Author Archive
My Constitutional Romance
You’ve seen Hayek and Keynes battle rapping. Now, our Emo Founding Fathers:
Retroactive Surveillance Immunity, Obama Style
There’s a lot to unpack in the Office of the Inspector General’s blistering 300-page report on illegal FBI abuse of surveillance authority issued last month, but I want to highlight one especially worrisome aspect, about which I spoke with The Atlantic’s Marc Ambinder earlier today.
The very short version of the report’s background finding is that, for several years, analysts at the FBI blithely and illegally circumvented even the minimal checks on their power to demand telephone records under the PATRIOT Act. I’ll go into this further in a future post, but there are strong indicators that the agents involved knew they were doing something shady. Thousands of records were obtained using a basically made-up process called an “exigent letter” wherein they ask for records with what amounts to an IOU promising legitimate legal process any day now. (In many of those cases, the legitimate legal process would not actually have been available for the records obtained.) Still more disturbing, an unknown number of records were obtained without even this fictitious process: Agents simply made informal requests verbally, by e-mail, or via post-it note. And hey, why bother with subponeas or National Security Letters when you can just slap a sticky on someone’s monitor?
Treated to a preview of the OIG’s damning conclusions, the FBI was eager to find some way to cover its massive lawbreaking. So they apparently crafted a novel legal theory after the fact, in hopes of finding some way to shoehorn their actions into federal privacy statutes. On January 8—as in four weeks ago, years after the conduct occurred—the Office of Legal Counsel seems to have blessed the FBI’s theory, which unfortunately remains secret. Democratic Sens. Russ Feingold, Dick Durbin, and Ron Wyden have asked the Justice Department for details, but at present we just don’t know what kind of loopholes DOJ believes exist in the law meant to protect our sensitive calling records.
Communications records are generally protected by Chapter 121 of Title 18, known to its buddies as the Stored Communications Act. The few snippets of unredacted material in the OIG report suggest that the FBI’s argument is that the statute does not apply to certain classes of call records. Presumably, the place to look for the loophole is in §2702, which governs voluntary disclosures by telecom firms. There is, of course, an exemption for genuine emergencies—imminent threats to life and limb—but these, we know, are not at issue here because most of the records were not sought in emergency situations. But there are a number of other loopholes. The statute governs companies providing electronic communications services “to the public”—which encompasses your cell company and your ISP, but probably not the internal networks of your university or employer. The activity at issue here, however, involved the major telecom carriers, so that’s probably not it. There’s another carve-out for records obtained with the consent of the subscriber, which might cover certain government employees who’ve signed off on surveillance as a condition of employment. We do know that in some cases, the records obtained had to do with leak investigations, but that doesn’t seem especially likely either, since the FBI claims (though the OIG expresses its doubts about the veracity of the claim) that the justification would apply to the “majority” of records obtained.
My current best guess, based on what little we know, is this. The SCA refers to, and protects from disclosure to any “government entity,” the records of “customers” and “subscribers.” But telecommunications firms may often have records about the calling activity of people who are not the customers or subscribers of that company. For example, reciprocal agreements between carriers will often permit a phone that’s signed up with one cell provider to make use of another company’s network while roaming. When these outside phones register on a network, that information goes to a database called the Visitor Location Register. You could imagine a clever John Yoo type arguing that the SCA does not cover information in the VLR, since it does not constitute a “subscriber” or “customer” record. Of course, it beggars belief to think that Congress intended to allow such a loophole—or, indeed, had even considered such technical details of cell network architecture.
My guess, to be sure, could be wrong. But that just points to the larger problem: The Justice Department believes that some very clever lawyerly reading of the privacy statutes—so very clever that despite the rampant “creativity” of the Bush years, they only just came up with it a few weeks ago—permits the FBI to entirely circumvent all the elaborate systems of checks and balances in place (or so we thought) to protect our calling records. If investigators can write themselves secret exemptions from the clear intent of the law, then all the ongoing discussion about reform and reauthorization of the PATRIOT Act amounts to a farcical debate about where to place the fortifications along the Maginot Line.
Filed under: Law and Civil Liberties; Telecom, Internet & Information Policy
Larry Lessig and the Lunching Libertarians
Outside the realm of copyright, Cato folk (and libertarians generally) don’t often see eye-to-eye with left-leaning cyberlawyer and Harvard prof Lawrence Lessig. Nevertheless, I wasn’t too surprised when Lessig signaled his interest in opening a dialogue with Cato scholars about his Change Congress project and his research on political corruption. After all, we’ve long argued that an expansive state will inevitably attract moneyed interests eager to feed at the public trough or co-opt well-intentioned regulation to stifle competitors. And as Lessig argues, legislators may come to see growing government as a means of creating supportive constituencies.
