Topic: Telecom, Internet & Information Policy

Very Good, House—Keep it Comin’

Yesterday, I shared my doubts about the prospect of getting budget and organizational data from the White House. Today, I’m happy to report genuine progress on open data from Congress.

The Government Printing Office announced today that it will be making House bills available in XML format and in bulk through FDsys, GPO’s Federal Digital System. House bills now join other material on GPO’s bulk data page.

If you’re like me, following that link gives you some idea of what’s there, but clicking through any further gives you no idea how to use it any more than other copies of bills. That’s OK, because the kids with the computers do know how to use it. And they can take well structured, timely data reflecting the proposals in Congress and turn it into various information services, applications, and web sites that make all of us better aware of what’s happening.

I believe the public has an Internet-fueled expectation that they should understand what happens in Congress. It’s one explanation for rock-bottom esteem for government in opinion polls. Access to good data would help produce better public understanding of what goes on in Washington and also, I believe, more felicitous policy outcomes—not only reduced demand for government, but better administered government in the areas the public wants it. (If you’re a reader of a certain partisan bent, you might appreciate the idea that the era of passing bills to find out what’s in them will end.)

Upon the release of my Cato Policy Analysis, “Grading the Government’s Data Publication Practices” I characterized President Obama as lagging House Republicans in terms of transparency. Today’s development helps solidify Republicans’ small lead. The GPO release says the initiative comes “[a]t the direction of the House Appropriations Committee, and in support of the task force on bulk data established by House report 112-511.”

The administration has plenty of capacity to retake the lead, of course, and could do so quite easily. I’ll call it like I see it, doing my best to reflect consensus among the transparency community as to the quality of data publication, when we return to grading the data produced by various organs of government in another year or so.

Did you think this praise would come without garnish? It’s like you don’t know me at all.

Open Data: Good, Not Yet Great

The White House is close to issuing a new policy requiring agencies to release data in open, machine-readable formats. That’s good.

Great would be the White House itself publishing machine-readable, open data when it issues the president’s budget in February. Along with the plan for fiscal year 2014 spending, why couldn’t we get the code that distinctly identifies each agency, bureau, program, and project—in essence, the organization of the U.S. federal government?

I find it continually amazing that there is still no machine-readable government organization chart. It’s the trellis on which endless forms of computer-aided oversight (internal and external) could grow.

Opening federal data to public uses is good, but the data that reflects government deliberations, management, and results is what really matters for transparency. I shared my thinking on all this in my recent Cato Policy Analysis, “Grading the Government’s Data Publication Practices.”

REAL ID—A Quarter of a Billion Dollars Gone

In an effort to show progress with implementation of our national ID law, the Department of Homeland Security issued a press release just ahead of Christmas reporting that thirteen states had “met the standards of the REAL ID Act of 2005.” Their compliance is not actually compliance, though. Read on…

Next Tuesday, another ‘deadline’ for REAL ID compliance arrives. Due to widespread public opposition, the majority of states and their people are not complying with the national ID mandate. Many states “have not provided sufficient information, at this time,” the DHS release says. I think that’s bureaucratese for: “They’re ignoring REAL ID.” But it doesn’t matter. The states ignoring REAL ID have been granted deferments. I’ve been looking for the Federal Register notice making this deadline extension official so I can put it next to the deadline extension from March 9, 2007, and the one from January 29, 2008, and the one from December 28, 2009, and the one from March 7, 2011.

The states that have tripped over themselves to follow this federal mandate should feel slightly burned. They’re no better off than the states that did nothing. And states need never comply.

We all know by know that the federal government will never use the lever that REAL ID gave them to “force” compliance on the states. The law says that the federal government can refuse IDs from states that aren’t in compliance. Basically, that means TSA would send most American travelers to secondary search. But that means that the federal government—not the states—would be blamed for travel nightmares (even worse than we already experience) all over the country. Deadline extension after deadline extension after deferment make clear that the federal government is not going to hold up air travelers because of REAL ID.

Now, the states that DHS says are complying aren’t really complying. You see, DHS long ago retreated from the requirements of REAL ID and established a set of “material compliance benchmarks.” These are 18 steps that bring one closer to REAL ID compliance, but they are not REAL ID compliance. And many of them are things that states were doing anyway. So, to the extent DHS is trumpeting progress, it’s a rooster taking credit for the sunrise.

Nonetheless, REAL ID ‘progress’ is the stitching together of a system to track and control us through our nationally uniform identity cards. It’s the system that will be used to control our access to work, to housing, to medical care and medicine, to guns, to credit and financial services, and much more. Big government, thy administrative tool is national ID.

