Archive for the ‘Telecom, Internet & Information Policy’ Category
Top NSA Mathematician: ‘I should apologize to the American people. It’s violated everyone’s rights.’
If you’re a telecommunications firm that helped the National Security Agency illegally spy on your customers without a court order, Sen. Barack Obama will happily vote for legislation he once promised to filibuster in order to secure retroactive immunity. If you’re implicated in the use of torture as an interrogation tactic, you can breathe easy knowing President Barack Obama thinks it’s in the country’s best interests to “look forward, not back.” But if you were a government official spurred by conscience to blow the whistle on government malfeasance or ineptitude in the war on terror? As Jane Mayer details in a must-read New Yorker article, you’d better watch out! This administration is shattering records for highly selective prosecutions under the espionage act—and the primary criteria seems to be, not whether national security was harmed in any discernible way by your disclosures, but by the degree of embarrassment they caused the government.
The whole thing is fascinating, but I’m especially interested in the discussion of how electronic surveillance tools that came with built-in privacy controls were tossed in favor of more indiscriminate programs that, by the way, didn’t work and generated huge cost overruns. The most striking quotations come from disillusioned Republican intelligence officials. Here’s Bill Binney, a top NSA mathematician and analyst, on the uses to which his work was put:
Binney expressed terrible remorse over the way some of his algorithms were used after 9/11. ThinThread, the “little program” that he invented to track enemies outside the U.S., “got twisted,” and was used for both foreign and domestic spying: “I should apologize to the American people. It’s violated everyone’s rights. It can be used to eavesdrop on the whole world.”
One GOP staffer on the House Intelligence Committee recounted an exchange with then-NSA head Michael Hayden:
[Diane] Roark, who had substantial influence over N.S.A. budget appropriations, was an early champion of Binney’s ThinThread project. She was dismayed, she says, to hear that it had evolved into a means of domestic surveillance, and felt personally responsible. Her oversight committee had been created after Watergate specifically to curb such abuses. “It was my duty to oppose it,” she told me. “That is why oversight existed, so that these things didn’t happen again. I’m not an attorney, but I thought that there was no way it was constitutional.” [....] She asked Hayden why the N.S.A. had chosen not to include privacy protections for Americans. She says that he “kept not answering. Finally, he mumbled, and looked down, and said, ‘We didn’t need them. We had the power.’ He didn’t even look me in the eye. I was flabbergasted.”
Remember, these aren’t hippies from The Nation,, or ACLU attorneys, or even (ahem) wild-eyed Cato libertarians. They’re registered Republicans appalled by the corruption of the intelligence mission to which they’d devoted their professional lives.
House Approps Strips TSA of Strip-Search Funds
The fiscal 2012 Department of Homeland Security spending bill is starting to make its way through the process, and the House Appropriations Committee said in a release today that “the bill does not provide $76 million requested by the President for 275 additional advanced inspection technology (AIT) scanners nor the 535 staff requested to operate them.”
If the House committee’s approach carries the day, there won’t be 275 more strip-search machines in our nation’s airports. No word on whether the committee will defund the operations of existing strip-search machines.
Saving money and reducing privacy invasion? Sounds like a win-win.
FTC Advert: Cut Our Budget!
An insert that ran in the Washington Times this week didn’t say directly that the Federal Trade Commission’s budget should be cut. But a few short steps get you there.
The FTC-produced insert—a 16-page, color brochure appearing in a number of papers—is titled: “Living Life Online.” It’s aimed at teaching children how to use the Internet, with articles titled: “Sharing Well With Others” and “Minding Your Manners.” An ad on the back points kids to an FTC Web site about advertising called Admongo.gov, and little smart-phone insets contain factoids like:
DID YOU KNOW? Teens text 50 messages a day on average, five times more than the typical adult (who sends or receives 10 text messages a day).
Well, I have some factoids to share, too:
DID YOU KNOW? The U.S. Constitution provides for a federal government of limited, enumerated powers (and teaching kids about the Internet is not one of them).
