It’s fascinating to continue watching developments in Iran via Twitter and other social media.

The fact that Twitter delayed a scheduled outage to late-night Tehran time was laudable, but contrary to a growing belief it wasn’t done at the behest of the State Department. It was done at the behest of Twitter users.

Twitter makes that fairly (though imperfectly) clear on its blog, saying, “the State Department does not have access to our decision making process.”

As my Cato Institute colleague Justin Logan notes, events in Iran are not about the United States or U.S. policy. They should not be, or appear to be, directed or aided from Washington, D.C. Any shifts in power in Iran should be produced in Iran for Iranians, with support from the people of the world – not from any outside government.

People are free to speculate that the State Department asked Twitter to deny its involvement precisely to create the necessary appearances, but without good evidence of it, assuming that just reflects a pre-commitment that governments – not people and the businesses that serve them – are the primary forces for good in the world.

Hilarious video on the DTV transition.

My ID Score

by on May 18, 2009 · 23 comments

myidscoreHere’s a very cool little app from Identity Analytics: My ID Score. You enter a bit of identifying information. It checks to see if you know stuff that only you are likely to know. (This is what I called “epistemetric” identification in my book.)And then it spits out an estimate of your risk of being a victim of identity fraud.

I got a 240 when I didn’t give them my SSN, and my score dropped to 40 when I submitted my SSN.

Everybody talks about identity fraud, but nobody does anything about it. This does something about it – specifically, it will help stop the worrying on the part of people who don’t need to. And it will give people who should worry a few things to do to get their situation under control. The more that can be done to demystify identity fraud, the better – and the less likely there will be unwise legislation and regulation that ultimately harm the interests of consumers.

So have a little fun and check out My ID Score. (If you’re worried about submitting personal data over a Web site – you can see for yourself that the transmission is encrypted, and ID Analytics is a company I’ve known for many years. This is not a phishing scam – unless it’s a very, very good one.)

As many outlets reported last week, Disney’s ABC Enterprises has bought into Hulu, which had been a joint-venture of NBC Universal, News Corp., and investor Providence Equity Partners.  Like other large media platforms before it, Hulu should brace for the possible antitrust implications of its increasing number of content deals—many of them exclusive, at least as it applies to online streaming video—especially considering the Obama’s administration’s stance on antitrust policy.

Many media commentators are already using the kind of language we associate with past media antitrust cases.  Nate Anderson of ArsTechnica predicted Hulu’s forthcoming “lock” on the market saying:

The Disney deal makes it far more plausible that Hulu—mocked when it launched only last year for its name and its business plan—will dominate online streaming of premium content.

Caroline McCarthy of CNET pointed out that the Disney deal has Hulu fraternizing with prior antitrust targets:

Apple CEO Steve Jobs is Disney’s single biggest shareholder, having sold animation studio Pixar to the company in 2006.

McCarthy makes an apt point as Hulu is looking more and more like the iTunes of television, an honor which Mr. Jobs likely hoped would have gone to iTunes itself.

Continue reading →

President Obama intends to nominate Mignon L. Clyburn to the Federal Communications Commission. Clyburn is a good pick. She has been a member of the Public Service Commission of South Carolina since 1998. She chaired the South Carolina commission from 2002 to 2004, is a past chair of the Southeastern Association of Regulatory Utility Commissioners and is a respected leader in the National Association of Regulatory Utility Commissioners (NARUC). She is trained in economics and has a reputation for thoughtfulness.

The remaining question is who ought to be the Republican nominee to fill the seat vacated by former chairman Kevin J. Martin (a soon-to-be-vacant seat held by Republican Robert M. McDowell will also need to be filled). By law, two of the commssion’s five members may not be from the President’s political party.

Let’s pretend you’re president. You have to appoint two opponents to the FCC. You don’t need their votes to pass your agenda, because you get to appoint three members from your political party who agree with your views. Do you fill the other two slots with people who hold few clear convictions, who are inclined to compromise and who crave positive feedback? Or do you look for people who are intellectually-engaged and are inclined to debate? If you believe your agenda is radical and you worry it will lead to negative consequences for which you will be blamed, you would want to appoint opponents who can be induced to vote with you. That way, you can claim your agenda had bipartisan support. This is the “cover you ass” approach. Continue reading →

Unlike with wiretaps, law enforcement agents are not required by federal statutes to obtain search warrants before employing pen registers or trap and trace devices. These devices record non-content information regarding telephone calls and Internet communications. (Of course, “non-content information” has quite a bit of content – who is talking to whom, how often, and for how long.)

The Electronic Privacy Information Center points out in a letter to Senate Judiciary Committee Chairman Patrick Leahy (D-VT) that the Department of Justice has consistently failed to report on the use of pen registers and trap and trace devices as required by law:

The Electronic Communications Privacy Act requires the Attorney General to “annually report to Congress on the number of pen register orders and orders for trap and trace devices applied for by law enforcement agencies of the Department of Justice.” However, between 1999 and 2003, the Department of Justice failed to comply with this requirement. Instead, 1999-2003 data was provided to Congress in a single “document dump,” which submitted five years of reports in November 2004. In addition, when the 1999-2003 reports were finally provided to Congress, the documents failed to include all of the information that the Pen Register Act requires to be shared with lawmakers. The documents do not detail the offenses for which the pen register and trap and trace orders were obtained, as required by 18 U.S.C. § 3126(2). Furthermore, the documents do not identify the district or branch office of the agencies that submitted the pen register requests, information required by 18 U.S.C. § 3126(8).

