Articles by Jim Harper

Jim HarperJim is the Director of Information Policy Studies at The Cato Institute, the Editor of Web-based privacy think-tank Privacilla.org, and the Webmaster of WashingtonWatch.com. Prior to becoming a policy analyst, Jim served as counsel to committees in both the House and Senate.


When Senator William Proxmire (D-WI) proposed and passed the Fair Credit Reporting Act forty years ago, he almost certainly believed that the law would fix the problems he cited in introducing it. It hasn’t. The bulk of the difficulties he saw in credit reporting still exist today, at least to hear consumer advocates tell it.

Advocates of sweeping privacy legislation and other regulation of the information economy would do well to heed the lessons offered by the FCRA. Top-down federal regulation isn’t up to the task of designing the information society. That’s the upshot of my new Cato Policy Analysis, “Reputation under Regulation: The Fair Credit Reporting Act at 40 and Lessons for the Internet Privacy Debate.” In it, I compare Senator Proxmire’s goals for the credit reporting industry when he introduced the FCRA in 1969 against the results of the law today. Most of the problems that existed then persist today. Some problems with credit reporting have abated and some new problems have emerged.

Credit reporting is a complicated information business. Challenges come from identity issues, judgments about biography, and the many nuances of fairness. But credit reporting is simple compared to today’s expanding and shifting information environment.

“Experience with the Fair Credit Reporting Act counsels caution with respect to regulating information businesses,” I write in the paper. “The federal legislators, regulators, and consumer advocates who echo Senator Proxmire’s earnest desire to help do not necessarily know how to solve these problems any better than he did.”

Management of the information economy should be left to the people who are together building it and using it, not to government authorities. This is not because information collection, processing, and use are free of problems, but because regulation is ill-equipped to solve them.

ACM Seeks Policy Analyst

by on October 6, 2011 · 1 comment

Public Policy Analyst/Computing and IT Policy

A leading organization of computing professionals is seeking a Public Policy Analyst in its Washington DC Office of Public Policy. The position will assist in carrying out the society’s policy agenda by working with the federal government, the organization’s volunteer leadership and other organizations. The position’s duties include:

• Following, researching, analyzing and reporting on policy issues being discussed in the Congress, the Executive Branch, the Judicial Branch and the media
• Providing advice and direction on policy issues and strategies for engagement • Keeping members informed of relevant policy developments
• Developing and/or reviewing policy position statements (letters, white papers, etc.)
• Planning meetings and/or conference calls
• Developing and managing projects to implement policy agenda
• Maintaining and updating website
• Identifying and recommending opportunities to further the overall policy agenda
• Producing and distributing newsletters, blog posts and various other communications

The qualifications for this position are:

• Minimum of a Bachelor’s Degree
• Command of the legislative, regulatory and legal process, including the ability to conduct legal research and analyze policy developments
• Minimum of three years of experience in the policy, legislative or regulatory
environment
• Superior communication (writing and oral) and organizational skills
• Demonstrated interest in and/or prior experience in the technology policy
• Ability to work both in teams and independently
• Self-starter and ability to manage multiple projects and meet tight deadlines • Strong IT skills

Applicants should submit a resume and cover letter describing interests and qualifications by e-mail policy.analyst.job@gmail.com

Remember when you had to wait until the end of the month to see your bank statement?

Last week, on the cusp of failing to pass any annual appropriations bills ahead of the October 1 start of the new fiscal year, congressional leaders came up with a short-term government funding bill (or “continuing resolution”) that would fund the government until November 18th. For whatever reason, that deal (H.R. 2608) wasn’t ready to go before the end of the week, so Congress passed an even shorter-term continuing resolution (H.R. 2017) that funds the government until tomorrow, October 4th.

Every weekend, I hunch over my computer and update key records in the database of WashingtonWatch.com, a government transparency website I run as a non-partisan, non-ideological resource. Then I put a summary of what’s going on into an email like this one (subscribe!) that goes out to 7,000 or so of my closest friends.

Last weekend, the Library of Congress’ THOMAS website, which is one of my resources, was down a good chunk of the time for maintenance. Even after it came up again, some materials such as bill text and committee reports weren’t available. (They had come up by the wee hours this morning.) Maintenance is necessary sometimes, though when the service provider I use for the WashingtonWatch.com email does maintenance, it’s usually for an hour or so in the middle of a weekend night.

But when I went to update the database to reflect last week’s passage of H.R. 2017, Continue reading →

The Cato Institute is doing a live-streamed Capitol Hill briefing this morning—start-time 9:00 a.m. Eastern—on congressional transparency.

You can see and download all the materials being released to Hill staff on a Cato@Liberty blog post summarizing where congressional transparency stands: “needs improvement.”

You can watch the event live (or later on tape) and join the conversation at the Twitter hashtag #RateCongress.

The White House’s release of its “Open Government Action Plan” today is timely. I’ll be rolling out the product of several months’ work on government transparency Friday at a Cato Institute event called “Publication Practices for Transparent Government: Rating the Congress.”

The paper we’ll release commences as follows:

Government transparency is a widely agreed upon goal, but progress on achieving it has been very limited. Transparency promises from political leaders such as President Barack Obama and House Speaker John Boehner have not produced a burst of information that informs stronger public oversight of government.

The reason is not lack of planning documents, meetings, or websites, as reading the White House’s announcement today might suggest, but lack of specifically prescribed data publication practices that foster transparency. The government should publish data about its deliberations, management, and results in ways that make it amenable to all the varied uses of websites, researchers, reporters, and the public at large.