Here’s another:
DID YOU KNOW? The federal government has had massive deficit spending in recent years, of $459 billion in FY2008, $1.4 trillion in FY2009, $1.3 trillion in FY2010, and $1.5 trillion in FY2011 (which is a huge damper on economic recovery).
It’s time to make serious budget cuts, and a government agency that seeks to replace parenting with government propagandizing to children is a great opportunity to do that.
Cato’s Downsizing Government project has been making its way through the major agencies, but don’t overlook the little ones. President Obama’s budget called for the FTC to spend $321 million in fiscal 2012. Zeroing that out would save a bunch, not only in direct expenses but in the dead-weight loss to the economy and consumer welfare symbolized by the FTC’s awful “Man Restraining Trade” statues.
Want Privacy? Nevermind. We Want to Censor!
Senator Chuck Schumer rounds out a trifecta of bloggable moments from the Senate Judiciary Subcommittee on Privacy, Technology, and the Law’s hearing this morning.
Ignoring the subject of the “mobile privacy” hearing, Schumer queried the witnesses from both Google and Apple on whether they will accede to his demand that they reject certain “apps” on Android phones and iPhones. The applications Senator Schumer dislikes alert people on their mobile phones to the locations of DUI checkpoints.
Senator Schumer says these apps “allow drunk drivers to evade police checkpoints,” but that statement fails to include other parties who might rightly wish to avoid police checkpoints—such as law-abiding citizens who wish to live free in this country, for example.
Recently, I landed at Harford’s Bradley International Airport late on a Friday night, heading to a Saturday morning meeting in Northampton, Massachusetts. From my shuttle bus to a remote rental car area, I saw a DUI checkpoint. After I completed the arrangements for my car, I asked the agent how I might leave so as to avoid the checkpoint. I wanted neither the delay nor the impingement on my sober liberty that a police checkpoint represents. He cheerfully directed me to a route I could freely travel.
Senator Schumer wants to prevent conversations like this from taking place on a mass scale, facilitated by advanced technologies. He stands a good chance of succeeding—RIM has already given in—because Google and Apple have repeat business before the federal government. Senator Schumer can raise their regulatory costs far higher than the value of allowing minor, but controversial apps on their systems.
If Senator Schumer succeeds, our right to freely and efficiently communicate about police activity will diminish in a way that is effectively insulated from First Amendment challenge. Privacy and freedom be damned. There are drunk drivers to catch.
Want Privacy? We Start by Blinding You!
As I noted earlier, the Senate Judiciary Committee’s Subcommittee on Privacy, Technology, and the Law held a hearing this morning entitled: “Protecting Mobile Privacy: Your Smartphones, Tablets, Cell Phones and Your Privacy.” In it, Sentor Richard Blumenthal (D-CT) engaged in a fascinating colloquy with Google’s Alan Davidson.
Blumenthal pursued Davidson about the year-old incident in which Google’s Street View cars collected data on the location of WiFi nodes and mistakenly gathered snippets of “payload data”—that is, the data traveling over open WiFi networks in the moments when their Street View cars were passing by.
Some payload data may have contained personal information including passwords. Google has meekly been working with data protection authorities around the world since then, hoping once and for all to delete this unneeded and unwanted data.
Blumenthal was prosecutorial in tone, but made a classic prosecutor’s error: He asked questions to which he didn’t know the answers.
Isn’t “payload data” extremely valuable for mapping WiFi networks?, queried Senator Blumenthal.
Davidson’s answer, and the consensus of panelists: Ummmm, no, not really.
(If you were to map pay phones, it wouldn’t matter whether people were talking on them, either, or what they were saying.)
Despite looking foolish, Senator Blumenthal persisted, asking Davidson whether collecting “payload data” should be illegal. Davidson demurred, but it’s a fascinating question.
Should it be against the law to collect data from open WiFi networks? That is, to observe radio signals passing your location on a public street? Should the government determine when you can collect radio signals, or what bands of the radio spectrum you may observe? What should you be allowed to do with information carried on a radio signal that you inadvertently capture?
