Topic: Telecom, Internet & Information Policy

Seattle: County Mines “Courtesy Card” Data To Identify Dog Owners

They’ll be watching you: King County (Seattle) uses grocery loyalty card data to figure out who owns pets, according to a new report from local station KOMO. It then sends them letters warning of a $250 fine if they do not license the animals. The “county said they pay the company who pays stores such as Safeway …for access to customer data contained in every one of those reward card swipes.” And “the mailers work. Just last year they brought in more than $100,000 in new pet licenses.”

But remember, government needs access to Big Data to fight terrorism.

Communications and Data Meet the Fourth Amendment

This week and last, the Cato Institute filed amicus briefs urging the Supreme Court to take up two cases dealing with the constitutional status of “cell site location information,” or “CSLI.” This data, collected of necessity by cellular communications providers, creates detailed records of their customers’ movements. The briefs invite the Court to accept these cases so it can revise Fourth Amendment practice to eschew doctrine and more closely adhere to the language of the Fourth Amendment.

The Fourth Amendment states that “[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated.” Presumably, when called upon to determine whether a Fourth Amendment violation has occurred, courts would analyze the elements of this language as follows: Was there a search? Was there a seizure? Was any such search or seizure of “their persons, houses, papers, [or] effects”? Was any such search or seizure reasonable?

And in cases involving familiar physical objects, courts usually do a sound textual analysis, at least implicitly. But in harder cases dealing with unfamiliar items such as communications and data, courts retreat to “reasonable expectation of privacy” doctrine that emerged from Katz v. United States in 1967, and offshoots of it like the “third-party doctrine.” The “reasonable expectation of privacy” test asks whether defendants’ feelings about things government agents accessed were reasonable. The corollary “third-party doctrine” cancels Fourth Amendment interests in information and things that are shared on the theory that expectations of privacy evaporate in that context.

The “reasonable expectation of privacy” test is the product of one non-essential concurrence in Katz, and the third-party doctrine was wrong when the Supreme Court created it in 1976 to ratify a law that deputized banks into financial surveillance. That doctrine grows further out of synch with each step forward our society takes in modern, connected living. Today, third-party service providers collect incredibly deep reservoirs of information about us: Cellular telephone networks, Internet service providers, search engines, and payment systems have data that can throw open windows onto our relationships, feelings, health conditions, business dealings, sexuality, emotions, and more.

Governing in Ignorance

Last night Jimmy Wales, the founder of Wikipedia, delivered the first Joseph K. McLaughlin Lecture at the Cato Institute. He talked about the vision, history, organization, and impact of Wikipedia, and the influence of F. A. Hayek and his essay “The Use of Knowledge in Society” on his own initial conception of a crowdsourced encyclopedia. He also discussed Wikipedia’s occasional influence on public policy decisions, such as the defeat of the Stop Online Piracy Act (SOPA) in 2012. But I was particularly struck by this line (about 43:00 in the video):

Far too often lawmakers propose laws, and it’s fairly clear that they do not even have the most rudimentary understanding of how the internet works.

It reminded me of something Bill Clinton said at the Clinton Global Initiative in 2010:

Do you know how many political and economic decisions are made in this world by people who don’t know what in the living daylights they are talking about?

That’s a lesson policymakers ought to keep in mind whenever they contemplate legislating about health care, marriage, minimum wage laws, net neutrality, banking regulations, overtime pay, or anything else. Do they really understand how the particular market or industry works? Do they really understand how the impact of a new law or regulation will ripple through affected industries? In most cases they don’t, as Aaron Powell wrote about the lessons of SOPA:

SOPA was not the exception to the rule. Instead, it was just how things are done in Washington.

The Server Will Bewitch You Shortly

It’s been a little over a year since Bernie Sanders assured America that the public was “sick of hearing” about Hillary Clinton’s “damn e-mails,” and to put it mildly, the claim has not aged well. Even before Friday’s announcement that the FBI had uncovered an additional cache of e-mails from Clinton’s personal assistant Huma Abedin—and the inevitable media feeding frenzy that followed—Clinton’s use of a private e-mail server during her tenure as Secretary of State had remained a central campaign issue. If anything, the controversy had metastasized: The FBI’s investigation into Clinton’s server, culminating in a recommendation that no criminal charges be brought, was received by many as evidence of a corrupt cover-up even more disturbing the underlying offense, a clear-cut case of a Beltway elite getting a pass for conduct that would have seen a normal schlub clapped in irons. It’s this, probably more than any other alleged misdeeds, that has made “lock her up!” a popular refrain at Donald Trump’s rowdy rallies.

