Articles by Jim Harper

Jim HarperJim is the Director of Information Policy Studies at The Cato Institute, the Editor of Web-based privacy think-tank Privacilla.org, and the Webmaster of WashingtonWatch.com. Prior to becoming a policy analyst, Jim served as counsel to committees in both the House and Senate.


To hails of derision in some quarters—I’m looking at you, Adam—I have talked about how social media will occupy some of the space being ceded by traditional news reporting, which is struggling to find a business model. Perhaps with validation from an official, vetted, professional, dead-tree news source, it will seem less ridiculous to talk about news reporting being generated spontaneously by people “on the scene” or with the greatest knowledge of facts and conditions in a particular area.

Think of the mental habit that has us calling police and fire personnel “first responders.” They are almost always, in fact, second responders, with first response undertaken by average citizens, who often do a pretty good job of it. Think of the true first responders to recent attempted bombings on transatlantic flights: ordinary citizens who thwarted the underwear and shoe bombers. (I risk painting too heroic a picture . . . .)

Newspaper reporters and photographers are intellectual second responders, who come in after the fact, as generalists, to summarize events and trends for us. Yet these are who we look to as authorities on what happened, and how to think about it? That doesn’t seem to make sense if there are other options for being informed. And now there are.

I’ll take a cue from Adam’s good work in debunking the Internet pessimists who argue that “closed” access and technology models are strangling the open/’generative’ Internet: There’s plenty of room for both—both traditional journalism, as it finds its new niche, and reporting by ordinary people who are on the scene and who have superior knowledge in a particular domain.

I suspect that we’ll find better media and filters than Twitter’s firehose of info-pellets by which to learn about things like the hostage-taking in the D.C. area. There may even be a business model in it. Go to it, technology and markets!

I’m at the mid-point of an online debate hosted by the Economist.com on the proposition: “This house believes that governments must do far more to protect online privacy.”

I’m on the “No” side. In my opening statement, I tried to give some definition to the many problems referred to as “privacy,” and I argued for personal responsibility on the part of Internet users. I even gave out instructions for controlling cookies, by which people can deny ad networks their most common source of consumer demographic information if they wish. Concluding, I said:

Government “experts” should not dictate social rules. Rather, interactions among members of the internet community should determine the internet’s social and business norms.

In the “rebuttal” stage, which started today, I dedicated most of my commentary to documenting how governments undermine privacy—and I barely scratched the surface.

Along with surveillance program after surveillance program, I discussed how government biases protocols and technologies against privacy, using the Social Security number as an example. I don’t know what syndrome causes many privacy advocates to seek protection in the arms of governments, which are systematic and powerful privacy abusers themselves.

Nonetheless, I’m opposing the “free lunch” argument, which holds that a group of government experts can come up with neutral and balanced, low-cost solutions to many different online problems without thwarting innovation. Right now the voting is with the guy offering people the free lunch, not the guy arguing for consumer education and personal responsibility.

You can vote here.

The Washington Post editorializes this morning on the “Google-Verizon” proposal for government regulation of the Internet:

For more than a decade, “net neutrality” — a commitment not to discriminate in the transmission of Internet content — has been a rule tacitly understood by Internet users and providers alike.

But in April, a court ruled that the Federal Communications Commission has no regulatory authority over Internet service providers. For many, this put the status quo in jeopardy. Without the threat of enforcement, might service providers start shaping the flow of traffic in ways that threaten the online meritocracy, in which new and established Web sites are equally accessible and sites rise or fall on the basis of their ability to attract viewers?

What a Washington-centric view of the world, to think that net neutrality has been maintained all this time by the fear of an FCC clubbing. Deviations from net neutrality haven’t happened because neutrality is the best, most durable engineering principle for the Internet, and because neutral is the way consumers want their Internet service.

Should it be cast in stone by regulation, locking in the pro-Google-and-Verizon status quo? No. The way the Internet works should continue to evolve, experiments with non-neutrality failing one after another . . . until perhaps one comes along that serves consumers better! The FCC would be nothing but a drag on innovation and a bulwark protecting Google and Verizon’s currently happy competitive circumstances.

