Does Online Vigilantism Make Sense?

Clyde Wayne Crews of the Competitive Enterprise Institute has a new piece out on cybersecurity, online vigilantism, and white hat hacking. It explores the many avenues for countering bad actors in the online environment, and draws a line between reaching out to aggress against them and using deception and guile to confound and frustrate them.

The piece is apparently motivated by the the “Peer-to-Peer Piracy Prevention Act,” introduced a couple of years ago, which would have given the music industry immunity from liability for accessing peer-to-peer networks and attempting to prevent trade in their copyrighted material. Crews says “the industry is bound to try again.” His conclusion: “Explicit liability protection for particular classes of white hat hacking is ill advised… . A green light for hacking can work against broader cybersecurity and intellectual property goals, and there are alternatives.”

The End of Fidel Castro?

NPR has a report this morning that it’s looking more and more like Fidel Castro is terminally ill and will not return to power. NPR and Reuters both suggest that younger brother Raul Castro may open up the economy and even the political system to some extent.

Meanwhile, after 47 years of tyranny, some leftists still revere the Cuban dictator. A “colossal portrait” depicting Castro as “a champion of civil rights” will be unveiled in Central Park on November 8.

Illusions of Risk

Despite my digs at Jacob Hacker’s new book, I don’t find it implausible that middle-class Americans do feel that their lives are economically precarious, even when they are, in objective terms, immensely economically secure. The question is whether attempting to ameliorate that feeling is a worthwhile aim for liberal policy. Let’s start with a comment Hacker made two weeks ago:

If you have trouble figuring out why risk makes people anxious and unhappy, consider this simple thought experiment: How much of your income would you be willing to put at risk to get a chance at twice your current income? If you’re like most Americans, the answer is “not much”—and for a simple reason: While you’d love to have more money, your life would be thrown into turmoil if your income dropped by, say, half.

Social psychologists have a name for this phenomenon: “loss aversion,” which means simply that we dislike losing things we have far more than we like gaining things we don’t have. No wonder: If your family income fell by half, you would risk losing your home, your health insurance, your retirement savings—in a word, your safety net. And with these vital assets would go your dreams for the future. Maybe it’s no surprise, then, that a recent poll found that even opportunity-loving Americans prefer, by a two-to-one margin, the security of having their current income protected to the chance to make more money.

Hacker’s right that loss aversion is a very real, very well-documented phenomenon. But he’s wrong to imply that the representation of turmoil upon which loss aversion is based accurately predicts the real turmoil that would be experienced in a personal economic downturn. The main point of psychologist Daniel Gilbert’s bestselling book Stumbling on Happiness is that we make systematic errors in forecasting our future feelings conditional on the occurrence of big (or even little) events, such as how we will feel upon losing half our income, to take Hacker’s example. We think it’s going to be a lot worse than it really will be. Famously, people predict that they would be deeply depressed or even suicidal if they lost a leg. Yet real amputees quickly readjust to their new reality, and recover most of their sense of well-being. (And some even report a boost in well-being, their tragedy awakening them to the importance of what they have not lost.) There is certainly a sense of turmoil before one adapts to new circumstances. Indeed, the sense of turmoil is part of the process of adaptation and the recalibration of expectations.

Obviously, whether losing half your family income will dash “your dreams for the future” depends on how big your income was, and what your dreams were. If I had a job that paid 100K, and now I’ve got a job that pays 50K, then I still have my 501K, my health insurance, and probably a lot more safety net than I need. If I can’t now afford the payments on the Mercedes, well, bummer. If the kids are going to have to go to State U, fine. It’s not the job of my taxpaying neighbors to ensure that I can indeed afford Yale once I set my heart on it.

Sure, loss-averse Americans might like the idea of a constantly rising safety net that ensures a short fall, no matter how far we rise. But it’s not what we need, or even ultimately want. The best explanation for human loss aversion is its utility under conditions of scarcity in our environment of evolutionary adaptedness, tens of thousands of years ago. If you’re on the edge, a loss can mean death. But when you’re further from the edge than people have ever been, like well-to-do Americans are now, anxiety about risk and loss can lock us into bad situations, like unsatisfying jobs or loveless relationships. Our overinflated anxieties about the downside of big changes can be one of our biggest enemies. Middle- and upper-class Americans with college degrees have built-in safety nets in the form of their education and skills, and in virtue of being already enmeshed in the most successful wealth-producing institutions in history. The net is already only two inches from our feet. Losses suck, and we hate them. But I find it hard to believe that this is seriously considered a liberal proposal, or a sufficient basis for massive government intervention into our economy and fantastically comfortable and secure lives.

