Articles by Jim Harper

Jim HarperJim is the Director of Information Policy Studies at The Cato Institute, the Editor of Web-based privacy think-tank Privacilla.org, and the Webmaster of WashingtonWatch.com. Prior to becoming a policy analyst, Jim served as counsel to committees in both the House and Senate.


My ID Score

by on May 18, 2009 · 23 comments

myidscoreHere’s a very cool little app from Identity Analytics: My ID Score. You enter a bit of identifying information. It checks to see if you know stuff that only you are likely to know. (This is what I called “epistemetric” identification in my book.)And then it spits out an estimate of your risk of being a victim of identity fraud.

I got a 240 when I didn’t give them my SSN, and my score dropped to 40 when I submitted my SSN.

Everybody talks about identity fraud, but nobody does anything about it. This does something about it – specifically, it will help stop the worrying on the part of people who don’t need to. And it will give people who should worry a few things to do to get their situation under control. The more that can be done to demystify identity fraud, the better – and the less likely there will be unwise legislation and regulation that ultimately harm the interests of consumers.

So have a little fun and check out My ID Score. (If you’re worried about submitting personal data over a Web site – you can see for yourself that the transmission is encrypted, and ID Analytics is a company I’ve known for many years. This is not a phishing scam – unless it’s a very, very good one.)

SHARE: 23 comments

Allegations of a Dead Man

by on May 17, 2009 · 6 comments

According to respected Guatemalan lawyer Rodrigo Rosenberg, Guatemala’s government is infested with corruption. His message is carried very powerfully to fellow Guatemalans and the world in a video he taped before his murder last week.

YouTube has a role as a powerful engine of dissent and government transparency. It’s a commercial, profit-making business, and it is laying bricks on the path to human rights and the rule of law worldwide.

The Cato Institute’s Juan Carlos Hidalgo writes briefly about developments since then on the Cato@Liberty blog.

SHARE: 6 comments

Will the Government Be the New King of All Media?

by on May 15, 2009 · 10 comments

Howard Stern swore off free broadcast radio in 2004 in part because of federally mandated decency rules. The self-annointed “king of all media” may have stepped off the throne in doing so. Them’s the breaks in the competitive media marketplace, contorted as it is by government speech controls.

Some would argue that a new king of all media is seeking the mantle of power now that the Obama administration is ensconced and friendly majorities hold the House and Senate. The new pretender is the federal government.

And some would argue that the Free PressChanging Media Summit” held yesterday here in Washington laid the groundwork for a new federal takeover of media and communications.

That person is not me. But I am concerned by the enthusiasm of many groups in Washington to “improve” media (by their reckoning) with government intervention.

Free Press issued a report yesterday entitled Dismantling Digital Deregulation. Even the title is a lot to swallow – Have communications and media been deregulated in any meaningful sense? (The title itself prioritizes alliteration over logic – evidence of what may come within.)

Opening the conference, Josh Silver, executive director of Free Press harkened to Thomas Jefferson – well and good – but public subsidies for printers and a government-run postal system model his hopes for U.S. government policies to come.

It’s helpful to note what policies found their way into Jefferson’s constitution as absolutes and what were merely permissive. The absolute is found in Amendment I: “Congress shall make no law . . . abridging the freedom of speech, or of the press . . . .”

Among the permissive is the Article I power “to establish Post Offices and post Roads.” There’s no mandate to do it and the scope and extent of any law is subject to Congress’ discretion, just like the power to create patents and copyrights which immediately follows.

I won’t label Free Press and all their efforts a collectivist plot and dismiss it as such – there are some issues on which we probably have common cause – but a crisper expression of “dismantling deregulation” is “re-regulation.”

It’s a very friendly environment for a government takeover of modern-day printing presses: Internet service providers, cable companies, phone companies, broadcasters, and so on.

