I testified in Congress yesterday, at a hearing on the REAL ID Act in the Senate Homeland Security and Governmental Affairs Committee’s Subcommittee on Oversight of Government Management, the Federal Workforce, and the District of Columbia. My testimony is here.
An issue that I sought to highlight comes from studying the REAL ID regulations carefully: The standard that the Department of Homeland Security selected for the 2D bar code that would go on REAL ID compliant cards includes race/ethnicity as one of the data elements.
DHS does not specifically require inclusion of this information, but states are likely to adopt the entire standard. Thus, starting in May 2008, many Americans may be carrying nationally uniform cards that include race or ethnicity in machine-readable formats – available for scanning and collection by anyone with a bar code reader. Government agencies and corporations may affiliate racial and ethnic data more closely than ever with information about our travels through the economy and society.
This was not intended by the authors of the REAL ID Act, nor was it intended by the regulation writers at the Department of Homeland Security. The Belgian colonial government in 1930s Rwanda had no intention to facilitate the 1994 genocide in that country either, but its inclusion of group identity in ID cards had that result all the same.
The woman in the image below, believed to be a genocide victim, is categorized as a Tutsi just below her photograph. Her name is not seen, as it appears on the first page of this folio-style ID document. The names of her four children, though, are written in on the page opposite the photo.
The lessons of history are available to us. The chance of something like this happening in the United States is blessedly small, but it is worth taking every possible step to avoid this risk, given an always-uncertain future. In a society that strives for a color-blind ideal, the federal government should have no part in creating a system that could be used to track people based on race.
Cross-posted from Cato@Liberty
Today’s decision in the U.S. District Court for the Eastern District of Pennsylvania again striking down the Child Online Protection Act of 1998 has important implications for the ongoing debate over age verification for social networking websites.
As I mentioned in an essay earlier this week, several state attorneys general (AGs) are currently pushing legislation to mandate age verification of minors before they would be allowed access to social networking sites. Already, age verification proposals have been introduced in Connecticut, Georgia and North Carolina. More proposals are likely on the way. AGs and other policy makers argue that age verification is necessary to protect kids from cyber-predators and other online dangers.
In my new paper,
“Social Networking and Age Verification: Many Hard Questions; No Easy Solutions“ I find that proposals to impose age verification mandates on social networking websites raise many sensitive questions with potentially profound implications for individual privacy and online freedom of speech and expression. That’s especially the case in light of the definitional ambiguities associated with “social networking.”
Today’s COPA decision bolsters many of the findings in my paper. “Requiring users to go through an age verification process would lead to a distinct loss of personal privacy,” Judge Lowell Reed Jr. says on page 55 of the decision. And his other conclusions are also relevant to the debate over social networking regulation.
Continue reading →
Herb Vest, CEO of the online dating service True.com, is still working hard to get the government to push background checks for those seeking love on the ‘net. The New York Times reports:
True, which conducts criminal background checks on its subscribers, is the primary force behind a two-year-old campaign to get state legislatures to require that social Web sites prominently disclose whether or not they perform such checks….
The company then tried to have laws passed in several states that would require other sites to conduct background checks or disclose that they do not…. True has had little political success so far, but is backing bills that legislators are considering in Florida, Texas and Michigan.
As the Times reports, Vest is no newcomer to lobbying government to gain an advantage over competitors.
As I noted two years ago, Vest’s preferred legislation would require matchmaking sites not conducting background checks “stamp this stark warning atop every e-mail and personal ad, in no less than 12-point type: ‘WARNING: WE HAVE NOT CONDUCTED A FELONY-CONVICTION SEARCH OR FBI SEARCH ON THIS INDIVIDUAL.'”
Is this really necessary? When I want to know for sure whether my online date is a felon, I just visit this site.
Yesterday I noted that I have a new study out entitled “Social Networking and Age Verification: Many Hard Questions; No Easy Solutions.” In yesterday’s post, I highlighted the general conclusions of my paper. Today I want to discuss how much of the push for age verification of social networking sites is being driven by unfounded fears and irrational myths about the nature of social networking and the severity of online child abuse.
Indeed, although I set out to write my entire paper about age verification, I ended up spending the first third of the paper just debunking myths about social networking websites and online predation. That’s because I found that this debate is being driven almost entirely by myths and irrational fears.
Continue reading →
Washington University School of Law professor Neil Richards and George Washington University Law School professor Daniel Solove have an important new law review article out. Privacy’s Other Path: Recovering the Law of Confidentiality is a useful reminder of a dimension of privacy apart from the privacy torts so famously inspired by Warren and Brandeis in their 1890 Harvard Law Review article.