As a frequent critic of the FBI’s routine demands for broadened surveillance powers, it’s heartening to see people recognizing that the Bureau is not somehow immune to improper political influence. Moreover, given the Obama DOJ’s unprecedented use of the Espionage Act to prosecute whistleblowers (rather than spies)—his administration has pursued more cases under that law than all his predecessors’ combined—it’s hard not to feel a twinge of schadenfreude when the public concludes that Clinton’s “extreme carelessness” with classified information (as FBI director James Comey characterized it) must surely be criminal too. But in large part because I’m uneasy about normalizing this aggressive approach to the Espionage Act, I think it’s necessary to explain why this widespread perception is wrong, and Comey’s conclusion that “no reasonable prosecutor” would have pursued charges against Clinton on the available facts was pretty clearly right. While it’s impossible to know what other damaging revelations the newly discovered tranche of e-mails may contain, it seems unlikely they will materially alter that basic legal conclusion.

Grow That Government!

What does it take to make a state-level Republican policymaker work to grow the power of the Obama Administration? Not much! Washington Secretary of State Kim Wyman is a case in point.

In the wake of a shooting at a Macy’s in Mount Vernon, Washington, late last month, Secretary Wyman called for Washington State to comply with the national ID program run by the U.S. Department of Homeland Security under the REAL ID Act.

Secretary Wyman’s rationale for joining the national ID is that state authorities (including, for some reason, election officials) were unable to immediately identify the citizenship status of the shooter (who turned out to be a naturalized American citizen).

Washington State has hitherto declined to embrace REAL ID, and has been one of the states most actively pushing back against the federal program. Secretary Wyman argues that adopting REAL ID would allow the state to more quickly access federal databases and records and help prevent voter fraud in Washington State elections.

Whatever a state’s need for securing their vote, that’s no reason to join the national ID system. And REAL ID is a bloated, costly, and opaque federal program. Compliance would require Washington State to share its drivers’ personal data and copies of their digitally scanned documents with departments of motor vehicles across the country through a nationwide data sharing system. This database sharing is a two way street: Secretary Wyman might be able to access other jurisdiction’s databases, but any bad actor in a DMV from California to Connecticut could access Washington State’s.

In the wake of recent DMV hacking scandals in Louisiana and elsewhere, this concern is not overblown. Because of the hacking and identity fraud risks, and the lack of any real national security benefit, adoption of REAL ID would only make Washingtonians less safe.

Bulk-Scanning E-mail for Spy Agencies

Reuters dropped a bombshell story Tuesday afternoon, reporting that in 2015 Yahoo agreed to scan all their users’ incoming e-mails on behalf of a U.S. intelligence agency, hunting for a particular “character string” and turning over messages where it found a match to the government. Yet the vagueness of the story—which appears to be based on sources with limited access to the details of the surveillance—leaves a maddening number of unanswered questions.  Yahoo did not greatly help matters with a meticulously worded non-denial, calling the story “misleading” without calling it substantively false, and asserting that the “scanning described in the article does not exist on our systems.” (Obvious follow-up questions: Did it exist in 2015? Does it now exist on some other systems?)  Then, on Wednesday, Charlie Savage and Nicole Perlroth of The New York Times published a follow-up article fleshing out some of the details: The bulk scan was conducted pursuant to an order from the secretive Foreign Intelligence Surveillance Court, and hunted for a “digital signature” associated with a foreign state-sponsored terror group.

Of Millionaire “Fugitives” and the Rule of Law

Megaupload.com was once the 13th most popular website on the internet, with more than 82 million unique visitors and a billion total page views during its seven-year operation. The site allowed people to store files on the cloud for later use—and some users inevitably stored copyrighted TV shows, films, songs, and software. In 2012, the U.S. government charged the site’s owner, Kim Dotcom, and its operators with conspiracy to commit copyright infringement. The defendants are currently resisting extradition to the United States (Dotcom lives in New Zealand), as is their right under extradition treaties.

In 2014, the seemingly frustrated government moved to seize the defendants’ considerable assets in a civil-forfeiture action, claiming that the assets are probably connected to the alleged criminal activity. The government had a major problem, however, as the assets that they were seeking to seize were not located in the United States, but in Hong Kong and New Zealand. Under traditional rules of in rem jurisdiction—a legal theory that allows courts to gain jurisdiction over property—the court must have “control” over the property to entertain the claims, which the district court did not have in this case.

The district court, however, ignored fundamental principles of statutory construction, and agreed with the government’s argument that a federal statute—conferring only venue to the district courts in cases where property was located outside of the United States—also expanded the court’s jurisdiction and fundamentally altered the traditional requirement that courts have control over the property to assert jurisdiction over it.

This misreading of the statute also created a serious constitutional issue under Article III. It is a fundamental constitutional rule that federal courts can’t issue mere “advisory” opinions. When a court lacks control over property located in a foreign country, it necessarily relies on another sovereign to enforce that order, making it advisory as to how the other sovereign should enforce the judgement.

To make matters worse, the court here also “disentitled” the defendants from presenting evidence that their property was not subject to seizure. Under civil-forfeiture laws, the government can take property without an underlying criminal conviction based only on the allegation of a crime. Those whose property has been seized can get it back by proving that their property is “innocent.” The government, however, is preventing the defendants from even making that argument. Using the “fugitive disentitlement” doctrine, the government is blocking the defendants from challenging the forfeiture.