The privacy debate has been increasingly shaped by an apparent consensus that de-identifying sets of personally identifying information doesn’t work. In particular, this has led the FTC to abandon the PII/non-PII distinction on the assumption that re-identification is too easy. But a new paper shatters this supposed consensus by rebutting the methodology of Latanya Sweeney’s seminal 1997 study of re-identification risks, which in turn, shaped the HIPAA’s rules for de-identification of health data and the larger privacy debate ever since.
This new critical paper, “The ‘Re-Identification’ of Governor William Weld’s Medical Information: A Critical Re-Examination of Health Data Identification Risks and Privacy Protections, Then and Now” was published by Daniel Barth-Jones, an epidemiologist and statistician at Columbia University. After carefully re-examining the methodology of Sweeney’s 1997 study, he concludes that re-identification attempts will face “far-reaching systemic challenges” that are inherent in the statistical methods used to re-identify. In short, re-identification turns out to be harder than it seemed—so our identity can more easily be obscured in large data sets. This more nuanced story must be understood by privacy law scholars and public policy-makers if they want to realistically assess current privacy risks posed by de-identified data—not just for health data, but for all data.
The importance of Barth-Jones’s paper is underscored by the example of Vioxx, which stayed on the market years longer than it should have because of HIPAA’s privacy rules, thus resulting in 88,000 and 139,000 unnecessary heart attacks, and 27,000-55,000 avoidable deaths—as University of Arizona Law Professor Jane Yakowitz Bambauer explained in a recent Huffington Post piece.
Ultimately, overstating the risk of re-identification causes policymakers to strike the wrong balance in the trade-off of privacy with other competing values. As Barth-Jones and Yakowitz have suggested, policymakers should instead focus on setting standards for proper de-identification of data that are grounded in a rigorous statistical analysis of re-identification risks. A safe harbor for proper de-identification, combined with legal limitations on re-identification, could protect consumers against real privacy harms while still allowing the free flow of data that drives research and innovation throughout the economy.
Unfortunately, the Barth-Jones paper has not received the attention it deserves. So I encourage you consider writing about this, or just take a moment to share this with your friends on Twitter or Facebook.
The Wall Street Journal reports that “The Justice Department is conducting a wide-ranging antitrust investigation into whether cable companies are acting improperly to quash nascent competition from online video.” In particular, the DOJ is concerned that data caps may discourage consumers from switching to online video providers like Hulu and Netflix. The following statement can be attributed to Berin Szoka, President of TechFreedom:
It’s hard to see how tiered broadband pricing keeps users tethered to their cable service. Even watching ten hours of Hulu or Netflix a day wouldn’t exceed Comcast’s 300 GB basic data tier. And Comcast customers can buy additional blocks of 50 GB for just $10/month—enough for nearly two more hours a day of streamed video. Such tiers provide a much-needed incentive for online content providers to economize on bandwidth. They also allow ISPs to offer fairer broadband pricing, charging light users less than heavy users. Consumers might have been better off if cable companies could have simply charged online video providers for wholesale bandwidth use, but the FCC’s net neutrality rules bar that.
Counting cable content against caps might seem more fair, but it’s not necessarily something the law should mandate. Discriminating against a competitor isn’t a problem under antitrust law unless, on net, it harms consumers. Would consumers really be better off if their cable viewing reduced the amount of data available for streaming competing online video services? As long as the basic tier’s cap is high enough, few users will ever exceed it anyway—leaving consumers free to experiment with alternatives to cable subscriptions, just as cable providers are experimenting with new ways of offering cable content on multiple devices at no extra charge. Continue reading →
In the lead essay for the “Cato Unbound” symposium this month, I analyze recent political movements that have been aided by Internet-based communication by positing a set of questions,
Activists played important roles in bringing down dictators in the Arab world, stopping the Stop Online Piracy Act (SOPA) in Congress and electing Barack Obama—just to name a few examples. But how much did the Internet matter in making these watershed events possible? How effective is it likely to be in the future? And how would we measure whether activism “works” for society—not just the activists?
