Watch this video. Then type “My choice for the winner” in the comments.
Pass it on.
Articles by Jim Harper 
Jim is the Director of Information Policy Studies at The Cato Institute, the Editor of Web-based privacy think-tank Privacilla.org, and the Webmaster of WashingtonWatch.com. Prior to becoming a policy analyst, Jim served as counsel to committees in both the House and Senate.
Follow @Jim_Harper
The headline strikes fear: “House Takes Steps to Boost Cybersecurity,” says the Washington Post.
What boondoggle are they embarking on now?
Cybersecurity is hundreds of different problems that should be handled by thousands of different actors. The federal government is in no position to “fix” cybersecurity, as I testified in the House Science Committee earlier this year.
But this is a good news story. Realizing that its own cybersecurity practices are not up to snuff, the House of Representatives will be ramping up training for its staff.
Better awareness of the ins and outs of securing computers, data, and networks will disincline Congress to undertake a rash, sweeping “overhaul” of the systems and incentives that produce and advance cybersecurity.
I’m delighted to report that the White House’s web site, Whitehouse.gov, has begun posting the bills Congress sends down Pennsylvania Avenue so they can get a final public review. This actually began some time ago, but a link from the home page now directs visitors (and search engines) to the bills that await the president’s signature.
This is an important step toward fulfilling President Obama’s campaign promise to post the bills he receives from Congress online for five days before he signs them.
Take a look for yourself: On the Whitehouse.gov home page, a link at the bottom of the “Featured Legislation” column says “Comment on Pending Legislation.”
Currently, four bills are listed there, arranged in order by the dates they were posted. The final language isn’t posted at the link, and it takes a little sophistication to find the final version at the linked-to page on the Thomas system, but this is substantial progress.
Kudos to the White House for moving toward full implementation of President Obama’s Sunlight Before Signing promise!
A colleague apparently suggested that the nice people at Dropbox should email me with an invitation to use their services. The concept appears simple enough—remote storage that makes users’ files available on any laptop, desktop, or phone.
I was intrigued by it because it’s a discrete example of a “cloud” computing service. How do they handle some of the key privacy challenges? A cloud over remote computing and storage is the likelihood that governments will use it to discover private information with dubious legal justification, or without any at all. (Businesses likewise can rightly worry that competitors working with governments might access trade secrets.)
Well, it turns out they don’t handle these challenges. Dropbox is a privacy black box.
I homed right in on their “Policies” page, looking for assurance that they would protect the legal rights of users to control information placed in the care of their service. There’s precious little to be found.
There’s no promise that they would limit information they share with authorities to what is required by valid legal process. There’s no promise that they would notify users of a warrant or subpoena. They do reserve the right to monitor access and use of their site “to comply with applicable law or the order or requirement of a court, administrative agency or other governmental body.”
Is there protection in the fact that files are stored encrypted on their service? The site—though not the terms of service—says “All files stored on Dropbox servers are encrypted (AES-256) and are inaccessible without your account password.” Not if Dropbox is willing to monitor the use of the site on behalf of law enforcement. They can simply gather your password and hand it over.
National Security Letter authority and the impoverished “third party doctrine” in Fourth Amendment law puts cloud-user privacy on pretty weak footing. Dropbox’s policies do nothing to shore that up. It’s not alone, of course. It’s just a nice discrete example of how “the cloud” exposes your data to risks that local storage doesn’t.
There are a few other problems with it. They don’t promise to notify users directly of changes to the privacy policy. (“[W]e will notify you of any material changes by posting the new Privacy Policy on the Site…”) And they reserve the right to change their terms of service any time—without giving you the right to access and remove your files. When they decide to make their free service a paid service, they could hold your files hostage unless you sign up for x years. Data liberation is an important term of services like this.
Golly, even as I’ve been writing this, friends have tweeted that they like Dropbox. It sounds like a fine service for what it is. I just wouldn’t put anything on there that you wanted to keep private or that you really wanted to be sure you could access.
The Comcast-NBC deal has the traditional media world all atwitter—well, better call it aflutter. “Atwitter” is losing its old media connotations.
So the New York Times rounded up a foursome of advocates to air their views, among them Adam Thierer and yours truly.
Huzzahs and rotten fruit in the comments, please.
(And you can see from comparing our posts which of us believes in economy in the use of words.)
The White House announces its open government plans today, live at 11:00 am Eastern, on Whitehouse.gov.
