Topic: Telecom, Internet & Information Policy

Sending Up Security

People are highly tuned risk managers. Daily, we make decision about risky things like crossing streets. To do so, we analyze the speed and density of traffic, light conditions, our own physical skills, and myriad other factors to determine whether to cross in the middle of a block or at a controlled intersection.

Five years since 9/11, people are getting better at assessing the risks of terrorist acts. And people are growing increasingly skeptical of the risk choices being made for them by the Department of Homeland Security. The evidence? Their willingness to see security lampooned.

The writers at The Onion are undoubtedly finding a good reception for this send-up of the Transportation Security Administration’s liquids rules.

And people are diverting themselves from their exasperation with airport security using this fun game

A basic indictment of government-provided security is in daily newspapers’ comic sections this morning. Syndicated cartoon Bizarro by Dan Piraro is titled “Orientation Seminar at Homeland Security.” It depicts a teacher at a chalkboard that says “Inconvenience = Security.” (Available online here early next month). 

The funny bone is a highly tuned instrument, and it’s showing the dissonance in air security today. 

Feariness about Data Loss

In the spirit of Stephen Colbert’s “truthiness,” here’s another useful term for the pop lexicon:

fear i ness (fir’ e-nes) n. The quality of being feared, even though logic and/or evidence indicates there is little to fear.

A prime example of feariness right now is data loss — the loss of control over confidential information that could lead to violation of a person’s privacy, identity theft, and fraud. This feariness has been fanned by the recent thefts of government and corporate computer hardware containing important data files.

Though privacy violations and fraud are worrisome, an article in today’s New York Times explains that much of the alarm over data loss is just feariness:

The veterans’ laptop episode underscores the crucial distinction between data loss and malicious data theft — a distinction that has often been glossed over or ignored in the recent wave of alarming disclosures of data breaches at government agencies, universities, companies and hospitals. In most cases, the consequences — financial and otherwise — of the data losses have been slight.

But while high-profile data breaches are common, there is no evidence of a surge in identity theft or financial fraud as a result. In fact, there is scant evidence that identity theft and financial fraud have increased at all. Even when computer networks are cracked into, and troves of personal information intentionally stolen, fraudsters can typically exploit only a tiny fraction of it.

Readers of Cato’s Regulation Magazine already know this story. In last spring’s issue, Tom Lenard and Paul Rubin describe how the incidence of data theft–inducing fraud is fairly stable, how most of that fraud is the product of the theft of old-fashioned paper statements instead of electronic information, and how the response to data loss (including government-mandated response) is far more costly in aggregate than any resulting fraud.

Harpers Denounce Border Plan, ID Systems

A prominent Harper spoke out this week against the plan to require passports or passport-‘lite’ ID cards for crossing the U.S.-Canada border. That’s Canadian Prime Minister Stephen Harper. 

He is no relation to the Cato Institute’s director of information policy studies, Jim Harper, who spoke out about the Western Hemisphere Travel Initiative’s PASS card system two weeks ago

The Western Hemisphere Travel Initiative (WHTI) sounds like a wonderful thing. It’s hard to be against travel. But WHTI is actually about shrinking commerce and travel among the friendly countries in our region.

In the Intelligence Reform and Terrorism Prevention Act of 2004, Congress pushed the Department of Homeland Security to create an “automated biometric entry and exit data system” for people crossing the borders. A prominent proposal is the PASS card, which stands for People Access Security Service. It is envisioned as a card containing an RFID chip that is to be given to passport holders. The chip would alert the DHS when a person arrives at a border crossing. 

“Pre-positioning” data by sending an electronic signal from 30 or more feet sounds like it would make border crossings go faster. But moving identification data is not what takes time at border crossings — it’s checking to see if the person and the identity information match up. 

An RFID-chipped PASS card would mean that lots more information about American citizens’ movements would be collected. It’s a system not just verifying that travelers are citizens or legal aliens — it’s a system for collecting information about our comings and goings, yet another dimension of our lives revealed to the government to do with as it will.

Congress seems held in thrall by national ID systems. Last week, the House passed a bill to require showing identification cards for voting. And, of course, we already have the REAL ID Act, which by May 2008 will have states issuing drivers’ licenses and ID cards to national standards (sharing driver information nationwide, too) — if states comply. Harper of the Cato Institute testified to a New Mexico legislative committee about that issue last week. The National Conference of State Legislatures reports that compliance with the REAL ID Act will cost $11 billion dollars nationwide.

Identification seems to offer an easy technological quick-fix for ailments like illegal immigration and terrorism. But what most of these schemes would do is further regiment and control law-abiding people while merely inconveninencing criminals, terrorists, and any other threat with a modicum of sophistication and motivation.

My book Identity Crisis has more on this and all other facets of identification.

Cato Unbound - Migrating Toward National ID?

The current Cato Unbound, Mexicans in America, is the usual provocative and wide-ranging fare.  There’s no lack of issues - or passion - in the debate about immigration.

One item in the current discussion that piques my interest - indeed, concerns me - is the formative consensus that “internal enforcement” of the immigration laws is a good idea. 

University of Texas at Austin economics professor Stephen Trejo writes:

Given that most illegal immigrants come to the United States to work, why don’t we get serious about workplace enforcement? Retail stores are able to verify in a matter of seconds consumer credit cards used to make purchases. Why couldn’t a similar system be put in place to verify the Social Security numbers of employees before they are hired? …  I suspect that we could do much more to control illegal immigration by directing technology and other enforcement resources toward the workplace rather than toward our porous southern border.

Doug Massey, co-director of the Mexican Migration Project at the Office of Population Research, Princeton University, has interesting information and ideas for reform to which he would adjoin ”a simple employment verification program required of all employers to confirm the right to work.”

It does sound simple - until you step back and realize that the simple idea they’re talking about is giving the federal government the power to approve or reject every Americans’ job application.  Does anyone think that this power, once adopted - and the technology put in place to administer it - will be limited to immigration law enforcement?

To do this, all people - not just immigrants, all people - would have to be able to prove their identity to federal standards, likely using some kind of bullet-proof identity document (even more secure than current law requires).  That will soon be in place thanks to the REAL ID Act.  Once we’re all carrying a bullet-proof identity document, do you think that its use will be limited to proof of identity for new employees?

It’s easy to see how facile acceptance of internal immigration law enforcement adds weight to arguments for expanded government control and tracking of all citizens.  There are plenty of reasons to be concerned with internal enforcement, and the national ID almost certainly required to make that possible.  Many of them are discussed in my book, Identity Crisis: How Identification is Overused and Misunderstood.

Privacy Debacle Top Ten

Wired News reporter Annalee Newitz has compiled a “top ten” list of privacy debacles

It’s easy to quibble with the results, but I was delighted to see “The Creation of the Social Security Number” at #1.  Our national identifier has used its government backing to push aside all others and enable government and corporate surveillance on a scale that would never have occurred under natural conditions.

In Identity Crisis: How Identification is Overused and Misunderstood, I discuss how the uniform identification system we’ve built around the Social Security Number is insecure for individuals, making information about them too readily available to governments, corporations, and crooks. 

The fix is nothing so ham-handed as banning uses of Social Security Numbers.  Rather, it will be necessary to remake our identification systems so that they are diverse and competitive, and thus solicitous of individuals’ interests.