Topic: Telecom, Internet & Information Policy

More Cost-Ineffective Security: Criminalizing Tourism

I’ve written in the past about the costliness of the Western Hemisphere Travel Initiative compared to its small security benefit.

Here’s more cost-ineffective security: Fingerprinting visitors to the U.S.

The Department of Homeland Security announced this week that it would begin collecting 10 fingerprints from foreign visitors to the United States, an extension of the US-VISIT program. This looks like another self-injurious overreaction to the threat of terrorism.

I don’t think collecting ten fingerprints in the US-VISIT program violates civil liberties. People have a diminished right against search and seizure at our international borders. But it is a serious privacy concern for visitors to the U.S.

Their biometrics are entered into a U.S. government database and they have no idea what may be done with that information in the future. DHS keeps that data for 75 years. Yes, lawful visitors to this country, who come to snap pictures of the Statue of Liberty and teach their kids about the United States, go into a U.S. government database for the rest of their lives. It’s just insulting to the millions of good people who want to visit us.

With that, let’s do a rough cost-benefit analysis of collecting 10 fingerprints from foreign visitors to the U.S. It appears to be another security program whose costs outweigh its benefits.

On the costs side of the ledger:

- First, it treats international visitors to the U.S. like criminals. This erodes the goodwill that the United States enjoys in the world, meaning we are less able to convince foreign governments to work with us on all kinds of very important issues. That cost is not easily quantified, but it is substantial. If we can’t get cooperation from Russia on Iran’s nuclear program, for example, that could cost us hundreds of billions or more in the next decade or two.

- More easily quantified is the reduction in lawful trade and travel: The findings of a House bill meant to encourage foreign tourism recite a 56,000,000, or 17 percent, drop in international visitors to the U.S. versus what was expected from 2001 to 2006. Let’s say 10% of this is caused by fingerprinting in the US-VISIT program – people don’t want to come here if we insult them on arrival. The Commerce Department estimates that these visitors would have spent $98,000,000,000 (valued in 2007 dollars) in the U.S. Ten percent of that is $9.8 billion in lost revenue – a significant loss to the economy caused by our harsh treatment of visitors.

- Then there are the costs of running the program – I don’t know what they are, but they’re probably in the tens of millions to $100 million+ per year in Americans’ tax dollars.

Is it worth it? Let’s look at the benefits:

The DHS release says that since 2004, collecting fingerprints in the US-VISIT program has been used “to prevent the use of fraudulent documents, protect visitors from identity theft, and stop thousands of criminals and immigration violators from entering the country.” It gives no hard numbers, but it would have said “tens of thousands” if it was in that range, so let’s say it’s 10,000 violators they’ve caught. ($9.8 billion/10,000=$980,000) Each violator would have had to do almost a million dollars in damage for this security measure to be cost-effective. The average document fraudster, ID fraudster, and immigration violator does nothing near that much harm.

But perhaps the program prevented a single terrorist, or a small group of them, from entering the country, people who would have done $10 billion in damage. This could only be true if we knew in advance exactly which terrorists were coming into the country. But terrorists are fungible. A terrorist organization can select people to send to the U.S. that have no prior participation in terrorism, people who can pass through US-VISIT. With two exceptions, this is what Al Qaeda did for the 9/11 attacks – sent people without any history of terrorism.

US-VISIT can’t prevent a terrorist organization from infiltrating the country – at best, it might delay their activities a couple of weeks while they select the right people to send. Delaying a terrorist attack that causes $10 billion in damage by a month is worth about $42 million. Obviously, spending $9.8 billion to avoid $42 million in damage is not cost-effective security.

My conclusion is that US-VISIT does more harm to the country than it prevents. I welcome suggested refinements to these numbers. Again, this is very back-of-envelope.

Now, should we pass the legislation to make people feel better about us? I’m not sure that’s the solution. The Senate version of legislation to improve our esteem in the world costs $1.80 per person in the United States - $5.64 per U.S. family.

Why spend this money to make people feel better about us when we could make people feel better about us by spending less! US-VISIT doesn’t significantly add to our protections. Given its costs, we should drop it.

Which Secretary Chertoff Do You Believe?

In February, Department of Homeland Security Secretary Michael Chertoff said the following about the REAL ID Act: “If we don’t get it done now, someone is going to be sitting around in three or four years explaining to the next 9/11 Commission why we didn’t do it.”

Alice Lipowicz of Washington Technology reported on REAL ID yesterday:

[Chertoff] and other DHS officials have said that older drivers present a lower terrorism risk and, therefore, might be allowed more time to switch to Real ID licenses. According to the Washington Post, DHS might extend the deadline to 2018 for drivers older than 40 or 50. Moreover, states will have more time to implement the act, Chertoff said.

DHS had previously extended the statutory May 2008 deadline for beginning implementation to December 2009 and recently set 2013 as the deadline for full implementation.

2013 is more than 5 years from now - 2018 is more than eleven. For all Chertoff’s urgency at the beginning of the year, has the Department abandoned its mission to secure the country?

Of course not. But Chertoff and the DHS were clearly trying to buffalo the Congress and the American people on REAL ID earlier this year. They haven’t succeeded.

Happily, this national ID system doesn’t add to our country’s security as its proponents have imagined. We are not unsafe for lacking a national ID. I explored all these issues in my book Identity Crisis.