SHARE: 10 comments

Bank of America’s “Borrower’s Protection Plan” is a Scam

by on May 4, 2009 · 172 comments

Once in a while, I indulge in a non-tech rant here, just to be interesting – or in hopes of reaching the world at large with some information they can use.

Well, everyone should know that Bank of America’s “Borrower’s Protection Plan” is a complete scam. It charges a HUGE monthly amount to insure your mortgage payments (for only a year!) in case of adverse events like job loss, disability, etc.

When I refinanced a year ago, I signed up for it casually and inadvertently, in light of a “first-year free” offer. When it occurred to me that they would probably refuse to let go of me at the end of the opening year, I canceled my participation in the plan by telephone. Or so I thought.

It’s a year later and I’m scheduled to begin making payments for this rip-off in my mortgage payment starting on July 1st. Bank of America evidently lied to me about letting me cancel a year ago.

Here’s a Washington Post article on the topic with the usual pro-regulatory angle. This is not a matter for regulators. It’s my job and yours to be better consumers.

I just called my mortgage broker and chewed her out good for getting me involved in this scam. I won’t refinance with Bank of America, and will be moving accounts (in addition to my current mortgage, I have two business accounts at BofA) away from Bank of America to more reputable institutions. I’ll be distributing this post far and wide and I hope you will pass it along too.

Bank of America’s “Borrower’s Protection Plan” is a scam.

SHARE: 172 comments

DoJ Fails to Report Electronic Surveillance Activities

by on April 30, 2009 · 7 comments

Unlike with wiretaps, law enforcement agents are not required by federal statutes to obtain search warrants before employing pen registers or trap and trace devices. These devices record non-content information regarding telephone calls and Internet communications. (Of course, “non-content information” has quite a bit of content – who is talking to whom, how often, and for how long.)

The Electronic Privacy Information Center points out in a letter to Senate Judiciary Committee Chairman Patrick Leahy (D-VT) that the Department of Justice has consistently failed to report on the use of pen registers and trap and trace devices as required by law:

The Electronic Communications Privacy Act requires the Attorney General to “annually report to Congress on the number of pen register orders and orders for trap and trace devices applied for by law enforcement agencies of the Department of Justice.” However, between 1999 and 2003, the Department of Justice failed to comply with this requirement. Instead, 1999-2003 data was provided to Congress in a single “document dump,” which submitted five years of reports in November 2004. In addition, when the 1999-2003 reports were finally provided to Congress, the documents failed to include all of the information that the Pen Register Act requires to be shared with lawmakers. The documents do not detail the offenses for which the pen register and trap and trace orders were obtained, as required by 18 U.S.C. § 3126(2). Furthermore, the documents do not identify the district or branch office of the agencies that submitted the pen register requests, information required by 18 U.S.C. § 3126(8).

EPIC has found no evidence that the Department of Justice provided annual pen register reports to Congress for 2004, 2005, 2006, 2007, or 2008. “This failure would demonstrate ongoing, repeated breaches of the DOJ’s statutory obligations to inform the public and the Congress about the use of electronic surveillance authority,” they say.

It’s a good bet, when government powers are used without oversight, that they will be abused. Kudos to EPIC for pressing this issue. Senator Leahy’s Judiciary Committee should ensure that DoJ completes reporting on past years and that it reports regularly, in full, from here forward.

SHARE: 7 comments

Schneier on RealAge.com: Factually Incorrect

by on April 28, 2009 · 20 comments

(Update: Bruce Schneier linked to this post (and Adam’s) from his blog post on the topic, and the Wall Street Journal issued a “correction and amplification” at the top of the story on its site.)

I share many of Adam’s concerns with Bruce Schneier’s WSJ piece. But there’s something else wrong with it. He’s got the facts wrong, right in the first paragraph:

Almost none of more than 27 million people who took the RealAge quiz realized that their personal health data was sold to drug companies, who in turned used that information for targeted e-mail marketing campaigns.

