Articles by Jim Harper 
Jim is the Director of Information Policy Studies at The Cato Institute, the Editor of Web-based privacy think-tank Privacilla.org, and the Webmaster of WashingtonWatch.com. Prior to becoming a policy analyst, Jim served as counsel to committees in both the House and Senate.
The Association of Corporate Travel Executives recognizes the problems that the Department of Homeland Security will cause if it follows through on the threat to make air travel inconvenient for people from states that refuse the REAL ID Act’s national ID mandate. That’s why ACTE has released a statement asking for change to the REAL ID law.
An ACTE release published on etravelblackboard.com says:
“The traveling public needs more time to consider how these new regulations will affect them, and to be made aware of alternative efforts that may serve the same security objectives with less stress,” said Gurley. “Divisive activity by pressuring states into accepting a mandate at the risk of inconveniencing travelers is not conducive to the best policy-making.”
Gurley is referring to the Identification Security Enhancement Act S.717, described as a “compelling alternative to Real ID,” and is cosponsored by four senators from both parties. A companion bill, H.R. 1117, introduced by Tom Allen (D-ME) has been cosponsored by 32 representatives. It has been stated that these bills would produce a more secure identification program, faster than the implementation date (2017) given by DHS.
As I wrote in the American Spectator a week ago:
With enough states saying “Hell No” to the REAL ID mandate, the feds will back down from their threat to make air travel inconvenient. The airline industry will be up on Capitol Hill faster than you can say “You are now free to move about the country.” Congress will back the DHS off.
I was close. It turns out to be an air travelers group making the first to move to end DHS’s brinksmanship.
How about neither?
Chris Soghoian has an interesting post at his Surveill@nce St@te blog on C|Net decrying the “evisceration” of a data-breach bill in the Indiana legislature. He’s a big advocate of the bill and evidently spent a lot of time working for its passage.
“In a committee meeting Tuesday morning,” he reports, “Republican committee members successfully eviscerated the bill, reducing it to a mere 17 lines of text from the original 72. The Web site report provision and the requirement that companies notify the state attorney general whenever a data breach is discovered were stripped.” Etc.
I’m somewhat bemused to sense the excitement a young person has getting his first experience with the legislative process, then being disappointed with the results. I’m less amused – annoyed, frankly – that someone would use the length of a bill as a proxy for its quality. By that measure, the Consolidated Appropriations Act must be a real gem.
But it’s downright troubling to see a smart young man so thoroughly fallen victim to the fatal conceit. Top-down planning is no better in data security than it is in distributing bananas, but Soghoian is pretty sure he’s figured out how data security should be done across the economy (at least the economy of Indiana). I’m not sympathetic when his plans to have the legislature in his state carry out his will are quashed by others similarly situated.
Better than the regulatory contraption Soghoian desires is the use of simple common law rules, letting liability bring distributed knowledge about data breaches and data security together to construct the practices that best serve the public. There’s more to law than legislation, and people need to learn that.
The Washington Post had me utterly fooled with its choices in headlines for a story regarding the killing of a Hezbollah leader that had been targetted by the U.S.
The headline on the Web site has now been changed, but here’s how the email alert and Web headline first appeared.
These are perfectly ambiguous as to who killed whom, and I took them to mean that Hezbollah had killed a target of theirs, someone representing the United States.
The Washington Post has a story today on the slow pace of progress in airport security technology. We would see faster development of better, more consumer-friendly security technology if the airlines were entirely responsible for it. Here’s a glimpse of what I said about this in an written debate hosted by Reason magazine a few years ago:
Airlines should be given clear responsibility for their own security and clear liability should they fail. Under these conditions, airlines would provide security, along with the best mix of privacy, savings, and convenience, in the best possible way. Because of federal involvement, air transportation is likely less safe today than it would be if responsibility were unequivocally with the airlines.
Apropos (or not) of Tim’s post, take a look at this bill.
Copyright law is a political football. Rent-seekers on both sides would pick it up and run with it.
My poorly updated privacy Web site Privacilla is controlled by a non-profit corporation called Privacilla.org, Inc. The corporation has been more hassle than it’s worth to maintain, so I may just dissolve it at some point here. But in the meantime, I recently received this letter from the IRS instructing little Privacilla to file a new information return.
It’s an electronic return for non-profits with gross receipts of $25,000 or less, and it’s called Form 990-N. Failing to file for three years would result in the corporation’s non-profit status being revoked. Apparently, some 650,000 small non-profits are subject to this new requirement.
Many years’ accretions of regulations, filing requirements, and fees (both federal and state) are part of why it is too much hassle to maintain Privacilla as a non-profit. But this one is special. As far as I can tell, there is no Form 990-N. Everything I can find on the IRS Web site talks about it in the future tense.
This is mostly bemusing to me. I have until May 15th to file this form. But it will be less funny if May 15th rolls around and the form still doesn’t exist. It’s also less funny for people who aren’t technically competent attorneys, and who approach the world of law and government with less confidence. To them, this can be scary, and it’s idiocy. Typical IRS idiocy – to require submission of a form that doesn’t exist.
Bleg: Do correct me if I’m wrong! For my claims to sophistication, I may be some kind of rube for looking on the IRS Web site for an IRS electronic filing system.
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.