If REAL ID were a sound security tool, pushing back the deadline for compliance would be a security risk, of course, as would reducing the quality of the cardstock used to make REAL ID-compliant cards - another measure DHS is considering.

Forget security, though. DHS is straining to get the program implemented just so it can claim success and save some face.

“[T]hose who are singing a funeral dirge, I think they’re singing the wrong tune,” Chertoff said November 6th. Alas, as before, Secretary Chertoff is the one more likely to sing a different song.

The Big UK Data Breach

I’ve testified and written several times about how such things as REAL ID and “electronic employment eligibility verification” are threats to our identity system. Collecting identity information in one place is the creation of new security risks. Now the UK has proven it - so we don’t have to!

The sensitive personal details of 25 million Britons could have fallen into the hands of identity fraudsters after a government agency lost the entire child benefit database in the post.A major police investigation is being conducted after Alistair Darling, the Chancellor, admitted yesterday that names, addresses, birth dates, national insurance numbers and bank account details of every child benefit claimant in the country had gone missing.

Most likely, this data is just lost, but in the wrong hands it would provide criminals all they need to impersonate any of these 25 million people.

The persons responsible have been sacked. Specifically, Paul Gray, chairman of HM Revenue & Customs office.

Consumer Product Info - Regulation or Markets?

60 Minutes had an interesting and balanced piece last night on proposals to mandate that fast-food restaurants promote calorie information by placing it directly on their menus.

This fits in a category of regulation that is increasingly prominent: mandated disclosure and promotion of product information. There are plenty of examples: financial privacy notices, real estate purchasing notices, nutrition labeling, etc.

If consumers had unlimited attention, the surfeit of notices would be an unqualified good thing. But consumer attention is not unlimited. Consumers quickly learn to ignore notices that don’t interest them. Notices can easily confuse consumers. Mandated notices often provide information that consumers would already get in more accessible ways.

Nutrition labeling is the sacred cow of mandated disclosure, of course, and mandating calorie notices in restaurants is one of its calves. Everyone who talks about nutrition labeling uses nutrition labeling and so can’t believe that anyone doesn’t. But it certainly hasn’t done anything to change the trend in U.S. obesity since the 1990 law requiring nutrition labeling went into effect.

Note in the 60 Minutes piece how proponents of calorie labeling really are just social engineers. They can’t outlaw you buying that Big Mac, so they’re going to put discouragement in your face using the intermediary of Mickey D’s. They mean well, but I’d just as well have them mind their own business.

Information about products and services is subject to market demand just like every other feature of the things we buy. If you don’t believe me, try running a grocery store without putting price tags on or near the canned peaches.

WHTI Should Go

Rep. Bart Stupak (D-MI) has had the good sense to introduce a bill to repeal the Western Hemisphere Travel Initiative.

WHTI is a classic self-injurious overreaction to the threat of terrorism. The reductions in lawful trade and travel produced by WHTI and the direct costs of the program are greater than the damage to the country that would be averted by this readily defeated “security” measure.

Spitzer Gives Up, Will Start Over Later

The New York Times reports today that New York Governor Eliot Spitzer (D) has dropped his plan to issue licenses without regard to immigration status.

His original, correct decision to break the tie between driver licensing and immigration status met with hails of derision from anti-immigrant groups and his political opponents. He attempted to quell the outrage by agreeing to sign New York up for the federal government’s “REAL ID” national ID system, but this did not please anyone. So now he’s back at square one.

He said the state would put on hold the plan to adopt the Real ID, which has been championed by the Bush administration. The governor said he wanted to wait until federal regulations for Real ID licenses were issued next year before deciding how to proceed.

Now that he’s - ahem - studied the issues, one hopes he’ll recognize that REAL ID is costly, privacy-invasive, and ineffective, and he’ll decline to involve his state in the national ID program.

The Antitrust Religion in Action

This summer, David Boaz noted how sad it was that Google’s top executives have apparently diverted their attention away from developing the next hot new technology toward building their Washington presence. Declan McCullagh notes that Google’s generosity, which has flowed primarily to Democrats, may be coming back to bite them, as disgruntled Republicans have suddenly gotten religion when it comes to antitrust and are demanding that Google’s acquisition of Doubleclick receive close scrutiny. Strangely, those same Republicans weren’t so worried about a spate of mergers that involved large telecom firms like SBC and Verizon. I’m sure the disparity has nothing to do with the telecom industry’s generous contributions to their campaigns.

As I point out at Techdirt, these sorts of shenanigans shouldn’t surprise us. Modern antitrust law gives government bureaucrats seemingly unlimited discretion to second-guess corporate mergers based on the flimsiest of pretexts, or to attach arbitrary conditions to merger approvals. Last winter, for example, as a condition of the BellSouth merger, two FCC commissioners coerced AT&T into accepting “network neutrality” rules that Congress had earlier failed to adopt, rules that apply to no one else in their industry. And don’t forget the XM/Sirius debate, in which terrestrial broadcasters—their principal competitors—trotted out the ludicrous argument that the merged company would have no competition. XM and Sirius’s fundamental sin seems to be that they hadn’t invested as much money on Washington lobbyists as the NAB had.

The rule of law demands that government decision-making proceed according to objective, clearly-defined, and predictable rules. Antitrust law as it’s currently enforced doesn’t qualify, and as a result it’s ripe for abuse. And if you believe Edwin Rockefeller, this isn’t new. He argues that antitrust law has always been primarily a weapon for politically-connected companies to use against their rivals.