If the government should have this power, the same logic would support making it illegal to collect photons that arrive at your eyes or that enter your camera lens. The government might proscribe collecting sound waves that come to your ears or microphone.
Laws against observing the world around you would certainly protect privacy! Let the government blind us all, and privacy will flourish. But this is not privacy protection anyone should want.
To understand privacy, you have to understand a little physics. As I said in an earlier comment on Google’s collection of open WiFi data:
Given the way radio works, and the common security/privacy response—encryption—it’s hard to characterize data sent in the clear as private. The people operating them may have wanted their communications to be private. They may have thought their communications were private. But they were sending out their communications in the clear, by radio—like a little radio station broadcasting to anyone in range.
Trying to protect privacy in unencrypted radio broadcasts (like public displays or publically made sounds) is like trying to reverse the flow of a river—it’s a huge engineering project. Senator Blumenthal would start to protect your privacy by blinding you to the world around you. Then narrow exceptions would determine what radio signals, lights, and sounds you are allowed to observe…
Want Privacy? Increase Government Surveillance!
This morning, the Senate Judiciary Committee’s Subcommittee on Privacy, Technology, and the Law had a hearing entitled: “Protecting Mobile Privacy: Your Smartphones, Tablets, Cell Phones and Your Privacy.”
Among the witnesses was Deputy Assistant Attorney General Jason Weinstein from the Department of Justice’s Criminal Division. Weinstein made a gallingly Orwellian pitch: If you want privacy protection, increase government surveillance.
From his written statement:
ISPs may choose not to store IP records, may adopt a network architecture that frustrates their ability to track IP assignments and network transactions back to a specific account or device, or may store records for only a very short period of time. In many cases, these records are the only evidence that allows us to investigate and assign culpability for crimes committed on the Internet. In 2006, forty-nine Attorneys General wrote to Congress to express “grave concern” about “the problem of insufficient data retention policies by Internet Service Providers.”
Without more customer data retention by ISPs, and without greater government access to this data, the government won’t be able to prosecute crimes, some of which threaten privacy, Weinstein said in his spoken comments.
So there you have it. Turn more data over to the government so we can protect your privacy. War is peace. Freedom is slavery.
Transparency: The Inside and Outside Camps
Late last week, the Project on Government Oversight‘s Danielle Brian took a little umbrage at a Huffington Post piece by former U.S. Deputy Chief Technology Officer Beth Noveck, who had been implementing the Obama Administration’s Open Government Initiative until she recently returned to New York Law School.
Brian’s piece suggests a slight schism in the transparency community, between what I believe are the “insider” and “outsider” camps. Brian leaves to the end a crucial point: “[C]an’t the two camps in the open government world peacefully co-exist? There’s just too much work to be done for us to get bogged down in denigrating each others’ agendas.” They most certainly can.
Noveck was a bit dismissive of the open government movement as perceived by much of the transparency community. “Many people, even in the White House,” she wrote, “still assume that open government means transparency about government.” Actually, Noveck continued, open government is “open innovation or the idea that working in a transparent, participatory, and collaborative fashion helps improve performance, inform decisionmaking, encourage entrepreneurship, and solve problems more effectively. By working together as team [sic] with government in productive fashion, the public can then help to foster accountability.”
Visualize the difference between these two approaches: open government as a tool for public oversight and open government as a tool for public participation. When open government is about public oversight, the wording connotes the public looking down from above on the work its servants are doing. When open government is about collaboration, the public is at best an equal partner, allowed to participate in the work of governing. Noveck’s unfortunate language choice treats accountability as a kind of dessert to which the public will be entitled when it has donated sufficient energies to making the government work better.
The administration’s December 2009 open government memorandum predicted this divide. In calling for each agency to publish three “high-value data sets,” it said:
High-value information is information that can be used to increase agency accountability and responsiveness; improve public knowledge of the agency and its operations; further the core mission of the agency; create economic opportunity; or respond to need and demand as identified through public consultation.
