Topic: Telecom, Internet & Information Policy

The Senate’s Rushed Debate on NSA Spying Powers

As I write, the Senate is gathering in an unusual special session to debate the reauthorization of the FISA Amendments Act, which I discussed in a recent Cato podcast. Unfortunately, as Sen. Ron Wyden pointed out in opening the discussion, this sparsely-attended holiday session is likely to be the only full floor debate on sweeping surveillance legislation that has been in force for four years already (during which we know it has already been used unconstitutionally), and is all but certain to be renewed for another five. That’s especially disturbing given that, when the House debated the law back in September, its strongest supporters revealed themselves to be profoundly confused about what the law does, and just how much warrantless spying on the communications of American citizens it permits, despite being nominally restricted to “foreign targets.”

Our friends at the Heritage Foundation have a post up sounding the Klaxon to warn of dire consequences if the Senate fails to renew the law without substantial changes. Hearteningly, even Heritage seems to be comfortable with proposed reforms requiring the secret FISA Court to publish declassified versions of substantial interpretations of the statute, so we are not effectively living under a body of secret law.  But their vague claim that some amendments would “substantially change the nature of the legislation” doesn’t really hold up.

Here’s a rundown of amendments that will be proposed. With the exception of a genuinely radical one offered by Sen. Rand Paul—proposing that the Fourth Amendment applies to our digital records and communications even when they’re stored by an Internet company—they’re all very mild, utterly common sense tweaks. One offered by Sen. Pat Leahy would extend the FAA for three years rather than five, in hopes that we might actually have a more substantial debate about this incredible spying power soon. Sen. Jeff Merkley is offering the one mentioned above, ensuring that we’re not living under secret law.  

Finally, Sen. Wyden has two important amendments. One would require the NSA to produce a rough estimate of how many Americans’ communications are intercepted under the sweeping “vacuum cleaner” style programs authorized by FAA, which they have thus far refused to do, probably in part because the number would be distressingly high.  A second would prohibit “backdoor searches” targeting Americans.  The idea here is that precisely because warrantless FISA surveillance is so sweeping, and large numbers of Americans’ communications are likely to end up in the NSA database even if foreign groups are in theory the “target” of surveillance—as we know has already happened on a large scale—it becomes possible to effectively “target” Americans simply by entering their names or other identifying information in searches of the database.  That’s obviously a way of circumventing the law’s ban on “reverse targeting” that is really meant to spy on Americans under authority nominally aimed at foreigners. Wyden’s amendment would simply require an individualized FISA warrant when agents want to search their vast communications database for a particular American’s information. The NSA has objected to the term “backdoor searches” and the characterization of this process as a “loophole” in the law—but they certainly haven’t denied that the law as written allows them to do this, and have resisted this effort to prohibit it. Yet if, as supporters insist, this is really a law aimed at foreigners rather than Americans, surely such a requirement should be a no-brainer.

Amendments aside, it’s worth noting that nothing dire would happen if the law expired for a while. Programmatic surveillance authorizations under the law—covering entire “categories” of surveillance targets rather than particular people—last for a year, and would continue unmolested if the law lapsed. As we now know, claims made in 2008 about immediate problems arising from the expiration of the predecessor to the FAA were highly misleading, and one suspects deliberately so. We also know that the hyperbolic claims about the value of the initial, extralegal warrantless wiretap program didn’t hold up to scrutiny once the Inspectors General got around to auditing the program. There’s no realistic chance the Senate is going to let this legislation expire but, Mayan calendar notwithstanding, the world would not end if it did.

Given that this law is going to be renewed, ask yourself: Aren’t the checks discussed above just common sense? Shouldn’t we know what the laws we live under actually mean, as interpreted by the courts?  Shouldn’t we know approximately how many Americans are being secretly spied on by the government? If a surveillance program is, in principle, supposed to be exclusively aimed at foreigners, then shouldn’t a warrant be required before  that program can be explicitly and deliberately used to read the e-mails of Americans? It is hard to imagine how anyone could oppose any of these principles, whether or not they approve of the FISA Amendments Act as a whole. If our friends at Heritage—or more to the point, members of the Senate—do oppose any of these, we should at least ask for a convincing explanation of why, not a vague suggestion that we’re all in danger unless we shut up and embrace the status quo.