I’ll give the Post one thing: It represents Washington, D.C. eminently well. The Internet should be regulated because it’s not regulated.

“If it moves, tax it. If it keeps moving, regulate it. And if it stops moving, subsidize it.”

The Washington Post reports today on an article coming out in Foreign Affairs in which Deputy Defense Secretary William J. Lynn III reveals a successful 2008 intrusion into military computer systems. Malicious code placed on a thumb drive by a foreign intelligence agency uploaded itself onto a network run by the U.S. military’s Central Command and propagated itself across a number of domains.

The Post article says that Lynn “puts the Homeland Security Department on notice that although it has the ‘lead’ in protecting the dot.gov and dot.com domains, the Pentagon — which includes the ultra-secret National Security Agency — should support efforts to protect critical industry networks.”

The failure of the military to protect its own systems creates an argument for it to have preeminence in protecting private computer infrastructure? Perhaps the Department of Homeland Security will reveal how badly it has been hacked in order to regain the upper hand in the battle to protect us.

It sounds a little bit like the “pre-crime” unit featured in the 2002 film “Minority Report,” but news that Washington, D.C. will implement software to “predict” crime is not quite as worrisome as it might seem at first blush.

Beginning several years ago, the researchers assembled a dataset of more than 60,000 various crimes, including homicides. Using an algorithm they developed, they found a subset of people much more likely to commit homicide when paroled or probated. Instead of finding one murderer in 100, the UPenn researchers could identify eight future murderers out of 100.

Berk’s software examines roughly two dozen variables, from criminal record to geographic location. The type of crime, and more importantly, the age at which that crime was committed, were two of the most predictive variables.

Unlike applying data mining to detection of terrorism planning or preparation, which is exceedingly rare, using tens of thousands of examples of recidivism to discover predictive factors is a good way to focus supervision resources where they are most likely to be effective.

The article describes use of this software for monitoring parolees and probationers. Using data mining to justify anything approaching extra punishment would be a misuse, and many far more difficult issues would arise if it were used on the general population.

A favorite PR maven pitched me (and probably many of you) Senator Al Franken’s (D-MN) email suggesting that WiFi is threatened by the Google-Verizon “deal.”

“The Google-Verizon ‘framework’ was written so as not to apply to wireless Internet services,” says Franken. “If you use wi-fi or access the Internet on your phone, this is a serious problem.”

Kindamaybenotsomuch. WiFi is wireless, yes, but it’s not what they’re talking about when they say “wireless.”

But what caught my eye is Senator Franken’s somewhat inverted take on power arrangements in the federal government: “This evening, I’ll be speaking at an FCC hearing in Minneapolis. I’ll urge the commissioners to reject the Google-Verizon framework, stop the Comcast/NBC merger, and take action to keep the Internet free and open.”

Folks, Article I, section 1 of the United States Constitution creates the United States Senate, with section 3 describing the Senate’s makeup and some procedures.

The Federal Communications Commission is not a constitutional body. The best view is that Congress has no authority to establish an FCC like we have today. The better view is that Congress should not maintain the sprawling FCC we have today. And the only correct view is that FCC is a creation of Congress, beneath it in every relevant respect.

Senator Franken is supposed to be the boss of the FCC, not a supplicant “urging” the FCC to do x, y, and z.

Does it matter a lot? No. Senator Franken is mostly making a symbolic appeal to gin up constituent support. But he’s also symbolizing the abasement of the legislative branch to an independent agency that has no constitutional pedigree.

Reading the 2002 edited volume, From 0 to 1: An Authoritative History of Modern Computing, I came across an interesting history of the first software patent—a business history, as opposed to a legal history. I hadn’t seen this anywhere before, so I’ll recount it here.

Luanne Johnson, president (now co-chair) of the Software History Center, tells the story of Martin A. Goetz at Applied Data Research (ADR), a Princeton, New Jersey company founded in 1959 to sell computer programming services.