As I noted at the time, it’s a very broad definition.
Without more restraint than that, public choice economics predicts that the agencies will choose the data feeds with the greatest likelihood of increasing their discretionary budgets or the least likelihood of shrinking them. That’s data that “further[s] the core mission of the agency” and not data that “increase[s] agency accountability and responsiveness.” It’s the Ag Department’s calorie counts, not the Ag Department’s check register.
Noveck wants us to put the calorie counts to use. Brian wants to see the check register.
There is no fundamental tension between these two agendas. Both are doable at the same time. The difference between them is that one is the openness agenda of the insider: using transparency, participation, and collaboration to improve on the functioning of government as it now exists.
The openness agenda of the outsider seeks information about the management, deliberation, and results of the government and its agencies. It is a reform (or “good government”) agenda that may well realign the balance of power between the government and the public. That may sound scary—it’s certainly complicates some things for insiders—but the “outsider” agenda is shared by groups across the ideological and political spectra. Its content sums to better public oversight and better functioning democracy, things insiders are not positioned to oppose.
I think these things will also reduce the public’s demand for government, or at least reduce the cost of delivering what it currently demands. But others who share the same commitment to transparency see it as likely to validate federal programs, root out corruption, and so on (a point I made in opening our December 2008 policy forum, “Just Give Us the Data!”) There are no losers in this bet. Better functioning programs and reduced corruption are better for fans of limited government than poorly functioning programs and corruption.
Forward on all fronts! The existence of two camps is interesting, but not confounding to the open government movement.
House Leadership’s Transparency Leadership
Last week, House Speaker John Boehner (R-OH) and Majority Leader Eric Cantor (R-VA) wrote a letter to the House clerk calling for new data standards that will make Congress more open and accountable. Spot on.
The THOMAS legislative database was a huge improvement when it came online in 1995 at the behest of the new Republican Congress, but the Internet has moved on. Today, publishing text or PDF documents is inadequate transparency. It’s more important to make available the data that represent various documents and activities in the legislative process. “Web 2.0″ will use that data various ways to deliver public oversight.
I’ll have much more to say in the near future, but here are the kinds of things get to full transparency, which the House leaders’ letter appears meant to imply:
- Specific Formats: Documents and data must be published in specific formats that allow Web sites, researchers, and reporters to interpret and use text and data easily and automatically. The SEC recently began requiring businesses to report financial information in a format called eXtensible Business Reporting Language (XBRL). This will improve corporate transparency and enable investors to make better decisions. The public should have equally good information about government.
- Flagging/Tagging: Within these data formats, key information must be “flagged” or “tagged” to highlight the things that matter: spending proposals, agencies and programs affected by a proposed law, recipients of federal money, existing statutes that may be amended, and so on. Flagging/tagging will make the relevance of documents and information immediately apparent to various interests.
- Bulk Access and Real-Time Updates: Documents and information must be available in bulk, so that new users have full access, and it must be updated in real time, so the public can “see” changes as they happen. It also must be version-controlled so the “story” of a policy’s formation or execution can be told. The public should never have to learn what is in a bill after it passes.
- Authoritative Sources: The mishmash of data sources that now exist must be replaced by authoritative sourcing. Congress, the White House, federal agencies, and other entities must publish and maintain their documents and data. The public must know once and for all where the definitive versions of documents and data will be.
Disclosure—simply “putting bills online”—was the beginning of the legislative transparency project, not the end. The many transparency Web sites out there have the bills, but they don’t have the data they need to help the public get their government under control.
As I suggested some months ago, House Republicans are positioned to take the transparency mantle from President Obama and the Democrats. Web 2.0 thought leader Tim O’Reilly—no Republican cheerleader—has already called the race, Tweeting last week, “The ‘R’s in Congress are doing better on this than ‘D’s did.” Assuming action consistent with this letter, the House Republicans will indeed soon have the transparency lead.