He’s posted the presentation he gave to a group of us at a luncheon discussion earlier this week, which I think makes an interesting case:
As he writes over at the Huffington Post, we see many of the same structural problems, though we differ as to the solutions. Lessig has been critical of the legal reasoning behind the recent Citizens United decision, which we at Cato welcomed. Despite this, we were pleasantly surprised to hear Lessig aver that he is not interested in overturning the decision—that he prefers, rather, to find ways of reducing the political influence of special interest money without restricting speech. Lessig’s favored solution is public financing of elections, whereas I think the majority here at Cato share the skepticism of my colleague John Samples about the viability of that kind of reform.
Filed under: Government and Politics; Political Philosophy; Telecom, Internet & Information Policy
Fresh Surveillance Data Show Spike in Traffic Tracking
The Department of Justice is required to report annually to Congress on its use of an array of surveillance tools. These include so-called “pen register” and “trap-and-trace” orders (often combined as “pen/trap orders”), which give investigators realtime access to traffic data from a target’s telephone or e-mail/Internet accounts. In combination with another type of court order, these are sometimes used to gather location tracking data on cellular users, but they’re primarily used to establish patterns of communication—to determine who the target is in contact with, and when. (Those in contact with the target may then come under further scrutiny.)
Unfortunately, there’s been no public reporting on the use of pen-traps since a five-year dump the Justice Department submitted in 2004. It’s not clear whether Congress, at least, has been getting them—other such surveillance reports are typically posted on the DOJ Web site—but thanks to intrepid privacy researcher Chris Soghoian and the Freedom of Information Act, we now have statistics on the use of pen-trap orders. In 2002, the federal government sought 4103 pen register orders (affecting 6540 people’s phone lines). By 2008, that number had risen to a whopping 11,126 pen register orders (affecting 13,998 people’s phones)—in other words, an increase of more than 171%. Bear in mind, that’s 13,998 people having their call behavior monitored in realtime, just at the federal level, and not counting foreign intelligence pen/traps under FISA. (I nevertheless use the first full year after 9/11 as a comparison point, since one might expect an uptick in terror-related criminal investigations.) It’s also not counting government requests for people’s historical call records—records that USA Today reported in 2006 were being vacuumed into a massive database by the tens of millions.
As the graph makes clear, it has also become more common for agencies to routinely obtain trap-and-trace orders (for data on incoming calls) when they obtain a pen register order (for outgoing calls), though the extent of the increase may be exaggerated because the U.S. Marshals Service, which appears to get combined pen/trap orders by default, did not provide separate statistics for trap-and-trace requests prior to 2004. The Justice Department also now appears to have begun tracking orders for e-mail and electronic networks, though it’s unclear whether these are being counted separately or represent a subset of the general pen/trap figures. In 2008, the FBI, DEA, and U.S. Marshals Service reported a total of 208 such orders.
What explains that substantial spike, at a lag of several years after 9/11? One possibility is that increasingly sophisticated tools for social network analysis and pattern-based data mining have made pen/trap orders a more valuable tool—or at least made them appear more valuable to investigators—for ferreting out suspicious patterns or uncovering organizational structures. Fans of the justly-celebrated HBO series The Wire may recall the episode “Back Burners,” in which Detective Lester Freamon shows a map of the Stanfield crew’s communication patterns, suggesting that it’s typical of a drug-dealing organization. There’s another technological angle to consider: If automation and digitization of the request process make it relatively painless to get pen/trap data, agents may be more likely to request more of them.
Intriguingly, the U.S. Marshals Service accounts for a huge proportion of the increase. In 2002, they sought only 556 pen registers (compared with 1703 for the FBI and 1841 for DEA). That had grown nearly tenfold by 2008, to a stunning 5475 (far more than the 2092 sought by FBI or 3260 for DEA). This, surely, is the figure that most cries out for further inquiry. Why is the USMS doing ten times the amount of traffic surveillance they conducted in 2002? I’ve put in a query with their public affairs office, but I’d encourage any enterprising reporters out there to follow up as well.
Let Me School You in My Austrian Perspective
It’s been making the rounds, but in case anyone hasn’t seen it, this Hayek/Keynes Battle Rap — with Friend-of-Cato Russ Roberts penning the rhymes of F.A. (for “Flow Assassin”) Hayek — may be humanity’s greatest contribution to the fields of music, theater, and political economy all at once:
If You Prick a Corporation, Does It Not Bleed?
Well, no, because as my liberal friends all seem to be indignantly announcing in the aftermath of the Citizens United ruling, corporations aren’t really people! They’re creatures of statute, and “corporate personhood” is just a convenient legal fiction. Which is fair enough, but also seems to miss the point rather spectacularly. As a practical matter, it is hard to imagine any constitutional liberty that could not be reduced to a hollow joke if we refused to count as an infringement any regulation that nominally targeted only the corporate mechanism for coordinating its exercise.