The DHS release is a little more muted about the $263 million dollars it has spent or distributed on REAL ID so far—a quarter of a billion dollars toward a national ID system nobody wants. The continued spending is probably what keeps a small coterie of DMV bureaucrats and allied groups pushing for a national ID.

These national ID advocates will be well-represented at a Heritage Foundation event on REAL ID January 28th. Heritage is bringing in a Department of Motor Vehicle bureaucrat from Connecticut, a representative of a small national ID advocacy group, and the co-author of a recent Government Accountability Office update on REAL ID. I’ll hope to learn—as I’ve never been able to do before—how the national ID program would increase our security more than it would cost us in dollars and privacy—a quarter billion dollars, so far, and still counting.

This Month’s Cato Unbound: Opportunities for Copyright Reform

Republican Study Committee staffer Derek Khanna made a splash in November when he authored a memo recommending simplification of our copyright system and a significant reduction in its term lengths.

His ideas didn’t sit too well with some folks, apparently, because the RSC removed the memo from its website and let him go.

Well. We kinda liked that memo, so we invited him to discuss its contents at Cato Unbound. He has just done so in this month’s lead essay.

Cato adjunct scholar Timothy B. Lee has written a thoughtful response detailing the dangers of civil asset forfeiture in copyright cases. And two more replies will be out in the next few days – one by Ryan Radia of the Competitive Enterprise Institute, and one by Mark Schultz of Southern Illinois University School of Law. Each will discuss practical, near-term ways to improve copyright policy, an area of ever-increasing commercial and legal importance.

As always, Cato Unbound readers are encouraged to take up our themes, and enter into the conversation on their own websites and blogs, or on other venues. We also welcome your letters. Send them to jkuznicki at cato dot org. Selections may be published at the editors’ option.

Larry Downes’ “A Rational Response to the Privacy ‘Crisis’ ”

We don’t expect news reports to exhibit the tightest legal reasoning, of course, but Sunday’s New York Times story on location privacy made a runny omelet of some important legal issues relating to privacy.

The starting point is United States v. Jones, a case the Supreme Court decided last January. The Court held that government agents violated the Fourth Amendment when they attached a GPS tracking device to a vehicle without a warrant and used it to determine the location of a suspect for four weeks. Location information can be revealing.

“Some advocacy groups view location tracking by mobile apps and ad networks as a parallel, warrantless commercial intrusion,” says the story. A location privacy bill forthcoming from Senator Al Franken (D-MN) “suggests that consumers may eventually gain some rights over their own digital footprints.”

Jones was about government agents—their freedom of action specifically disabled by the Fourth Amendment—invading a recognized property right (in one’s car) to gather data. There is little analogy to location tracking by mobile devices, apps, and networks, which are privately provided, voluntarily adopted, and which violate no recognized right. Indeed, their tracking provides various consumer benefits. The Times piece equivocates between the government’s failure to get a legally required search warrant in Jones and uses of data that some may feel “unwarranted,” in the sense of being “uncalled for under the circumstances.”

The first line of Larry Downes’ new Cato Policy Analysis, “A Rational Response to the Privacy ‘Crisis’,” could have been written for the Times’ sloppy analogy:

“What passes today as a ‘debate’ over privacy lacks agreed-upon terms of reference, rational arguments, or concrete goals,” Downes says. The paper examines how the “creepy factor” permeates privacy debates rather than crisp thinking and clear-headed examination.

It’s not that location tracking doesn’t generate legitimate privacy concerns. It does. People don’t know how location information is collected and used. They don’t always know how to stop its collection. And the future consequence of location information collected today is unclear. But the capacity of private actors to harm individuals with location data is limited. Their incentive to do so is even smaller. And avoiding location tracking is simply done (at significant costs to convenience).

As Downes’ piece illustrates, we’ve seen this kind of debate before, and we’ll see it again: A particular innovation spurs privacy concerns and a backlash (whipped by legislators and regulators). A negotiation between consumers and industry, facilitated by the news media, advocates, and a variety of other actors, produces the way forward. As often as not, the way forward is a partial or complete embrace of the technology and its benefits. Plenty of times, the threat never materializes (see pervasive RFID).

Downes explores the legal explanation for what happens when consumers adopt new technologies that use personal information to produce custom content and services—this question of “rights over … digital footprints.” He finds that licensing is the best explanation for what is happening. When consumers use the many online services available to them, they license data that they might otherwise control.

The legal framework Downes puts forward sets the stage for iterative, contract-based development of rules for how data may be used in the information economy. It cuts against top-down dictates like Franken’s proposal to regulate future technologies today, knowing so little of how technology or society will develop.

Ultimately, no legislature can resolve the deep and conflicted cultural issues playing out in the privacy debate. Downes characterizes that debate as revealed tension between Americans’ Davey Crockett side—the privacy-protective frontiersmen—and our collective Puritanism. We are participants in and parts of a very watchful society.