As I said in the last Hacker post, the main bout in the intramural liberal fight is about which set of institutions will provide what we need to exercise our autonomy and realize our ends. I don’t think a lavish social insurance state is the ticket for the poor, and certainly not for the middle. Americans from the middle on up are a class of extremely privileged people whose satisfaction with life ultimately requires moving beyond a complacent sense of safety and facing and taking more risk. Hacker would argue that people will take more risks if the downside is softer. That’s may be true, though it is also possible that people will just readjust their sense of entitlement, finding ever-smaller objective risks equally subjectively intolerable. But we would very probably take more rational, life-enhancing risks if we realized, with the help of a little self-administered cognitive-behavioral therapy, that the downside is already softer than we think. Hacker’s attempt to goad the American middle class into becoming ever more freaked out by their Pleistocene fear of loss is like telling a spoiled child she should definitely wail with a sense of entitled injustice unless she is given yet another pretty pretty pony. It’s perverse, and it’s not helping anyone.

If you haven’t had enough Hacker, here’s Matt Yglesias criticizing Hacker from the left . Let me say something about one point Matt makes about a point he attributes to Hacker:

If the broader economy is getting riskier, this is something public policy should aim to mitigate, rather than exacerbate. The point was simple, useful, and utterly correct.

I don’t think this point is simple, correct, or useful for much other than confusion. Again, if the risk we’re talking about is just the risk of your income fluctuating a bit, a liberal concerned about economic security has little reason to care as long as the fluctuations occur above the threshold of economic suffciency. Furthermore, if those fluctuations don’t generally cause much real harm, but are a symptom of an increasingly dynamic economy that will tend to give people greater opportunity to express their autonomy and realize their ends over the course of their entire lifetimes, then this kind of “risk” may well be something public policy should aim to exacerbate. Progress is not generally something you want to mitigate.

Topics:

Vegemitegate: the Saga Continues

An update from my post yesterday on the supposed ban on Vegemite: its not true. According to this article, it is all just a misunderstanding between friends:

Under US regulations, folate can be added only to breads and cereals. One of the Vitamin B components (in Vegemite) is folate,’ [FDA spokesman] Herndon explained. ‘In and of itself, it’s not a violation. If they’re adding folate to it, boosting it up, technically it would be a violation. But the FDA has not targeted it and I don’t think we intend to target Vegemite simply because of that.’

OK, Mr. FDA. I’ll call off the hounds. But I will be testing your system in January when I return from Australia with a year’s worth of Vegemite in my suitcase.

Spontaneous Order Be Damned

In the Washington Post today, columnist Marc Fisher discusses the birth of a community gathering place in Silver Spring, Maryland, a suburb of D.C. The county government cleared a downtown area a couple years ago in preparation for a big and expensive redevelopment scheme featuring an ice rink, civic building, and veterans memorial. The 35,000 square foot site has been covered with inexpensive artificial grass and citizens of all ages are using it as a meeting place and an area to play games and have family picnics.  

Now that the government wants to go ahead and put up its fancy structures on the grass area, citzens are saying essentially “wait a minute, we kinda like this impromtu community gathering place, we don’t want to see it go.” One young person said the current place is such a success because it is “unprogrammed.”

I’m no expert, but I suspect that much urban planning has been poor because planners and politicians fall in love with pristine architectural sketches of grand new projects, and don’t spend much time actually observing how citizens use the streets, buildings, roads, and environment.  

Topics:

Carrying Liberalization Further

I’m in Tbilisi for our conference on “Freedom, Commerce, and Peace: A Regional Agenda.”  It starts tomorrow evening, but many of the participants are arriving tonight (Tbilisi is a great place, but not the easiest to reach, especially after the Russian government banned all travel between the Russian Federation and Georgia).  What was originally planned for 100 participants has grown to at least 180 (and maybe more).  It’s great to talk to libertarians from so many countries (28 in all) and to feel the excitement for the advancement of freedom.

The keynote speaker tomorrow night will be Nobel Laureate Vernon Smith, who will speak on a topic that has gained greater significance since the Russian blockade on trade and travel with Georgia: “Globalization and Liberty.”  The speakers were chosen for their ability to inspire, as well as for their practical knowledge.  The other banquet speakers will be Georgian Prime Minister Zurab Nogaideli and former Estonian Prime Minister Mart Laar (winner of the Cato Institute’s 2006 Milton Friedman Prize for Advancing Liberty).  I’ll be posting occasionally from the conference.

Should Government Identity Documents Use RFID?

Interesting question - and perhaps simpler than many people think. 

Back in June, the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee (on which I serve) published a draft report on the use of RFID for human tracking.  (“RFID” stands for radio frequency identification, a suite of technologies that identify items - and, if put in cards, track people - by radio.)  The report poured cold water on using RFID in government-mandated identity cards and documents.  This met with some consternation among the DHS bureaus that plan to use RFID this way, and among the businesses eager to sell the technology to the government.