Having dispensed with the repellent doctrine of corporate personhood, we can happily declare that journalists enjoy full freedom of the press … as long as they don’t plan on using the resources of the New York Times Company or Random House or Comcast, which as mere legal fictions can be barred from using their property to circulate unpatriotic ideas. You’re free to practice your religion without interference — but if it’s an unpopular one, well, let’s hope you don’t expect to send your kids to a religious school or build a church or something, because those tend to involve incorporating. A woman’s right to choose is sacrosanct, but since clinics and hospitals are mere corporations with no such protection, she’d better hope she knows a doctor who makes house calls. Fill in your own scenarios, it’s easy.
The irony here is that it’s libertarians who are often accused of a myopic obsession with formal liberties rather than their real-world value to people — “the law in its majestic equality” and all that. But this, surely, would be the height of empty formalism — a right to swing your fist that stops at the air.
I think people are obsessing over this because we often think of rights as flowing, at least in part, from respect for our intrinsic human dignity, and it seems equal parts farcical and offensive to suggest that institutions like Exxon and Nike are in the same moral category. As a purely ethical matter, of course corporations as such don’t have rights. As a practical matter, though, rights that wither at the corporate touch won’t do you a whole lot of good in the 21st century.
Filed under: Government and Politics; Law and Civil Liberties
Hijacking Neutrality
Perhaps he’s too demure to say “I told you so” himself, but events are bearing out the concerns about net neutrality and regulatory capture that Tim Lee expressed in his excellent Cato paper “The Durable Internet.” The content industry is lobbying not just to ensure that neutrality rules permit filtering of Internet traffic by ISPs to block copyrighted material, but wants the FCC to positively encourage it. As a brief from the Motion Picture Association of America suggests:
In fact, if the Commission wants to see a meaningful and long-term reduction in the amount of bandwidth consumed by illegal content, it should foster an environment in which innovation itself is able to flourish and new tools are not only permitted, but encouraged, to develop. The government should create incentives for this investment by clarifying that industry efforts will be rewarded with open and flexible regulations.
The Electronic Frontier Foundation has been out of step with some of their usual allies on this front, arguing that however desirable the open Internet might be, the broad assertion by the FCC of authority to control network architecture sets a dangerous precedent. The implicit threat to ISPs here is: “Go along with our wish list for intrusive filtering or we’ll find a way to use the rules to make trouble for you.”
The telecoms, meanwhile, are pressing for the applicability of neutrality rules to all sorts of other application-level service providers, such as Google. An AT&T filing argued that “the commission cannot rationally impose rules on one set of providers based on hypothetical concerns while exempting other providers that act as Internet gatekeepers and have engaged in actual misconduct.” They specifically called out Google, which they assert “shapes how consumers actually experience the Internet more than any given broadband provider possibly could.”
It would, to be sure, be perverse if industry players managed to use regulations designed to promote openness and innovation as a cudgel with which to whack innovative competitors. But in the world of regulation, no less than in the domains studied by Alfred Kinsey, it turns out that the perverse is perfectly normal.
‘A Career Where X-Ray Vision And Federal Benefits Come Standard’
That’s the slogan the Transportation Security Administration is apparently using to entice people to apply for jobs as airport screeners. Now that they’re preparing to expand the use of whole body imaging scanners, which can produce moderately detailed nude images of travelers, maybe they should consider a tagline that doesn’t sound like it’s designed to recruit voyeurs.
Filed under: Foreign Policy and National Security; Law and Civil Liberties
Surveillance, Security, and the Google Breach
Yesterday’s bombshell announcement that Google is prepared to pull out of China rather than continuing to cooperate with government Web censorship was precipitated by a series of attacks on Google servers seeking information about the accounts of Chinese dissidents. One thing that leaped out at me from the announcement was the claim that the breach “was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.” That piqued my interest because it’s precisely the kind of information that law enforcement is able to obtain via court order, and I was hard-pressed to think of other reasons they’d have segregated access to user account and header information. And as Macworld reports, that’s precisely where the attackers got in:
That’s because they apparently were able to access a system used to help Google comply with search warrants by providing data on Google users, said a source familiar with the situation, who spoke on condition of anonymity because he was not authorized to speak with the press.
This is hardly the first time telecom surveillance architecture designed for law enforcement use has been exploited by hackers. In 2005, it was discovered that Greece’s largest cellular network had been compromised by an outside adversary. Software intended to facilitate legal wiretaps had been switched on and hijacked by an unknown attacker, who used it to spy on the conversations of over 100 Greek VIPs, including the prime minister.
As an eminent group of security experts argued in 2008, the trend toward building surveillance capability into telecommunications architecture amounts to a breach-by-design, and a serious security risk. As the volume of requests from law enforcement at all levels grows, the compliance burdens on telcoms grow also—making it increasingly tempting to create automated portals to permit access to user information with minimal human intervention.