RealAge does not sell data to drug companies. RealAge collects health information about users and markets to its users at the request of its “partners.” But, again, it does not disclose health data to those partners, including drug companies.

RealAge.com has a sensible business model: cultivate an audience of users that are interested in health, and make money on the sellers trying to reach them, like drug companies. And y’know what would kill that business model? Giving data about users to the drug companies.

And in terms of privacy, that’s a difference in kind, not degree. The data is held close by RealAge.com. Given that, Schneier’s argument that there is deception deserving government intervention falls apart. RealAge.com says what it does and does what it says.

The line from RealAge’s privacy policy that Bruce quotes is deprived of context by what he doesn’t quote. Here’s what he quotes: “[W]e will share your personal data with third parties to fulfill the services that you have asked us to provide to you.” Scary . . . ish.

The rest of the story is the next line: “These third parties are required not to use your Personal Data other than to provide the services requested by RealAge.”

When I first read the privacy policy a few weeks ago – here’s what I wrote then – I assumed this language allowed them to use an email service provider to store and send emails. I was impressed that they say they specifically require service providers like this not to repurpose the data.

When I checked with the people at RealAge.com today, they confirmed that these lines in their privacy policy are for this kind of third-party service provider, not for drug companies.

So, with the sinister data-sharing-with-drug-companies meme kinda dropped out of the equation, what you have left is the question whether personal information should be used to direct health information toward interested people. Should people get information about remedies they might need from companies interested in selling them?

People are free to doubt drug advertisements because they’re advertisements, but given the prospective health benefits, more information is better than none, and I have a hard time saying health marketing is bad. It’s a lot easier to say it’s bad when you assume incorrectly what happens to personal data in the process.

SHARE: 20 comments

Fourth Amendment Up for a Vote?

by on April 27, 2009 · 8 comments

New Jerseyans may get a chance to vote their Fourth Amendment preferences in the upcoming gubernatorial elections. Among the candidates is Chris Christie, who as U.S. Attorney for New Jersey authorized the tracking of suspects’ cell phones without getting a warrant.

SHARE: 8 comments

Register Now for the Computers, Freedom & Privacy Conference

by on April 24, 2009 · 9 comments

I’ve been helping to organize this year’s CFP, which is consistently one of the most interesting and forward-looking privacy conferences. Here’s the program as it now stands.

Register now as an early-bird – prices rise May 1.

SHARE: 9 comments

Credit the UK Government for Being Honest

by on April 23, 2009 · 7 comments

Posted in London.

SHARE: 7 comments

On Health Care Information Markets

by on April 14, 2009 · 15 comments

oprah-and-ozPatient Privacy Rights is playing an essential role in the developing information economy with their campaign against Oprah Winfrey’s promotion of RealAge.com.

I’m not an Oprah-watcher, but apparently she’s been having a guest on named “Dr. Oz” – where does she get these people? – who shills for a site called RealAge.com. RealAge entices visitors to take a 105-item questionnaire about their personal health habits. The people who agree to be “members” receive, among other things, promotions from drug companies that are tailored to their potential health issues.

Patient Privacy Rights doesn’t like this, and they make a good case that RealAge, “Dr. Oz,” and Oprah should give people a better idea of what’s going on with personal information in this little transaction.

My own review of the RealAge privacy policy shows it to be a pretty good, typically complex policy that restricts information sharing pretty well. If I was interested in anything other than destroying my health with booze and cigarettes, I might be inclined to take RealAge’s quiz. It has real potential to educate people and get them informed about health conditions and treatments. But Patient Privacy Rights would like that to happen with a little more awareness all around about the personal information terms of this bargain.

The brilliant thing, from my perspective, is that PPR is taking it to the people with a petition rather than running to mommy government, embodied by the Federal Trade Commission. That’s the straightforward way to work on shaping the marketplace, convincing consumers themselves rather than relying on the threat of government coercion.

SHARE: 15 comments

← Previous Entries

Next Entries →