I respond to the concerns raised by Evgeny Morozov in his iconoclastic 2010 book, The Net Delusion: The Dark Side of Internet Freedom (summarized in his short essay in TechFreedom’s free ebook The Next Digital Decade: Essays on the Future of the Internet). In general, I suggest that we simply do not yet understand the Internet’s effect on activism well enough to make strong normative judgments about it. But applying Public Choice theory can help us understand how developments in communication technologies are changing the relationship between an individual and the group in social movements. A few highlights:
- Social media lower organizational costs, especially of recruiting members, but also noticeability: “members’ ability to notice each other’s actions.” Even in 2003, there was little way to tell whether your friends actually followed through when you asked them to help join a cause. But today, it’s easy to encourage them to re-share material on Facebook or Twitter—and to “notice” whether they’ve done so.
- Social media allows members of large groups—think Twitter followers—to be continuously bombarded with propaganda about the worthiness of the cause creating social pressures not entirely unlike those that can be generated in a face-to face group.
- The Internet empowers large, dispersed groups (like dedicated Internet users) to organize against small but concentrated interests. As anyone who works in technology policy in Washington can attest, SOPA’s implosion made Congress more cautious—at least about Internet regulation, where fear of a digital activist backlash is greatest. Continue reading →
Today, the FCC issued a Notice of Inquiry, responding to an emergency petition filed last August regarding temporary shutdown of mobile services by officers of the San Francisco Bay Area Rapid Transit (BART) district. The petition asked the FCC to issue a declaratory ruling that the shutdown violated the Communications Act. The following statement can be attributed to Larry Downes, Senior Adjunct Fellow at TechFreedom, and Berin Szoka, President of TechFreedom:
What BART did clearly violated the First Amendment, and needlessly put passengers at risk by cutting off emergency services just when they were needed most. But we need a court to say so, not the FCC.
The FCC has no authority here. The state did not order the shutdown of the network, nor does the state run the network. BART police simply turned off equipment it doesn’t own—a likely violation of its contractual obligations to the carriers. But BART did nothing that violated FCC rules governing network operators. To declare the local government an “agent” of the carriers would set an extremely dangerous precedent for an agency with a long track-record of regulatory creep.
There are other compelling reasons to use the courts and not regulators to enforce free speech rights. Regulatory agencies move far too slowly. Here, it took the FCC six months just to open an inquiry! Worse, today’s Notice of Inquiry will lead, if anything, to more muddled rulings and regulations. These may unintentionally give cover to local authorities trying to parse them for exceptions and exclusions, or at least the pretense of operating within FCC guidelines.
It would have been far better to make clear to BART, either through negotiations or the courts, that their actions were unconstitutional and dangerous. Long before today’s action, BART adopted new policies that better respect First Amendment rights and common sense. But now the regulatory wheels have creaked into motion. Who knows where they’ll take us, or when?
Sen. Carl Levin wants Facebook to pay an extra $3 billion in taxes on its Initial Public Offering (IPO). The Senator claims the Facebook IPO illustrates why we need to close what he calls the “stock-option loophole.” (He explains that “Stock options grants are the only kind of compensation where the tax code allows companies to claim a higher expense for tax purposes than is shown on their books.”) He wants Facebook to pay its “fair share” and insists that “American taxpayers will have to make up for what Facebook’s tax deduction costs the Treasury.”
One could object, on principle, to Levin’s premise that tax deductions “cost” the Treasury money—as if the “national income” were all money that belonged to the government by default. One could also point out that Mark Zuckerberg, will pay something like $2 billion in personal income taxes on money he’ll earn from this stock sale—and that California is counting on the $2.5 billion in tax revenue the IPO is supposed to bring to the state over five years.