FTC Oversteps Its Bounds

This week, the Federal Trade Commission awarded itself a holiday gift: more regulation of the Internet.

Under the Children’s Online Privacy Protection Act, a 1998 law designed to insulate children from marketing, It Takes a Village-style, the FTC found that it gets to regulate more intensively and confusingly.

The regulation is a mostly unremarkable expansion of authority. Like any political actor would do, the FTC followed the path of least resistance, avoiding raising the hackles of any major player in the marketplace. (Regulation tends to advance the way spilled paint spreads on cobblestone.) Of course, there are few major players in the marketplace because COPPA has increased the cost of serving entertaining and educational content to children since the Internet’s earliest days. The Association for Competitive Technology got it right in a release calling COPPA “improved for big companies, not for education startups.”

One interesting point about the new regulation is not political, though. It’s legal. The agency arguably overstepped the authority Congress gave it.

FTC Commissioner Maureen Ohlhausen explains:

The statute provides, “It is unlawful for an operator of a website or online service directed to children, or any operator that has actual knowledge that it is collecting personal information from a child, to collect personal information from a child in a manner that violates the regulations prescribed [by the FTC].” … [T]he amendments add a new proviso to the definition of operator in the COPPA Rule: “Personal information is collected or maintained on behalf of an operator when: (a) it is collected or maintained by an agent or service provider of the operator; or (b) the operator benefits by allowing another person to collect personal information directly from users of such website or online service.” The proposed amendments construe the term “on whose behalf such information is collected and maintained” to reach child-directed websites or services that merely derive from a third-party plug-in some kind of benefit, which may well be unrelated to the collection and use of children’s information (e.g., content, functionality, or advertising revenue).

In other words, if a Web site directed at children uses third-party plug-ins to enhance its functionality, analytical capability, and such, and if the plug-in collects information, then the Web site operator is responsible as if it were collecting the information. The result? Web sites aimed at children will avoid using third-party technology to enhance the experience of kids.

Commissioner Ohlhausen: “I find that this proviso—which would extend COPPA obligations to entities that do not collect personal information from children or have access to or control of such information collected by a third-party—does not comport with the plain meaning of the statutory definition of an operator in COPPA.”

Time, Once Again, for Our Odd National ID Ritual

It doesn’t happen on the same cycle as our annual holiday traditions, but the arrival of another REAL ID compliance deadline means that it’s time for some comfortable and time-worn rituals.

Federal bureaucrats caroling? Security hawks lighting the menorah? Alas, nothing so charming.

The January 15 “deadline” for state compliance with our national ID law, the REAL ID Act, will bring out state and local officials worrying about whether people will be able to board planes in late January. You see, REAL ID says that federal officials like the TSA can’t accept IDs from non-compliant states. Greg Roberts from the Lafayette (LA) Regional Airport thinks the TSA might turn away travelers bearing IDs from his state next month.

Federal officials will then send worried missives to Department of Homeland Security Secretary Janet Napolitano. “What will become of us if you don’t extend the deadline?” they’ll plead, hoping for their constituents to hear. Senators Jeff Bingaman (D) and Tom Udall (D) of New Mexico did that this week.

Next comes the secretary of homeland security.

Sometimes, our top homeland security official is very, very scary toward the states, like Michael Chertoff was. “There comes a point in time where all the discussion and analysis has to stop,” he said in a press conference nearly five years ago. “The time has come to bite the bullet.”

Sometimes, the DHS secretary is very, very quiet, like Janet Napolitano. Having blocked REAL ID legislation as Arizona’s governor, she’s been all over the map since becoming a federal official. She knows REAL ID is going nowhere, but she doesn’t want to attract the slings of Republican security hawks who would try to blame her and President Obama for it.

