Topic: Telecom, Internet & Information Policy

With All Due Respect, Mr. President, That Is Not True

Conor Friedersdorf notes that stay-at-home mom (and video blogger) Kira Davis asked tougher questions of President Obama on a recent Google+ “hangout” than Steve Kroft of 60 Minutes ever asked. You can watch the exchange in this video starting at the 35:10 mark.

In response to Davis’s question about transparency, President Obama said:

This is the most transparent administration in history, and I can document how that is the case. Everything from—every visitor that comes into the White House is now part of the public record. That’s something that we changed. Just about every law that we pass, every rule that we implement, we put online for everybody there to see.

With all due respect, Mr. President, that is not true.

Now, the White House has put visitor logs online. I was initially unimpressed with the achievement, but I do believe it took a good deal of effort, and there’s no discounting that. Perhaps it symbolizes how low the baseline for transparency has been. And alas the practice may have simply moved meetings out of the White House.

But it is not accurate to say, “Just about every law that we pass … we put online for everybody to see there.”

As a campaigner, President Obama promised to put every bill Congress sent him online for five days before signing it. As I recently reported again in a post called “Sunlight Before Signing in Obama’s First Term,” that was the president’s first broken promise, and in the first year of his administration he broke it again with almost every new law, giving just six of the first 124 bills he signed the exposure he promised. Over his first term, by my count, he gave less than 2/3rds of the bills he signed the promised sunlight.

And many important and controversial bills don’t get sunlight. (The post office renamings always do.) Recent bills denied promised sunlight include the controversial FISA Amendments Act Reauthorization and the “fiscal cliff” bill. Obamacare did not get sunlight—the president signed it the day after Congress presented it to him.

The first three laws President Obama has signed in the 113th Congress have not gotten the promised sunlight.

The Obama administration has taken some small pro-transparency steps, but far from what’s possible, and the House of Representatives is making the greater headway on transparency. President Obama has not put “just about” every bill sent him online. So, in the words of a stellar think tank here in D.C., “With all due respect, Mr. President, that is not true.”

Soviet Cybersecurity, Part II

A year ago, almost to the day, I blogged about a legislative package on cybersecurity being proposed in the Senate. “Soviet-Style Cybersecurity,” I called it, because of the “centralizing and deadening effect” it would have on the many and varied efforts to respond to the many problems lumped together as “cybersecurity.” President Obama’s new executive order, titled “Improving Critical Infrastructure Cybersecurity,” has similar, if slightly more sinister, qualities.

To understand my thinking in this area, you must first understand the concepts in a superlative law review article I first read when I was doing oversight of the regulatory process as a congressional staffer. “Administrative Arm-Twisting in the Shadows of Congressional Delegations of Authority” is by University of Flordia law professor Lars Noah. In it, he described the administrative practice of imposing sanctions or withholding benefits in order to elicit “voluntary compliance” from regulated entities. The upshot? There is no “voluntary” when businesses are repeat players or under ongoing supervision of an agency.

The cybersecurity executive order has arm-twisting all over it.

It is Soviet in its attempt to bring the endlessly varied and changing problems associated with securing computers, data, and communications under a top-down federal plan. Look at how it strains to replicate the nimble action that would be produced in an environment where cybersecurity lapses simply cost businesses money:

The Cybersecurity Framework shall include a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risk…. The Cybersecurity Framework shall provide a prioritized, flexible, repeatable, performance-based, and cost-effective approach….

Translation: “Put spontaneous ordering in the plan.” And, shockingly, this system is supposed to be designed in just 240 days.

Then there is the provision that calls for “voluntary” participation among providers of critical infrastructure and “other interested entities.” Remember, there is no “voluntary” when an agency with supervisory authority wants action.

Finally, we come to the sinister: Section 9(c) of the order requires the Secretary of Homeland Security, along with “Sector-Specific Agencies,” to “confidentially notify owners and operators of critical infrastructure” that the government has designated them as such.

That confidentiality is a secrecy trump-card, played in advance, to chill any company that might think of challenging its designation as “critical infrastructure,” subject to all that planning, planning, planning. A business that publicly challenges its designation has already committed an offense, in our terror-stricken and cyber-gullible land, for revealing a government confidence.