We’ll be grading the Congress on how well it’s doing with publication of data about formal legislative process. Congress is first because it’s low-hanging fruit. We’ll soon be turning to information the executive branch can make more transparent: budgets, appropriations, and spending.

The programs featured by the White House today—a new “We the People” petition platform, whistleblower protection, and an “Extractive Industries Transparency Initiative”—are fairly tangential. Fuller government transparency will be a product of specific good publication practices applied to data about the government’s deliberations, management, and results.

More information, and registration for Friday’s event, can be found here.

Data-transparent government is still a ways off, but some small steps forward are underway. To wit, my project WashingtonWatch.com, which is adding new data going to the costs of bills in Congress.

As detailed in an announcement that went up this morning, many more bills on the site will have cost estimates associated with them, the product of research being done at the National Taxpayers Union Foundation. Some bills spend pennies or less per U.S. family. Some spend $5,000 per family and more. Wouldn’t you like to know which are which?

The site has also begun displaying national debt information on a per-family, per-person, and per-couple basis. (Your debt—just for being an American—is about $45,000 dollars.)

I’ll have much more to say on government transparency in the coming months. In the meantime, you might do your part to avoid the next calamitous debt ceiling debate by following the day-to-day, month-to-month, and year-to-year in Congress using things like the WashingtonWatch.com weekly email newsletter.

I started to see hints of it last week, but I now believe Google+ is in full stumble-mode over user identity and naming. It looks as though they’ve taken common sense—everyone has one name—and woven it into their terms of service. You can’t use a non-traditional name on Google+. But naming and identity are more complex than that.

In my book, Identity Crisis, I wrote that an identity is a collection of information other people and institutions have about a person. Others use identity information they have to distinguish you from other people (or to group you) in their minds or records. This makes identity a gating mechanism: you can allow people into a part of your life by making them privy to the relevant set of identifiers, or keep them out by denying them that information.

Commonly, people use varied identities to exclude others, for social or professional reasons, such as when they open a social network account in a false name to keep their parents or their students from accessing parts of social life that are not meant for them to see. Sometimes identity is varied for political reasons, such as when an account opens in a pseudonym for the purpose of avoiding reprisal. This is an area where Facebook’s “real names” policy has stepped in it. The further one lives from conventional life in a given society, or the more contrarily to power, the more important it is to control identity.

Identity Woman—who tells her story at the first link above—uses her non-traditional identity in a non-traditional, but completely reasonable, way. It’s just the name that identifies her better to the community she plans to reach on Google+. But Google+ thinks that the name she is supposed to use is the same one her parents gave her, is the same one on her tax return, is the same one on her college degree, is the same one on her driver’s license.

Google+ has smartly replicated the real-world concept of social circles in its “circles” function. But they haven’t replicated real-world practice in terms of naming and identity. Why? Among other reasons, because doing so would allow users to decide which “circle” Google itself is in. Google doesn’t want that. Like Facebook wants to be your super-friend, Google wants to be your super-circle.

Google+ is seeing like a state, vastly simplifying the use of identity on its platform to serve its purposes. That will be a continuing discomfort and an impediment to its fullest success. But the fullest success of social networking will probably not be on an owned platform anyway.

Do-Not-Track is not inconceivable itself. It’s like the word “inconceivable” in the movie The Princess Bride. I do not think it means what people think it means—how it is meant to work and how it is likely to offer poor results.

Take Mike Swift’s reporting for MercuryNews.com on a study showing that online advertising companies may continue to follow visitors’ Web activity even after those visitors have opted out of tracking.

“The preliminary research has sparked renewed calls from privacy groups and Congress for a ‘Do Not Track’ law to allow people to opt out of tracking, like the Do Not Call list that limits telemarketers,” he writes.

If this is true, it means that people want a Do Not Track law more because they have learned that it would be more difficult to enforce.

That doesn’t make sense … until you look at who Swift interviewed for the article: a Member of Congress who made her name as a privacy regulation hawk and some fiercely committed advocates of regulation. These people were not on the fence before the study, needless to say. (Anne Toth of Yahoo! provides the requisite ounce of balance, but she defends her company and does not address the merits or demerits of a Do-Not-Track law.)

Do-Not-Track is not inconceivable. But the study shows that its advocates are not conceiving the complexities and drawbacks of a regulatory approach rather than individually tailored blocking of unwanted tracking, something any Internet user can do right now using Tracking Protection Lists.

Daily news service TechLawJournal (subscription) reports that the U.S. District Court (DC) has granted summary judgment to the National Security Agency in EPIC v. NSA, a federal Freedom of Information Act (FOIA) case regarding the Electronic Privacy Information Center’s request for records regarding Google’s relationship with the NSA.

EPIC requested a wide array of records regarding interactions between Google and the NSA dealing with information security. Reports TLJ:

The NSA responded that it refused to confirm or deny whether it had a relationship with Google, citing Exemption 3 of FOIA (regarding records “specifically exempted from disclosure by statute”) and Section 6 of the National Security Agency Act of 1959 (which prohibits disclose of information about the NSA).

The FOIA merits of EPIC’s suit are one thing. It’s another for Google to have an intimate relationship with a government agency this secretive.

This would be a good time to not be evil. Google should either sever ties with the NSA or be as transparent (or more) than federal law would require the NSA to be in the absence of any special protection against disclosure.

At the Computers Freedom and Privacy conference, I moderated a panel on “Do Not Track.” I tried to make sure it was fun, and I think it was. Among other things, yes, I called Ed Felten, “baby.” Check it out.