And that’s the most amusing part of this tradition. REAL ID is going nowhere fast. But people in the press don’t know that. And state and local officials don’t follow the issue carefully, so they think they have to fall in line with the national ID program. Yet they never have, and they never will.

Lasers: The End of Privacy?

Gizmodo points to some outré technology on the Department of Homeland Security’s drawing board.

Within the next year or two, the U.S. Department of Homeland Security will instantly know everything about your body, clothes, and luggage with a new laser-based molecular scanner fired from 164 feet (50 meters) away. From traces of drugs or gun powder on your clothes to what you had for breakfast to the adrenaline level in your body—agents will be able to get any information they want without even touching you.

I don’t know about each of the technologies in this article, but the one I do know of—Raman spectroscopy—works by exciting a molecule with a laser. When the molecule returns to its normal state, it gives off a distinct photon that can be treated as a signature of the molecule. Thus, munitions and drug detection becomes “easy.”

Here’s why “easy” is in scare-quotes: At anything other than a very small distance, you have to shine a very high-intensity laser and have very sensitive detection equipment to gather the signature. The laser would fry people’s skin and burn their retinas, and the sensor would probably not work in the noisy, dusty areas where they might use these devices. There may be some new technology that defeats these challenges of physics, of course, but I hope not.

The article says there has “so far been no discussion about the personal rights and privacy issues involved.” Not true!

On page nine of Cato’s brief to the Supreme Court in Florida v. Jardines, we noted this developmental technology as an example of something that could perform quite invasive analysis without being a “search” under the Jacobsen/Caballes corollary to the “reasonable expectation of privacy” test from Katz v. United States.

The doctrine that arose from Katz was that a Fourth Amendment search occurs when one’s reasonable expectations of privacy are upended by government action. When government action only detects only illegal drugs, such as when a drug-detecting dog sniffed Caballes’s car, this is something in which a person can have no reasonable expectation of privacy, so no search has occurred. Get it?

Technologies like remote Raman spectroscopy illustrate the absurd result Katz doctrine produced in Jacobsen and Caballes. Katz and the Jacobsen/Caballes corollary are junk.

Cato’s Jardines brief points out the better way to administer the Fourth Amendment: When government agents use uncommon technology to perceive otherwise imperceptible things, that is searching. If the searching is appurtenant to our persons, houses, papers, and effects, it must be reasonable. In the vast majority of cases, that means getting a warrant.

Lasers won’t be the end of privacy if I can help it.

Advertising, Credit Reporting, and ‘Anti-Objectification’

You need a set of priors that I lack to stay interested in the forthcoming Suffolk University Law Review article, “Selling Consumers, Not Lists: The New World of Digital Decision-Making and the Role of the Fair Credit Reporting Act.” I think the thing animating authors Ed Mierzwinski and Jeff Chester is what I call “anti-objectification,” a desire at the outskirts of the privacy concept. It is bad, anti-objectifiers appear to believe, when a person is treated as a mere object of commerce, observed and communicated with on that basis alone.

Without anti-objectification, I can’t find much of anything wrong in their description of the emerging world of digital data collection and marketing. There is an impressive and complex array of techniques coming online to discover what people want, learn when they want it, and communicate with them in ways that will spur them to act on their desires.

Given the wrongs they perceive in these developments—which, again, I must guess at—Mierzwinski and Chester make a broad pitch to have online marketing drawn under the blanket of Fair Credit Reporting Act regulation. Not only the Federal Trade Commission, but the new, unconstrained Consumer Financial Protection Board, should look at bringing online advertising within the FCRA, they say.

Given the paucity of (apparent) harms to be rectified, one struggles to examine how broadening regulation of the information economy would improve things. But I don’t know why the Fair Credit Reporting Act would be a model anyway. In forty years, the FCRA has not cured the ills that Senator Proxmire (D-WI) recited when he introduced the law—to judge by the words of self-styled consumer advocates, at least. New challenges have emerged, and the FCRA has turned credit bureaus to the government’s use in financial surveillance. The FCRA preempted state common law—you can’t sustain a defamation action against a credit bureau, no matter how wrong its reporting is—replacing it with opaque and unwieldy bureaucratic procedures for those who believe their credit bureau records are inaccurate.