Can I Have My Airport Back Please?
Even while it was a rumor that President Obama would announce that Osama bin Laden had been killed, Americans began to digest the ramifications, asking, for example, “can I have my airport back please?”
Pleasing though it is to have in contemplation, the question is premature. Students of terrorism, such as those who attended our 2009 and 2010 counterterrorism conferences, know that the killing of bin Laden will have little direct effect on the network he spawned. Its indirect, discouraging effect on terrorism is something I mused about in an earlier post.
What about the effects on the rest of us, the people and actors in our great counterterrorism policymaking apparatus?
Osama bin Laden’s survival helped shore up the mystique of the terrorist supervillain, which has fed counterterrorism excess such as the Transportation Security Administration’s domestic airport security gauntlet. Now that bin Laden is gone, the public will be more willing to carefully balance security and privacy in our free country. By a small, but important margin, courts will be less willing to indulge extravagant government claims about threat and risk.
My friends in the national security bureaucracy may honestly perceive the contraction in their power as carelessness about a threat that they have dedicated their professional lives to combating, but the Declaration of Independence touts security only once, and freedom twice, in the phrase “life, liberty, and the pursuit of happiness.” The counterterrorism debate continues.
And the Winner Is . . . !
Melissa Yu is the winner of first prize in the middle school category of C-SPAN’s StudentCam 2011 competition. Her video, “Net Neutrality: The Federal Government’s Role in Our Online Community,” is an eight-minute look at the push for regulation of Internet service with an emphasis appropriate for students on how the three branches of government have each been involved in the story up to now.
If you haven’t been following along, or if you want a refresher on net neutrality regulation, here’s a better video than I could have produced in eighth grade. Or now. Congratulations, Melissa Yu!
News Items: Internet Gambling and Agriculture
Some items from my inbox:
- The Department of Justice late Friday announced it had indicted 11 online poker executives, charging them with money-laundering and bank fraud. (HT: Jonathan Blanks). This crackdown is far stronger than any seen from the Bush administration, and is disappointing people like me, who had hoped for a better stance on civil liberties from the Obama administration. To quote my former colleague Radley Balko (language warning): “Good to know where the DOJ’s priorities lie. In this case, it’s preventing millions of people from consensually wagering money in online card games, an exchange that causes no harm to anyone else.”
- Ironically Insanely, the indictments came just days after the District of Columbia announced it would allow internet gambling.
- In keeping with the new set of talking points the farm lobby has devised (“we already gave at the office through crop insurance reforms” and “agriculture should face cuts no larger than the average of other programs”), the Democratic members of the House Agriculture Committee on Friday sent out a press release complaining about the “disproportionate” cuts agriculture would face if the House-passed FY2012 budget resolution went into effect. While Agriculture would face a 23 percent cut, they say, other committees’ program areas would face an average cut of 14 percent. And they complain that Defense faces only minimal cuts. I’ve said it before, but I’ll say it again: all government programs are not created equal. Some — like Defense, although clearly there is significant room for cuts there — are legitimate uses of government’s power. Others — like farm subsidies — are not.
- An interesting article on the non-link between farm subsidies and obesity, by political scientist Robert Paarlberg (co-author of an excellent book on American farm policy). He cites Cato as being one of the groups engaging in “careless thinking” on this issue, and although I have in the past linked farm subsidies to certain food consumption patterns, over the past year or so I have become increasingly skeptical of that view, mainly as a result of reading stuff like this from smart folks at UCDavis.
The ‘Privacy Bill of Rights’ Is in the Bill of Rights
Every lover of liberty and the Constitution should be offended by the moniker “Privacy Bill of Rights” appended to regulatory legislation Senators John Kerry (D-MA) and John McCain (R-AZ) introduced yesterday. As C|Net’s Declan McCullagh points out, the legislation exempts the federal government and law enforcement:
[T]he measure applies only to companies and some nonprofit groups, not to the federal, state, and local police agencies that have adopted high-tech surveillance technologies including cell phone tracking, GPS bugs, and requests to Internet companies for users’ personal information–in many cases without obtaining a search warrant from a judge.
