Articles by Jim Harper 
Jim is the Director of Information Policy Studies at The Cato Institute, the Editor of Web-based privacy think-tank Privacilla.org, and the Webmaster of WashingtonWatch.com. Prior to becoming a policy analyst, Jim served as counsel to committees in both the House and Senate.
It’s fascinating to continue watching developments in Iran via Twitter and other social media.
The fact that Twitter delayed a scheduled outage to late-night Tehran time was laudable, but contrary to a growing belief it wasn’t done at the behest of the State Department. It was done at the behest of Twitter users.
Twitter makes that fairly (though imperfectly) clear on its blog, saying, “the State Department does not have access to our decision making process.”
As my Cato Institute colleague Justin Logan notes, events in Iran are not about the United States or U.S. policy. They should not be, or appear to be, directed or aided from Washington, D.C. Any shifts in power in Iran should be produced in Iran for Iranians, with support from the people of the world – not from any outside government.
People are free to speculate that the State Department asked Twitter to deny its involvement precisely to create the necessary appearances, but without good evidence of it, assuming that just reflects a pre-commitment that governments – not people and the businesses that serve them – are the primary forces for good in the world.
The Department of Homeland Security’s Privacy Office sez:
On his first full day in office, President Obama directed his administration to seek an “unprecedented level of openness in government.” In the spirit of openness and transparency consistent with the directives of the administration and with her personal philosophy, the Chief Privacy Officer of the Department of Homeland Security would like to engage in quarterly updates on privacy activities in the Department for the privacy advocacy community. The inaugural Privacy Information for Advocates (PIA) will be held in person on Friday, June 19, 2009, in the DHS Privacy Office located at 1621 N. Kent Street, Suite 900 in Rosslyn, VA. The update will begin at 3:00 pm. If you plan to attend, please RSVP to Lynn Parker at Lynn[dot]Parker1[at]dhs[dot]gov before noon on Wednesday, June 17. RSVPs are required in order to confirm participation.
I have a quibble with the acronym – heh heh – “PIA” is also the acronym for “Privacy Impact Assessment.” But if you carefully use context to discern meaning, you’ll probably figure out when people are talking about the meeting versus when they are talking about the document.
But people who are not “in the know” won’t understand the difference, and as to them your power and authority will rise until you reach the status of privacy demi-god.
Oh, whatever. Just go to the meeting.
I’ll be speaking on a panel titled “The Future of Security vs. Privacy” today at the Computers Freedom and Privacy conference. If you’re in Washington, D.C., come on by the Marvin Center at George Washington University and head up to the third floor. The conference continues through the week.
The organizers say C-SPAN will be recording parts of today, and it is supposed to be streamed live here. You Twitterers can follow the conversation by checking out the official hashtag: #cfp09. Be sure to say your piece, as well.
Recall a couple of years ago when I lauded Google – and also picked on them – for making customer data “more anonymous”?
“‘Anonymous’ is correctly regarded as an absolute condition,” I wrote. “Like pregnancy, anonymity is either there or it’s not. Modifying the word with a relative adjective like ‘more’ is a curious use of language.”
The challenge of these concepts – “anonymized” or “de-identified” data – is still around, and it’s still a difficult one.
Here’s a sophisticated take on the question:
Information is increasingly difficult to classify as “identified” or “de-identified,” particularly as it is copied, exchanged, or recombined with other information. With rapidly evolving technologies and databases, it is more appropriate to describe a spectrum of “identifiability,” rather than a binary classification of information as identifiable or not. The question could then become not whether deidentified information might be made re-identifiable, but rather which entities would be able to re-identify the information, how much effort they would have to expend, and what limits are placed on their doing so.
And here’s an advocacy group apparently lacking that sophistication. They treat information as flatly “de-identified” in a legal filing about a New Hampshire law that bans the sale of prescription drug data for marketing purposes:
[T]he Prescription Information Law does not implicate patient privacy. While it purports to protect privacy interests, the statute regulates patient de-identified information.
Here’s the thing: Both quotes were issued by the Center for Democracy and Technology. Continue reading →
Lee Gomes writes on Fobes.com with a clear-eyed reminder that privacy regulation has been costly, yet failed to deliver. Lovers of government intervention will, of course, take this as an argument to double-down.
craigslist has filed a complaint against South Carolina Attorney General Henry McMaster, seeking to enjoin him from prosecuting the site for displaying the solicitations to prostitution that sometimes appear there. The complaint cites section 230 of the Communications Decency Act, the First Amendment, and a few other laws that craigslist believes protect it from liability.
The complaint makes a pretty good case that craigslist has taken reasonable steps, working with law enforcement, to keep prostitution off the site. With that it has done its part. If prosecutors want to go after prostitution, they can use craigslist to do so. They should not attack the messenger if consenting adults are trying to exchange money for sexual services in their local areas.
. . . you’d think that you would follow the “Speeches” link from the home page on Whitehouse.gov. If you do, today you see just four speeches.
I went looking for the text of his national security speech at the National Archives today. The New York Times has it but Whitehouse.gov doesn’t? What’s going on here?
The Computers Freedom & Privacy conference is consistently one of the most interesting and forward-looking privacy conferences. This year, it’s at George Washington University in Washington, D.C. June 1-4.
I helped organize it this time, though by no means does the event skew libertarian. What it does is bring together people of all ideologies to discuss common concerns about the present and future state of privacy.
I’ll be speaking on a panel called “The Future of Security vs. Privacy” on Tuesday, June 2nd. Here’s the program page. And here’s the registration page if any of this whets your appetite.
NebuAd is dead. The company‘s plan to track users through their ISPs for the purpose of targeting advertising met with public and congressional concern that ultimately led to its demise.
I believe that ISPs should stick to serving bits and not get into the business of serving or helping to serve ads, so I’m glad to see NebuAd’s model fail. I’ve been made aware by a similar company – Phorm – of the privacy sensitivity they design into their system, but the answer for me is still “No, thanks.”
In terms of policy, this story is mixed. Fans of government involvement probably believe that concerns expressed by public authorities caused NebuAd’s partners to pull out. ISPs also responded to public concerns expressed directly and in the media, of course, and I believe that consumers’ passive reliance on government authorities for protection is in error.
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.