It’s worth a read, Larry Downes’s “A Rational Response to the Privacy ‘Crisis’.”

On Digital Privacy, Congress’ Offer Is This: Nothing

It had the makings of a shockingly reasonable legislative bargain: Two outdated federal privacy statutes would be reformed together, removing some unnecessarily stringent restrictions on sharing video records while finally imposing a clear warrant requirement for government searches of e-mail and other private files stored in the “cloud.” Then Congress, perhaps in homage to Darth Vader, decided to alter the deal: A bill weakening the Video Privacy Protection Act of 1988 has been sent to the president for his signature, but without the corresponding badly-needed reforms to the Electronic Communications Privacy Act of 1986.

On the merits, the changes to the Video Privacy Protection Act actually make sense. Passed in the wake of Robert Bork’s unsuccessful Supreme Court confirmation hearings, during which a newspaper published a list of videos rented by the nominee, the VPPA barred any disclosure of video rental records without the explicit and specific consent of the customer on each and every occasion. That seemed reasonable enough at the time, but has proved an annoyance to video streaming services like Netflix and Hulu, which would like to make it easy for users to automatically post the movies and TV shows they’ve watched to social media services like Twitter or Facebook without having to click an extra “I consent” box every time—something that’s not required when users similarly share the music they’re listening to on services like Spotify or Pandora. So those companies wanted to let users give up-front, blanket consent for automatic sharing of videos.

Only the most hardcore privacy watchdogs had a serious substantive problem with such a change, but many nevertheless disliked the idea of diluting one of the stronger privacy statutes on the books when, in so many other areas, changing technologies had rendered existing privacy protections far too weak. Perhaps the most glaring example of this was the Electronic Communications Privacy Act, which established a confusing crazy-quilt of standards for government searches of remotely stored e-mail and other files, often allowing them to be obtained without a search warrant—standards that several appeals courts have already held to fall short of what the Fourth Amendment requires.

So Sen. Pat Leahy (D-VT) had proposed an eminently logical compromise: Bundle together updates to the two statutes, easing the excessively stringent privacy rules for video records while simultaneously requiring the government to obtain a probable cause search warrant in order to look through a person’s e-mail and cloud-stored files, just as they must when they search a personal computer or wiretap a phone conversation. The bundling ensured that privacy advocates—even the hardcore ones who disapproved of the change to the video privacy law—wouldn’t raise too much fuss about it. Few expected Leahy’s package, which had been approved by the Senate Judiciary Committee, to be acted on until the next session of Congress.

Then came the Vader move: The House of Representatives passed its own bill amending the VPPA, but without the provisions enhancing protections for e-mail, and that legislation was quickly approved by the House. Again, this is not a bad thing in itself. But it’s a disturbing sign that, as technology changes, Congress is willing to water down privacy protections that have been rendered unnecessary or overly restrictive, but not to strengthen them even when they’ve clearly fallen badly out of sync with the way Americans communicate in the 21st century.

The Stephen Glass Problem in Intelligence Oversight

In today’s debate over reauthorization of the FISA Amendments Act, Sen. Saxby Chambliss deployed a familiar rhetorical move popular with supporters of broad surveillance powers. Chambliss acknowledged that there have been “a few instances” in which the law has not operated as intended, permitting “overcollection” of entirely domestic communications. But this only goes to show that the oversight mechanisms embedded in the law are working so very well! Moreover, echoing Sen. Dianne Feinstein, he asserted (though of course we can’t check the claim) that the violations that have been discovered have been the result of error, not deliberate abuse.

The first thing to say about this argument is that it’s something of a tautology: Violations of the law (or its spirit) that we’ve identified have been successfully identified! If safeguards and oversight measures discover no such violations, we’re supposed to assume that everything is working great. If they do uncover violations, it’s proof that current oversight is robust and no further safeguards are needed. Catch 22!

A more subtle problem, however, is that oversight of large-scale secret surveillance programs are most likely to uncover inadvertent (and so relatively benign) violations rather than deliberate ones. I think of this as the Stephen Glass Problem, after the infamous fabulist who managed to publish dozens of wholly fabricated articles in The New Republic despite the magazine’s legendarily rigorous fact-checking process—a story wonderfully chronicled in the film Shattered Glass and a Vanity Fair article of the same name. The problem, as editors later realized, was that the fact checking process was very good at catching accidental errors, but not equipped to deal with a journalist who was deliberately fabricating stories, and then exploiting his knowledge of how the fact checkers worked to ensure that his fabrications would pass muster, creating phony web-sites, voice mail accounts, and e-mail addresses to “confirm” his bogus facts. Accidental violations are always easier to catch, because accidental violators are not taking steps to conceal their violations.