But the broader point here is that Sen. Levin wants to increase taxes on IPOs—and any economist will tell you that taxing something will produce less of it. IPOs are the big pay-off that fuels early-stage investment in risky start-ups—you know, those little companies that drive innovation across the economy, but especially in Silicon Valley? So, while Sen. Levin singles out Facebook as an obvious success story, his IPO tax would really hurt countless small start-ups who struggle to attract investors as well as employees with the promise of large pay-offs in the future.
It’s especially ironic that Sen. Levin proposed his IPO tax just a day after GOP Majority Leader Eric Cantor introduced the “JOBS Act,” a compilation of assorted bi-partisan proposals designed to promote job creation by helping small companies attract capital. That’s exactly where we should be heading: doing everything we can to encourage job creation by rewarding entrepreneurship. Sen. Levin would, in the name of fairness do just the opposite—and, in the long-run, almost certainly produce less revenue by slowing economic growth.
And just to underscore the drop-off in tech IPOs since the heydey of the dot-com “bubble” in the late 90s, check out the following BusinessInsider Chart: Continue reading →
The White House’s “Consumer Data Privacy in a Networked World” report outlines a revised framework for consumer privacy, proposes a “Consumer Privacy Bill of Rights,” and calls on Congress to pass new legislation to regulate online businesses. The following statement can be attributed to Berin Szoka, President of TechFreedom, and Larry Downes, TechFreedom Senior Adjunct Fellow:
This Report begins and ends as constitutional sleight-of-hand. President Obama starts by reminding us of the Fourth Amendment’s essential protection against “unlawful intrusion into our homes and our personal papers”—by government. But the Report recommends no reform whatsoever for outdated laws that have facilitated a dangerous expansion of electronic surveillance. That is the true threat to our privacy. The report dismisses it in a footnote.
Instead, the Report calls for extensive new regulation of Internet businesses to address little more than the growing pains of a vibrant emerging economy. “For businesses to succeed online,” President Obama asserts, “consumers must feel secure.” Yet online businesses that rely on data to deliver innovative and generally free services are the one bright spot in a sour economy. Experience has shown consumers ultimately bear the costs of regulations imposed on emerging technologies, no matter how well-intentioned.
The report is a missed opportunity. The Administration should have called for increased protections against government’s privacy intrusions. Focusing on the real Bill of Rights would have respected not only the Fourth Amendment, but also the First Amendment. The Supreme Court made clear last year that the private sector’s use of data is protected speech—an issue also not addressed by this Report.
Szoka and Downes are available for comment at firstname.lastname@example.org.
Today, the Supreme Court issued its decision in U.S. v. Jones, unanimously holding that law enforcement violated the Fourth Amendment by affixing a GPS tracker to a vehicle to monitor its movements without obtaining a search warrant from a court. The following statement can be attributed to Berin Szoka, President of TechFreedom:
This was an easy case: law enforcement plainly trespassed on private property protected by the Fourth Amendment. But as the majority notes, today’s holding is only the bare minimum of the Constitution’s protections. The harder question awaits the Court: When does purely electronic surveillance—without physical trespass—violate the Fourth Amendment?
At the very least, the Court must reconsider the “third party” doctrine invented by lower courts, which denies us protection for information we share with trusted third parties like “cloud” services that host our email, photos, and documents. The Court should make clear that Fourth Amendment protections hinge not on keeping information secret, but on whether we take steps to preserve that information as private. That, not the “reasonable expectation of privacy,” is the standard the Court applied in its landmark 1967 Katz decision. It is also the only standard that will effectively protect Americans’ privacy in the digital age.