The real “Privacy Bill of Rights” is in the Bill of Rights. It’s the Fourth Amendment.
It takes a lot of gall to put the moniker “Privacy Bill of Rights” on legislation that reduces liberty in the information economy while the Fourth Amendment remains tattered and threadbare. Nevermind “reasonable expectations”: the people’s right to be secure against unreasonable searches and seizures is worn down to the nub.
Senators Kerry and McCain should look into the privacy consequences of the Internal Revenue Code. How is privacy going to fare under Obamacare? How is the Department of Homeland Security doing with its privacy efforts? What is an “administrative search”?
McCullagh was good enough to quote yours truly on the new effort from Sens. Kerry and McCain: “If they want to lead on the privacy issue, they’ll lead by getting the federal government’s house in order.”
The Strange Case Against ECPA Reform
The Senate Judiciary Committee held hearings last week on the need to reform the increasingly badly outdated Electronic Communications Privacy Act, the 1986 legislation that governs how the cops conduct telephone and Internet surveillance in criminal investigations. Two officials from two different government agencies offered up rather strikingly different testimony.
Cameron Kerry of the Commerce Department acknowledged what legal scholars and technologists have been saying for years: The law’s byzantine and inconsistent standards—which provide wildly varying levels of protection for the same e-mail as it’s being composed, sent, received, read, and archived—are wholly out of touch with the ways we actually use technology today. The distinctions the law draws make no real sense in principle, and are confusing and needlessly burdensome to Internet companies in practice.
By contrast, James Baker of the Justice Department was eager to sing the praises of ECPA in its current form, and to raise FUD (that’s “Fear, Uncertainty, and Doubt for the non-geeks) about reforms proposed by the Digital Due Process Coalition, a group of civil liberties advocates and tech companies that are urging Congress to update the law. Let nobody say that DOJ is behind the curve on technology: Baker’s testimony is almost totally virtual, a simulation of a real argument, worthy of the Matrix. But as with Oakland and cyberspace, when you look a little more closely, there’s no there there.
A surprising amount Baker’s time was devoted to establishing that electronic records—whether e-mail contents, Internet “metadata,” or cell phone location information—are often useful to investigations. Well, of course they are! So are phone wiretaps! So are physical searches of homes! There wasn’t really any doubt about that, was there? They’re useful, of course, precisely because they tend to reveal private information about people’s activities. The question is what standard is appropriate, and whether that standard should exhibit some kind of basic consistency, both with respect to a single communication at different stages, and across technologies.
Surveillance, San Francisco-Style
San Francisco’s Entertainment Commission will soon be considering a jaw-dropping attack on privacy and free assembly. Here are some of the rules the Commission may adopt for any gathering of people expected to reach 100 or more:
3. All occupants of the premises shall be ID Scanned (including patrons, promoters, and performers, etc.). ID scanning data shall be maintained on a data storage system for no less than 15 days and shall be made available to local law enforcement upon request.
4. High visibility cameras shall be located at each entrance and exit point of the premises. Said cameras shall maintain a recorded data base for no less than fifteen (15 days) and made available to local law enforcement upon request.