The problem of volume is front and center in a leaked recording released last month, in which Sprint’s head of legal compliance revealed that their automated system had processed 8 million requests for GPS location data in the span of a year, noting that it would have been impossible to manually serve that level of law enforcement traffic. Less remarked on, though, was Taylor’s speculation that someone who downloaded a phony warrant form and submitted it to a random telecom would have a good chance of getting a response—and one assumes he’d know if anyone would.
The irony here is that, while we’re accustomed to talking about the tension between privacy and security—to the point where it sometimes seems like people think greater invasion of privacy ipso facto yields greater security—one of the most serious and least discussed problems with built-in surveillance is the security risk it creates.
Filed under: General; Telecom, Internet & Information Policy
No Privacy Please, We’re Millennials
TrueSlant’s Kashmir Hill notes—and endorses—Facebook CEO Mark Zuckerberg’s conclusion that the kids today won’t stay off my lawn just don’t care much about privacy.
On the one hand, this shouldn’t be terribly surprising. Quite apart from the recent proliferation of social networking technology, generational researchers have long contrasted the heavily supervised and scheduled upbringings of (middle class) Millennials born in the ’80s and early ’90s with that of their “latch key” Gen X predecessors. And for anyone currently of college age, post-9/11 levels of security theater are viewed not as a novel expansion of official intrusion, but as the baseline, as normal. This can’t be a matter of total indifference to the fogeys among us, because shifting norms will affect both legislators’ willingness to ratchet up surveillance and, at least potentially, judicial assessments of which “expectations of privacy” society is prepared to recognize as “reasonable” for Fourth Amendment purposes.
Still, let me throw out some grounds for questioning this broad generational diagnosis. Privacy is not just a function of the raw quantity of information available about each of us, but of the control we exercise over that information. To be sure, it may seem that we have less of that as well when any scrap of data that appears on the Internet can so easily be copied and circulated. But for the generation that came of age online, those scraps of data are often part of a very conscious public performance of identity. Not necessarily a performance all of them will be eager to own ten years down the line, but a performance all the same.
In his excellent book The Digital Person, legal scholar Dan Solove contrasts two kinds of privacy dystopia: the Orwellian and the Kafkaesque. The focus in the Orwellian vision is on exposure: Big Brother’s spies and cameras are everywhere, and no detail of your personal life too minute to escape notice. But the plight of Kafka’s Josef K. is somewhat different: He finds himself at the mercy of an inscrutable bureaucracy, with no access to the details of his case file, and no way of tracing the provenance of the information it contains or correcting errors. We are more exposed, but we increasingly set the terms of our exposure.
It’s easy to look at all the information that comes up in a simple Google search for someone’s name and conclude that privacy is dead. But I think it’s at least as significant that the crucial first page of results is likely to consist of information that the individuals themselves have chosen to make public: Blogs, Facebook or MySpace profiles, Twitter accounts, Last.fm pages, YouTube channels. A similar inquiry a generation ago surely would have been much more laborious and less fruitful, but it also would have consisted to a far greater extent of what others had to say about the target: gossip first and foremost, but perhaps also press mentions, official records, and so on. It’s not that such information is now less accessible, but for the average person, it’s pushed to the margin by what we’ve chosen to disclose. That’s not an unmixed blessing—some may feel as though this merely traps them in a kind of openness arms race—but neither is it the privacy death-spiral a purely quantitative analysis might suggest.
George Clooney’s Docile Body
Running the airport maze to board my flight from Madrid back to the U.S. last week, I found myself thinking, with no small measure of envy, about Ryan Bingham, George Clooney’s character from Up in the Air. The ultimate frequent flier, Bingham slides shoes and belt off, flips laptop from case, and aligns them neatly on the x-ray conveyor in a seamless, fluid display of security Tai Chi. He navigates from curb to gate and back with crisp efficiency, every motion practiced and automatic.
My envy was tempered somewhat as I reread Discipline and Punish on the trip back. Bingham’s military precision, it struck me, was the product of a form of training implicit in the security process. As a corrective brace “teaches” the proper posture just by making it the only comfortable one, the screening procedures embed a set of tacit instructions, consisting of the optimal set of motions required to pass through smoothly. And of course, it teaches more than bodily motions: Bigham knows you don’t stand behind the Arabs in the screening line!
That’s not to say airport security is some kind of insidious brainwashing program, but there’s a dimension of privacy here that it seems to me we don’t talk about nearly enough. Our paradigms of privacy harms are invasion (the jackboot at the door, in the extreme case) and exposure (the intimate detail revealed). We generally think of these as exceptions — as what happens when surveillance goes wrong, either because it gets the wrong target or, when the surveillance is universal by design, because information that’s supposed to remain protected falls into the wrong hands or is otherwise misused. Invasion and exposure may be serious problems, but they are fundamentally mistakes — hiccups in the system we can seek to fix.