But what about the president’s promise to run his own White House more transparently? In a post on Cato@Liberty this morning, I look into a new development on the Sunlight Before Signing promise, which he has violated more than 100 times since taking office.
At some point earlier this year, the White House began posting links on Whitehouse.gov to bills that were heading its direction, a half-measure the White House told the New York Times it would take.
I failed to notice the existence of these pages, but I think it is forgivable error. There is no uniform structure to them, and there is no link I can discover on Whitehouse.gov that would bring anyone to them.
Based on my spot-checking, they haven’t been crawled by any search engine, so the only way a person could find them is by searching on Whitehouse.gov for phrases on the yet unseen pages or by searching the House or Senate bill numbers of bills that you know to look for because they have already passed into law.
This doesn’t fulfill the spirit of the Sunlight Before Signing pledge. It doesn’t give the public an opportunity to review final bills and comment before the president signs them. I doubt if a single one of the people who cheered when President Obama made his Sunlight Before Signing pledge has visited one of these pages and commented to the president as he told them they would be able to do.
There are further curiosities: The pages themselves are undated, but their “posted” dates, which appear in search results, are sometimes well beyond the date on which they became law. A Whitehouse.gov search for H.R. 2131, which became Public Law 111-70 on October 9th, shows that it was posted for comment on October 23rd.
Is the White House posting bills for review after they’ve become law, trying to make it look like they’re providing some measure of sunlight?
Former Google executive turned Obama administration deputy chief technology officer Andrew McLaughlin made some unfortunate comments at a law school technology conference last week equating private network management to government censorship as it is practiced in China.
By many accounts, President Obama’s visit to China was unimpressive. It apparently included a press conference at which no questions were allowed and government censorship of the president’s anti-censorship comments. On its heels, McLaughlin equated Chinese government censorship with network management by U.S. Internet service providers.
“If it bothers you that the China government does it, it should bother you when your cable company does it,” McLaughlin said. That line is wrong on at least two counts.
First, your cable company doesn’t do it. There have been two cases in which ISPs interfered with traffic in ways that are generally regarded as wrongful. Comcast slowed down BitTorrent file sharing traffic in some places for a period of time, did a poor job of disclosing it, and relented when the practice came to light. (People who don’t know the facts will argue that the FCC stepped in, but market pressures had solved the problem before the FCC did anything.) The second was a 2005 case in which a North Carolina phone company/ISP called Madison River Communications allegedly blocked Vonnage VoIP traffic.
In neither of these anecdotes did the ISP degrade Internet traffic because of its content—because of the information any person was trying to communicate to another. Comcast was trying to make sure that its customers could get access to the Internet despite some bandwidth hogs on its network. Madison River was apparently trying to keep people using its telephone lines rather than making Internet phone calls. That’s a market no-no, but not censorship.
Second, if the latter were happening, Chinese government censorship and corporate censorship would have no moral equivalency. In a free country, the manager of a private network can say to customers, “You may not transmit certain messages over our network.” People who don’t like that contract term can go to other networks, and they surely would. (Tim Lee’s paper, The Durable Internet: Preserving Network Neutrality Without Regulation, shows that ownership of networks and platforms does not equate to control of their content.)
When the government of China forces networks and platforms to remove content that it doesn’t like, that demand comes ultimately from the end of a gun. Governments like China’s imprison and kill their people for expressing disfavored views and for organizing to live freer lives. This has no relationship to cable companies’ network management practices, even when these ISPs deviate from consumer demand.
McLaughlin is a professional colleague who has my esteem. I defended Google’s involvement in the Chinese market during his tenure there. But if he lacks grounding in the fundamentals of freedom—thinking that private U.S. ISPs and the Chinese government are part of some undifferentiated mass of authority—I relish the chance to differ with him.
The American Consumer Institute has released a collection of essays addressing the likely consequences of “‘Net Neutrality” regulation for investment in broadband and for consumer welfare. These are important things to consider, in case it needs saying.
My March 2008 paper, Franz Kafka’s Solution to Illegal Immigration, detailed the problems with electronic employment verification systems. The paper concludes that successful “internal enforcement” of immigration law requires a national ID—and ultimately a cradle-to-grave biometric tracking system.
The Department of Homeland Security has started a program called the “I E-Verify” campaign for businesses that use the federal background check system on its employees. If you see businesses with “I E-Verify” decorations or insignia, they at least indirectly support a national ID system in the United States. This can help you decide whether or not you want to spend your dollars with them.
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.