Would you recognize a police state if you lived in one? How about a police city? The First Amendment right to peaceably assemble takes a big step back when your identity data and appearance are captured for law enforcement to use at whim simply because you showed up. (ht: PrivacyActivism.org)
Blurry Lines, Discrete Acts, and Government Searches
I’ve written before about the “Mosaic Theory” some courts have recently employed to conclude that certain forms of government surveillance may trigger Fourth Amendment protection in the aggregate, even if the surveillance can be broken down into components that don’t fall under the traditional definition of a Fourth Amendment “search.” This has been applied specifically to high-tech forms of location tracking, where several judges have concluded that a person may have a privacy interest in the totality of their public movements over a long period of time, even though observing a person at any particular public place in a specific instance is not an intrusion on privacy. I’ve explained in that previous post why I find this reasoning compelling. Legal scholar Orin Kerr, however, remains unmoved, and suggests that divergent decisions applying the Mosaic Theory to government acquisition of stored cell phone location records effectively serve as a reductio of that theory:
To my mind, this opinion reveals the absurdity of Maynard’s mosaic theory. The analysis is all “look ma, no hands.” No one knows where the line is, or even what the line is. Sure, you could just count days of surveillance: perhaps 30 days triggers a warrant but 29 days doesn’t. But there is no reason the access to records has to be continuous. The government can skip around days, or get records from a few days here and a few days there. Who can tell how much is enough? No one knows what is revealing, because what is revealing depends on what the records actually say — and no one but the phone companies know what they say. So Judge Orenstein has to wing it, announcing that “he cannot assume” that the information would be revealing because it has breaks in time. But it’s not clear to me why the break in time matters: It’s the same net amount of data collected, so I don’t know why it matters if it was collected all at once or over several discrete periods. And how much of a break matters? If 21 days is too long, is 21 days with a one-day break enough? How about a 3-day break? One week? No one knows, it seems, not even the judge himself. [....]
There are some readers who will say that the cause of justice sometimes requires hard decisions, and that if judges need to make arbitrary calls like that, then that is what we pay them to do in order to enforce the Constitution. But as I see it, the oddity of the inquiries called for by the Maynard mosaic theory shows why it is not part of the Constitution at all. In Fourth Amendment law, the lawfulness of government conduct has always been viewed discretely: Each government act is either a search or it is not a search. Under Maynard, conduct can be a non-search if viewed in isolation but a search if viewed in context — but there is no guide to tell how much context is proper. If you want to say that certain conduct is a search, then just be direct and say it’s a search. That’s fine. But a mosaic theory, in which non-searches become searches if grouped a particular way, has no proper place in Fourth Amendment law.
The Risks of ‘John Doe’ Wiretaps
The Electronic Frontier Foundation has unearthed an interesting case of an improper use of surveillance in an investigation where the FBI had obtained “roving wiretap” authority. In a bizarre turn, the Bureau ended up eavesdropping on young children rather than their adult suspects for five days. The case is generating some attention because that same “roving wiretap” authority is one of the three surveillance powers set to expire in late May. The thing is, on the basis of what I can glean from the heavily redacted document EFF obtained via a Freedom of Information Act request, it’s not a case involving misuse of the roving authority. But it is a good concrete example of why the roving authority needs to be modified.
Contracts and ‘Reasonable Expectations of Privacy’
Chris Soghoian looks at a recent ruling related to the ongoing investigation of Wikileaks, in which a judge rejected a challenge from several users whose Twitter account information had been obtained by the government. Thanks to a shortsighted Supreme Court ruling from the 1970s, people are presumed to waive their “reasonable expectation of privacy” in data voluntarily conveyed to third parties, which means many types of sensitive records can routinely be obtained by the government without the need for a full-blown Fourth Amendment search warrant based on probable cause. In some cases, a mere subpoena, or even a government agency’s certification that the records are “relevant” to an investigation, will suffice.
Recently, however, some courts have sought to rein in the scope of this “third party doctrine” on the grounds that the logic of the ruling that established it doesn’t apply to many types of data generated and recorded in the modern technological context. So, for instance, the Third Circuit recently held that while some cell phone companies keep relatively detailed records of the locations of the phones they serve—information automatically generated when the phone is turned on and getting service—the “cell phone customer has not ‘voluntarily’ shared his location information with a cellular provider in any meaningful way” and, moreover, “it is unlikely that cell phone customers are aware that their cell phone providers collect and store historical location information.” The targets of the government’s request here—not a search warrant but a court order based on a showing of mere “relevance” to an investigation—argue that IP addresses logged by Twitter when users connect to the service should be treated in the same way.