Confidentiality is the idea that you can share information subject to restrictions on further disclosure and use. There are often implicit understandings about how shared or mutually created information should be treated. It’s an important point that’s been conveniently forgotten in government arguments for “data retention,” for example. Confidentiality in the financial services sphere has been eviscerated by the Bank Secrecy Act and the Supreme Court cases that followed it, as well as Smith v. Maryland in the telecommunications context.
Richards and Solove’s work has its awkward turns – they characterize continental Europe’s focus on dignity and America’s focus on liberty as highly individualistic, while suggesting that confidentiality is “based on the protection of relationships.” If these characterizations are relevant at all, confidentiality can be seen just as much as a protection of individuals, the difference being that confidentiality is rooted more deeply in contract. Small matter, though.
Overall a good work, and an important reminder.
(HT: Schneier)
In anticipation of the Capitol Hill event I am hosting this Friday (“Age Verification for Social Networking Sites: Is It Possible? And Desirable?”), PFF has just released my new 35-page report on this issue: “Social Networking and Age Verification: Many Hard Questions; No Easy Solutions.”
In my paper, I note that many state attorneys general (AGs) are threatening legal action against social networking sites unless those sites verify the age of all their users. Already, age verification proposals have been introduced in Connecticut, Georgia and North Carolina. More proposals are likely on the way. AGs and other policy makers argue that age verification is necessary to protect kids from cyber-predators and other online dangers.
This week I will be discussing various aspects of my report in a series of blog entries. Today I will just highlight the major conclusions of my study. Tomorrow I will discuss some of the major myths surrounding social networking and online child abuse. And later this week I will outline some of my reservations about leading age verification schemes.
The general conclusions of my paper are as follows:
Continue reading →
If you’ve got a Mac with an iSight camera, (like the one that came with my shiny new MacBook) what you’re looking at on the right there is your own face, rendered by Apple’s graphics system to look “painted.” I think that’s awfully damn cool.
Update: I got some reports that this was screwing up PC users, so I’ve moved it below the fold…
Continue reading →
A couple of Google lawyers have announced on the Google ‘blog that the company will be making the data from their server logs “much more anonymous, so that it can no longer be identified with individual users, after 18-24 months.” That’s a big, important change, as Google’s privacy policy has never before pledged to destroy or anonymize data about all of our searches.
Now, there are some interesting details – details that are highlighted by the text I quoted above. “Anonymous” is correctly regarded as an absolute condition. Like pregnancy, anonymity is either there or it’s not. Modifying the word with a relative adjective like “more” is a curious use of language.
Google has a challenge, if they’re going to anonymize data and not destroy it, to make sure that a person’s identity and behavior cannot be reconstructed from it. As AOL’s fiasco with releasing “anonymized” search data showed, clipping off the obvious identifiers won’t do it. As data mining capabilities advance, anonymizing techniques will have to keep ahead of that.
There are interesting things that can be done to synthesize data, making it statistically relevant while factually incoherent. Hopefully, Google will sic some of its finest famously-smarty-pants engineers on the task of making their anonymous data
really, really anonymous.
My favorite TLF reader points out this bizarre story about wireless “piggybacking,” over-zealous police officers, and (a lack of) child porn. It’s a safe bet that the police officers involved have better things to do than harass people using the WiFi connections of public libraries (!) from their cars. The notion that doing so would be criminal theft of service is absurd: presumably, no one would have thought twice if he’d accessed the network while physically inside the library building. It’s not clear how it suddenly becomes a crime once it’s outside.
It seems even more clear that the police were out of line in seizing the guy’s laptop and searching it for child pornography. No reasonable person would take the fact that someone is using the Internet from his car as evidence that child porn is being downloaded.
On the other hand, the trespassing charge isn’t crazy, especially if it happened more than once. Still, a proportionate remedy would have been to write the kid a ticket, not take his laptop.
I’ve got a new story at Ars about the DOJ inspector general’s damning report on the FBI’s use of “national security letters” :
The defenders of the Patriot Act have been quick to emphasize that the report found no evidence of malice or intentional lawbreaking in the use of NSLs. This is true. By all accounts, the problems OIG found were the result of honest mistakes on the part of FBI officials. No examples were found of FBI agents using NSLs to spy on their ex-girlfriends or blackmail their enemies.
However, OIG teams only audited 293 letters out of tens of thousands that have been issued since the Patriot Act has become law. It’s quite possible that a complete audit of NSLs would uncover deliberate lawbreaking. And given the inadequate record-keeping procedures, it’s far from certain that even a comprehensive audit would uncover unlawful behavior.
Continue reading →
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.