And your privacy doesn’t matter one whit.
http://www.eyeblast.tv/public/eyeblast.swf?v=Xd6Uuzpruz
No, I’m not here to tell you more about the “supersized” FTC. Berin has done yeoman’s work to highlight that issue, among other things with the PFF event you can review here. On TechDirt, Mike Masnick wrote this morning about how the feds are itching to regulate the Internet.
This is about the direct government invasions of privacy likely to occur if S. 3217 passes. On the Cato@Liberty blog I write about the detailed financial market research that new regulatory agencies would do—research aimed at you.
Example:
Section 1071(b) requires any deposit-taking financial institution to geo-code customer addresses and maintain records of deposits for at least three years. Think of the government having its own Google map of where you and your neighbors do your banking. The Bureau [of Consumer Financial Protection] may “use the data for any other purpose as permitted by law,” such as handing it off to other bureaus, like the Federal Bureau of Investigation.
“Washington, D.C. has determined that Washington, D.C. should manage the financial services industry. Your personal and private financial affairs will be managed there too.”
What would I say about my own writing but read the whole thing?
I write in “The Laws of Disruption” of the risk of unintended consequences that regulators run in legislating emerging technologies. Because the pace of change for these technologies is so much faster than it is for law, the likelihood of defining a legal problem and crafting a solution that will address it is very slim. I give several examples in the book of regulatory actions that quickly become not just obsolete but, worse, wind up having the opposite result to what regulators intended.
An unfortunate example of that problem in the news quite a bit lately is the Electronic Communications Privacy Act or ECPA. (My first published legal scholarship, in 1994, was an article about a provision of ECPA that allowed law enforcement officers to use evidence they came across by accident in the course of an otherwise lawful wiretap, see “Electronic Communications and the Plain View Exception: More ‘Bad Physics.’”)
Passed in 1986, ECPA at the time was a model of smart lawmaking in response to changing technologies. It updated the federal wiretap statute, known as Title III, to take into account the rise of cellular technologies and electronic messages–which didn’t exist when the original law was passed in 1968.
Facebook is in the spotlight—unfairly.
Yesterday, four Democratic U.S. senators — Charles Schumer (D-N.Y.), Michael Bennet (D-Col.), Mark Begich (Alaska) and Al Franken (D-Minn.) — published a letter to Facebook expressing their concern over Facebook’s privacy policies. They asked Facebook to “fix” its privacy policy?
Privacy is a complex and often personal concept – how do these four senators know it’s broken?
Well, the letter follows the announcement of Facebook’s new Open Graph API that could revolutionize social networking. As one commentator wrote on ReadWriteWeb, “the bits of this platform bring together the visions of a social, personalized and semantic Web that have been discussed since del.icio.us pioneered Web 2.0 back in 2004.” The future of the web is not just knowing whether a user is interacting with a webpage, but knowing whether users are liking a specific kind of thing (referred to as the semantic web).
This sounds like very interesting stuff (understatement intended). And here’s the thing that many people (including many members of Congress) forget: Facebook is a new model of business that has shaken up the way we communicate. And it’s operating in uncharted territory, miles ahead of the Washington, D.C. crowd that would like to put their own stamp on the company. This is a company that is driving innovation, the last thing we need are politicians attempting to fine-tune the engine.
Which company is the next target of a letter? What’s the precedent being set by these demands for Facebook and other innovative web-based companies? I imagine there are a lot of concerned entrepreneurs across the country wondering if they’re next.
Last week, the Electronic Privacy Information Center released a petition from a group it spearheaded, asking the Department of Homeland Security to suspend deployment of whole-body imaging (aka “strip-search machines”) at airports.
The petition is a thorough attack on the utility of the machines, the process (or lack of process) by which DHS has moved forward on deployment, and the suitability of the privacy protections the agency has claimed for the machines and computers that display denuded images of air travelers.
The petition sets up a variety of legal challenges to the use of the machines and the process DHS has used in deploying them.
Whole-body imaging was in retreat in the latter part of last year when an amendment to severely limit their use passed the House of Representatives. The December 25 terror attempt, in which a quantity of explosives was smuggled aboard a U.S.-bound airplane in a passenger’s underpants, gave the upper hand to the strip-search machines. But the DHS has moved forward precipitously with detection technology before, wasting millions of dollars. It may be doing so again.
My current assessment remains that strip-search machines provide a small margin of security at a very high risk to privacy. TSA efforts to control privacy risks have been welcome, though they may not be enough. The public may rationally judge that the security gained is not worth the privacy lost.
Wouldn’t it be nice if decisions about security were handled in a voluntary rather than a coercive environment? With airlines providing choice to consumers about security and privacy trade-offs? As it is, with government-run airline security, all will have to abide by the choices of the group that “wins” the debate.
By Adam Thierer & Berin Szoka
Opt-in mandates may soon be coming to an Internet near you! Rick Boucher, House Energy & Commerce Committee Chairman, is expected to soon introduce the privacy bill he’s been working on behind closed doors for many months. At the heart of the bill is supposed to be a mandate that websites and services obtain opt-in consent prior to collecting information with users—at least if they plan on sharing that information with any third party or doing with it beyond what a narrow safe harbor would allow.