Discipline, by contrast, is what inevitably happens when the system functions as intended, at least to the extent people are conscious of being (actual or potential) targets of surveillance. It is probably not as serious a harm as invasion or exposure most of the time, but it’s also by far the most pervasive and ineradicable effect of surveillance. It would be nice if our debates about surveillance included not just the question “What will be exposed?” but also “How — and for what — are we training ourselves?”
Filed under: Foreign Policy and National Security; Law and Civil Liberties
Fly the Perfectly Safe Skies!
Do you insist on flying risk-free, at all costs? Satirist/animator Mark Fiore has just the airline for you.
Bodyscanning Captain Underpants
I probably should’ve predicted that a huge story implicating national security surveillance policy would break just as I was boarding a flight to Madrid for the holidays. Jim Harper & c. have by now covered most of the bases admirably, but there are one or two points I feel it can’t hurt to emphasize.
First, there’s been a lot of talk about millimeter wave body imaging scanners in the wake of the attempted Christmas bombing; the New York Times headlined a story about the machines “Technology that Might Have Helped.” Really, that should read “Might Have Helped Had It Been Installed in Lagos,” which might have underscored the weirdness of some of the ensuing discussion. Because the awesome next-gen spytech you’ve got at the most advanced 20% or 50% or 90% of airports matters a lot less than the situation in the bottom 1%, where a global adversary is going to focus their efforts. At a couple hundred thou each, we’re talking about a pretty pricey solution if they’ve got to be near-ubiquitous to work.
The press have set up a familiar security/privacy debate over body imaging, but this strikes me largely as a sideshow. If no records of the scans are kept, and software is used to obscure body contour details while preserving resolution for objects concealed on the person, and the scans are reviewed by analysts in another room who don’t simultaneously see the subject, then it’s hard to see how they’re substantially more intrusive than x-rays of carry-on baggage. (Though I would, of course, want to insist on those three privacy measures.) The real questions to raise about the tech are entirely on the security side.
First, experts have raised serious doubt about the assertion that millimeter wave scanners would have detected the device involved in the Christmas attempt. It’s hard to imagine a dumber way to blow a few hundred million bucks than on high-tech measures that wouldn’t even work against current terrorist methods, especially when alternative measures like chemical swabs—far cheaper, though without the gee-golly Total Recall factor—are on the menu. But you also have to assume that if it were effective against current methods, terrorists would switch methods—either by selecting different targets or looking for other means of hitting the same targets. Now, forcing that kind of shift can clearly be a benefit: As Jim has noted, the kind of device they had to use to circumvent metal detectors and baggage x-rays was clearly less reliable than a bomb in a suitcase could’ve been, making it possible for passengers to foil the attempt. The question is whether the countermeasures they take in response to the body scanners require them to incur marginal liabilities that justify the cost. It seems awfully doubtful, frankly.
If you’ll forgive a bit of frank cynicism, I predict we’ll end up debating body imagers because they’re big, flashy, sexy tech with lots of cool scifi visuals for the weekly newsmags and cable news shows to use. The anchors get to say “naked” a lot, and air travelers get to feel like they’re being protected by cyborgs from the future. Meanwhile, measures that actually enhance security, like reinforced cockpit doors, tend to be rather more boring and invisible to the average person. So, for instance, probably Umar Farouk Abdulmutallab should have at least been pulled aside for additional screening. It’s not that it should have been enough, in isolation, that his father had contacted the American embassy with concerns about his son (intel agencies are drowning in vague tips, which is one reason there are half a million people on the terror watchlist, only a handful of whom are actually a threat; you can’t feasibly ground all of them) or that he bought a one-way ticket with cash or that he was traveling without baggage, or that there was chatter about a potential bombing attempt by a Nigerian. Rather, you’d think the combination of those things would have triggered a closer look at the airport. But that’s a question of abstruse and partly classified back-end data sharing procedures, which aren’t nearly as fun to talk about on Meet the Press.
Filed under: Foreign Policy and National Security; Law and Civil Liberties
Do Bring a Phonecam to a Snowball Fight
By now, you’ve probably heard the story—and seen the video. During the weekend’s Snowpocalypse™ in DC, a gaggle of young urbanites, using Twitter and other social media, announced a big group snowball fight at the corner of 14th and U Streets. For a while, it was all good fun, with the participants periodically stopping the skirmish to help dislodge a motorist for a snowdrift, amid collective cheers. But an off-duty plainclothes cop whose Hummer had been hit by a few snowballs lost his cool—and advanced on the crowd to berate them with his gun drawn. You’d think an angry, out-of-uniform guy brandishing a gun might set off a dangerous stampede in the snow, but true to form, the DC crowd responded with chanting: “You don’t bring a gun to a snowball fight!”
Initially, the Metropolitan Police Department “reviewed the evidence” and concluded that the officer had only been holding a cell phone after all—folks who’d said it was a gun must have just imagined it, what with all that snow. But it turns out there were a whole lot of video cameras and phonecams there, and still shots and recordings began to circulate on the Internet, making it impossible to deny what had happened. By Monday, the chief of police had issued a statement calling the officer’s behavior “totally inappropriate” and announcing that he’d be relegated to desk duty pending further inquiry.