[Cross posted at TechFreedom.org]
[Cross posted from TechFreedom]
Today, the Digital Advertising Alliance, a group of leading digital ad agencies and online ad networks, unveiled a campaign to bring attention to AdChoices, its icon-based system allowing users to opt-out of behavioral advertising. The following statement can be attributed to Berin Szoka, President of TechFreedom:
In the 1990s, Congress tried and failed to regulate Internet content. Instead, the courts have required an approach grounded in user empowerment, education and enforcement of existing laws against fraud and deception. Today, we’re seeing the the advertising industry build on this approach for consumer protection on privacy. The AdChoices campaign launched last summer empowers consumers to make their own choices on privacy. The ad campaign launched today educates consumers on how to use this tool. The Digital Advertising Alliance has promised to enforce industry’s principles. Consumer advocates should hold them to that promise. It’s also fair to insist that empowerment and education improve over time. But today, for once, let’s give the ad industry credit for doing the right thing.
Tune in here 12-1:45pm today for the livestream (below) of TechFreedom‘s joint Capitol Hill briefing, “Unintended Consequences of Rogue Website Crackdown,” co-sponsored by the Competitive Enterprise Institute and the Cato Institute. Our expert panel will discuss the recent outpouring of public opposition to the Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA), what’s next for these troublesome bills, possible compromises, and the proposed alternative, Online Protection and Enforcement of Digital Trade (OPEN) Act. Our panelists are:
, Associate Director of Technology Studies, CEI
- Larry Downes, Senior Adjunct Fellow, TechFreedom
- Julian Sanchez, Research Fellow, Cato
- James Gattuso, Senior Research Fellow in Regulatory Policy, Heritage Foundation
- Allan Friedman, Research Director, Center for Technology Innovation, Brookings Institution
- Dan Kaminsky, Security Researcher
Follow the discussion on the #SOPAnel hashtag or submit a question for the panel to @Tech_Freedom!
This event is the perfect way to celebrate TechFreedom‘s one-year anniversary. Our theme for the last year has been two-fold: optimism about how technology can expand our capacity to choose for ourselves and skepticism about government meddling with the Internet. As Hayek famously said about the “curious task” of economics, TechFreedom’s task is to “demonstrate to men how little they really know about what they imagine they can design.”
We’re skeptical of SOPA and PIPA not because we’re against copyright, but for the same reason we’re skeptical of regulations aimed at protecting net neutrality, privacy, competition, and other legitimate values: Tinkering with the Internet is a perilous game—and policymakers rarely see the full implications of their interventions.
That’s why we’ve emphasized the need to consider the trade-offs of regulating extremely carefully—to minimize unintended burdens of any rogue website crackdown on cybersecurity, free speech, entrepreneurship, and global Internet governance. But we also want an open and judicious process for copyright’s sake! As we noted in our coalition letter with CEI and other free market groups, “If the public perceives this copyright legislation to be the product of a hasty and opaque process, respect for copyrights and trademarks will be diminished, not enhanced.” Continue reading →
By Berin Szoka, Geoffrey Manne & Ryan Radia
As has become customary with just about every new product announcement by Google these days, the company’s introduction on Tuesday of its new “Search, plus Your World” (SPYW) program, which aims to incorporate a user’s Google+ content into her organic search results, has met with cries of antitrust foul play. All the usual blustering and speculation in the latest Google antitrust debate has obscured what should, however, be the two key prior questions: (1) Did Google violate the antitrust laws by not including data from Facebook, Twitter and other social networks in its new SPYW program alongside Google+ content; and (2) How might antitrust restrain Google in conditioning participation in this program in the future?
The answer to the first is a clear no. The second is more complicated—but also purely speculative at this point, especially because it’s not even clear Facebook and Twitter really want to be included or what their price and conditions for doing so would be. So in short, it’s hard to see what there is to argue about yet.
Let’s consider both questions in turn.
Should Google Have Included Other Services Prior to SPYW’s Launch?
Google says it’s happy to add non-Google content to SPYW but, as Google fellow Amit Singhal told Danny Sullivan, a leading search engine journalist:
Facebook and Twitter and other services, basically, their terms of service don’t allow us to crawl them deeply and store things. Google+ is the only [network] that provides such a persistent service,… Of course, going forward, if others were willing to change, we’d look at designing things to see how it would work.
Continue reading →