Boucher is apparently trying to strike the right balance between “protecting privacy” and the benefits to users of advertising and data collection. But there may be significant costs to an opt-in regime that are little appreciated by privacy advocates, who tend to think of opt-out as meaningless and opt-in as the ideal of user empowerment. In their new paper “ Opt-in Dystopias,” Google’s Senior Policy Counsel Nicklas Lundblad and Policy Manager Betsy Masiello provide a sophisticated analysis of the dark side of opt-in. They argue that “mandatory opt-in applied across contexts of information collection is poised to have several unintended consequences on social welfare and individual privacy,” specifically:
• Dual cost structure: Opt-in is necessarily a partially informed decision because users lack experience with the service and value it provides until after optingin. Potential costs of the opt-in decision loom larger than potential benefits, whereas potential benefits of the opt-out decision loom larger than potential costs. • Excessive scope: Under an opt-in regime, the provider has an incentive to exaggerate the scope of what he asks for, while under the opt-out regime the provider has an incentive to allow for feature-by-feature opt-out. • Desensitisation: If everyone requires opt-in to use services, users will be desensitised to the choice, resulting in automatic opt-in. • Balkanisation: The increase in switching costs presented by opt-in decisions is likely to lead to proliferation of walled gardens.
Lundblad and Masiello discuss each of those concerns in great detail, so read the paper for further elaboration. They do a particularly good good walking the reader through the complexity of even defining what we mean by “opt-in,” which is far trickier than most people imagine.
It’s intended as a cute line, but the opener of Stephanie Clifford’s New York Times story about custom coupons is packed with ideological assumptions: “For decades, shoppers have taken advantage of coupons. Now, the coupons are taking advantage of the shoppers.”
Meta-data in printed coupons can reveal much about the people using them.
Here’s a shocker, people: Free money might come with strings attached.
It would be wrong to dismiss the privacy problems that custom coupons might contain. They’re similar to the privacy problems that lots of other new technologies and business processes have. But the starting point if you worry about them is that you don’t have to use them.
I don’t—and it’s not even because of privacy worries. I just don’t.
But Clifford quotes two advocates of government regulation in her article—zero advocates of freedom, market experimentation, or innovation. Ed Mierzwinski, consumer program director for the United States Public Interest Research Group, says, “There really have been no rules set up for this ecosystem.”
Rules, rules. Anything new has to be draped in rules.
I would have opened the article saying, “For decades, shoppers have taken advantage of coupons. Now, the deal is going to be a little more fair.” Where does the story go from there?
Years ago, when I worked on Capitol Hill, a colleague invited me to attend a meeting with some university professors who had a new idea for regulation of the telecommunications sector.
“Bits,” they said. “All regulation should center on bits.”
With convergence on IP-based communications, the regulatory silos dominating telecommunications would soon be more than anachronistic. Indeed, they would be a burden on the telecom sector. Bits were the fundamental unit of measure for the coming telecommunications era, and regulation should be formed around that reality.
My colleague and I looked at each other, amused. Continue reading →
By Ryan Radia & Berin Szoka
Today a broad array of civil liberties groups, think tanks, and technology companies launched the Digital Due Process coalition. The coalition’s mission is to educate lawmakers and the public about the need to update U.S. privacy laws to better safeguard individual information online and ensure that federal privacy statutes accurately reflect the realities of the digital age.
Over 20 organizations belong to the Digital Due Process coalition, including such odd bedfellows as AT&T, Google, Microsoft, the Center for Democracy & Technology, the American Civil Liberties Union, the Electronic Frontier Foundation, The Progress & Freedom Foundation (where Berin works), the Competitive Enterprise Institute (where Ryan works), the Internet Technology & Innovation Foundation, Citizens Against Government Waste, and Americans for Tax Reform. The full member list is available at the coalition’s website.
Amidst the heated tech policy wars, it’s not every day that such a diverse group of organizations comes together to endorse a unified set of core principles for legislative reform. Over two years in the making, the Digital Due Process coalition, spearheaded by the Center for Democracy & Technology, is a testament to the broad consensus that’s emerged among business leaders, activists, and scholars regarding the inadequacies of the current legal regime intended to protect Americans’ privacy from government snooping and the need for Congress to revisit decades-old privacy statutes. It also represents a revival of a bipartisan consensus on the need for reform reached back in 2000, when the Republican-led House Judiciary Committee voted 20-1 to approve very similar reforms (HR 5018).
Today, in the digital age, robust privacy laws are more important than ever. That’s because U.S. courts have been unwilling to extend the Fourth Amendment’s protection against unreasonable search and seizure to individual information stored with third parties such as cloud computing providers. Thus, while government authorities must get a search warrant based on probable cause before they can lawfully rifle through documents stored in your desk, basement, or safe deposit box, information you store on the cloud enjoys no Constitutional protection. (Some legal scholars argue this interpretation of the Fourth Amendment, referred to as the Third Party Doctrine, is outdated and deficient. See, for example, Jim Harper’s excellent 2008 article in the American University Law Review.)
He climbed cathedral mountains, he saw silver clouds below He saw everything as far as you can see And they say that he got crazy once and he tried to touch the sun And he lost a friend but kept his memory -John Denver, Rocky Mountain High
We know that states are increasingly looking to tax anything and everything, including on the Internet. As Declan McCullagh reported earlier this week, Colorado and “fifteen other states have considered or are considering enacting laws targeting Amazon and other e-commerce companies that typically do not charge sales tax for shipments sent outside their home state.” These nexus taxes are #2 on the NetChoice iAWFUL list of bad legislation.
But Colorado’s recent “track and tax” law marks the most privacy-egregious Internet-related tax law we’ve seen.
Here’s the rub: The Colorado state tax department will now have a listing of all purchases its citizens make from out-of-state companies. Why? So it can enforce its tax on purchases by way of the use tax that each of us owes to our government when sales tax isn’t collected.
HB 1193 was enacted last month as part of a package of revenue raising legislation. It originally started as an advertising nexus bill, but turned into a reporting bill when a lot of in-state companies that rely on affiliate advertising revenue complained that they would be harmed. Now it is consumer privacy that is harmed.
HB 1193 forces out-of-state retailers to track and report the purchases of Coloradans: Continue reading →
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.