As anyone who follows the excellent work of my colleague Radley Balko will be well aware, things often play out quite differently—with departments circling the wagons, and no serious accountability for far more egregious abuses of authority. But video—increasingly ubiquitous and portable—can make a difference. And it strikes me that, in one sense, it helps remedy other kinds of social inequality. Reviewing that video of the snowball scene, you might point out that the crowd is full of white 20-somethings, many of whom (given the city’s demographics) are almost certainly college-educated professionals, while police misconduct toward less privileged groups is far more likely to be ignored.
What is privilege, though? In cases like these, it consists largely in the ability to be seen and heard—to attract media attention, to articulate your story in a clear and compelling way, to be considered credible by press and the community. All of these, unfortunately, depend enormously on class, status, race, and education. Unless there’s video. And video is democratic these days. You’d have to poke around a bit to find even a bottom-of-the-line cheapo cell phone that didn’t come with at least a still camera, and likely video capture to boot. So while there’s been some attention paid to the potential of this kind of “Little Brother” surveillance to increase accountability—the to lessen disparity in power between citizen and cop—it’s also worth stressing the way it can lessen certain kinds of disparities between citizens.
That said, and just going by memory, it seems like most of the stories I encounter in this vein still involve white, middle-class, college-educated young people. One possibility is that this shows I’m wrong, and that other aspects of privilege still play into their videos circulating while others languish. Another, though, is just that they’re both accustomed to this kind of routine use of technology and sharing of data, and that they take their social power for granted. That is, it occurs more naturally to them that the right response to this kind of misbehavior is to record and circulate it. If it’s mostly the latter, we’re on an interesting precipice, where the main remaining precondition for the leveling effect to kick in is just awareness that the other preconditions are in place. If that’s right, the next few years should be interesting.
Surveillance State More Popular than iPhone
A new Pew poll reveals that most of us think this decade’s been a bit of a bust—little enough surprise there. But when pollsters dug into people’s attitudes toward particular technological and social changes, I was a little taken aback by the incredible popularity of “increasing surveillance and security measures.” They’re not quite as popular as, say, the Internet—but folks love Big Brother better than iPhones, online retail, blogs, or reality TV. That may seem especially odd because even someone who regards those changes as necessary and appropriate cannot be glad that we now find them necessary—and you might expect the association to pull the numbers down.
I won’t get too depressed about this just yet, because I generally think it’s an error to take polls either too seriously—if you ask people for an opinion they don’t have, they’ll formulate one on the spot, but it’ll be about a millimeter thick—or too literally. If you read “How are you? / Fine thanks.” as a sincere inquiry into and report on someone’s welfare, you’re missing something rather elementary about our social world. Ditto, I think, if you assume that the large numbers of people who purport to be unsure whether Barack Obama is perhaps a secret foreigner literally believe in an insane conspiracy theory. It has a propositional form, but it’s more about signaling an attitude than a factual belief. When “confidence” in government spiked right after 9/11, should we suppose people had really revised their assessment of the government’s competence upward? Of course not, it was more like a vote of confidence. It’s like whispering “there’s no such thing as ghosts!” to yourself—something you do precisely when you don’t feel so certain anymore. (I’ve elsewhere referred to these as “symbolic beliefs.”)
So what are people doing when they say increased surveillance and security measures are a “change for the better.” Some people, of course, are really expressing a considered political opinion about the PATRIOT Act or other reforms. The phrase “security measures” may suggest to others just those measures which make us more secure—in the same way “Terrorist Surveillance Program” implies a program that surveils only terrorists, even if the rationale for the program is precisely the lack of sufficient evidence that its targets are terrorists. But I expect there’s also an element of “there’s no such thing as ghosts” at work. Given that our intelligence efforts fell spectacularly short at the decade’s start, we have to hope there’s been a net change for the better. And the downsides to expanded surveillance are largely invisible, slow, and structural: You have to go out of your way to think about them or they’re not especially evident. The rest of the survey items, though, prime people to think about “better” in terms of concrete differences in our daily experience. They may think of the inconveniences of lines at the airport, but there’s nothing in the rest of the context that seems likely to activate longer-term political concerns. The same question in a survey about other explicitly political trends might trigger a different response.
This is, incidentally, one reason I think privacy advocates make an understandable error when we put too much emphasis on the personal effects of expanded surveillance: “Do you want the government reading your e-mail?” For a lot of people, this will just spotlight how little direct harm they seem to individually experience as a result of surveillance. It’s less dramatic an appeal, but you really do need to ask people to focus on what the explosion of surveillance means for the structure of a free society, not just gauge immediate consumer satisfaction.