Embedded firmly in their cybersecurity role, government overseers will have one job and that is to prevent a “cyberattack”—most, far more imagined than real. They will invest the resources of the businesses they direct without regard to cost-effectiveness, performance, flexibility, or any of the other market-oriented values that the executive order touts.

Even the sections of the order that promote sharing of threat information from government to the private sector have an authoritarian approach. Rather than having the government propagate information about vulnerabilities far and wide to make all computing more secure, the order creates a closed system of insiders who would be ladled out access to information they could use in their security efforts.

This is inconsistent with industry-standard security reporting practice, which is (generally) to notify the producer of a vulnerability first and all who are susceptible to it in short order. A closed system will preserve vulnerabilities in some sectors, nominally to protect government “sources and methods,” but really to preserve government power.

In my Soviet-Style Cybersecurity post from a year ago, I marveled at how “this bill strains to release cybersecurity regulators—and their regulated entities—from the bonds of law.” Reading President Obama’s cybersecurity executive order for the first time, I wrote in the margin, “Can this be brought under law?” I don’t know that it can, as the president is calling on the executive branch to twist the arms of our nation’s businesses under the cover of secrecy.

Sunlight Before Signing in Obama’s First Term

Sunlight Before Signing” was President Obama’s 2008 campaign promise to put all bills Congress sent him online for five days before signing them. It was a measurable promise that I’ve monitored here since the beginning of his first term, and I will continue to do so in his second.

It was the president’s first broken promise, and in the first year he broke it again with almost every new law, giving just six of the first 124 bills he signed the exposure he promised.

With his first term concluded last month, we can now assess how well the president did with Sunlight Before Signing. Compliance with the promise got better, but it’s still not great. The president gave 413 of 665 bills five days of public review (and one he acceptably did not give five days due to emergency).

The easy bills almost always got five days review—few bills to rename post offices haven’t gotten sunlight. But more important bills often didn’t. Recent examples are the controversial FISA Amendments Act Reauthorization and the “fiscal cliff” bill.

  Number of Bills Emergency Bills Bills Posted Five Days %
2009 124 0 6 4.8%
2010 258 1 186 72.4%
2011 90 0 55 61.1%
2012 193 0 166 86.0%
Overall 665 1 413 62.3%

Would five days of public review have magically produced transparent government? Of course not. But imagine if the president had implemented and enforced his five-day promise from the beginning, and with every law.

Cato Scholars Speaking at Students for Liberty Conference — Join Us

The 2013 International Students For Liberty Conference, now in its sixth year, will bring over a thousand students and young liberty activists to Washington, D.C. to talk about ideas, hear from leading policy experts, and network with organizations and each other. I’m proud to have been the first speaker at the first ISFLC conference, in New York in 2008.  This year, the conference will be hosted at the Grand Hyatt Washington Hotel, just three blocks from the Cato Institute.

I will be presenting two lectures that weekend, a session with Young Americans for Liberty on “The Ten Ways to Talk about Freedom” and a luncheon keynote in Cato’s Yeager Conference Center on Reclaiming Freedom: The Case for Libertarian Ideas in Mainstream Politics. Plus I’ll be on a special taping of the “Stossel” show.

Other Cato scholars will be speaking on policy issues throughout the conference.  All of the below sessions will be taking place in the Hyatt’s Constitution room B.

Saturday, February 16
10:00-10:45am Restoring Constitutional Liberty Roger Pilon
11:15-12:00pm Privacy Under Attack Jim Harper
12:10–1:20pm Reclaiming Freedom: The Case for Libertarian Ideas in Mainstream Politics *Luncheon @ the Cato Institute* David Boaz
1:30-2:15pm The Clone Wars: Fighting to Educate Free Individuals Neal McCluskey
2:45-3:30pm A Foreign Policy for Advancing Liberty Abroad (without Undermining It at Home) Christopher A. Preble
4:00-4:45pm Economic Growth and the Future of Liberty Brink Lindsey
5:15-6:00pm How the Government Uses “Science” to Take Away Your Stuff Patrick J. Michaels
     
Sunday, February 17
10:00-10:45am How to Win Every Libertarian Argument Jason Kuznicki
11:15-12:00pm Why Libertarians Should Care Much More about Immigration Alex Nowrasteh

To attend the student luncheon event, please register online or sign up for your ticket at the Cato booth at the conference exhibit hall.