Despite diligent work to put the report in final form, the Committee took a pass on it at its most recent meeting in September - nominally because new members of the Committee had not had time to consider it.  The Committee is expected to finish this work and finalize the report in December.

But skeptics of the report continue to come out of the woodwork.  Most recently, the Center for Democracy and Technology wrote a letter to the Privacy Committee encouraging more study of the issue, implicitly discouraging the Committee from finding against RFID-embedded government documents.  CDT invited ”a deeper factual inquiry and analysis [that] would foster more thoughtful and constructive public dialog.”

If the correct answer is ”no,” do you have to say “yes” to be constructive? RFID offers no anti-forgery or anti-tampering benefit over other digital technologies that can be used in identification cards - indeed it has greater security weaknesses than alternatives.  And RFID has only negligible benefits in terms of speed and convenience because it does not assist with the comparison between the identifiers on a card and the bearer of the card.  This is what takes up all the time in the process of identifying someone.   (If that’s too much jargon, you need to read my book Identity Crisis: How Identification is Overused and Misunderstood.)

I shared my impression of CDT’s comments in an e-mail back to Jim Dempsey.  Jim and CDT do valuable work, but I think they are late to this discussion and are unwittingly undermining the Privacy Committee’s work to protect Americans’ privacy and civil liberties. My missive helps illustrate the thinking and the urgency of this problem, so after the jump, the contents of that e-mail:

Jim:

I’ve had time now to read your follow-up comments on the Department of Homeland Security Privacy Committee’s draft report on RFID and human tracking, and you and I have spoken about it briefly.  I wanted to offer a response in writing, and make my thinking available to others, because you and CDT are important figures in discussions like this.

First, I think it’s important to put the burden of proof in the right place.  When DHS proposes a change as significant as moving to radio-frequency-based (RF), digital human identification systems, the burden of proof is on the DHS to show why they should be adopted.  The burden is not on the Committee to show why they should not.

The use of digital methods to identify people is a sea change in the process of identification.  You know well, because you have written on these subjects extensively, that digital technologies make it very easy to collect, store, copy, transfer, and re-use personal information.  The leading identification systems being proposed and deployed for use on Americans are not just digital – they go a step further and use radio frequency technology of various stripes. 

Digital identification systems, such as the government-mandated RF systems we discuss generally in the report, have entirely different consequences for privacy from the analog and visual identification methods primarily used in government ID up to this point.  We begin to explore these consequences in the report. 

The report tries to confine itself to the concerns created by the addition of RF because trying to reach all the concerns with government-mandated digital ID systems is such a formidable task and because RF systems are the leading ones under consideration and development. 

Which brings me to a second important point: These systems are being designed, built, and implemented right now

The DHS components that want to use RFID to track people are not awaiting the study or studies you propose.  The Privacy Committee’s role is to call out important privacy issues at relevant times and the draft report on using RFID for human tracking does that. 

If you wish to step back and ponder the issues, you are welcome to, but the inference I draw from your letter – that we should delay or suspend the Committee’s report on use of RFID for human tracking – would make the Committee a full participant in a program planning scenario we see too often in Washington, D.C.:  “Ready … fire … AIM!”

As you point out, the draft report does not reach every concern with every system, nor the detailed differences among them.  But it is not the job of the Committee to perform the in-depth study or studies you suggest. That is the job of the Department of Homeland Security components that seek to deploy these systems.

The members of the drafting subcommittee sought information about these systems and the privacy issues associated with them, and considered everything we were told and given by industry, privacy advocates, members of the public, and DHS components.  The information we have leads us fairly and accurately to conclude that the merits (and, through cost-benefit comparison, the net benefits) of these systems have not been shown.

I won’t belabor the specifics of all you invite the Committee to study in your comments, but I was particularly struck by your challenge to us to substantiate the following statement from the draft report:  “Without formidable safeguards, the use of RFID in identification cards and tokens will tend to enable the tracking of individuals’ movements, profiling of their activities and subsequent, non-security-related use of identification and derived information.”

Jim, we have yet to see an RF human identification system that does not collect and store information about every American subject to it for at least 75 years. You know that data collections this deep, held for periods of time this long, tend to find new, unanticipated, and often undesirable uses.  This is but one of the concerns with these systems.

Your letter is awfully sanguine for an organization that advocates for civil liberties and democratic values.  If CDT plans to do a “full and objective” assessment of RFID’s use in human tracking, I would be happy to help bring you up to speed.

 

Jim Harper
Director of Information Policy Studies
The Cato Institute