Filed under: Foreign Policy and National Security; Law and Civil Liberties; Telecom, Internet & Information Policy
Colbert Report on PATRIOT & Private Spying
Stephen Colbert tackles both Obama’s flip-flop on the PATRIOT Act (“When presidents take office they learn a secret… Unlimited power is awesome!“) and the private sector’s complicity in the growth of the surveillance state—drawing heavily on the invaluable work of Chris Soghoian.
| The Colbert Report | Mon – Thurs 11:30pm / 10:30c | |||
| The Word – Spyvate Sector | ||||
|
||||
Filed under: Foreign Policy and National Security; Law and Civil Liberties
Cell Phone Searches? There’s an App for That.
Police hoping to rummage through a suspect’s cell phone after an arrest must apply for a warrant, the Ohio Supreme Court has ruled. That apparently makes it the first court to address a question I first wrote about two years ago, after Adam Gershowitz broached it in a law review article.
Normally, when police arrest someone—and recall that even trivial offenses may provide formal grounds for arrest—they’re entitled to conduct an incidental search of the person and their immediate vicinity, nominally for the purpose of uncovering any weapons and preventing the destruction of contraband. The new wrinkle as Gershowitz noted, is that we’ve begun routinely carrying vast stores of personal data around with us in our pockets: photos, correspondence, music and movies, Internet browsing histories, even whole libraries of books. What’s more, these little archives are typically connected, sometimes automatically, to still more personal information held remotely: mailboxes, calendars, bank accounts, purchasing histories, or in principle just about anything accessible online.
Suddenly a narrow, reasonable-sounding exception to the ordinary Fourth Amendment warrant requirement starts looking like a pretty huge loophole. The quantity of personal “papers and effects” that can be stored in an ordinary phone would have filled a house just a few decades ago. But if those smartphones are subject to “search incident to arrest,” there’s no longer any need to bother with judicial authorization for the search of a private home. And since a legal system governed by precedent subjects digital technologies to the tyranny of bad metaphors, there’s a disarmingly strong argument to be made that smartphones should be treated like any other physical “closed container”—a digital backpack or purse, at least with respect to the data stored locally on the phone.
This case involved more conventionally phone-like information: calling records. But the Court nevertheless saw the danger inherent in treating portable data storage devices as mere “containers,” holding that searches of phones were reasonable only to the extent they could be linked to the twin justifications of safety and preventing destruction of evidence. But as the ruling and dissent both note, there are a handful of precedents that appear to cut in the other direction. The question now is whether other courts will follow Ohio’s lead or remain mired in inapposite comparisons to knapsacks and cigarette packs.
Filed under: Law and Civil Liberties; Telecom, Internet & Information Policy
It’s PATRIOTic to Panic!
According to Politics Daily columnist Patricia Murphy vital provisions of the PATRIOT Act are in danger of expiring! Which means that scary terrorists could already be hiding under your bed ZOMG!!!1!!1!
Let’s take a slow deep breath or two, shall we? As I’ve been discussing here for some time, there are three national security surveillance provisions due to sunset at the end of this year. It has also been clear for weeks now that, with health care taking center stage, Congress was unlikely to come to an agreement on the details of reform and reauthorization before recess. And while Politics Daily may have just “learned Thursday” that congressional advocates for civil liberties reforms would be comfortable with a temporary renewal of the expiring provisions to allow more extended debate, anyone who’s been paying the slightest bit of attention has heard them say as much all along. Which, given the tenor of press coverage, is a good thing: The easiest thing to do would be a straight reauthorization that avoided much-needed changes and took an issue that tends to make Democrats skittish off the table. But the chance that legislators will simply allow the expiring provisions to lapse is, to a first approximation, zero. The brevet renewal will probably be dropped into the Defense Appropriations Bill before Congress this week.
Since the article dwells at some length on the Fort Hood shootings and the risk of homegrown terrorism, it’s worth reiterating: The never-invoked “Lone Wolf” provision, which is among those expiring, does not apply to actual “homegrown terrorists”—that is, permanent residents or citizens like Nidal Hassan. Those people can still be surveilled using ordinary Title III criminal wiretap warrants. Nor, despite what the article claims, would law enforcement “lose the ability” to conduct roving wiretaps or demand business records even if Congress somehow failed to pass a reauthorization. Roving taps would remain available under the criminal statute, though under a slightly heightened standard—which, again, is what you’d have to use anyway to go after a genuine homegrown terrorist who wasn’t a member of a foreign group like al-Qaeda. Ordinary FISA wiretaps, requiring investigators to specify the phone lines and Internet accounts covered, would still be available. (These represent the overwhelming majority of the thousands of FISA warrants issued each year.) The “business records” provisions of the Foreign Intelligence Surveillance Act similarly predates PATRIOT, and would remain in existence for use against actual “agents of a foreign power,” though again, the standard for issuance would be raised. A plethora of other mechanisms for obtaining third party records—grand jury subpoenas, National Security Letters (issued without that pesky judicial oversight), court orders—would remain in place.