WaPo: Let’s Have a National Identity System

There can be no denying the link between the E-Verify system prominent in discussions of immigration reform and the policy of having a national identification system. The Washington Post editorialized about it this past weekend, saying “a universal national identity card” must be part of “any sensible overhaul of the nation’s immigration system.”

I’ve written about it many times, as I certainly will in the future. Today, though, I’ll commend to you a well-written piece by David Bier on the Competitive Enterprise Institute’s “Open Market” blog. In “The New National Identification System Is Coming,” Bier writes:

“Maybe we should just brand all the babies.” With this joke, Ronald Reagan swatted down a national identification card — or an enhanced Social Security card — proposed by his attorney general in 1981. For more than three decades since, attempts to implement the proposal have all met with failure, but now national ID is back, and it’s worse than ever.

Read the whole thing.

The irony is that appropriate immigration reforms—those that align the law with our country’s need for immigrant workers—could dispense entirely with “internal enforcement,” national employment surveillance, and deputization of businesses as immigration agents.

“We’re Going to Have to Come Up with Something.”

And that something is a national ID.

The quote is Senator Chuck Schumer’s (D-NY), speaking about immigration reform at Politico’s Playbook Breakfast. The national ID gloss is mine, based on the immutable logic of “internal enforcement.”

Senators Schumer and McCain (R-AZ) say that the “Gang of Eight” senators who are working up an immigration reform package are united on the idea of making it impossible for illegal immigrants to get work in the United States. The only way to do that is to put all working Americans—if you work, that means you—into a national ID system.

“People say, ‘National ID card,’” Senator Schumer says. They do because that is what he’s talking about.

Now, they haven’t gotten all the way through the logic of their plans. Senator Schumer talks about a “non-forgeable [Social Security] card,” but a Social Security card only proves that a certain name is linked to a certain number. If a system is going to prove that a given person is entitled to work in the United States, it must be an identity system. It must compare the identifiers of the person to the identifiers in the system, whether held on a card or in a database, so that it can assess their legal status, including natural-born citizenship.

This is why Senator Schumer also talks about biometrics. The system must biometrically identity everyone who works—you, me, and every working American you know. There is no way to do internal enforcement of immigration law without a biometric national identity system.

It looks as though E-Verify, an incipient national ID system, will be a part of most or all comprehensive immigration reform proposals. Ironically, immigration reform that aligns the law with our country’s economic need for labor would obviate the need for E-Verify and a national ID. 

There are lots of ways to become familiar with the national ID issues that have yet to bubble up in this early stage of the immigration reform debate. My 2006 book, Identity Crisis, is a decent primer on identity and national ID generally. I examined the direct line between internal enforcement of immigration law and a national ID in my 2008 paper: “Electronic Employment Eligibility Verification: Franz Kafka’s Solution to Illegal Immigration.” And my article in last year’s special Cato Journal on immigration reform was called: “Internal Enforcement, E-Verify, and the Road to a National ID.”

Milton Friedman on Business’s ‘Suicidal Impulse’

In a Wall Street Journal column titled “Silicon Valley’s ‘Suicide Impulse’” (Google the title if you can’t access it), Gordon Crovitz cites Milton Friedman’s speech to a Cato Institute conference in Silicon Valley in 1999:

In 1999, economist Milton Friedman issued a warning to technology executives at a Cato Institute conference: “Is it really in the self-interest of Silicon Valley to set the government on Microsoft? Your industry, the computer industry, moves so much more rapidly than the legal process that by the time this suit is over, who knows what the shape of the industry will be? Never mind the fact that the human energy and the money that will be spent in hiring my fellow economists, as well as in other ways, would be much more productively employed in improving your products. It’s a waste!”

He predicted: “You will rue the day when you called in the government. From now on, the computer industry, which has been very fortunate in that it has been relatively free of government intrusion, will experience a continuous increase in government regulation. Antitrust very quickly becomes regulation. Here again is a case that seems to me to illustrate the suicide impulse of the business community.”

You can find the full text of Friedman’s talk here.

For more on business’s suicidal impulses, see “Why Silicon Valley Should Not Normalize Relations With Washington, D.C.” by entrepreneur T. J. Rodgers; “The Sad State of Cyber-Politics” by Adam Thierer; and my own “Apple: Too Big Not to Nail.”