watched cases on the Federal Circuit’s docket. Given the Supreme Court’s heightened interest in patent issues in recent years, it’s not hard to imagine the Supreme Court deciding to review the decision as well. Given that Congress has so far ducked the issue of reining in patents on abstract concepts in its pending patent reform legislation, In Re Bilski may be our best chance of reform.