So, in sum: If by some unfathomable happenstance these few provisions were allowed to lapse for a few months while Congress hashed out the details of a renewal and reform bill, there’s no reason to think it would be an especially serious problem given the array of new tools we’ve made available to terror investigators over the past eight years. But even if you’re the nervous sort, the point is moot, because there is no realistic chance that the PATRIOT provisions in question will be allowed to lapse. There never has been: A temp extension has quite clearly been on the table all along. Though I suppose that’s not the kind of headline that drives clicks.
Filed under: Foreign Policy and National Security; Law and Civil Liberties
The John Yoo Theory of Gun Control
A modest proposal: Suppose that we decide to streamline our inefficient criminal justice system by treating people under suspicion of involvement with violent crime—whether or not they’ve been arrested, charged, or even informed of this suspicion—as equivalent to convicted felons. Suppose, then, that we permit them to be stripped of certain constitutionally protected rights at the discretion of the executive branch.
Outrageous? Some depraved brainchild of the Bush administration’s Office of Legal Counsel? Actually, it’s the editorial position of The New York Times:
Under federal law, people who pose a heightened risk of violence cannot buy or own firearms, including convicted felons, domestic abusers, the seriously mentally ill and several other categories. Suspected terrorist is not one them.
Individuals on the government’s terrorist watch list can be barred from boarding airplanes, but not from purchasing high-powered guns or explosives. Bipartisan legislation in both houses of Congress would end this ridiculous loophole, commonly known as the “terror gap.
The Times does note, before dismissing the fact with the wave of a hand, that “thousands” of people have been found to be on the list improperly. But let’s linger a bit longer over this. The terrorist watch list, at last count, boasted about a million entries. When you eliminate variant spellings and duplicate entries—and rest assured that this would be another enormous source of problems—there are about 400,000 unique individuals on the list, of whom some 20,000 are Americans. Thousands more are nominated for inclusion on the list each week.
Filed under: Foreign Policy and National Security; General
#OpenGov and the Road from Serfdom
Like Jim, I watched this morning’s Open Government Initiative launch with an eyebrow reflexively arcing skyward. Like Fox Mulder, I want to believe, but it’s not just the track record that gives me pause; it’s the tension in one of Vivek Kundra & Aneesh Chopra’s answers to a pointed question that came in from the Web: How do you actually implement this? How do you get all the agencies on board, persuade (or compel) them to open up, embrace openness, and free their data? Because the public pitch is that the great benefit of open government is accountability, which requires information that may reflect badly on an agency and generate bad publicity to be released. But since they’re limited in their ability to enforce this on an alphabet soup of agencies, the pitch to leaders within government is: Imagine how cool it would be to have the entire population as your clickworkers. So transparency is carrot and stick in one—a carrot stick, if you will: Take a nibble between thrashings, it’s delicious! This is not totally crazy, since there will probably be data whose release opens an agency to greater scrutiny, but still benefits them on net because it lets some tasks be offloaded to the cloud. But insofar as those two things come apart, it’s not hard to guess which one agencies will want to focus on, and the mandate to ensure “data quality” makes a good stock excuse for withholding.
I don’t want to be entirely cynical, though, because openness—as I’ve harped on before, and as Jim often stresses—can be an important structural limitation on government. And if I can riff for a moment, I think it’s worth distinguishing two aspects of “limited government” through the lens of the argument F.A. Hayek makes in his seminal The Road to Serfdom. Very crudely, the idea goes something like this: As government takes on responsibility for ever more complex forms of planning, via a growing tangle of interdependent rules, it becomes increasingly difficult for that power to be checked by democratic mechanisms. Expansion in the scope of state authority goes hand-in-hand tends to be associated with more centralized, opaque, and autocratic exercise of that authority, compounding the disempowerment of ordinary citizens. Call them, if you want to be dramatic, the Orwell problem and the Kafka problem, respectively. But state functions that are not amenable to democratic oversight by the crowd may be amenable to peer-produced oversight by the cloud. Libertarians focus—with good reason—on limiting the scope of state power, which we might think of as a kind of external boundary. The internal boundaries are at least as important. But folks who are centrally concerned about limited government don’t often choose a career in the federal bureaucracy, and the ones who get elected to office, let’s face it, often lack the skill and disposition for the nitty gritty details of governance.
One implication of this is that a more open and networked government, if it ever does come about, may demand a disorienting cultural shift of libertarians—where on top of the big political-philosophy level ideas, it begins to behoove us to pick a pet agency and get interested in the profoundly unsexy details of how it operates. It lacks the frission of taking to the streets quoting Paine, to be sure, but at least engagement no longer demands more pernicious incentives—either venal or, heaven forfend, idealistic.
Cato on Facebook
Cato on Twitter
Cato on YouTube
Cato Tweets