In 1964, computer manufacturer RCA approached ADR about writing a flowcharting program that RCA would provide to users of its RCA 501 computer at no cost. ADR designed and wrote the program, AUTOFLOW, and offered it to RCA for $25,000. But RCA didn’t want it at that price. Marty Goetz then went to work on a different approach to recouping the $10,000 his company had laid out to write AUTOFLOW.

There were only hundreds of companies using the RCA 501, to whom he might have sold directly. So, seeing a larger market among users of the IBM 1401, Goetz and his colleagues re-wrote AUTOFLOW for that computer. They ultimately produced superior flowcharting software to what IBM offered its customers. AUTOFLOW was capable of flowcharting the logical sequence of existing software, easing the design of software to compliment what was already in use on IBM machines. Writes Johnson: Continue reading →

The nice folks at the New York Times “Room for Debate” feature asked me and a group of bright lights to discuss the Verizon-Google agreement on network neutrality regulation, as it stood at various points in the day.

Read the comments of Tim Wu, Lawrence Lessig, David Gelernter, Ed Felten, Jonathan Zittrain, and myself. Much of my comment owes credit to Tim Lee’s excellent paper “The Durable Internet.”

We’re all over the place, folks . . .

Update: Late addition: Gigi Sohn.

Give up?

Both have adopted highly unconventional names in their lifetimes. In Prince’s case, it was the adoption of a symbol to protest Warner Brothers’ artistic and financial control of his output.

Following suit, H.R. 1586 has adopted the name, the “______Act of____,” apparently because of the haste with which the Senate wanted to pass the bill last week.

The Senate’s substitute amendment on this $26 billion spending bill had a placeholder bill name, and it could not take time to replace the placeholder. The House is expected to return this week and pass the Senate amendment, sending it to the president.

As reported on the WashingtonWatch.com blog and cnet news, this highly unconventional name may be what goes into law. With the Senate out of town until September, there is no chance to pass a correcting amendment in both houses. The constitution requires both to pass identical bills, so the House must take up the “______Act of____” and pass it as such.

If it does, the “law with no name” will stand as a lasting tribute to the inattention Congress gives its work. Spending billions of taxpayer dollars is a hurried and casual affair for our lawmakers.

I have a piece on Internet privacy in the Wall Street Journal today. It’s one side of a “debate” on Internet privacy and tracking. I say be careful what you give up if you thwart online tracking—personalization, free content, and other goodies may go by the wayside.

My “opponent” is Nicholas Carr, whose identity and arguments I didn’t know as I wrote, nor likely did he mine. His is a good piece that lays out the many legitimate concerns with online tracking. Must be nice to be the maximal-privacy “good guy”!

For the sake of making it interesting I’ll pick out one important point that highlights the nub of the issue.

Privacy tradeoffs have always been a part of life, Carr says, “But now, thanks to the Net, we’re losing our ability to understand and control those tradeoffs—to choose, consciously and with awareness of the consequences, what information about ourselves we disclose and what we don’t.”

This sentence brought back to me a memorable moment from law school. In a seminar course, the professor called upon a fellow student who rather dopily apologized, “Sorry, I didn’t have time to do the reading.”

“In fact you did have time to do the reading,” replied the teacher, “but you just didn’t take it. Isn’t that correct?”

It was funny, if embarrassing for my colleague, and a great illustration of precision with language.

Holding to that standard of precision, I’ll disagree with Carr’s statement: The Net is not affecting our ability to understand and control privacy tradeoffs. Its development has outstripped that capacity. Developing consumers’ understanding of information flows, information uses, and consequences will position them to restore privacy.

I don’t think Carr would disagree with that sentiment in the main. Later he says, agreeably to me, “We need to take personal responsibility for the information we share whenever we log on.”

And I do think that’s the heart of the problem: “Education is the hard way, and it is the only way, to get consumers’ privacy interests balanced with their other interests.”