EPIC has found no evidence that the Department of Justice provided annual pen register reports to Congress for 2004, 2005, 2006, 2007, or 2008. “This failure would demonstrate ongoing, repeated breaches of the DOJ’s statutory obligations to inform the public and the Congress about the use of electronic surveillance authority,” they say.

It’s a good bet, when government powers are used without oversight, that they will be abused. Kudos to EPIC for pressing this issue. Senator Leahy’s Judiciary Committee should ensure that DoJ completes reporting on past years and that it reports regularly, in full, from here forward.

Just came across this informative blog article by David Ardia, a lawyer at the Harvard Berkman Center. He describes a recent ruling on Section 230 of the Communications Decency Act in a case that the New England Patriots filed against StubHub. The Pats bar fans from reselling their season tickets and want to hold online sites liable for the actions of ticket holders. The judge said that Section 230 did not give StubHub immunity. According to David:

In summary, StubHub profited as ticket prices increased; it didn’t require users to disclose what they paid for their tickets, thus making it harder to police its site; and it encouraged its best clients to buy low and sell high.  Isn’t this the way most online auction sites work?  Surely “knowing participation” isn’t coterminous with “materially contributing” to unlawful activity.

Using the factors described above is a troubling interpretation for Section 230, and has broad implications for online platforms and social networking sites – not just ticket exchanges. The court is sending a message that online sites should be the enforcer of private contracts to which they are not a party. This is an added obligation and potential liability that threatens the stated intent of Section 230, “to promote the continued development of the Internet and other interactive computer services and other interactive media.”

(Update: Bruce Schneier linked to this post (and Adam’s) from his blog post on the topic, and the Wall Street Journal issued a “correction and amplification” at the top of the story on its site.)

I share many of Adam’s concerns with Bruce Schneier’s WSJ piece. But there’s something else wrong with it. He’s got the facts wrong, right in the first paragraph:

Almost none of more than 27 million people who took the RealAge quiz realized that their personal health data was sold to drug companies, who in turned used that information for targeted e-mail marketing campaigns.

RealAge does not sell data to drug companies. RealAge collects health information about users and markets to its users at the request of its “partners.” But, again, it does not disclose health data to those partners, including drug companies.

RealAge.com has a sensible business model: cultivate an audience of users that are interested in health, and make money on the sellers trying to reach them, like drug companies. And y’know what would kill that business model? Giving data about users to the drug companies.

And in terms of privacy, that’s a difference in kind, not degree. The data is held close by RealAge.com. Given that, Schneier’s argument that there is deception deserving government intervention falls apart. RealAge.com says what it does and does what it says.

The line from RealAge’s privacy policy that Bruce quotes is deprived of context by what he doesn’t quote. Here’s what he quotes: “[W]e will share your personal data with third parties to fulfill the services that you have asked us to provide to you.” Scary . . . ish.

The rest of the story is the next line: “These third parties are required not to use your Personal Data other than to provide the services requested by RealAge.”

When I first read the privacy policy a few weeks ago – here’s what I wrote then – I assumed this language allowed them to use an email service provider to store and send emails. I was impressed that they say they specifically require service providers like this not to repurpose the data.

When I checked with the people at RealAge.com today, they confirmed that these lines in their privacy policy are for this kind of third-party service provider, not for drug companies.

So, with the sinister data-sharing-with-drug-companies meme kinda dropped out of the equation, what you have left is the question whether personal information should be used to direct health information toward interested people. Should people get information about remedies they might need from companies interested in selling them?

People are free to doubt drug advertisements because they’re advertisements, but given the prospective health benefits, more information is better than none, and I have a hard time saying health marketing is bad. It’s a lot easier to say it’s bad when you assume incorrectly what happens to personal data in the process.

Last week I attended the National Conference of State Legislators spring meeting here in Washington, DC.  One of the panels was called “Social Networking 101”, and it was an interesting inside discussion centered on how legislatures and legislators are using Facebook, MySpace, Twitter and other social networking tools. Presenters were Sharon Crouch Steidel (Dir of IT for Virginia House of Delegates), Rep. Steve Harrelson from Arkansas, and Pam Greenberg of NCSL.

Rep. Harrelson described three main reasons for legislators to blog: (1) Immediacy – can get in front of the media story; (2) No filters – can tell the story how you want to, and can tell the whole story; (3) Transparency – tell constituents reasons for votes. His blog is amazingly complete.

According to Harrelson, his blog readers care more about politics, not policy issues. Reader traffic spikes when Harrelson talks about who was at what dinner/social event, or who is running for what seat, or committee maneuvering.  One consideration is whether to allow readers to comment and if so, do you censor? Harrelson does not censor, and wonders whether it would be unconstitutional for him to do so using a state computer on state time.

Speakers complained about a flood of email. Policymakers hate canned email and they hate it when they can’t tell if email is actually from a constituent. Legislators and IT directors struggle with how to use social media for effective dialogues, not just emails that say “I support HB 555” 30,000 times. They also want technology that forces users to input their addresses, so they can have constituent mail readily identified.

Virginia is moving toward the use of Wikis for current bills. Continue reading →

Uncork New Jersey

by on April 27, 2009 · 133 comments


If you’re from New Jersey and you like to drink wine — or just feel strongly that government shouldn’t be protecting alcohol distributors at the expense of competition and consumers — go to the UncorkNJ website and send a letter to your local representative in the General Assembly. New Jerseyans are barred from buying wine over the Web, and having it shipped to their home. The time to disintermediate is now!