The FCRA already reduces consumer welfare by keeping new entrants out of the credit reporting business. When companies edge toward providing data that might be used for credit decisions, employment screening, housing, and the like, they quickly learn to eschew that market so they can avoid the FCRA’s obligations and regulator inquests. The result? Our economy is making less intelligent decisions about credit, employment, and housing. Efficiences that would lower costs to consumers across the board are not being found.

I drew lessons from the failure of the Fair Credit Reporting Act to fix things in my paper “Reputation under Regulation: The Fair Credit Reporting Act at 40 and Lessons for the Internet Privacy Debate.”

Privacy Regulation and Political Economy

Good-hearted people want to cure hunger, ignorance, and other human deficits. Many see the cure in taking from the group of “haves” and giving to the “have-nots.” Along with the injustice of the transfer itself, libertarians like to point out the backward incentives that generous, systematic giving creates. Poverty and ignorance becomes a low-end, but survivable, mode of living. It’s not really a surprise that these problems respond to subsidy by becoming intractable.

That’s simple math to people who understand incentives, so it shouldn’t be hard to recognize incentive structures and their warping in other areas. Take federalism. The Constitution set out a design for government that aligned political incentives well. With a limited federal government and plenary powers left with the states, elected officials closer to the people would provide better government because they would be responsible to smaller numbers of people at the ballot box.

When state officials go wrong, good-hearted, economically-minded people want to cure their deficits. Many see the cure in removing power from the state level to the federal through preemption. State regulation can interfere with national markets, and there is a Commerce Clause that arguably permits national regulation of all things commercial.

But the Commerce Clause was not a grant of plenary authority over commerce anywhere in the United States. It gave Congress power to “regulate commerce with foreign nations, and among the several states, and with the Indian tribes.” Think of a border sentry tasked mostly with preventing anyone from erecting gates.

One can “fix” bad state regulation by replacing it with a less-bad, nationally uniform rule. But doing so frees state officials from responsibility. The subsidy makes carelessness a low-end, but survivable mode of governing.

So with California Attorney General Kamala Harris brandishing $2,500 fines per download of apps in California if they don’t meet the terms of the California Online Privacy Protection Act, I don’t think the right answer is for the federal government to whisk in with its own less-bad privacy law that preempts California’s. The attorney general and the authors of California’s law should be allowed to let their behavior have its effects in their state, responding to their state’s voters if it has negative consequences.

The federal government’s only response should be to make clear that there are limits on California’s ability to bring out-of-staters into court. The federal government should preserve the right of people and businesses to exit states that make themselves unfriendly through high taxes, poor services, and inefficient regulation. This will set up the incentive structure under which governance in the United States will thrive, perhaps at the cost of California sinking into the ocean.

What I’m Telling Thursday’s Panelists

This morning, I’m gearing up for Thursday’s noon-time Cato book forum on the Mercatus/Jerry Brito book, Copyright Unbalanced: From Incentive to Excess.

With the recent release and withdrawal of a Republican Study Committee memo on copyright policy, there is even greater tension around the issues than usual. So here’s a line from the planning email I sent to panelists Jerry Brito, Tom W. Bell, and Mitch Glazier.

Given how hot the issues we’ll discuss tend to be, I’ll emphasize that we’re all friends through the transitive property of friendship. I’ll be policing against ad hominem and stuff like that coming from any side. In other words, don’t bother saying or implying why a co-panelist thinks what he does because you don’t know, and because I’ll make fun of you for it.

It might be worth coming just to see how well I do with my moderation duties. Whatever the case, I think our panelists will provide a vibrant discussion on the question of where libertarians and conservatives should be on copyright. Register here now.