The judge in the Wikileaks/Twitter case was unmoved by this sort of argument, observing that Twitter users signify via click that they “agree” to a lengthy series of terms of service, and that those terms include a link to a privacy policy, which indicates that such information maybe stored. Many privacy advocates object that it is unreasonable to infer the waiver of constitutional rights from clickwrap agreement to legal boilerplate terms that, as studies consistently show, nobody actually reads. That’s a fair enough point, but I’d like to point out a little asymmetry here.
States Resisting Federal Power
If two points are sufficient to draw a trend line, then state resistance to federal authority is growing.
I reported earlier on my recent testimony to the Florida legislature on REAL ID. The state’s legislators have taken notice of what the motor vehicle bureaucrats have been doing in collaboration with federal officials, and they’re not too happy.
Yesterday, I was pleased to testify in the Pennsylvania legislature, where legislation to push back against the Transportation Security Administration’s strip/grope policy at airports has been introduced. The Constitution’s Supremacy Clause seems to make federal law paramount, but states have many angles for challenging federal power, especially when it’s as flawed and reactive as the TSA’s airport checkpoint policies.
REAL ID: An Afterthought, Tacked On
Yesterday, the Senate Homeland Security and Governmental Affairs Committee had a hearing entitled: “Ten Years After 9/11: A Report From the 9/11 Commission Chairmen,” part of what evidently will be a series commemorating the tenth anniversary of the 9/11 attacks this September.
At the end of his oral statement, former 9/11 Commission co-chairman Tom Keane made a half-hearted pitch for implementation of the REAL ID Act, the national ID law Congress passed attached to a military spending bill in early 2005. His written statement with fellow former co-chair Lee Hamilton dedicates three paragraphs (out of 23 pages) to the appeal for the national ID law.
The paltriness of Keane’s argument for a national ID parallels the recommendations of the 9/11 Commission report. It dedicated three-quarters of a page (out of 400+ pages) to identity documents. The 9/11 Commission report did not detail how a national ID would have secured against 9/11 in any way that is remotely cost-effective. Indeed, nobody ever has, much less how having a national ID would secure against future attacks.
In his testimony, Governor Keane touted the expertise of the Bipartisan Policy Center’s National Security Preparedness Group, with which he is affiliated. Given all that expertise and the supposed urgency of implementing the national ID law, you would think that the Bipartisan Policy Center’s Web site would have a definitive articulation of how REAL ID would secure the country. It doesn’t.
At the time it was rammed through Congress, Senator Lieberman (I-CT) spoke out against REAL ID on the Senate floor:
I urge my colleagues to oppose the REAL ID Act. We must ask our Senate conferees not to allow such a controversial measure to be pushed through Congress on an emergency spending bill. The REAL ID Act contradicts our historic identity as a nation that provides haven for the oppressed. The REAL ID Act would not make us safer. It would make us less safe.
If the 9/11 Commission co-chairs, the Bipartisan Policy Center, or any other set of advocates want to go to battle over REAL ID, they should make their best case for having this national ID. Tell us how it would work, and how it would defeat the counterattacks and complications of national-scale identity systems. Anyone attempting to do so can expect a schooling from yours truly, of course. The alternative, which I recommend, is to drop the national ID advocacy and work on things that cost-effectively secure the country without sacrificing our freedom and privacy.
Thinking Through Merger Review
Randy May of the Free State Foundation has a characteristically good post about the AT&T/T-Mobile merger entitled: “The AT&T and T-Mobile Merger: Thinking Things Through.” Among other smart ideas, Randy highlights the competitive game-playing that goes on in the merger review arena:
When considering competitive and market impacts for purposes of merger reviews, observe the extent to which various competitors, often many competitors, mount vigorous campaigns designed to convince the antitrust authorities and the regulators that if the merger is approved there will be an absence of competition. Note the incongruity.
There’s level-headed thinking aplenty in this post from a long-time Federal Communications Commission and telecom-industry watcher. Check it out.
